A. Michael Froomkin: Morning. Welcome. Congratulations on get­ting up so ear­ly. I always man­age to get the dean not to give me morn­ing class­es, but Carey man­aged to do what the dean could­n’t.

We have an extra­or­di­nar­i­ly dis­tin­guished pan­el today. I think none of these peo­ple need intro­duc­tion, so what I’m going to do is give tiny lit­tle intro­duc­tions just before their turns to speak [on the stage?]. As more peo­ple drift in they’ll want to know who the par­tic­u­lar speak­er is. Right now I’ll just say I sus­pect part of the rea­son for the turnout today is we have not one, not two, but three cur­rent or for­mer NSA per­son­nel here on this pan­el. And of course even bet­ter than that, four lawyers. Thank you. Thank you.

I think I should explain how this pan­el came to be, in par­tic­u­lar how the top­ic came to be. I spent the past year writ­ing a real­ly long and prob­a­bly quite bor­ing paper on the Constitutional aspects of Clipper. There’s a trans­paren­cy you could put up for me, please, I’ve got a URL and oth­er ways of access­ing it for those of you who are into that sort of thing. It’ll be up on the screen, no doubt, in sec­ond.

The paper’s in one sense incred­i­bly parochial, because it’s about United States rules. And in think­ing about what I could do to try to orga­nize some­thing that would sort of move the debate for­ward, my mind start­ed to turn to the inter­na­tion­al aspects of secure com­mu­ni­ca­tions. Because what came out to me from the Clipper debates were two things that every­body at least seemed to agree on. One is that in United States today at least, you have a free choice as to what kind of encryp­tion you wan to use for domes­tic com­mu­ni­ca­tions. And anoth­er is, nobody can fig­ure out what pos­si­ble incen­tive for­eign­ers would have to use Clipper.

That means there’s a real prob­lem about inter­na­tion­al secure com­mu­ni­ca­tions, and we’ve got some­thing to talk about. Now, the term secure com­mu­ni­ca­tions” in this con­text is obvi­ous­ly a con­test­ed term, because secure from what? You have to talk some­times about a threat mod­el. And in par­tic­u­lar, you need to define whether or not var­i­ous gov­ern­ments are part of your threat mod­el or not. In an era when the FBI is telling American busi­ness that for­eign gov­ern­ments, in par­tic­u­lar the French, are one of the major threats they have to wor­ry about, that has impli­ca­tions for how you might want to struc­ture your com­mu­ni­ca­tions. (Thank you for the sign.)

I’m told by the way that the PostScript file that’s cur­rent­ly on the server—our exper­i­men­tal tem­po­rary serv­er that they kind­ly put up just for this conference—is in fact com­plete garbage. We’re work­ing on that. They swear to me that by the end of the day we’ll have real PostScript—enough stuff that looks like PostScript, but isn’t. Worse than that; just…plain garbage.

So, here we are to talk about this prob­lem. How do we do it? How do we talk secure­ly with peo­ple abroad? And in par­tic­u­lar what can we do…what’s fea­si­ble to do, to progress mat­ters from where we are today? And with the help of some of the mem­bers of the pan­el, I draft­ed the three ques­tions you’ll find in your book on page 150. Through some strange grem­lin of typog­ra­phy, Tim May’s answers to those ques­tions were print­ed as if they were either my or the pan­el’s answers and nobody—

Unknown Speaker: We hacked into the com—

Froomkin: —put­er sys­tem. Something hap­pened. Those are our joint ques­tions, but they’re Tim’s answers and we should­n’t rob him of the pride of author­ship or attempt to asso­ciate them with any­one else who might not want that par­tic­u­lar pride.

But for those of you who’ve man­aged to mis­lay your books already the ques­tions are what’s the sin­gle biggest imped­i­ment to inter­na­tion­al secure com­mu­ni­ca­tions? The sec­ond ques­tion is what’s the sin­gle fea­si­ble change that would most enhance inter­na­tion­al secure com­mu­ni­ca­tions, and what will be the imple­men­ta­tion path for that? And the third is how would you advise a friend or a client as to how to com­mu­ni­cate secure­ly today?

And in the inter­est of being provoca­tive, let me just offer some sort of ten­ta­tive answers to those three ques­tions. I’m not entire­ly sure if I believe these 100% but I do believe them I think more than half. It’s the fear that I might believe these things which prompt­ed me to try to assem­ble the experts we’ve got here today to try to give you bet­ter answers than the ones I was able to come up with myself. But here they are.

My answer to the first ques­tion of the sin­gle biggest imped­i­ment is not the ITAR. I’m actu­al­ly sort of tired of ITAR bash­ing. Because you see the biggest imped­i­ment is for­eign gov­ern­ments. Look what hap­pened in Pakistan a week ago when they cut off the entire cell phone net­work because they could­n’t eaves­drop on the cell phones. That wouldn’t—probably—happen here. We just get Digital Telephony. It’s quite a dif­fer­ent pro­ce­dure. And you know, you look at the French gov­ern­ment, the English gov­ern­ment, the Singaporean gov­ern­ment. And it seems to me that in fact if the ITAR were to dis­ap­pear tomor­row, you would have as great or worse prob­lems caused by for­eign gov­ern­ments try­ing to pre­vent total­ly secure com­mu­ni­ca­tions.

My answer to the biggest fea­si­ble thing you could do is sim­ply buy for­eign cryp­to and import it to the United States. Seems to me that that’s a very fea­si­ble way to get secure com­mu­ni­ca­tions today. Indeed I hear last night a gen­tle­man from Motorola say­ing that’s what they’re doing.

And how would I advise some­one to com­mu­ni­cate? Well, if you’re in a sit­u­a­tion where you’re com­mu­ni­cat­ing between two coun­tries where they allow you to use strong foreign-purchased cryp­to that’s the thing to do. And if you’re deal­ing with a coun­try like Pakistan, where that’s not allowed, there’s only one thing you can do: go in per­son, and go to a restau­rant where you don’t have reser­va­tions. Or send a couri­er you trust with some­thing writ­ten on paper.

With that I’m going to turn it over to the first of our sev­er­al experts. In the inter­est of brevi­ty I’ve asked each per­son to allow me to rob them of their dis­tin­guished resumes and just announce their cur­rent affil­i­a­tions and one oth­er fact about them.

Stewart Baker’s cur­rent affil­i­a­tion is a part­ner at Steptoe & Johnson, a law firm in Washington DC. He was for­mer­ly the General Counsel of the NSA and he’s well-known to CFP. And he will now bring his exper­tise to bear on these ques­tions.

Stewart Baker: Thanks Michael. I think this’ll prob­a­bly be the last time that I speak to you, because the MIT orga­niz­ers of the event approached me last night and told me that they had decid­ed it would be both more direct and prob­a­bly raise more mon­ey if instead of speak­ing I just allowed them to set up a ten-dollar-a-throw dunk­ing booth. I’m gonna move quick­ly through the three ques­tions, because we’ve each agreed to do this in about three to five min­utes.

I think that Michael is prob­a­bly right for the long run that the biggest restraint on the spread of cryp­to­graph­ic secu­ri­ty will prove to be for­eign gov­ern­ments. I have writ­ten a piece, which actu­al­ly LA Times pub­lished a ver­sion of which is in the mate­ri­als, which takes on a com­plete­ly dif­fer­ent look at these issues. Approaches it from a ques­tion of real­ly is the net a proof against reg­u­la­tion? Is it some­how going to— I think I accused John Perry Barlow in one of our debates of being an Internet lib­er­a­tion the­olo­gian… Will the net set us free? And I think the answer is not. That for­eign gov­ern­ments will prove much more aggres­sive and much more imag­i­na­tive about reg­u­lat­ing the net than we imag­ine here because in fact gov­ern­ment and peo­ple share a lot of val­ues in the United States that aren’t shared in oth­er parts of the world. And so we will see much more aggres­sive reg­u­la­tion of encryp­tion and the net gen­er­al­ly in for­eign lands than we see here.

For the short term I think that the restraints on cryp­tog­ra­phy have…probably could be ordered as one, lack of cus­tomer inter­est; and two, the ITARs. That Americans sim­ply have have gen­er­al­ly not cho­sen secu­ri­ty if they had a trade­off con­ve­nience or price for that. And you can see that in cel­lu­lar phones, you can see that in portable phones, you can see that in com­put­er sys­tems.

I think that will change as dig­i­tal com­merce goes to the net. People are will­ing to put up with a lot of poten­tial risk to their pri­va­cy, but los­ing mon­ey is a dif­fer­ent thing, and when you cre­ate incen­tives for peo­ple to hack into com­put­ers that have dol­lar signs attached to them you’ll see a lot more of that going on. And so I think that we are prob­a­bly now, although peo­ple have been say­ing this since Marconi invent­ed the radio…we’re on the verge of wide­spread use of cryp­tog­ra­phy for indi­vid­u­als and busi­ness­es.

Policy changes. There’s an aspect that— As you all know, this cryp­to­graph­ic debate, it’s a lot like a bad mar­riage. People come to these con­fer­ences and say the same thing over and over again. Nobody seems much to come away per­suad­ed. I think the one area…the one new idea that is tick­ing around in this area that has some prospect for cre­at­ing com­mon ground has to do with pri­vate key escrow. I don’t think there’s any­body who thinks that’s their first choice, but it serves some val­ues for every­one involved. Phil Zimmerman was telling me he got a call from an execu­tor of an estate who… He had used PGP to encrypt a bunch of files and the ques­tion was, Well how can we find out what they say?” And answer was you can’t.”

I think indi­vid­u­als will want to have a way to recov­er keys. Businesses, there’s been a whole process… You can trace the cryp­to­graph­ic debate run­ning from a time when only NSA real­ized that there was a fun­da­men­tal con­flict between the impor­tance of main­tain­ing secu­ri­ty and the impor­tance of being able to undo it. To the FBI wak­ing up to that prob­lem. To I think busi­ness­es wak­ing up. As they start to imple­ment cryp­tog­ra­phy they real­ize that it won’t always be used by employ­ees in the com­pa­ny’s inter­ests. To indi­vid­u­als begin­ning to won­der whether they real­ly want strong cryp­tog­ra­phy, and unbreak­able cryp­tog­ra­phy, unre­cov­er­able keys. That’s not our… I don’t think every­body’s inter­ests there are iden­ti­cal, but at least it’s a new idea in the debate that’s real­ly worth explor­ing.

Finally, on the advice that I would give to some­one who want­ed to have secure com­mu­ni­ca­tions I’d give two answers. As a prac­ti­cal mat­ter, I actu­al­ly think that the eas­i­est thing to do would be to use 40-bit RC4. And I rec­og­nize that there are peo­ple who will say that it is triv­ial to break. I think those are prob­a­bly not peo­ple who’ve tried to break it often.

And I guess I would say that you know, com­put­er secu­ri­ty guys gen­er­al­ly mea­sure them­selves against Kevin Mitnick. It’s only the math­e­mati­cians who mea­sure them­selves against Fort Meade. And that results in a kind of skew­ing of the sense of what sort of secu­ri­ty is nec­es­sary cryp­to­graph­i­cal­ly com­pared to oth­er things. The fact is, the only rea­son to use cryp­tog­ra­phy is to raise the cost of inter­cept­ing and decrypt­ing your mes­sage above the cost of brib­ing your clean­ing lady. And once you’ve done that, I think you’ve prob­a­bly done as much as cryp­tog­ra­phy can do. It’s got to be part of a whole scheme for deal­ing with secu­ri­ty. And there are many holes in peo­ple’s secu­ri­ty that don’t have any­thing to do with cryp­tog­ra­phy, and my bet is that 40-bit RC4 is prob­a­bly the strongest part of almost any­body’s secure sys­tem. Thanks.

