A. Michael Froomkin: Morning. Welcome. Congratulations on get­ting up so ear­ly. I always man­age to get the dean not to give me morn­ing class­es, but Carey man­aged to do what the dean couldn’t.

We have an extra­or­di­nar­i­ly dis­tin­guished pan­el today. I think none of these peo­ple need intro­duc­tion, so what I’m going to do is give tiny lit­tle intro­duc­tions just before their turns to speak [on the stage?]. As more peo­ple drift in they’ll want to know who the par­tic­u­lar speak­er is. Right now I’ll just say I sus­pect part of the rea­son for the turnout today is we have not one, not two, but three cur­rent or for­mer NSA per­son­nel here on this pan­el. And of course even bet­ter than that, four lawyers. Thank you. Thank you.

I think I should explain how this pan­el came to be, in par­tic­u­lar how the top­ic came to be. I spent the past year writ­ing a real­ly long and prob­a­bly quite bor­ing paper on the Constitutional aspects of Clipper. There’s a trans­paren­cy you could put up for me, please, I’ve got a URL and oth­er ways of access­ing it for those of you who are into that sort of thing. It’ll be up on the screen, no doubt, in sec­ond.

The paper’s in one sense incred­i­bly parochial, because it’s about United States rules. And in think­ing about what I could do to try to orga­nize some­thing that would sort of move the debate for­ward, my mind start­ed to turn to the inter­na­tion­al aspects of secure com­mu­ni­ca­tions. Because what came out to me from the Clipper debates were two things that every­body at least seemed to agree on. One is that in United States today at least, you have a free choice as to what kind of encryp­tion you wan to use for domes­tic com­mu­ni­ca­tions. And anoth­er is, nobody can fig­ure out what pos­si­ble incen­tive for­eign­ers would have to use Clipper.

That means there’s a real prob­lem about inter­na­tion­al secure com­mu­ni­ca­tions, and we’ve got some­thing to talk about. Now, the term secure com­mu­ni­ca­tions” in this con­text is obvi­ous­ly a con­test­ed term, because secure from what? You have to talk some­times about a threat mod­el. And in par­tic­u­lar, you need to define whether or not var­i­ous gov­ern­ments are part of your threat mod­el or not. In an era when the FBI is telling American busi­ness that for­eign gov­ern­ments, in par­tic­u­lar the French, are one of the major threats they have to wor­ry about, that has impli­ca­tions for how you might want to struc­ture your com­mu­ni­ca­tions. (Thank you for the sign.)

I’m told by the way that the PostScript file that’s cur­rent­ly on the server—our exper­i­men­tal tem­po­rary serv­er that they kind­ly put up just for this conference—is in fact com­plete garbage. We’re work­ing on that. They swear to me that by the end of the day we’ll have real PostScript—enough stuff that looks like PostScript, but isn’t. Worse than that; just…plain garbage.

So, here we are to talk about this prob­lem. How do we do it? How do we talk secure­ly with peo­ple abroad? And in par­tic­u­lar what can we do…what’s fea­si­ble to do, to progress mat­ters from where we are today? And with the help of some of the mem­bers of the pan­el, I draft­ed the three ques­tions you’ll find in your book on page 150. Through some strange grem­lin of typog­ra­phy, Tim May’s answers to those ques­tions were print­ed as if they were either my or the panel’s answers and nobody—

Unknown Speaker: We hacked into the com—

Froomkin: —put­er sys­tem. Something hap­pened. Those are our joint ques­tions, but they’re Tim’s answers and we shouldn’t rob him of the pride of author­ship or attempt to asso­ciate them with any­one else who might not want that par­tic­u­lar pride.

But for those of you who’ve man­aged to mis­lay your books already the ques­tions are what’s the sin­gle biggest imped­i­ment to inter­na­tion­al secure com­mu­ni­ca­tions? The sec­ond ques­tion is what’s the sin­gle fea­si­ble change that would most enhance inter­na­tion­al secure com­mu­ni­ca­tions, and what will be the imple­men­ta­tion path for that? And the third is how would you advise a friend or a client as to how to com­mu­ni­cate secure­ly today?

And in the inter­est of being provoca­tive, let me just offer some sort of ten­ta­tive answers to those three ques­tions. I’m not entire­ly sure if I believe these 100% but I do believe them I think more than half. It’s the fear that I might believe these things which prompt­ed me to try to assem­ble the experts we’ve got here today to try to give you bet­ter answers than the ones I was able to come up with myself. But here they are.