Froomkin: Thank you. Our next speak­er is Phil Karn. Phil Karn, who asked me to empha­size this iden­ti­fi­ca­tion is only for iden­ti­fi­ca­tion pur­pos­es and he’s speak­ing for him­self, is cur­rent­ly a staff engi­neer at Qualcomm. He’s also…not yet a plain­tiff in a law­suit that may soon be filed against the gov­ern­ment that he’ll be telling us about.

Phil Karn: Okay, good morn­ing. Thank you. I do appre­ci­ate this oppor­tu­ni­ty. As said in the intro­duc­tion I am not a lawyer. I’m here as an engi­neer who is deeply con­cerned about pri­va­cy and secu­ri­ty, and who over the last few years has been increas­ing­ly out­raged by the gov­ern­men­t’s treat­ment of one par­tic­u­lar­ly hero­ic per­son by the name of Phil Zimmerman, who has done prob­a­bly more than any­one else to bring cryp­tog­ra­phy to the mass­es. [applause] And I think I’m here large­ly because of that out­rage, and because of a case that I have start­ed that was just men­tioned that alludes to that. So first of all I’d like to answer the ques­tions that were posed, and then talk about the case that I’m involved in.

First of all, I think I would still say that the answer to the first ques­tion, the biggest sin­gle imped­i­ment, is in fact US export con­trols. They’re absolute­ly absurd—but I have to qual­i­fy that answer. That answer applies only to the good guys, okay. The bad guys right now can go out and get a copy PGP any­where they like and use it, and I’d be very sur­prised if they’re not, okay. So the answer to the first ques­tion posed to the pan­el real­ly has to be qual­i­fied by whether or not this applies to the good guys or bad guys, cause only the good guys fol­low the laws any­way when it comes to this, because it’s so easy to break them with­out any­thing hap­pen­ing to you.

So answer to the sec­ond ques­tion is obvi­ous: repeal US export con­trols on cryp­tog­ra­phy and stop harass­ing peo­ple who’re only try­ing to pro­tect their own pri­va­cy.

The answer to the third ques­tion has to depend on some­thing. It depends on whether or not I could be held crim­i­nal­ly liable for my answer. I talked to a few attor­neys who know export con­trol. They tell me that I could actu­al­ly be in vio­la­tion of the ITARs, thrown in jail, for telling a for­eign­er where he could get a copy of PGP on a machine in his own coun­try. That would be ren­der­ing tech­ni­cal advice relat­ed to a defense item, okay. I could be held crim­i­nal­ly liable for that. So If I ever tell a client in Italy, let’s say, that you can go to this site in a new machine in Italy and pick up a copy of PGP I could be thrown in jail for that. So my answer would depend on whether I could be held crim­i­nal­ly liable for what I say.

That’s obvi­ous­ly an absurd sit­u­a­tion. But assum­ing that I will not be held liable for what I would say I would say the answer’s obvi­ous. Right now if you want true pri­va­cy, and by that I mean pri­va­cy against the National Security Agency as best as we know, the answer’s clear­ly PGP. For now. And in the future I think you’re going to see that PGP is just the begin­ning of a wave of sim­i­lar prod­ucts that’re designed to give indi­vid­u­als the right to con­trol their own pri­va­cy. I am per­son­al­ly involved in an activ­i­ty with­in the Internet Engineering Task Force to stan­dard­ize pro­to­cols to secure the Internet. I am sick and tired of peo­ple like Kevin Mitnick. I’m sick and tired of the FBI com­ing in and fight­ing a bat­tle, on my land, against peo­ple like Kevin Mitnick. I feel like…you know, an irri­tat­ed par­ent who would like to take two quar­rel­ing kids and bash their heads together—that’s exact­ly how I feel about the FBI and the hack­ers. And one of the things I real­ly like about cryp­tog­ra­phy, it seems to piss them both off even­ly, so it’s won­der­ful. [laugh­ter]

[Slides men­tioned are unavail­able]

So, with that I’d like to answer some of the com­ments made about about export con­trols. I’d like to have my first slide if I might. Okay. That seems to be the US gov­ern­men­t’s posi­tion on export con­trols when­ev­er you try to debate it with them. I don’t know how to deal with an answer like that. Unfort— I mean, I don’t know about all of you, but I’m old enough to remem­ber Vietnam and Watergate. It hap­pened at a very for­ma­tive time in my life when I was in high school, a very impres­sion­able time. I’ve nev­er for­got­ten that les­son. I would like to think that most Americans haven’t for­got­ten that les­son and I’m afraid they have. And unfor­tu­nate­ly argu­ments like this don’t car­ry the day, which is why they’re still made.

So, if I could have my next slide. I thought I might try a test case here to con­vince even the peo­ple who still believe that the gov­ern­ment might actu­al­ly know some­thing that it can’t tell us that’s a good rea­son for the deci­sions they made. I decid­ed I’d file a test case which involves this [thick­er?] book, Applied Cryptography by Bruce Schneier. I don’t get a cut out of this so I’m not, you know, I’m not doing this for my own finan­cial ben­e­fit here. I sim­ply think it’s an excel­lent text­book as an engi­neer who prac­tices in this field. Of par­tic­u­lar inter­est in this text­book is the last chap­ter, which con­tains quite a bit of source code, in C, ready to exe­cute if you type it in and use it. It pro­vides strong cryp­tog­ra­phy. There’s a cou­ple toy ciphers in here but there’s a cou­ple of real­ly good ones, too, includ­ing the IDEA tak­en right out of PGP. It’s the heart of PGP.

So, as I under­stand the International Traffic in Arms Regulations, the defense trade reg­u­la­tions, this book is a muni­tion, you know. I have to get per­mis­sion to export it from the coun­try. So I filed a for­mal request with the State Department to export this muni­tion, as I under­stand it. And back came a let­ter say­ing that well, This item’s in the pub­lic domain. It is not in in our licens­ing juris­dic­tion.

Well, great. The State Department still under­stands that the First Amendment pro­tects books. That’s won­der­ful. But they went on specif­i­cal­ly to say that that only applies to the book and not to the flop­pies that the book men­tions are avail­able from the author. Well this is very inter­est­ing. I mean sup­pose the flop­pies con­tain exact­ly the same infor­ma­tion, are you real­ly going to dis­crim­i­nate on the basis of media?

So I filed a sec­ond request, for this flop­py disk. It’s an exact copy of what is in the back of the text­book. Character by char­ac­ter. Okay. What did they do? They said sor­ry no, the flop­py is a defense arti­cle requir­ing a license for export. The book, con­tain­ing exact­ly the same infor­ma­tion is freely avail­able, freely exportable. The flop­py disk, which con­tains exact­ly the same infor­ma­tion byte by byte is not, it’s a defense arti­cle. Now you fig­ure that one out.

Next slide, please. I’ve appealed this case up through the admin­is­tra­tive lev­els… Oh I should point out that the main dis­tinc­tion they tried to draw in their let­ter was that I’d added val­ue to the files in the flop­py because they were sep­a­rat­ed into sep­a­rate files. And of course only Americans can type, so there’s sig­nif­i­cant val­ue added to some for­eign crim­i­nals here.

As I men­tioned I’ve tak­en this up to the admin­is­tra­tive lev­els. The first-level appeal was designed. The second-level is still pend­ing. And it looks like we’re going to court in a few months unless some­thing changes dras­ti­cal­ly.

And my last slide is a point­er to a web page with more infor­ma­tion on this sub­ject if you’re inter­est­ed. Thank you.

Froomkin: Thank you very much. Our next speak­er is—I believe it’s his first appear­ance at CFP although in some sense I think he’s no stranger to this group. It’s Steve Walker who is the President of Trust and Information Systems. He is for­mer­ly with the Defense Department and the National Security Administration for a grand total of twenty-two years. He tells me that it’s a great set of places to be from.

Stephen Walker: Thank you. Those of you who are con­cerned that there are four cur­rent or for­mer mem­bers of NSA here, I only say I’m much more con­cerned that I’m up here with four lawyers. But I guess we each have our own dev­ils.

What I want to talk— In try­ing to answer these ques­tions, the sin­gle most sig­nif­i­cant imped­i­ment I believe has to be the US export con­trol pol­i­cy. It’s per­fect­ly legal for us to use DES and oth­er encryp­tion here, but our friends at Microsoft and else­where don’t offer it. The rea­son they don’t offer it isn’t cause they don’t want to give us good stuff. It’s that they can’t export it to half of their mar­ket. And there­fore, effec­tive­ly we don’t have it avail­able to us, even though it’s legal. And I think that’s a seri­ous prob­lem. We have to find a way around that so that we can pro­tect our sen­si­tive infor­ma­tion. But, we have to take into con­sid­er­a­tion the inter­ests of law enforce­ment and nation­al secu­ri­ty, too.

What I want to talk about a lit­tle bit here is an effort that we have begun last year on…we call it com­mer­cial key escrow. There is a paper on this in the pro­ceed­ings and I com­mend it to your read­ing. Our main objec­tive in doing this, and I guess this is my answer to the sec­ond ques­tion, is to get good cryp­tog­ra­phy rou­tine­ly avail­able to any­one in America. It ough­ta be the default. It ough­ta come on your lap­top or on your work­sta­tion in such a way that you have to ask not to have a file encrypt­ed. If we could oper­ate in that man­ner, we would have very sig­nif­i­cant­ly reduced secu­ri­ty issues across the board.

But, in look­ing for ways to do this I par­tic­i­pat­ed some last year in dis­cus­sions with mem­bers of Congress on the Cantwell Bill, which was an attempt to say let’s change the rules. That’s a hard game to play. Congressmen don’t know any­thing about this and they’re being besieged by gov­ern­ment exec­u­tives and they’re being besieged by busi­ness­men and they decide, I’m gonna side with busi­ness exec­u­tives.” I can tell you sto­ries about that lat­er if you’d like.

We’ve got­ta find a way to relax this ten­sion that has grown up between the needs of the American pub­lic to pro­tect their sen­si­tive infor­ma­tion and the legit­i­mate needs of law enforce­ment and gov­ern­ments to under­stand the com­mu­ni­ca­tions of their adver­saries. And bad­ger­ing them, or blunt attacks on chang­ing the ITARs um…may get there some­day but I don’t think it’s gonna hap­pen any­time soon, prob­a­bly in part because it becomes a win/lose sit­u­a­tion and lots of folks don’t like to lose.

What we’re try­ing to do with exam­in­ing this key escrow set of ideas is come up with a win/win sit­u­a­tion if we can. The work we did began last May with as a tech­nol­o­gy exper­i­ment to say can you build a soft­ware ver­sion of Clipper?” We did. We showed it to the gov­ern­ment and we showed it to a lot of indus­try. Pretty much gen­er­al agree­ment we had suc­ceed­ed in that. The prob­lem of course is peo­ple did­n’t like Clipper so they don’t real­ly want a soft­ware Clipper, either.

So, we decid­ed to change attack and say well, is there some­thing that peo­ple do want? There’s been a lot of ref­er­ences to this even this morn­ing. Emergency data recov­ery. You’ve encrypt­ed some­thing and you lost the key. Or you encrypt­ed some­thing and you came out here to this con­fer­ence and your boss needs it. How does he get it? Some means of emer­gency data recov­ery. And that’s real­ly the focus for the activ­i­ty. We real­ized in the course of that that if we came up with some­thing that was owned by com­pa­nies, run by com­pa­nies for their own pur­pos­es, that law enforce­men­t’s inter­ests could be helped great­ly, with­out any change in any rules, with­out any changes in leg­is­la­tion. Simply through the process of the search war­rant that we already are sub­ject to.

Notice in our dis­cus­sion of this, there are no. gov­ern­ment. data­bas­es. of escrow keys. Indeed, there are no data­bas­es of escrow keys at all. The sys­tem is entire­ly vol­un­tary and the moti­va­tion for using it is that you need emer­gency recov­ery of some sort. The intent is that com­pa­nies and orga­ni­za­tions would run their own data recov­ery cen­ters for their own pur­pos­es, and that indi­vid­u­als would be able to sub­scribe to ser­vices that might be pub­licly avail­able.

We are now seek­ing approval from the gov­ern­ment for the export of good cryp­tog­ra­phy, read that DES or equiv­a­lent, when com­bined with com­mer­cial key escrow. There are rumors float­ing around minute by minute of progress in this area. I’m not gonna make any pre­dic­tions on that. The focus of our work now is on file stor­age and email. I believe the tech­nol­o­gy will work equal­ly well in gen­er­al com­mu­ni­ca­tions encryp­tion and in tele­pho­ny, but the moti­va­tion for why one would want data recov­ery cen­ters for tele­pho­ny out­side of the gov­ern­ment inter­est just don’t seem to be there. We are now work­ing with soft­ware and hard­ware ven­dors to fig­ure out ways to include com­mer­cial key escrow into their prod­ucts, and we hope there’ll be some announce­ment in that area very soon.

We’re try­ing to solve prob­lems for the aver­age busi­ness and the aver­age indi­vid­ual, by allow­ing rou­tine capa­bil­i­ties to pro­tect their sen­si­tive infor­ma­tion. I will say we’re not try­ing to solve every­body’s prob­lems, though. Two weeks ago I briefed Jerry Berman’s dig­i­tal secu­ri­ty and pri­va­cy work­ing group, and there were ques­tions from the audi­ence that wait a minute, you’re mak­ing it too easy for law enforce­ment to get my stuff.” Well if your stuff is rou­tine­ly avail­able in the clear now, no we’re not mak­ing it too easy. If you in fact con­tract that with some gov­ern­ment key escrow sys­tem where the gov­ern­ment has the keys, no this is not any­where near as easy as that.

However, if your con­cern is that the gov­ern­ment, act­ing in any legal man­ner, can get at your data if you use this sys­tem, then my advice to you—and I guess this is answer­ing the third question—is…don’t use this sys­tem. In fact don’t use any com­mer­cial sys­tem because the gov­ern­men­t’s going to be able to get your stuff if they real­ly choose to.

I want to close with a cou­ple of com­ments. This is in fact a pri­vate sec­tor ini­tia­tive. There are peo­ple who are say­ing this is Clipper Two or this is the gov­ern­ment about to impose yet anoth­er ver­sion of key escrow on us. This is a pri­vate sec­tor ini­tia­tive designed to make encryp­tion avail­able for pri­vate use. The gov­ern­ment has no invest­ment in this. We’ve asked them to review it rel­a­tive to export con­trol but it’s going to become avail­able any­way.

I have a very small num­ber of write-ups here, that I’ll be glad to give away because I don’t want to take them back, about where we are. I’d be glad to sup­ply you with this if you in fact don’t have enough here. And I’ll be around to talk about it lat­er if you’d like. Thank you very much.

Froomkin: Our next speak­er’s also from the pri­vate sec­tor. It’s Ira Rubinstein, the Senior Corporate Attorney for Microsoft. He want­ed me to say that one of his claims to fame is that he went to Yale Law School with Ron Lee.

Ira Rubinstein: Good morn­ing. I’ve been involved for sev­er­al years in indus­try efforts to lib­er­al­ize export con­trols, and what I’ll try to do is to bring a very com­mer­cial per­spec­tive to the pan­el’s dis­cus­sion.

I think it’s pret­ty clear that the strongest imped­i­ment to secure inter­na­tion­al com­mu­ni­ca­tions has been export con­trols. Without those con­trols, American soft­ware com­pa­nies would’ve long ago imple­ment­ed pub­lic key and strong encryp­tion algo­rithms. With those con­trols that has not hap­pened.

I dis­agree strong­ly with Steve Baker’s obser­va­tion, and he knows this because we’ve had this dis­cus­sion before, that there’s a lack of cus­tomer demand that accounts for the absence of secu­ri­ty fea­tures. Any com­pa­ny in the last sev­er­al years that’s been in the client/server are­na has con­stant­ly heard from cus­tomers that in order to down­size to client/server solu­tions they need secu­ri­ty. And the rea­son that American com­pa­nies have not offered secu­ri­ty is not lack of cus­tomer demand. It’s real­ly more a mat­ter of dis­tri­b­u­tion chan­nels. Most American com­pa­nies are not will­ing to offer a dual-product strat­e­gy where they have a prod­uct in the US and a sep­a­rate prod­uct abroad. Because the dis­tri­b­u­tion chan­nels don’t allow that to hap­pen with­out impos­ing a great deal of cost. Product is dis­trib­uted pre­loaded on machines, those machines go any­where in the world. You can’t force the com­put­er man­u­fac­tur­ers to only ship a machine with an American prod­uct to cer­tain mar­kets and with any oth­er prod­uct to only those mar­kets. Increasingly prod­uct is dis­trib­uted on CD-ROM in mul­ti­ple lan­guage ver­sions. Once again, it would be pro­hib­i­tive to try to track where each CD-ROM goes so that you can offer the dual-product in just the mar­ket that would accept it.

What cus­tomers do want is inte­grat­ed, easy-to-use, con­ve­nient secu­ri­ty, and that’s what American com­pa­nies have not been able to offer because of export restric­tions.

As to the sec­ond ques­tion of the fea­si­ble pol­i­cy change and a path to imple­ment that, I think clear­ly the sin­gle most impor­tant change that could occur is a change in the export laws. But whether that’s fea­si­ble is anoth­er mat­ter. For sev­er­al years now the soft­ware indus­try has pushed for leg­is­la­tion to change the export rules. I think it was back in 91 there was the Levine amend­ment and more recent­ly the Cantwell pro­vi­sions. Those leg­isla­tive efforts have not been suc­cess­ful. There’s been one major change in admin­is­tra­tion rules, the July 1992 agree­ment that result­ed in the iden­ti­fi­ca­tion of a suite of algo­rithms that if you…the 40-bit algo­rithms that if you designed to you could be rea­son­ably assured of rapid export approval. And I think it’s very inter­est­ing to note that as soon as that rule was enact­ed, or pro­mul­gat­ed, soft­ware com­pa­nies respond­ed and we now see a large num­ber of prod­ucts with secu­ri­ty fea­tures designed around those stan­dards. So I would main­tain, and this is where Michael and I will dis­agree, that if those rules were changed again and the key length was expand­ed to 48 or 56 or 64 bits, com­pa­nies would react very swift­ly and put out prod­ucts that met those new cri­te­ria.

There’s been talk by sev­er­al pan­el mem­bers about pri­vate key escrow ini­tia­tives. The Cantwell Bill died last sum­mer main­ly because Congress has been unable and unwill­ing to pass a new export admin­is­tra­tion act for many years now and the Cantwell Bill went down in defeat with that bill—not real­ly in defeat because it nev­er even went to the floor. But at that time, as some of you may know, Vice President Gore issued a let­ter to Maria Cantwell in which he laid out some prin­ci­ples for pri­vate key escrow. They includ­ed that the pri­vate key escrow sys­tem would have to be imple­mentable in soft­ware or hard­ware, would have to use non-classified algo­rithms. It would have to be voluntary—and I think indus­try inter­prets that to mean vol­un­tary in the sense that non-escrow alter­na­tives would remain avail­able as well. And it would have to be exportable.

Whether that will lead to a solu­tion at this point is very dif­fi­cult to say but I’d like to make two obser­va­tions. One is that there will have to be suf­fi­cient com­mer­cial demand for key escrow, or as Steve calls it data recov­ery, in order for that solu­tion to take off. Without com­mer­cial demand it sim­ply won’t hap­pen because it would require a great deal of work on the part of com­pa­nies to imple­ment these fea­tures, and if cus­tomers are sim­ply not inter­est­ed in it then it won’t hap­pen. The mar­ket for it won’t grow.

But even more than that, I think it’s got to be viewed as a long-term solu­tion because there’s got­ta be a legal frame­work in place in order for this to work. There has to be a clear sense of…where keys can be deposit­ed, what it means to deposit them in a com­mer­cial sense, who bears lia­bil­i­ty if keys are…you know, if the escrow agent who is a fidu­cia­ry with respect to those keys abus­es that duty or fails to ade­quate­ly pro­tect the keys, and so on and so forth. And with­out that struc­ture not only in the United States but inter­na­tion­al­ly, this is sim­ply not gonna hap­pen. Because it won’t be enough for the admin­is­tra­tion to announce a set of cri­te­ria unless there’s an infra­struc­ture in place not only in the US but abroad as well. Because after all, the impe­tus for this is relief on the export side. But if there’s no infra­struc­ture avail­able in for­eign juris­dic­tions, then it’ll be rather mean­ing­less to begin sell­ing that prod­uct abroad.

On the last point I guess I agree with both Michael and Phil in terms of how to com­mu­ni­cate secure­ly at this time. You could cer­tain­ly import for­eign DES box­es, or you could by a wink and a nod indi­cate where your for­eign coun­ter­part might find PGP. But I think both of those sug­ges­tions point out some of the absur­di­ties of cur­rent export rules. Why is it that an American com­pa­ny has to import for­eign DES box­es in order to achieve secu­ri­ty among its multi­na­tion­al sub­sidiaries? Clearly that indi­cates that the tech­nol­o­gy is read­i­ly avail­able abroad. And what’s the sense ITAR rules that would make it a crime as still sug­gest­ed to tell some­one where they can find PGP when the tech­nol­o­gy is read­i­ly avail­able and eas­i­ly down­load­able.

Froomkin: Thank you very much.

Our next speak­er is Ron Lee, who’s the cur­rent gen­er­al coun­sel for the National Security Administration hav­ing suc­ceed­ed—

Ron Lee: Agency.

Froomkin: Sorry, agency. The NSA. Among his many many accom­plish­ments on his illus­tri­ous resume he tells me the one he want­ed me to men­tion was that he was a Rhodes Scholar at Oxford—perhaps some­thing he has in com­mon with the President. Ron?

Lee: Perhaps the best way to intro­duce myself is to tell you that like you I did­n’t go to Woodstock, either. But the rea­son was I was too young and it was past my bed­time.