My answer to the first ques­tion of the sin­gle biggest imped­i­ment is not the ITAR. I’m actu­al­ly sort of tired of ITAR bash­ing. Because you see the biggest imped­i­ment is for­eign gov­ern­ments. Look what hap­pened in Pakistan a week ago when they cut off the entire cell phone net­work because they couldn’t eaves­drop on the cell phones. That wouldn’t—probably—happen here. We just get Digital Telephony. It’s quite a dif­fer­ent pro­ce­dure. And you know, you look at the French gov­ern­ment, the English gov­ern­ment, the Singaporean gov­ern­ment. And it seems to me that in fact if the ITAR were to dis­ap­pear tomor­row, you would have as great or worse prob­lems caused by for­eign gov­ern­ments try­ing to pre­vent total­ly secure com­mu­ni­ca­tions.

My answer to the biggest fea­si­ble thing you could do is sim­ply buy for­eign cryp­to and import it to the United States. Seems to me that that’s a very fea­si­ble way to get secure com­mu­ni­ca­tions today. Indeed I hear last night a gen­tle­man from Motorola say­ing that’s what they’re doing.

And how would I advise some­one to com­mu­ni­cate? Well, if you’re in a sit­u­a­tion where you’re com­mu­ni­cat­ing between two coun­tries where they allow you to use strong foreign‐purchased cryp­to that’s the thing to do. And if you’re deal­ing with a coun­try like Pakistan, where that’s not allowed, there’s only one thing you can do: go in per­son, and go to a restau­rant where you don’t have reser­va­tions. Or send a couri­er you trust with some­thing writ­ten on paper.

With that I’m going to turn it over to the first of our sev­er­al experts. In the inter­est of brevi­ty I’ve asked each per­son to allow me to rob them of their dis­tin­guished resumes and just announce their cur­rent affil­i­a­tions and one oth­er fact about them.

Stewart Baker’s cur­rent affil­i­a­tion is a part­ner at Steptoe & Johnson, a law firm in Washington DC. He was for­mer­ly the General Counsel of the NSA and he’s well‐known to CFP. And he will now bring his exper­tise to bear on these ques­tions.

Stewart Baker: Thanks Michael. I think this’ll prob­a­bly be the last time that I speak to you, because the MIT orga­niz­ers of the event approached me last night and told me that they had decid­ed it would be both more direct and prob­a­bly raise more mon­ey if instead of speak­ing I just allowed them to set up a ten‐dollar‐a‐throw dunk­ing booth. I’m gonna move quick­ly through the three ques­tions, because we’ve each agreed to do this in about three to five min­utes.

I think that Michael is prob­a­bly right for the long run that the biggest restraint on the spread of cryp­to­graph­ic secu­ri­ty will prove to be for­eign gov­ern­ments. I have writ­ten a piece, which actu­al­ly LA Times pub­lished a ver­sion of which is in the mate­ri­als, which takes on a com­plete­ly dif­fer­ent look at these issues. Approaches it from a ques­tion of real­ly is the net a proof against reg­u­la­tion? Is it some­how going to— I think I accused John Perry Barlow in one of our debates of being an Internet lib­er­a­tion the­olo­gian… Will the net set us free? And I think the answer is not. That for­eign gov­ern­ments will prove much more aggres­sive and much more imag­i­na­tive about reg­u­lat­ing the net than we imag­ine here because in fact gov­ern­ment and peo­ple share a lot of val­ues in the United States that aren’t shared in oth­er parts of the world. And so we will see much more aggres­sive reg­u­la­tion of encryp­tion and the net gen­er­al­ly in for­eign lands than we see here.

For the short term I think that the restraints on cryp­tog­ra­phy have…probably could be ordered as one, lack of cus­tomer inter­est; and two, the ITARs. That Americans sim­ply have have gen­er­al­ly not cho­sen secu­ri­ty if they had a trade­off con­ve­nience or price for that. And you can see that in cel­lu­lar phones, you can see that in portable phones, you can see that in com­put­er sys­tems.

I think that will change as dig­i­tal com­merce goes to the net. People are will­ing to put up with a lot of poten­tial risk to their pri­va­cy, but los­ing mon­ey is a dif­fer­ent thing, and when you cre­ate incen­tives for peo­ple to hack into com­put­ers that have dol­lar signs attached to them you’ll see a lot more of that going on. And so I think that we are prob­a­bly now, although peo­ple have been say­ing this since Marconi invent­ed the radio…we’re on the verge of wide­spread use of cryp­tog­ra­phy for indi­vid­u­als and busi­ness­es.