Before I get to the sin­gle biggest imped­i­ment I want to set the stage a lit­tle bit by point­ing out that we’ve all focused on the word secu­ri­ty” as focus­ing on one aspect of the uses of cryp­tog­ra­phy that Willis Ware talked about. Security has many aspects, as you saw from his talk. We’re focus­ing this morn­ing, and quite prop­er­ly so, on the con­fi­den­tial­i­ty or encryp­tion aspect, but there are oth­er equal­ly valid and impor­tant uses for it which are nec­es­sary to build the glob­al infor­ma­tion infra­struc­ture. And those of course would include and non­re­pu­di­a­tion and dig­i­tal sig­na­ture and authen­tic­i­ty. All of that suite of fea­tures that you need to have. And I would sub­mit that for many busi­ness­es who are try­ing to fig­ure out how to get involved and how to reach cus­tomers, these are as impor­tant or more impor­tant than the issue of how to secure their data.

So with that com­ment in mind, let me say that I think right now the sin­gle biggest imped­i­ment to secure inter­na­tion­al com­mu­ni­ca­tions is the roman­tic myth, or almost the rever­ie, that the devel­op­ment of cryp­to­graph­ic stan­dards and imple­men­ta­tions, both in the United States and abroad is some­how an irre­sistible tide of free­dom sweep­ing out from the mass­es that no government—either the US or foreign—that no gov­ern­ment can or should con­trol. And this cer­tain­ly has a strong appeal to it. But I think it flies in the face of facts.

The fact is that nation-states do have a strong and endur­ing inter­est in the uses of cryp­tog­ra­phy. Both his­to­ry and the present sit­u­a­tion prove that cryp­tog­ra­phy affects every nation’s mil­i­tary, polit­i­cal, eco­nom­ic, and tech­no­log­i­cal secu­ri­ty. And I don’t think it’s an over­state­ment to say that no nation-state is going to advo­cate con­trol of cryp­tog­ra­phy, includ­ing encryp­tion and con­fi­den­tial­i­ty func­tions, to out­side or domes­tic forces.

Having said that let me try to iden­ti­fy some of the inter­ests that a state, includ­ing the US, would have. From the US per­spec­tive those would be pro­tect­ing the pri­va­cy of Americans; pro­tect­ing both busi­ness and—importantly—government insti­tu­tions against hos­tile for­eign intel­li­gence threats and oth­er threats to their infor­ma­tion; pro­tect­ing law enforce­ment access to com­mu­ni­ca­tions, where law­ful­ly autho­rized; and then pre­serv­ing nation­al secu­ri­ty capa­bil­i­ties. Those are things that all have to be fac­tored into the debate. And if we’re going to move this debate for­ward, which we must and have to, I believe we have to over­come that myth.

My sec­ond answer…to answer the sec­ond ques­tion, fol­lows from what I just said. Which is that cryp­tog­ra­phers, soft­ware man­u­fac­tur­ers, every­one who’s involved in the com­mu­ni­ty, needs to—and Steve Walker’s begun that process—needs to come for­ward with pro­pos­als that rec­og­nize the state’s inter­est and then work with the gov­ern­ment to eval­u­ate and improve their pro­pos­als. The Vice President in the let­ter to Congresswoman Cantwell has laid out the cri­te­ria for a key escrow pro­pos­al that we need to meet. And that process of work­ing with indus­try is going on and will con­tin­ue.

This process, though, is not lim­it­ed to the United States. And so we should­n’t assume in kind of a US-centric way that we’re the only ones who mat­ter, we’re the only coun­try that has to go through this. Every oth­er coun­try that is going to face the encryp­tion issue needs to go through this as well. And nation­al cul­tures, polit­i­cal process, con­sti­tu­tion­al val­ues, all the things that are unique to a nation-state are going to shape that process. And then once that weigh­ing process is tak­ing place, and this is gonna come back to the pol­i­cy issue here, how it all is put togeth­er. How wide­spread cryp­tog­ra­phy is use. How well the sys­tems oper­ate. That’s all going to depend on some of the things the oth­er pan­elists have talked about. Personal pref­er­ence, polit­i­cal will in each coun­try, and of course tech­no­log­i­cal devel­op­ment.

Let me just that com­ment briefly on the third point, what would I rec­om­mend if some­one wants to com­mu­ni­cate with a for­eign coun­ter­part abroad. The first point is I would tell them to learn about what the for­eign threat is. You have to know what you’re try­ing to pro­tect your­self against before you go out and pro­tect it. The NSA, actu­al­ly, through the direc­tor and oth­er gov­ern­ment agen­cies, have reached out to talk to pri­vate indus­try to tell them a lit­tle bit about what the for­eign intel­li­gence threat is. I’ve par­tic­i­pat­ed in the Overseas Security Advisory Council, which is a Department of State group which any busi­ness or indus­try that has sig­nif­i­cant oper­a­tions abroad is wel­come to join and par­tic­i­pate in.

But on the oper­a­tional side, I would say per­haps the obvi­ous to you, which is use an encryp­tion prod­uct that’s been approved for export from the United States. [some audi­ence laugh­ter]

Let me respond briefly to some­thing Phil said, which is Phil’s first slide was his effort to debunk the if you only knew” state­ment. One of the main activ­i­ties going on this week of course is the NRC Committee, which is here. Several of its members—Herv Lin and oth­ers are receiv­ing input through the Birds of a Feather ses­sions and so on. And of course there is that seg­ment of that com­mit­tee that will receive the appro­pri­ate infor­ma­tion, and it will enable them to real­ly study the [?]. They’ve put a lot of resources into it and they will be able to come up with a con­clu­sion that I think will address some of the pro­ce­dur­al con­cerns that Phil had. This has been done in the past but I think that this is an impor­tant step in get­ting the appro­pri­ate peo­ple involved in the process.

Froomkin: If we only knew. [audi­ence laugh­ter] Thank you. I apol­o­gize for that remark. A lit­tle.

Last but cer­tain­ly not least we have Tim May who’s a cofounder of the cypher­punk group and was for­mer­ly with the Intel cor­po­ra­tion.

Tim May: Thank you Michael. My only point will be you would sup­port my posi­tion if you only knew what I knew. [some audi­ence laugh­ter and applause]

Seriously. I think Stewart Baker was cor­rect in his writ­ten com­ments that the issues need to be raised and a debate needs to hap­pen. I believe an impor­tant phase change in the struc­tures of soci­ety around the world is com­ing. It has its neg­a­tive con­no­ta­tions, it has pos­i­tive con­no­ta­tions. I don’t wan­na ram­ble off on a bunch of tan­gents about the polit­i­cal issues and long-range issues, but I do think this is very impor­tant and I think the pub­lic debate about cryp­tog­ra­phy is very healthy for the coun­try.

Somehow my three answers to Michael’s ques­tions got fold­ed in, edit­ed in, to his list­ing of the ques­tions. So you can see them pret­ty clear­ly.

The sin­gle biggest imped­i­ment to secure inter­na­tion­al com­mu­ni­ca­tions I believe is basi­cal­ly igno­rance. It’s cus­tomers not ask­ing for soft­ware. I’m inter­est­ed to hear that cus­tomers are ask­ing. Most peo­ple I know—end users, not cor­po­rate cus­tomers but end users of dif­fer­ent systems—are pret­ty much unaware of what’s hap­pen­ing, and they’ve got­ten intrigued by PGP. MailSafe, for exam­ple, which I had from RSA Data Security. I actu­al­ly bought and paid for a copy from Jim some years back. I could nev­er find any­body to com­mu­ni­cate with. [audi­ence laugh­ter] [laugh­ing:] Nobody else had a copy of it, so I could­n’t send secret decoder mes­sages to any­one.

PGP changed that as a com­mu­ni­ty. For com­mu­ni­tar­i­an rea­sons it spread very wide­ly and has been inter­est­ing.

So I think if prod­ucts could be inte­grat­ed into things like Lotus Notes and Microsoft Word, Microsoft Network, NCI network—whatever’s com­ing, so peo­ple could just click on but­tons and get cer­tain fea­tures, then this will be a major suc­cess. To the extent that’s not hap­pen­ing because of ITAR rules I’m sure that’s an issue.

Anyway, the thing I want to talk about before my time runs out is I men­tioned multi­na­tion­als. There are two sizes of multi­na­tion­al com­pa­nies, inter­na­tion­al com­mu­ni­ca­tions. Big ones like Intel and Lockheed and Apple. And they’ve got cer­tain rules—they’ve got to play by the rules. Whit Diffie made an excel­lent com­ment a cou­ple of years ago to the extent that the war on drugs was large­ly suc­cess­ful against big com­pa­nies because you could tell Lockheed that if they don’t start drug test­ing and what­not you could fine them and penal­ize them and do all sorts of things. But small lit­tle com­pa­nies, small lit­tle enter­pris­es, aren’t affect­ed by these rules.

Nicholas Negroponte has a posi­tion that’s very sim­i­lar to the posi­tion many of us have had which is that we’re going to see a huge increase in the num­ber of fam­i­ly multi­na­tion­als. This is the moth­er’s in Hong Kong, the father’s in Paris, the broth­er and the son are in the US. It’s not clear where their income is local­ized, it’s not clear where their assets are, and they’re cer­tain­ly not going to be restrict­ed in the forms of com­mu­ni­ca­tion they use. They may use code books, things that essen­tial­ly can’t be stopped.

Or they’ll use PGP. I mean, it’s triv­ial to get PGP out of the coun­try. There’s a run­ning bet in the com­mu­ni­ty as to how many hours it takes to get a new ver­sion now. And this— [audi­ence laugh­ter] I’m not say­ing I would do it, I’m just say­ing that it gets out, fast. It can’t be stopped. The bor­ders are trans­par­ent. I car­ried sev­en giga­bytes of data to Monte Carlo recent­ly to talk to cryp­tog­ra­phy peo­ple over there. Seven giga­bytes on opti­cals and DATs. There’s no way to stop me. There’s no way to stop any­thing. This is the phase change that’s com­ing. I don’t demo­nize the NSA, as I think they did a great job help­ing to win the Cold War and I think they deserve a round of applause and [pan­el mem­ber laughs] Not clear what the future mis­sion will be in a world of trans­par­ent bor­ders— [record­ing cuts out on May’s pre­sen­ta­tion]

A. Michael Froomkin: —con­ver­sa­tion. And pre­ced­ing that assump­tion, before I go to ques­tions from the floor, which we will def­i­nite­ly do, I want to throw a few point­ed ques­tions at a few mem­bers of the pan­el. I courage oth­er peo­ple to fol­low up if they would like to do so.

I think my first ques­tion’s for Stewart Baker. This is real­ly a ques­tion that ought to be addressed to Ron Lee but he can’t talk about it because it’s the sub­ject of cur­rent or future lit­i­ga­tion. So you’re the best-placed per­son to say the things he could nev­er say.

How on Earth can the United States gov­ern­ment jus­ti­fy deny­ing Phil Karn’s request? What’s the log­ic behind that? The book is out. What’s wrong with the flop­py disk?

Stewart Baker: Yeah I think the best stab I can take at it is this. In 1975, if you had asked NSA or most gov­ern­ment offi­cials about the clas­si­fi­ca­tion sta­tus of cryp­tog­ra­phy, they would have said it’s equiv­a­lent to nuclear tech­nol­o­gy. It is so impor­tant to the nation­al secu­ri­ty that peo­ple who research it, who come up with ideas relat­ing to cryp­tog­ra­phy, new crypt­an­a­lyt­ic attacks or new cryp­to­graph­ic tech­niques, are engaged in clas­si­fied research whether they know it or not, and they should not be releas­ing it to the pub­lic with­out talk­ing to the gov­ern­ment first about its nation­al secu­ri­ty con­se­quences. That was pret­ty much its sta­tus for export con­trol pur­pos­es.

In the late 70s, for a vari­ety of rea­sons, that became a very con­tro­ver­sial posi­tion. A lot of pri­vate sec­tor and aca­d­e­m­ic cryp­tog­ra­phers did not want to sub­mit to that kind of review and raised a First Amendment issue about aca­d­e­m­ic dis­cus­sions of cryp­tog­ra­phy.

It turns out that at least for the short term, or maybe the medi­um term, it is pos­si­ble to do a lot that pro­tects nation­al secu­ri­ty if you can restrict the spread of com­mer­cial­ized encryp­tion. It’s not a per­fect result but it is bet­ter than let­ting it go entire­ly. And I think that the— This is before my time at NSA, but I think that the final pol­i­cy deci­sion that was made some­time in the ear­ly 80s was to say for First Amendment rea­sons we have to give up on try­ing to reg­u­late what aca­d­e­mics say when they talk about cryp­tog­ra­phy. But we have to con­trol com­mer­cial cryp­tog­ra­phy.

Froomkin: But Phil has antic­i­pat­ed your reply in his slides. I mean, he claims that that answer is based on say­ing for­eign­ers can’t type.

[long pause; audi­ence laugh­ter]

Baker: I don’t think entire­ly that it is. The fact is that… We’ve heard a lot of peo­ple say they think that the exis­tence of export con­trols on strong cryp­tog­ra­phy has pre­vent­ed com­pa­nies from sell­ing it wide­ly. And as Tim said you know, if there isn’t some­body at the oth­er end, then you’re not as like­ly to use this stuff. And so restrain­ing the instal­la­tion of point-and-click DES encryp­tion prob­a­bly has meant that there are a whole lot less DES-encrypted trans­mis­sions in inter­na­tion­al com­mu­ni­ca­tions than there would be oth­er­wise. So I think it’s not a per­fect line. And I’m not speak­ing for NSA when I say this cause I was­n’t there when that deci­sion was made. I think if you take the view that as an effort to accom­mo­date the First Amendment peo­ple said, Well why don’t we try this line: com­mer­cial, no; aca­d­e­m­ic, yes,” the dif­fer­ence between a book and a disk begins to make sense. It’s not per­fect by any means. But I think if you’re try­ing to get a sense of why this might seem like a sen­si­ble dis­tinc­tion, that’s the best I can do.

Froomkin: Want to say any­thing? You want to add or sub­tract to—

Tim May: Yeah, I just want­ed to add that—Ira may prove me wrong on this, but I think com­pa­nies that make com­mer­cial software…you know, encryp­tion or what­ev­er [?], are going to be quite reluc­tant to take the crown jew­els of their cor­po­ra­tions and just…publish them in a book so that Phil and his nimble-fingered friends can type it in.

Phil Karn: Of course there is some­thing that I don’t think was actu­al­ly antic­i­pat­ed by peo­ple who made this dis­tinc­tion between com­mer­cial soft­ware and aca­d­e­m­ic dis­cus­sion is the rise of free soft­ware, which PGP is prob­a­bly the best exam­ple. I’ve writ­ten cryp­to­graph­ic code; as far as I’m con­cerned it’s in the pub­lic domain. I put it out there because I think it actu­al­ly facil­i­tates those who were, you know, inter­est­ed in aca­d­e­m­ic dis­cus­sion. I mean, a lot of peo­ple give away source code because it is a very pow­er­ful instruc­tive tool. Stewart and I had a con­ver­sa­tion about this last night at din­ner, where he was ask­ing why would I ever want to give away source code? What instruc­tion­al val­ue is there to that? It was obvi­ous just from the ques­tion he’s not a pro­gram­mer. [audi­ence laugh­ter and clap­ping]

Froomkin: Anyone else want to jump in or…deploy my next cool ques­tion. I guess my next cool ques­tion is actu­al­ly for Phil. It’s an equal oppor­tu­ni­ty process.

Do you ever wor­ry about the con­se­quence— We have peo­ple from the gov­ern­ment here, at pre­vi­ous con­fer­ences, who tell us in all seri­ous­ness that they have thought real­ly hard about the nation­al inter­est, and they’re try­ing to the best thing giv­en what they know, and bad things will hap­pen if this stuff gets out. Do you ever lie awake at night wor­ry­ing that there might be some truth to it, you’re con­tribut­ing to some bad thing hap­pen­ing if win your case?

Karn: Actually I have to say yes. I do wor­ry about that, okay. I mean I have to be hon­est about it. All tech­nol­o­gy can be used for either good or bad. That’s not just true with cryp­tog­ra­phy, I’ve been very active in the Internet for the last ten years. I’ve helped devel­op a lot of tech­nol­o­gy along with many oth­er peo­ple. For all I know Saddam Hussein used it in the Gulf War. I mean that would explain some of the sil­ly rules we saw after the fact about con­trol­ling Internet routers; anoth­er tech­nol­o­gy that’s out of the barn.

So any tech­nol­o­gy can be abused, not just for cryp­tog­ra­phy and yeah, I am con­cerned about that but I also real­ize I can’t do much to stop it it. All I can real­ly do is make sure the good guys also have it.

Froomkin: Anybody else wan­na…?

Tim May: I’d like to make one com­ment. I think some­day I’m gonna wake up, turn on CNN, and hear that some Eastern European city or Middle Eastern city has just been nuked, maybe with a fiz­zle nuke. And I think that’s like­ly to hap­pen. And I’m not too wor­ried about it. And I know that sounds cal­lous. I like mak­ing out­ra­geous cal­lous remarks. But the world is much safer. There’s almost zero like­li­hood of a glob­al ther­monu­clear war, which to me is a very good thing. The weapon stock­piles are grad­u­al­ly decay­ing, at least the Russian ones are. We think.

Some ter­ror­ism will occur. I don’t sup­port any kind of ter­ror­ism but I think if you look at the num­ber of peo­ple who die in ter­ror­ist attacks, it’s rel­a­tive­ly small and it’s not—to me—sufficient grounds for sup­press­ing free and open soci­eties. And I hope we don’t see any­thing of that sort. [applause]

Froomkin: The ref­er­ence to Saddam Hussein sort of rais­es a ques­tion I think has to go to Steve Walker. And as I under­stand your pro­pos­al, you want to help pro­duce shrink-wrapped prod­ucts which are exportable, which are going to pro­vide strong encryp­tion with vol­un­tary escrow where the users get to choose who’s going to hold the escrowed mate­r­i­al, who’s going to have the data recov­ery cen­ter.

So if Saddam Hussein wants to set one up, he can do that. And the sys­tem will be ful­ly func­tion­al. And the good guys, as we’ve been call­ing them, are prob­a­bly not gonna find it very easy to serve a war­rant on Saddam.

Now, giv­en that’s the situa—if that’s the cor­rect descrip­tion of the tech­ni­cal sit­u­a­tion, why would the United States gov­ern­ment give you export per­mis­sion? What’s in it for them?

Stephen Baker: Well in real­i­ty Saddam Hussein and the ter­ror­ists and all can in fact get any­thing they want now. In real­i­ty you can’t sell…any­thing to Iraq because of embar­go.

Froomkin: [indis­tinct]

Baker: There are rules that say you can’t send to terrorist-supporting coun­tries and to the for­mer Soviet Bloc or what­ev­er. So those rules will still apply. The fact is that ter­ror­ists can get any­thing they want, and they do. It is only real­ly that good guys in the United States and in oth­er coun­tries that are the ones that are los­ing here. The ones that abide by the rules are the ones that have no encryp­tion to pro­tect their infor­ma­tion now. So I believe it’s real­ly a spe­cious argu­ment. I don’t think ter­ror­ists are going to use commercially-available prod­ucts with key escrow or with­out key escrow, I think they’re going to do their own thing because they don’t want to fear that they can be ripped off.

And so I mean… Why would the US gov­ern­ment to approve this? In fact I think if the US gov­ern­ment thinks this through for law enforce­ment inter­ests and for nation­al secu­ri­ty inter­ests they’re going to be bet­ter off if there is a wide­spread use of some sen­si­ble key escrow approach than if there’s just a pro­lif­er­a­tion of thou­sands of ad hoc solu­tions for which they will nev­er have a chance of ever recov­er­ing any­thing. And so I don’t think it’s the fact that the ter­ror­ists might use it that’s going to dis­suade them. It’s the ben­e­fit to the over­all com­mon good. In the paper that is in the pro­ceed­ings I go through an analy­sis of the var­i­ous alter­na­tives to this. And the pro­lif­er­a­tion of thou­sands of ad hoc prod­ucts makes law enforce­men­t’s job vir­tu­al­ly impos­si­ble in this area. And I think it’s actu­al­ly a pos­i­tive ben­e­fit they’re going to get from that that out­weighs any pos­si­ble ter­ror­ist prob­lems.

Froomkin: Anybody else? Phil’s try­ing to—

Karn: Yeah, I want­ed to speak to the top­ic of soft­ware key escrow, because I’m not sure we actu­al­ly need a whole new prod­uct to sup­port this. I’d like to make a pro­pos­al in the spir­it of vol­un­tary soft­ware escrow. Those who use PGP know that it has a fea­ture in which you can encrypt to mul­ti­ple recip­i­ents. Well, I would like to offer Mr. Lee here to give me a PGP key with NSA’s name on it, show me that it’s real­ly his. I will be glad to sign it. My key is wide­ly signed signed in the PGP data­base. You put it out on the data­base, let the whole world have it. Anybody who wish­es to vol­un­tar­i­ly escrow their com­mu­ni­ca­tions with the NSA sim­ply has to include the NSA’s key in their mail. I think the prob­lem is solved. [applause]

Froomkin: Ron, you want to take that offer?

Ron Lee: Yeah, if you’re an American we don’t want your key. [laugh­ter]

Karn: I’m giv­ing you an invi­ta­tion.

Froomkin: You have any­thing else you want to add besides that or…

Well let me throw one last ques­tion out before we turn it to the audi­ence. And this I guess is real­ly for Ron to the extent that you can speak to it, which is… I guess it’s a two-part ques­tion. First, how far does the genie have to be out of the bot­tle before the United States gov­ern­men­t’s will­ing to rec­og­nize that some­thing’s exportable? And why isn’t DES there, yet?

And in a sim­i­lar vein, the NSA recent­ly took a very pub­lic posi­tion in front of the X9 Secretariat against Triple DES. Why is the NSA stand­ing in the way of the bank­ing com­mu­ni­ty’s desire for ultra-secure com­mu­ni­ca­tions when in the past it was sup­port­ive of the desire to have DES even when it was­n’t going to give it to oth­er peo­ple? So, they’re relat­ed… To the extent you can what can you tell us about those things?

Lee: Yeah, on the first one this sort of gets back to a point that I think Steve made. You sort of look at what is a best-case or worst-case or second-order solu­tion. Perhaps the worst thing to have out there would be to have a world of uni­form, wide­spread encryp­tion that does not pro­vide law enforce­ment and nation­al secu­ri­ty with what it needs. But it’s not clear to me that it would be so hor­ri­ble to have a mul­ti­tude of non-interoperating sys­tems out there. Because you know, peo­ple who are the tar­gets of for­eign intel­li­gence make mis­takes. They don’t always use cryp­tog­ra­phy for all the rea­sons that have been explained. So again, it’s not clear that the solu­tion is all or noth­ing.