Policy changes. There’s an aspect that— As you all know, this cryp­to­graph­ic debate, it’s a lot like a bad mar­riage. People come to these con­fer­ences and say the same thing over and over again. Nobody seems much to come away per­suad­ed. I think the one area…the one new idea that is tick­ing around in this area that has some prospect for cre­at­ing com­mon ground has to do with pri­vate key escrow. I don’t think there’s any­body who thinks that’s their first choice, but it serves some val­ues for every­one involved. Phil Zimmerman was telling me he got a call from an execu­tor of an estate who… He had used PGP to encrypt a bunch of files and the ques­tion was, Well how can we find out what they say?” And answer was you can’t.”

I think indi­vid­u­als will want to have a way to recov­er keys. Businesses, there’s been a whole process… You can trace the cryp­to­graph­ic debate run­ning from a time when only NSA real­ized that there was a fun­da­men­tal con­flict between the impor­tance of main­tain­ing secu­ri­ty and the impor­tance of being able to undo it. To the FBI wak­ing up to that prob­lem. To I think busi­ness­es wak­ing up. As they start to imple­ment cryp­tog­ra­phy they real­ize that it won’t always be used by employ­ees in the company’s inter­ests. To indi­vid­u­als begin­ning to won­der whether they real­ly want strong cryp­tog­ra­phy, and unbreak­able cryp­tog­ra­phy, unre­cov­er­able keys. That’s not our… I don’t think everybody’s inter­ests there are iden­ti­cal, but at least it’s a new idea in the debate that’s real­ly worth explor­ing.

Finally, on the advice that I would give to some­one who want­ed to have secure com­mu­ni­ca­tions I’d give two answers. As a prac­ti­cal mat­ter, I actu­al­ly think that the eas­i­est thing to do would be to use 40‐bit RC4. And I rec­og­nize that there are peo­ple who will say that it is triv­ial to break. I think those are prob­a­bly not peo­ple who’ve tried to break it often.

And I guess I would say that you know, com­put­er secu­ri­ty guys gen­er­al­ly mea­sure them­selves against Kevin Mitnick. It’s only the math­e­mati­cians who mea­sure them­selves against Fort Meade. And that results in a kind of skew­ing of the sense of what sort of secu­ri­ty is nec­es­sary cryp­to­graph­i­cal­ly com­pared to oth­er things. The fact is, the only rea­son to use cryp­tog­ra­phy is to raise the cost of inter­cept­ing and decrypt­ing your mes­sage above the cost of brib­ing your clean­ing lady. And once you’ve done that, I think you’ve prob­a­bly done as much as cryp­tog­ra­phy can do. It’s got to be part of a whole scheme for deal­ing with secu­ri­ty. And there are many holes in people’s secu­ri­ty that don’t have any­thing to do with cryp­tog­ra­phy, and my bet is that 40‐bit RC4 is prob­a­bly the strongest part of almost anybody’s secure sys­tem. Thanks.

Froomkin: Thank you. Our next speak­er is Phil Karn. Phil Karn, who asked me to empha­size this iden­ti­fi­ca­tion is only for iden­ti­fi­ca­tion pur­pos­es and he’s speak­ing for him­self, is cur­rent­ly a staff engi­neer at Qualcomm. He’s also…not yet a plain­tiff in a law­suit that may soon be filed against the gov­ern­ment that he’ll be telling us about.

Phil Karn: Okay, good morn­ing. Thank you. I do appre­ci­ate this oppor­tu­ni­ty. As said in the intro­duc­tion I am not a lawyer. I’m here as an engi­neer who is deeply con­cerned about pri­va­cy and secu­ri­ty, and who over the last few years has been increas­ing­ly out­raged by the government’s treat­ment of one par­tic­u­lar­ly hero­ic per­son by the name of Phil Zimmerman, who has done prob­a­bly more than any­one else to bring cryp­tog­ra­phy to the mass­es. [applause] And I think I’m here large­ly because of that out­rage, and because of a case that I have start­ed that was just men­tioned that alludes to that. So first of all I’d like to answer the ques­tions that were posed, and then talk about the case that I’m involved in.