On the oth­er point about Triple DES, what I’m will­ing to say is that the process of decid­ing what the inter­na­tion­al stan­dard is for bank­ing is an ongo­ing process. As you know, the stan­dard will be up for renew­al. And I would pre­fer not to go into sort of the details of that deci­sion.

Froomkin: Well I think the audi­ence has been very patient. Let me start with Eric Hughes. We’ll go back and forth between the two sides.

Eric Hughes: I’m Eric Hughes. I have a small dia­logue I’d like to engage Ron Lee in. Because I’m feel­ing kind of stu­pid today. And…so let me make sure I under­stand your posi­tion. What you’re say­ing is that…you’re acknowl­edg­ing I think that the peo­ple of the United States and cit­i­zens of the world want to use secure cryp­tog­ra­phy that allows them to choose who­ev­er they want to talk to, which does­n’t include the gov­ern­ment. Is that right? Is that what I heard you say?

Lee: I’m not sure I under­stand you, but—

Hughes You’re say­ing— Well I think I heard you say that there’s a large demand for secure cryp­tog­ra­phy by peo­ple of the world, like me and the rest of the peo­ple in this room who don’t work for the gov­ern­ment.

Lee: That’s right.

Hughes: Okay. And you’re also say­ing that there are nation­al secu­ri­ty and law enforce­ment rea­sons that aren’t being tak­en into account in the debate. Is that right?

Lee: Well I’m say­ing that the great­est obsta­cle to reach­ing an accom­mo­da­tion that gives most peo­ple and most inter­ests most of what they want—

Hughes: Well that’s the point I’ve been try­ing to make, is these inter­ests. These inter­ests are law enforce­ment inter­ests and nation­al secu­ri­ty inter­ests, right?

Lee: Right. Well I men­tioned the oth­er two, pri­va­cy for Americans and pri­va­cy for busi­ness­es—

Hughes: Okay okay. I’m just… I under­stand this. I’m get­ting to my point of…something where I’m real­ly, real­ly con­fused. So, you do acknowl­edge that we have a demo­c­ra­t­i­cal­ly run coun­try, right?

Froomkin: Cut to the chase. Cut to the chase.

Hughes: We’re get­ting there. You do acknowl­edge we have a demo­c­ra­t­i­cal­ly run coun­try right?

Lee: Have you been watch­ing the OJ tri­al too much.

Hughes: Yeah yeah, no I just— [laugh­ter]

Froomkin: Touché.

Hughes: What I want to know is that if we have a demo­c­ra­t­i­cal­ly run coun­try, and we have peo­ple who want to have secure cryp­tog­ra­phy, why is it that we have these oth­er inter­ests that seem not to be demo­c­ra­t­i­cal­ly con­trolled that seem to have become inde­pen­dent inter­ests con­trary to the will of the peo­ple, and hav­ing these inter­ests be per­ti­nent to this debate in any sense at all? Personally, I want to have a world with secure cryp­tog­ra­phy where no one can lis­ten to my con­ver­sa­tion unless I want them to. And I think this is what a lot of peo­ple want. And I think that these law enforce­ment needs are in fact not needs but in fact an attempt at a seizure of pow­er. So can you com­ment on that? [applause]

Lee: I cer­tain­ly would be delight­ed to. You are free to go out tomor­row and back what­ev­er polit­i­cal can­di­date you want, what­ev­er Constitutional amend­ments and ref­er­en­da you want to pro­mote. The sys­tem we have now—and I’m just stat­ing the fact—is one that invests the pow­er of gov­ern­ment in elect­ed rep­re­sen­ta­tives. Not to give you the civics les­son, but it is through that process that the admin­is­tra­tion decid­ed what the rel­e­vant fac­tors were to be bal­anced, includ­ing law enforce­ment. And I think it’s appro­pri­ate for every­one in this room to think about what the world would be like with­out law enforce­ment capa­bil­i­ties. I sat in on some of the ses­sions yes­ter­day, talk­ing about the First Amendment and the Internet and so on. And I don’t think there was any­one in the room who dis­agreed that there was a point at which there was an appro­pri­ate role for law enforce­ment to play, even in this great bas­tion of free­dom called the net.

So, that’s a deci­sion that’s been made by soci­ety. You and any­one else is free to go out and try to remove law enforce­ment or nation­al secu­ri­ty as a fac­tor, but you would want to think through very care­ful­ly the con­se­quences of doing that before you did that or before peo­ple sup­port­ed you.

Hughes: I—

Froomkin: No, I think I’m gonna have to cut you off and pick our next speak­er.

Hughes: One final com­ment, though. And this is just a part­ing shot—

Froomkin: Two sec­onds.

Hughes: The black bud­get is tax­a­tion with­out rep­re­sen­ta­tion, and the clo­sure of the [?] tak­en on secu­ri­ty pre­vents the demo­c­ra­t­ic process from doing as you say it does.

Froomkin: If President Clinton told you to change the pol­i­cy, you’d change it would­n’t you? I mean that’s real­ly what he— The claim seems to be that you’re oper­at­ing inde­pen­dent of the President. That’s not the posi­tion is it?

Lee: It’s the President’s deci­sion.

Froomkin: So have you ever talked to the President about these issues?

Lee: We did­n’t over­lap at Oxford. [Froomkin laughs]

Karn: Didn’t I read some­where once that some­one at the NSA was quot­ed as say­ing the President does­n’t speak for NSA? I think that was in the [indis­tinct].

Ross Stapleton-Gray: Ross Stapleton-Gray, TeleDiplomacy, Inc. I think Tim May said some­thing that real­ly ought to be under­scored about glob­al trends. I went to a hear­ing on open­ness in the intel­li­gence com­mu­ni­ty, where I went in expect­ing to hear all sorts of great debate across the aisle, only to see an incred­i­ble uni­ty of thought that more open­ness might embar­rass our President and his con­duct at for­eign pol­i­cy. More open­ness might embar­rass the past President and ensure we nev­er get back in pow­er. A uni­ty of the two halves of the gov­ern­ment, the two sides of the aisle, in favor of pre­serv­ing the sta­bil­i­ty and the secu­ri­ty of…somewhat of the sta­tus quo.

And I think we’re going to do the same thing glob­al­ly with gov­ern­ments besieged by the rose grow­ers in col­lu­sion inter­na­tion­al­ly. And every oth­er group. Such that we will find—and I think we’ve seen for some­time, it’s much more in the inter­est of the US gov­ern­ment to reach accord with the gov­ern­ments of Pakistan and China and Uganda against desta­bi­liz­ing forces from below, I think lead­ing towards an absolute extreme where we find we’re in lock­step with the gov­ern­ments of China and Pakistan and Uganda against these nasty rose grow­ers. This ceased to become an aca­d­e­m­ic exer­cise for me about a week ago when I got an email note say­ing, Did you write this doc­u­ment?” Some per­son in some coun­try out there, where we don’t have meet­ings on com­put­ers, free­dom, and pri­va­cy. A coun­try of a num­ber of peo­ple and we’re a fif­teenth of less of the world, even all of us in the US com­bined. This per­son said, Did you write this doc­u­ment?” and it was some gib­ber­ish.

I said God no, I don’t think so. And it came back and it said well this is…” and it gave me the title. It was an arti­cle I’ve writ­ten called Opening Doors in the Global Village.”

And the per­son said, The edi­tor said you work for a cer­tain com­pa­ny.” And my affil­i­a­tion as a CIA ana­lyst was on there. And it said, If you work for this com­pa­ny, and if you care about my coun­try, could you tell me where I find PGP, UUEncode, etc.” I got my first elec­tron­ic walk-in only after I left the agency.

But this per­son out there, one of a larg­er bunch of peo­ple who are not us, liv­ing in a gov­ern­ment that is not any­where near as nice as the one we may be com­plain­ing about now, des­per­ate­ly wants to get the tools. And what I sus­pect, giv­en what Tim has described in the gen­er­al trend that the gov­ern­ments are going to start cir­cling wag­ons against the threats which are indeed numer­ous and are indeed real… We’ll see that there will be a gen­er­al con­sen­sus among the var­i­ous gov­ern­ments that, Well, we bet­ter not let it be import­ed, bet­ter not let it be export­ed.”

Just to note, I think Tim’s exact­ly right. There’s where the ten­sion lies. I agree, from hav­ing been an intel­li­gence ana­lyst, that there are indeed major threats. I’ll add as a for­mer intel­li­gence ana­lyst, if you knew what I knew you would­n’t take so…you would­n’t let Mike Nelson say, If you knew what I knew.” [applause and cheer­ing] There are indeed threats but I think—

Froomkin: Let me put this ques­tion to a cou­ple mem­bers of the pan­el as a mat­ter of fact. We’ve had a sug­ges­tion in a sense there’s going to be a con­spir­a­cy of gov­ern­ment against their peo­ple. Stewart, Ron…

Baker: I actu­al­ly want­ed to address a dif­fer­ent point first, because I think it’s… For those of you… I’m kind of sur­prised to find that Tim May and I agree upon more than most of the peo­ple on this pan­el. But let me turn to some­thing I think—

May: I’m not sur­prised.

Baker: —that we actu­al­ly agree on in terms of free­dom for the world, and con­cerns about cen­sor­ship and oppres­sion around the world. There is one aspect of US export con­trol pol­i­cy that could be changed with­out invok­ing any of the if you knew what I knew” kind of stuff. It would­n’t cause any harm to the nation­al secu­ri­ty and would be good for democ­ra­cy. And that is, cur­rent­ly because of a Congressional law impos­ing sanc­tions on the Chinese gov­ern­ment for slaugh­ter­ing its peo­ple in Tiananmen Square, it’s not pos­si­ble to sell muni­tions with­out spe­cial Presidential waiv­er to any­body in China. What that means is you can’t sell a human rights group in China secure com­mu­ni­ca­tions that have been approved to export oth­er parts of the world.

I don’t think that makes any sense. [applause] I don’t think that that’s a con­cern at the nation­al secu­ri­ty lev­el, it is a polit­i­cal con­cern. People are afraid with­in the admin­is­tra­tion, with­in the State Department, of look­ing as though they’re being nice to China. And they’re unwill­ing to rec­om­mend to the President that the President issue a waiv­er allow­ing the sale of encryp­tion that’s been approved for export into China. There’ve been some mod­i­fi­ca­tions to that pol­i­cy but it’s by no means com­plete the last time I looked.

That’s some­thing that could be changed. It could be changed if peo­ple thought the pol­i­tics went the oth­er way, and I think that is a doable thing that folks in this room ought to be try­ing to do.

Froomkin: Ron, you want to add any­thing to that?

Lee: Well I’d sort of like to turn the if you knew what I knew” thing around, and a lot of what under­lies the ques­tions here is that the US gov­ern­ment is engaged in some con­spir­a­cy or that it’s not to be trust­ed inher­ent­ly. And I’m won­der­ing, beyond sort of the polit­i­cal phi­los­o­phy under­ly­ing that, what spe­cif­ic exam­ples are that lead peo­ple to have that con­cern?

[sev­er­al things from audi­ence indis­tinct­ly]


Lee: And I think when you look at each of these you’ll see that appro­pri­ate over­sight mech­a­nisms have sprung up and been strength­ened in response to that.

Froomkin: So the posi­tion basi­cal­ly is It can’t hap­pen again…trust us!”