First of all, I think I would still say that the answer to the first ques­tion, the biggest sin­gle imped­i­ment, is in fact US export con­trols. They’re absolute­ly absurd—but I have to qual­i­fy that answer. That answer applies only to the good guys, okay. The bad guys right now can go out and get a copy PGP any­where they like and use it, and I’d be very sur­prised if they’re not, okay. So the answer to the first ques­tion posed to the pan­el real­ly has to be qual­i­fied by whether or not this applies to the good guys or bad guys, cause only the good guys fol­low the laws any­way when it comes to this, because it’s so easy to break them with­out any­thing hap­pen­ing to you.

So answer to the sec­ond ques­tion is obvi­ous: repeal US export con­trols on cryp­tog­ra­phy and stop harass­ing peo­ple who’re only try­ing to pro­tect their own pri­va­cy.

The answer to the third ques­tion has to depend on some­thing. It depends on whether or not I could be held crim­i­nal­ly liable for my answer. I talked to a few attor­neys who know export con­trol. They tell me that I could actu­al­ly be in vio­la­tion of the ITARs, thrown in jail, for telling a for­eign­er where he could get a copy of PGP on a machine in his own coun­try. That would be ren­der­ing tech­ni­cal advice relat­ed to a defense item, okay. I could be held crim­i­nal­ly liable for that. So If I ever tell a client in Italy, let’s say, that you can go to this site in a new machine in Italy and pick up a copy of PGP I could be thrown in jail for that. So my answer would depend on whether I could be held crim­i­nal­ly liable for what I say.

That’s obvi­ous­ly an absurd sit­u­a­tion. But assum­ing that I will not be held liable for what I would say I would say the answer’s obvi­ous. Right now if you want true pri­va­cy, and by that I mean pri­va­cy against the National Security Agency as best as we know, the answer’s clear­ly PGP. For now. And in the future I think you’re going to see that PGP is just the begin­ning of a wave of sim­i­lar prod­ucts that’re designed to give indi­vid­u­als the right to con­trol their own pri­va­cy. I am per­son­al­ly involved in an activ­i­ty with­in the Internet Engineering Task Force to stan­dard­ize pro­to­cols to secure the Internet. I am sick and tired of peo­ple like Kevin Mitnick. I’m sick and tired of the FBI com­ing in and fight­ing a bat­tle, on my land, against peo­ple like Kevin Mitnick. I feel like…you know, an irri­tat­ed par­ent who would like to take two quar­rel­ing kids and bash their heads together—that’s exact­ly how I feel about the FBI and the hack­ers. And one of the things I real­ly like about cryp­tog­ra­phy, it seems to piss them both off even­ly, so it’s won­der­ful. [laugh­ter]

[Slides men­tioned are unavail­able]

So, with that I’d like to answer some of the com­ments made about about export con­trols. I’d like to have my first slide if I might. Okay. That seems to be the US government’s posi­tion on export con­trols when­ev­er you try to debate it with them. I don’t know how to deal with an answer like that. Unfort— I mean, I don’t know about all of you, but I’m old enough to remem­ber Vietnam and Watergate. It hap­pened at a very for­ma­tive time in my life when I was in high school, a very impres­sion­able time. I’ve nev­er for­got­ten that les­son. I would like to think that most Americans haven’t for­got­ten that les­son and I’m afraid they have. And unfor­tu­nate­ly argu­ments like this don’t car­ry the day, which is why they’re still made.

So, if I could have my next slide. I thought I might try a test case here to con­vince even the peo­ple who still believe that the gov­ern­ment might actu­al­ly know some­thing that it can’t tell us that’s a good rea­son for the deci­sions they made. I decid­ed I’d file a test case which involves this [thick­er?] book, Applied Cryptography by Bruce Schneier. I don’t get a cut out of this so I’m not, you know, I’m not doing this for my own finan­cial ben­e­fit here. I sim­ply think it’s an excel­lent text­book as an engi­neer who prac­tices in this field. Of par­tic­u­lar inter­est in this text­book is the last chap­ter, which con­tains quite a bit of source code, in C, ready to exe­cute if you type it in and use it. It pro­vides strong cryp­tog­ra­phy. There’s a cou­ple toy ciphers in here but there’s a cou­ple of real­ly good ones, too, includ­ing the IDEA tak­en right out of PGP. It’s the heart of PGP.

So, as I under­stand the International Traffic in Arms Regulations, the defense trade reg­u­la­tions, this book is a muni­tion, you know. I have to get per­mis­sion to export it from the coun­try. So I filed a for­mal request with the State Department to export this muni­tion, as I under­stand it. And back came a let­ter say­ing that well, This item’s in the pub­lic domain. It is not in in our licens­ing juris­dic­tion.

Well, great. The State Department still under­stands that the First Amendment pro­tects books. That’s won­der­ful. But they went on specif­i­cal­ly to say that that only applies to the book and not to the flop­pies that the book men­tions are avail­able from the author. Well this is very inter­est­ing. I mean sup­pose the flop­pies con­tain exact­ly the same infor­ma­tion, are you real­ly going to dis­crim­i­nate on the basis of media?

So I filed a sec­ond request, for this flop­py disk. It’s an exact copy of what is in the back of the text­book. Character by char­ac­ter. Okay. What did they do? They said sor­ry no, the flop­py is a defense arti­cle requir­ing a license for export. The book, con­tain­ing exact­ly the same infor­ma­tion is freely avail­able, freely exportable. The flop­py disk, which con­tains exact­ly the same infor­ma­tion byte by byte is not, it’s a defense arti­cle. Now you fig­ure that one out.

Next slide, please. I’ve appealed this case up through the admin­is­tra­tive lev­els… Oh I should point out that the main dis­tinc­tion they tried to draw in their let­ter was that I’d added val­ue to the files in the flop­py because they were sep­a­rat­ed into sep­a­rate files. And of course only Americans can type, so there’s sig­nif­i­cant val­ue added to some for­eign crim­i­nals here.

As I men­tioned I’ve tak­en this up to the admin­is­tra­tive lev­els. The first‐level appeal was designed. The second‐level is still pend­ing. And it looks like we’re going to court in a few months unless some­thing changes dras­ti­cal­ly.

And my last slide is a point­er to a web page with more infor­ma­tion on this sub­ject if you’re inter­est­ed. Thank you.

Froomkin: Thank you very much. Our next speak­er is—I believe it’s his first appear­ance at CFP although in some sense I think he’s no stranger to this group. It’s Steve Walker who is the President of Trust and Information Systems. He is for­mer­ly with the Defense Department and the National Security Administration for a grand total of twenty‐two years. He tells me that it’s a great set of places to be from.

Stephen Walker: Thank you. Those of you who are con­cerned that there are four cur­rent or for­mer mem­bers of NSA here, I only say I’m much more con­cerned that I’m up here with four lawyers. But I guess we each have our own dev­ils.

What I want to talk— In try­ing to answer these ques­tions, the sin­gle most sig­nif­i­cant imped­i­ment I believe has to be the US export con­trol pol­i­cy. It’s per­fect­ly legal for us to use DES and oth­er encryp­tion here, but our friends at Microsoft and else­where don’t offer it. The rea­son they don’t offer it isn’t cause they don’t want to give us good stuff. It’s that they can’t export it to half of their mar­ket. And there­fore, effec­tive­ly we don’t have it avail­able to us, even though it’s legal. And I think that’s a seri­ous prob­lem. We have to find a way around that so that we can pro­tect our sen­si­tive infor­ma­tion. But, we have to take into con­sid­er­a­tion the inter­ests of law enforce­ment and nation­al secu­ri­ty, too.

What I want to talk about a lit­tle bit here is an effort that we have begun last year on…we call it com­mer­cial key escrow. There is a paper on this in the pro­ceed­ings and I com­mend it to your read­ing. Our main objec­tive in doing this, and I guess this is my answer to the sec­ond ques­tion, is to get good cryp­tog­ra­phy rou­tine­ly avail­able to any­one in America. It ough­ta be the default. It ough­ta come on your lap­top or on your work­sta­tion in such a way that you have to ask not to have a file encrypt­ed. If we could oper­ate in that man­ner, we would have very sig­nif­i­cant­ly reduced secu­ri­ty issues across the board.

But, in look­ing for ways to do this I par­tic­i­pat­ed some last year in dis­cus­sions with mem­bers of Congress on the Cantwell Bill, which was an attempt to say let’s change the rules. That’s a hard game to play. Congressmen don’t know any­thing about this and they’re being besieged by gov­ern­ment exec­u­tives and they’re being besieged by busi­ness­men and they decide, I’m gonna side with busi­ness exec­u­tives.” I can tell you sto­ries about that lat­er if you’d like.

We’ve got­ta find a way to relax this ten­sion that has grown up between the needs of the American pub­lic to pro­tect their sen­si­tive infor­ma­tion and the legit­i­mate needs of law enforce­ment and gov­ern­ments to under­stand the com­mu­ni­ca­tions of their adver­saries. And bad­ger­ing them, or blunt attacks on chang­ing the ITARs um…may get there some­day but I don’t think it’s gonna hap­pen any­time soon, prob­a­bly in part because it becomes a win/lose sit­u­a­tion and lots of folks don’t like to lose.