Lee: Cabazon, Wackenhut, Casolaro. [cheer­ing and clap­ping] Now, I don’t… I fol­low the con­spir­a­cy the­o­ries fair­ly care­ful­ly. I don’t know that there’s any­thing to the Mena, Arkansas CIA drug sup­ply blah blah blah blah blah. I don’t know. And I don’t know that that’s my major con­cern. I think that any kind of gov­ern­ment at a cer­tain size is going to have cor­rupt peo­ple in it. It’s gonna have ex-CIA peo­ple who ship drugs around. It’s gonna have cur­rent CIA peo­ple. It’s gonna have French intelligence…all sorts of things. That’s just the nature of human­i­ty. That’s not gonna change.

I believe the larg­er issue is not whether there’s a con­spir­a­cy in gov­ern­ment, but the issue of what gov­ern­ment does, what gov­ern­ments do around the world when there are so many degrees of free­dom. Such a vast num­ber of com­mu­ni­ca­tion chan­nels. This has been a change in the world. The Medieval guilds fell apart 800 years ago. The medieval guilds had a posi­tion of intel­lec­tu­al prop­er­ty very com­pa­ra­ble to what cur­rent cor­po­ra­tions have. That is, the sil­ver­smiths’ guild owned the knowl­edge of how to make sil­ver. And the king sup­port­ed that right. And this was intel­lec­tu­al prop­er­ty law of 1300.

Well, tech­no­log­i­cal­ly that changed when print­ing became avail­able. Because first, reli­gious books were pub­lished. They were the first hot off the press. After the first ini­tial print run of hym­nals and bibles came out, the next thing that came out, some­body told me a cou­ple nights ago it was porn. I sort of doubt it, but. What I’ve always heard is the next series that was out, and it’s sup­port­ed by the ear­ly pub­lish­ing, were these books on how to do home farming-type things. How to shoe hors­es, how to sew… It was knowl­edge, basic knowl­edge. Within the next fifty years the guilds col­lapsed. This was inde­pen­dent of all the law and all the moral­i­ty. The devel­op­ment of a tech­nol­o­gy that allowed increased degrees of free­dom of that sort changed fun­da­men­tal struc­tures.

I think we’re see­ing the same thing today. These var­i­ous vir­tu­al com­mu­ni­ties exceed the num­ber of nations in the world. And arguably they’re much more coher­ent, much more cohe­sive, much more ded­i­cat­ed. Some of them we call ter­ror­ists, oth­ers we call free­dom fight­ers. I’m remarkably…unconcerned with what their caus­es are. I’m more inter­est­ed in the gen­er­al phe­nom­e­non of 250 nations in the world, and at least a thou­sand dif­fer­ent spe­cial inter­est groups. And you can’t stop them. You can’t just say, We’re not going to allow com­mu­ni­ca­tion.” As long as you allow com­mu­ni­ca­tion, these are going to form. And I think it’s going to change over the next fifty years the nature of gov­ern­ments around the world. I think we’re already see­ing it. [applause]

Karn: Yeah I’d like to speak to the point about con­spir­a­cies. I’m not a con­spir­a­cy the­o­rist. I don’t think a con­spir­a­cy the­o­ry is nec­es­sary to explain what gov­ern­ments have been try­ing to do to sup­press cryp­tog­ra­phy. There’s a very sim­ple expla­na­tion. I very strong­ly believe in the prin­ci­ple of not attribut­ing to mal­ice what can be ade­quate­ly explained by stu­pid­i­ty. In the case of gov­ern­ment, the over­rid­ing con­cern is CYA: cov­er your ass. And that explains every­thing they’ve been doing. You don’t need to have a nation­al con­spir­a­cy to explain it.

Froomkin: In the spir­it let me call the next per­son before the audi­ence lynch­es me.

Audience 3:

Frank R[?], Stanford. And since we’re priv­i­leged to have a coun­cil here from Microsoft, I thought I would ask about some of the prod­ucts like Word, or Excel, or oth­er prod­ucts that have pass­word pro­tec­tion. I’ve looked in man­u­als for Microsoft prod­ucts as well as oth­ers, try­ing to find out just exact­ly how secure data would be if I used those fea­tures. And to this day I real­ly don’t know what kind of pro­tec­tion there is in there. But if there is pro­tec­tion in there I won­der if that comes with­in cryp­to­graph­ic reg­u­la­tions. And if there isn’t I won­der why there isn’t some kind of a warn­ing let­ting me know about the secu­ri­ty of what I put in those prod­ucts.

Froomkin: The ques­tion is, do we trust Microsoft? [laugh­ter]

Audience 3: [inaudi­ble]

Ira Rubinstein: I think it would be best to answer that ques­tion with a bit of his­tor­i­cal per­spec­tive. And you can laugh all you want but it’s still a seri­ous point. The export reg­u­la­tions pre­dat­ing the July 19th, 92 agree­ment that iden­ti­fied the cri­te­ria for export­ing prod­ucts made it vir­tu­al­ly impos­si­ble for any American com­pa­ny with sig­nif­i­cant for­eign rev­enue to design ade­quate secu­ri­ty fea­tures. Because the way export con­trols worked at that time, if you approached the gov­ern­ment and said, This is what we’re plan­ning to imple­ment,” they would say, Well…we don’t know if that’s exportable. Why don’t you go ahead and imple­ment it and then we’ll look at your imple­men­ta­tion.” And the com­pa­nies would say, We’re not going to imple­ment it unless we know that we can sell it abroad.” And you’d quick­ly get into this dance that result­ed in no seri­ous encryp­tion being imple­ment­ed because nobody want­ed to spend the resources on the next rev of a prod­uct if that meant that you would lose your for­eign mar­kets.

So a lot of com­pa­nies, not just Microsoft but oth­er com­pa­nies with pass­word pro­tec­tion in appli­ca­tion prod­ucts, imple­ment­ed what can only be described as weak pro­tec­tion. Protection that with­out ques­tion would not inter­fere with the export sta­tus of the prod­uct. Which did­n’t even require much dis­cus­sion with the gov­ern­ment to estab­lish that. Anything that did require dis­cus­sion meant that you either had to com­mit to expend­ing the resources to devel­op that, to put it in a prod­uct, to test it, and then pos­si­bly have to remove it at the last minute. Or you did­n’t devel­op it at all. So, the lev­el of the encryp­tion that’s gen­er­al­ly avail­able in prod­ucts that had a long his­to­ry pri­or to that July 19th, 92 agree­ment is quite unsat­is­fac­to­ry.

Following that agree­ment, a num­ber of com­mer­cial com­pa­nies quick­ly intro­duced a whole suite of prod­ucts that were designed around the cri­te­ria iden­ti­fied. And they’d be in a posi­tion today if those cri­te­ria were changed to quick­ly respond to those changes to increase the keylength and to offer more sophis­ti­cat­ed fea­tures.

But I want to make this point very clear because the major impact of the ITAR on US soft­ware com­pa­nies to date… And bear in mind that through­out the indus­try the for­eign rev­enue accounts for as much as as 50% of total sales. And US soft­ware prod­uct in the prepack­aged cat­e­go­ry accounts for as much as 75% of total world prepack­aged soft­ware. So, what US com­pa­nies are per­mit­ted to put in their prod­ucts deter­mines what’s avail­able world­wide but also the deter­mines what’s going to be avail­able in the US. And that’s why I empha­sized ear­li­er the impact of export con­trols on cryp­tog­ra­phy.

Froomkin: Let me fol­low that up just a lit­tle bit. Tim told us, in his talk, that he thought one of the biggest prob­lems was igno­rance. And there’ve been many many sug­ges­tions on the net and else­where that per­haps— [And which Tim says to you?], you’ve sort of con­firmed this: Microsoft prod­ucts are not as secure as one might dream they could be. Why does­n’t Microsoft put a dis­claimer in the man­u­als and edu­ca­tion­al tools? Tell peo­ple you know, We’d love to give you some­thing bet­ter, but we can’t.” Wouldn’t that be the best way of solv­ing Tim’s prob­lem of edu­cat­ing the world?

Rubinstein: You’re say­ing why don’t they trash their prod­uct?

Froomking: No! They’re say­ing, We’ve giv­en you the best thing we can, under the laws.” You know, It’s bet­ter than what any­body else has! It’s the best thing—” They’re going to make what­ev­er claims they want. We would like to give you some­thing even bet­ter but we can’t.”

Rubinstein: And what prob­lems do you think that would solve?

Froomkin: Well Tim’s claim that peo­ple are igno­rant about the pos­si­bil­i­ty of strong cryp­tog­ra­phy.

Rubinstein: We’ve not encoun­tered igno­rance about the need for cryp­tog­ra­phy, at all.

Karn: Would a prod­uct lia­bil­i­ty law­suit help? [laugth­er and clap­ping]

Froomkin: Surely one law­suit­’s enough. Americans sell­ers of mass-market prepack­aged soft­ware make no strong war­ranties about their prod­uct. [laugh­ther]


Audience 4: [indis­tinct sen­tence; name?] A cou­ple of things, specif­i­cal­ly to Mr. Baker. I think your point about that cus­tomers don’t want secure cell phones com­plete­ly miss­es the point. And I believe specif­i­cal­ly if you look at one that aren’t cur­rent­ly deployed, the CDMA, it’s pos­si­ble to pro­vide domes­tic users com­plete­ly secure authen­ti­cat­ed pri­va­cy with no threat, because you can always con­trol the base sta­tion sales; much eas­i­er to con­trol.

The oth­er thing I would answer to one of the ques­tions orig­i­nal­ly posed, which is if you want­ed to have a secure inter­na­tion­al com­mu­ni­ca­tion, which many multi­na­tion­als do—people, friends, fam­i­ly internationally—is that I would rec­om­mend that you speak to the peo­ple you know who are tech­ni­cal­ly able and inter­est­ed and urge them to par­tic­i­pate in var­i­ous inter­na­tion­al standard-setting bod­ies. It’s clear that if you’re inter­est­ed in tru­ly secure communication—uncompromised—that it will not be brought to you by any of your local gov­ern­ments.

And I under­s­ta— I…I’m con­cerned. I mean I’m con­cerned. I you know, think about this at night like what is this going to mean? And I don’t think that we’re going to stop the march towards strong cryp­tog­ra­phy. Clearly the export con­trols are work­ing. I mean it slows it down. And there’s con­se­quences. There’s basi­cal­ly…nil deploy­ment of strong cryp­to domes­ti­cal­ly. And that’s cost­ing every­body.

Baker: I have to say, I think it’s…as I said ear­li­er I think it’s quite like­ly, though not…quite proven, that we’ve reached a take­off point for peo­ple wan­ti— You know, the mass of peo­ple want­i­ng strong cryp­tog­ra­phy.

But I am also struck by the fact, when I was an NSA agent in [?] I went up to talk to a big hard­ware and soft­ware com­pa­ny deep into sys­tems and net­works that offers DES as an option for secu­ri­ty. And I asked them, Well, of your US cus­tomers, how many buy this option?”

And they said about 1%.

If you’re going to make the case to get rid of export con­trols, the miss­ing ele­ment… In the end, you’re nev­er going to be able to argue very effec­tive­ly on either side of that…how valu­able this is for nation­al secu­ri­ty pur­pos­es because it gets…sort of hard to talk about nation­al secu­ri­ty intel­li­gence suc­cess­es with­out blow­ing them…

But you can talk about what the eco­nom­ic impact is on US indus­try. And there have been some efforts in that regard. Steve Walker and the STA and the BSA have pro­duced a lot of indi­ca­tions of the fact there are a lot of prod­ucts out there offer­ing secu­ri­ty.