What we’re try­ing to do with exam­in­ing this key escrow set of ideas is come up with a win/win sit­u­a­tion if we can. The work we did began last May with as a tech­nol­o­gy exper­i­ment to say can you build a soft­ware ver­sion of Clipper?” We did. We showed it to the gov­ern­ment and we showed it to a lot of indus­try. Pretty much gen­er­al agree­ment we had suc­ceed­ed in that. The prob­lem of course is peo­ple didn’t like Clipper so they don’t real­ly want a soft­ware Clipper, either.

So, we decid­ed to change attack and say well, is there some­thing that peo­ple do want? There’s been a lot of ref­er­ences to this even this morn­ing. Emergency data recov­ery. You’ve encrypt­ed some­thing and you lost the key. Or you encrypt­ed some­thing and you came out here to this con­fer­ence and your boss needs it. How does he get it? Some means of emer­gency data recov­ery. And that’s real­ly the focus for the activ­i­ty. We real­ized in the course of that that if we came up with some­thing that was owned by com­pa­nies, run by com­pa­nies for their own pur­pos­es, that law enforcement’s inter­ests could be helped great­ly, with­out any change in any rules, with­out any changes in leg­is­la­tion. Simply through the process of the search war­rant that we already are sub­ject to.

Notice in our dis­cus­sion of this, there are no. gov­ern­ment. data­bas­es. of escrow keys. Indeed, there are no data­bas­es of escrow keys at all. The sys­tem is entire­ly vol­un­tary and the moti­va­tion for using it is that you need emer­gency recov­ery of some sort. The intent is that com­pa­nies and orga­ni­za­tions would run their own data recov­ery cen­ters for their own pur­pos­es, and that indi­vid­u­als would be able to sub­scribe to ser­vices that might be pub­licly avail­able.

We are now seek­ing approval from the gov­ern­ment for the export of good cryp­tog­ra­phy, read that DES or equiv­a­lent, when com­bined with com­mer­cial key escrow. There are rumors float­ing around minute by minute of progress in this area. I’m not gonna make any pre­dic­tions on that. The focus of our work now is on file stor­age and email. I believe the tech­nol­o­gy will work equal­ly well in gen­er­al com­mu­ni­ca­tions encryp­tion and in tele­pho­ny, but the moti­va­tion for why one would want data recov­ery cen­ters for tele­pho­ny out­side of the gov­ern­ment inter­est just don’t seem to be there. We are now work­ing with soft­ware and hard­ware ven­dors to fig­ure out ways to include com­mer­cial key escrow into their prod­ucts, and we hope there’ll be some announce­ment in that area very soon.

We’re try­ing to solve prob­lems for the aver­age busi­ness and the aver­age indi­vid­ual, by allow­ing rou­tine capa­bil­i­ties to pro­tect their sen­si­tive infor­ma­tion. I will say we’re not try­ing to solve everybody’s prob­lems, though. Two weeks ago I briefed Jerry Berman’s dig­i­tal secu­ri­ty and pri­va­cy work­ing group, and there were ques­tions from the audi­ence that wait a minute, you’re mak­ing it too easy for law enforce­ment to get my stuff.” Well if your stuff is rou­tine­ly avail­able in the clear now, no we’re not mak­ing it too easy. If you in fact con­tract that with some gov­ern­ment key escrow sys­tem where the gov­ern­ment has the keys, no this is not any­where near as easy as that.

However, if your con­cern is that the gov­ern­ment, act­ing in any legal man­ner, can get at your data if you use this sys­tem, then my advice to you—and I guess this is answer­ing the third question—is…don’t use this sys­tem. In fact don’t use any com­mer­cial sys­tem because the government’s going to be able to get your stuff if they real­ly choose to.

I want to close with a cou­ple of com­ments. This is in fact a pri­vate sec­tor ini­tia­tive. There are peo­ple who are say­ing this is Clipper Two or this is the gov­ern­ment about to impose yet anoth­er ver­sion of key escrow on us. This is a pri­vate sec­tor ini­tia­tive designed to make encryp­tion avail­able for pri­vate use. The gov­ern­ment has no invest­ment in this. We’ve asked them to review it rel­a­tive to export con­trol but it’s going to become avail­able any­way.

I have a very small num­ber of write‐ups here, that I’ll be glad to give away because I don’t want to take them back, about where we are. I’d be glad to sup­ply you with this if you in fact don’t have enough here. And I’ll be around to talk about it lat­er if you’d like. Thank you very much.

Froomkin: Our next speaker’s also from the pri­vate sec­tor. It’s Ira Rubinstein, the Senior Corporate Attorney for Microsoft. He want­ed me to say that one of his claims to fame is that he went to Yale Law School with Ron Lee.

Ira Rubinstein: Good morn­ing. I’ve been involved for sev­er­al years in indus­try efforts to lib­er­al­ize export con­trols, and what I’ll try to do is to bring a very com­mer­cial per­spec­tive to the panel’s dis­cus­sion.

I think it’s pret­ty clear that the strongest imped­i­ment to secure inter­na­tion­al com­mu­ni­ca­tions has been export con­trols. Without those con­trols, American soft­ware com­pa­nies would’ve long ago imple­ment­ed pub­lic key and strong encryp­tion algo­rithms. With those con­trols that has not hap­pened.

I dis­agree strong­ly with Steve Baker’s obser­va­tion, and he knows this because we’ve had this dis­cus­sion before, that there’s a lack of cus­tomer demand that accounts for the absence of secu­ri­ty fea­tures. Any com­pa­ny in the last sev­er­al years that’s been in the client/server are­na has con­stant­ly heard from cus­tomers that in order to down­size to client/server solu­tions they need secu­ri­ty. And the rea­son that American com­pa­nies have not offered secu­ri­ty is not lack of cus­tomer demand. It’s real­ly more a mat­ter of dis­tri­b­u­tion chan­nels. Most American com­pa­nies are not will­ing to offer a dual‐product strat­e­gy where they have a prod­uct in the US and a sep­a­rate prod­uct abroad. Because the dis­tri­b­u­tion chan­nels don’t allow that to hap­pen with­out impos­ing a great deal of cost. Product is dis­trib­uted pre­loaded on machines, those machines go any­where in the world. You can’t force the com­put­er man­u­fac­tur­ers to only ship a machine with an American prod­uct to cer­tain mar­kets and with any oth­er prod­uct to only those mar­kets. Increasingly prod­uct is dis­trib­uted on CD‐ROM in mul­ti­ple lan­guage ver­sions. Once again, it would be pro­hib­i­tive to try to track where each CD‐ROM goes so that you can offer the dual‐product in just the mar­ket that would accept it.

What cus­tomers do want is inte­grat­ed, easy‐to‐use, con­ve­nient secu­ri­ty, and that’s what American com­pa­nies have not been able to offer because of export restric­tions.

As to the sec­ond ques­tion of the fea­si­ble pol­i­cy change and a path to imple­ment that, I think clear­ly the sin­gle most impor­tant change that could occur is a change in the export laws. But whether that’s fea­si­ble is anoth­er mat­ter. For sev­er­al years now the soft­ware indus­try has pushed for leg­is­la­tion to change the export rules. I think it was back in 91 there was the Levine amend­ment and more recent­ly the Cantwell pro­vi­sions. Those leg­isla­tive efforts have not been suc­cess­ful. There’s been one major change in admin­is­tra­tion rules, the July 1992 agree­ment that result­ed in the iden­ti­fi­ca­tion of a suite of algo­rithms that if you…the 40‐bit algo­rithms that if you designed to you could be rea­son­ably assured of rapid export approval. And I think it’s very inter­est­ing to note that as soon as that rule was enact­ed, or pro­mul­gat­ed, soft­ware com­pa­nies respond­ed and we now see a large num­ber of prod­ucts with secu­ri­ty fea­tures designed around those stan­dards. So I would main­tain, and this is where Michael and I will dis­agree, that if those rules were changed again and the key length was expand­ed to 48 or 56 or 64 bits, com­pa­nies would react very swift­ly and put out prod­ucts that met those new cri­te­ria.

There’s been talk by sev­er­al pan­el mem­bers about pri­vate key escrow ini­tia­tives. The Cantwell Bill died last sum­mer main­ly because Congress has been unable and unwill­ing to pass a new export admin­is­tra­tion act for many years now and the Cantwell Bill went down in defeat with that bill—not real­ly in defeat because it nev­er even went to the floor. But at that time, as some of you may know, Vice President Gore issued a let­ter to Maria Cantwell in which he laid out some prin­ci­ples for pri­vate key escrow. They includ­ed that the pri­vate key escrow sys­tem would have to be imple­mentable in soft­ware or hard­ware, would have to use non‐classified algo­rithms. It would have to be voluntary—and I think indus­try inter­prets that to mean vol­un­tary in the sense that non‐escrow alter­na­tives would remain avail­able as well. And it would have to be exportable.