The miss­ing element—I can say this about the debate inside the gov­ern­ment. The miss­ing ele­ment has been a cred­i­ble analy­sis of what the actu­al mar­ket for that stuff is. What peo­ple are actu­al­ly will­ing to pay. Listen, you have to devel­op the facts if you want to win this fight. And the way to do it is to show that there is a sub­stan­tial mar­ket for this prod­uct. The best way to do it is to start with US sales and show what those US sales of secure prod­ucts are. And argue that there would be the same kind of mar­ket pen­e­tra­tion out­side the United States as in if there weren’t export con­trols.

That’s the miss­ing ele­ment in the argu­ment again, you know. Free advice, and worth every pen­ny. If I were work­ing to end export con­trols, I would be work­ing to devel­op cred­i­ble esti­mates of actu­al exist­ing mar­ket val­ue of sales of cryp­tog­ra­phy inside the United States. And that has yet to be pro­duced.

Froomkin: Steve, you—

Rubinstein:am work­ing to relieve export con­trols, and I can say that the Business Software Alliance did a study, and the study demon­strat­ed that cus­tomers were pre­pared not to buy US soft­ware prod­ucts that failed to offer strong secu­ri­ty. I think the response…it was a Fortune 1,000 study, and the response was about right around 50% of respon­dents answered that ques­tion in that fash­ion. I think much of the prob­lem with this man, and this is anoth­er debate that Stew and I have had pre­vi­ous­ly, is that the ques­tion has been posed in the wrong way.

The ques­tion has been pro­posed such that the US com­pa­nies are asked to demon­strate their lost sales. But US com­pa­nies don’t track their lost sales. Customers that want inte­grat­ed secu­ri­ty, and then buy a dif­fer­ent prod­uct do not report to US ven­dors that we chose not to buy your prod­uct because it lacked these secu­ri­ty fea­tures. I just think that’s a sil­ly request, and it’s… It’s not com­mer­cial­ly fea­si­ble to pro­vide that kind of data. It’s a very com­plex deci­sion that any large buy­er makes as to what net­work­ing prod­uct, for exam­ple, they’re going to buy. And if they end up buy­ing one prod­uct rather than anoth­er they sim­ply do not report back that this was…“Dear Sir, this is why I did­n’t buy the prod­uct. Because it lacked a secu­ri­ty fea­ture.” I would not say that this is easy. But the fact is that the telecom­mu­ni­ca­tion indus­try was able to show very sub­stan­tial sales of advanced switch­es when they want­ed to decon­trol exports of advanced switch­es.

And the same thing for the super­com­put­er indus­try and the com­put­er indus­try when they want­ed to decon­trol sales of those prod­ucts abroad. And it’s going to be a more per­sua­sive argu­ment if you can show that there are actu­al­ly very sub­stan­tial sales of strong cryp­tog­ra­phy around the United States. And I think that you know… I don’t have a stake in say­ing this but—

Baker: Again I dis­agree because—

Froomkin: Hold on, let me get Steve Walker in here, because I think you’ve done a study, haven’t you?

Walker: Well we’ve actu­al­ly been per­form­ing this study of what’s avail­able world­wide and what’s avail­able in the US, and we found over 400 prod­ucts avail­able over­seas.

More impor­tant­ly in this, we have actu­al­ly gone out to try to buy prod­ucts. Products from England, prod­ucts from Germany, from Israel, from Poland, from Russia. And in every case where we have attempt­ed to do that we have suc­ceed­ed triv­ial­ly. We are buy­ing them in the US, some­times from US dis­trib­u­tors of these com­pa­nies in these for­eign coun­tries, some­times from overseas—we like to keep the stamps from the dif­fer­ent coun­tries, they’re nice to show to Congress.

You can triv­ial­ly buy cryp­tog­ra­phy in the United States from over­seas. We are told by the gov­ern­ment that oth­er coun­tries have the same kind of export rules that we do. That in fact is not the case. Many coun­tries have fol­lowed the CoCom rule that says okay, don’t sell it to ter­ror­ists coun­tries, don’t sell it to for­mer Soviet Union coun­tries. Sell it to any­body else.” France I’m told is more than hap­py to have their prod­ucts export­ed. They don’t want any­thing import­ed that might be used against them but they’re most hap­py to have them put in the United States or any­where else.

There is an enor­mous amount of growth in the avail­abil­i­ty of prod­ucts from over­seas. We for exam­ple have a fire­wall that we’re sell­ing, and we’ve added IP encryp­tion into it. And the IP encryp­tion we’ve added uses a German [?] and Infosys board that does does DES and Triple DES at T1 rates. It’s avail­able for a hun­dred bucks. You can buy it in the United States, you can buy it from Germany. It’s triv­ial.

There’s no one in the United States that makes that stuff any­more because they can’t sell it any­where else. If we’re going to have pro­tec­tion for secu­ri­ty for the NII it’s going to come from for­eign sources. We have to do some­thing about that. [applause]

Froomkin: We have time for one last, incred­i­bly fast ques­tion. And I’m told despite my protests we have to stop. I would keep going if we could.

Audience 5: This dove­tails actu­al­ly with the last ques­tion and I would address it to Mr. Baker and then maybe toss it over to Mr. Lee to see what the—

Froomkin: Really fast.

Audience 5: would be. If the jus­ti­fi­ca­tion from the NSA and from the gov­ern­ment for pass­ing reg­u­la­tions reg­u­lat­ing the cryp­tog­ra­phy exports was that the mar­ket did­n’t exist, why did the reg­u­la­tions have to be there in the first place? [cheer­ing and clap­ping] I mean if Microsoft was going to make the prod­uct and nobody was going to buy it, why did the gov­ern­ment then need to pass a reg­u­la­tion to say even if there were a mar­ket, you can’t sell it?”

Baker: I was short­hand­ing the analy­sis. Anytime… I mean… We’re not an island, we don’t have all the tech­nol­o­gy in the world. It may have been true in 1950, it ain’t true now. And our com­pa­nies have to suc­ceed inter­na­tion­al­ly. If you’re not earn­ing 50% of your income abroad, you’re not com­pet­i­tive any­more as an American indus­try. So you you can’t make nation­al secu­ri­ty and export con­trols pol­i­cy in a vac­u­um, you have to con­sid­er its impact. You have to bal­ance the impact on nation­al secu­ri­ty of let­ting go of those con­trols ver­sus the impact on US indus­try upkeep­ing them. That’s the bal­ance that every­body goes through and that’s cer­tain­ly true for the Clinton admin­is­tra­tion; I think that’s true for the Bush admin­is­tra­tion as well.

It’s very hard to have a pub­lic debate about what’s the nation­al secu­ri­ty impact of let­ting go of con­trol. But you can have a very pub­lic debate about what the impact on US indus­try of keep­ing them. and there have been—and Steve Walker’s work is a use­ful data point. But it lacks an indi­ca­tion of the size of those mar­kets, the actu­al mar­ket val­ue of the prod­ucts that he’s iden­ti­fied. And I were build­ing a case to get rid of export con­trols, I’d want more data on the size of that mar­ket.

Karn: It does seem that no mat­ter how much data we find there’s more that’s need­ed to make the argu­ment. And that’s…very very frus­trat­ing.

Baker: If I could add one PS, the mar­ket­ing ques­tion is not the mar­ket for stand­alone cryp­tog­ra­phy prod­ucts. The mar­ket­ing ques­tion is the entire future of elec­tron­ic com­merce on a world­wide basis.

Karn: That’s right.


Froomkin: Ron?

[gen­er­al crosstalk from pan­el]

Froomin: Ron first, then Phil then Tim. And that’ll be a wrap-up.

Lee: A cou­ple of [?] to the ques­tion. One is that your ques­tion assumes kind of a sta­t­ic world where if export con­trols end­ed tomor­row noth­ing else would hap­pen. And I think what the gov­ern­ment has a respon­si­bil­i­ty to do is to look at what its actions are pro­mot­ing, what its actions are inhibit­ing, what direc­tion gov­ern­ment pol­i­cy is mov­ing the world abroad, and whether that’s a help­ful or unhelp­ful devel­op­ment for all the fac­tors that I iden­ti­fied before. And so even if your hypoth­e­sis is true at the moment, which I don’t accept, it would cer­tain­ly be dif­fer­ent the next year and the year after that.

The oth­er thing I want­ed to point out is we’ve been talk­ing about glob­al com­pet­i­tive­ness and export prospects for US com­pa­nies as if shrink-wrapped soft­ware man­u­fac­tur­ers are the only com­pa­nies in the US that export. Those are, and Ira of course is a rep­re­sen­ta­tive, very sig­nif­i­cant con­trib­u­tors to the bal­ance of pay­ments in the US. But there are oth­er com­pa­nies, too, that don’t have any­thing to do with pho­tog­ra­phy. And the way they sell abroad is to be able to com­pete on a lev­el play­ing field a fair basis with for­eign bid­ders for for­eign con­tracts. They need a lev­el play­ing field to do that. And the United States gov­ern­ment rep­re­sen­ta­tive that make sure that hap­pens rely heav­i­ly on for­eign intel­li­gence to be able to do that. That’s anoth­er rea­son why pre­serv­ing for­eign intel­li­gence capa­bil­i­ties is impor­tant.

Froomkin: Phil, last thoughts.

Karn: I have a ques­tion still, here. I’m a lit­tle dis­turbed. If I want­ed to pub­lish a book I might have to con­vince my pub­lish­er that there’s a mar­ket for this book. But are you say­ing that then my pub­lish­er would then have to con­vince the gov­ern­ment that there’s a mar­ket for this book before they’d be allowed to pub­lish it? Something does­n’t quite ring true here.

Baker: Export con­trols… Well. I guess I would say export con­trols are there because there is per­ceived to be a real nation­al secu­ri­ty dan­ger to let­ting the prod­uct go. And the ques­tion is whether the eco­nom­ic inter­ests of the United States and the com­pet­i­tive­ness of its indus­try requires that you give up the nation­al secu­ri­ty inter­est.

Karn: In oth­er words the dol­lar is much more impor­tant than fun­da­men­tal human dig­ni­ty. [laugh­ter]

How else can it be said?

May: One last com­ment, since I don’t have any­thing to add to this. Last night, Phil Zimmerman said that there’s remark­able una­nim­i­ty of pur­pose amongst peo­ple who ask about the cryp­to pol­i­cy, and every­body from lib­er­al Democrats to right-wing Republicans agree that the pol­i­cy is flawed. I don’t want to say that, actu­al­ly.

I want to say that there’s a fun­da­men­tal dichoto­my in American cul­ture that’s been with us for the last two or three hun­dred years. Two simultaneously-held views that are in con­flict with each oth­er, like a ten­sor. And the angle between these two things I know because I was doing my trigonom­e­try home­work dur­ing Woodstock. [laugh­ter]

And that is there’s one view which most Americans hold, which is none of your damn busi­ness.” A man’s home is his cas­tle. Get the hell out of my busi­ness.

Another view, which is simul­ta­ne­ous­ly held, is what have you got to hide?”

Froomkin: Thank you very much. And let’s thank the pan­el.

Help Support Open Transcripts

If you found this useful or interesting, please consider supporting the project monthly at Patreon or once via Cash App, or even just sharing the link. Thanks.