Whether that will lead to a solu­tion at this point is very dif­fi­cult to say but I’d like to make two obser­va­tions. One is that there will have to be suf­fi­cient com­mer­cial demand for key escrow, or as Steve calls it data recov­ery, in order for that solu­tion to take off. Without com­mer­cial demand it sim­ply won’t hap­pen because it would require a great deal of work on the part of com­pa­nies to imple­ment these fea­tures, and if cus­tomers are sim­ply not inter­est­ed in it then it won’t hap­pen. The mar­ket for it won’t grow.

But even more than that, I think it’s got to be viewed as a long‐term solu­tion because there’s got­ta be a legal frame­work in place in order for this to work. There has to be a clear sense of…where keys can be deposit­ed, what it means to deposit them in a com­mer­cial sense, who bears lia­bil­i­ty if keys are…you know, if the escrow agent who is a fidu­cia­ry with respect to those keys abus­es that duty or fails to ade­quate­ly pro­tect the keys, and so on and so forth. And with­out that struc­ture not only in the United States but inter­na­tion­al­ly, this is sim­ply not gonna hap­pen. Because it won’t be enough for the admin­is­tra­tion to announce a set of cri­te­ria unless there’s an infra­struc­ture in place not only in the US but abroad as well. Because after all, the impe­tus for this is relief on the export side. But if there’s no infra­struc­ture avail­able in for­eign juris­dic­tions, then it’ll be rather mean­ing­less to begin sell­ing that prod­uct abroad.

On the last point I guess I agree with both Michael and Phil in terms of how to com­mu­ni­cate secure­ly at this time. You could cer­tain­ly import for­eign DES box­es, or you could by a wink and a nod indi­cate where your for­eign coun­ter­part might find PGP. But I think both of those sug­ges­tions point out some of the absur­di­ties of cur­rent export rules. Why is it that an American com­pa­ny has to import for­eign DES box­es in order to achieve secu­ri­ty among its multi­na­tion­al sub­sidiaries? Clearly that indi­cates that the tech­nol­o­gy is read­i­ly avail­able abroad. And what’s the sense ITAR rules that would make it a crime as still sug­gest­ed to tell some­one where they can find PGP when the tech­nol­o­gy is read­i­ly avail­able and eas­i­ly down­load­able.

Froomkin: Thank you very much.

Our next speak­er is Ron Lee, who’s the cur­rent gen­er­al coun­sel for the National Security Administration hav­ing suc­ceed­ed—

Ron Lee: Agency.

Froomkin: Sorry, agency. The NSA. Among his many many accom­plish­ments on his illus­tri­ous resume he tells me the one he want­ed me to men­tion was that he was a Rhodes Scholar at Oxford—perhaps some­thing he has in com­mon with the President. Ron?

Lee: Perhaps the best way to intro­duce myself is to tell you that like you I didn’t go to Woodstock, either. But the rea­son was I was too young and it was past my bed­time.

Before I get to the sin­gle biggest imped­i­ment I want to set the stage a lit­tle bit by point­ing out that we’ve all focused on the word secu­ri­ty” as focus­ing on one aspect of the uses of cryp­tog­ra­phy that Willis Ware talked about. Security has many aspects, as you saw from his talk. We’re focus­ing this morn­ing, and quite prop­er­ly so, on the con­fi­den­tial­i­ty or encryp­tion aspect, but there are oth­er equal­ly valid and impor­tant uses for it which are nec­es­sary to build the glob­al infor­ma­tion infra­struc­ture. And those of course would include and non­re­pu­di­a­tion and dig­i­tal sig­na­ture and authen­tic­i­ty. All of that suite of fea­tures that you need to have. And I would sub­mit that for many busi­ness­es who are try­ing to fig­ure out how to get involved and how to reach cus­tomers, these are as impor­tant or more impor­tant than the issue of how to secure their data.

So with that com­ment in mind, let me say that I think right now the sin­gle biggest imped­i­ment to secure inter­na­tion­al com­mu­ni­ca­tions is the roman­tic myth, or almost the rever­ie, that the devel­op­ment of cryp­to­graph­ic stan­dards and imple­men­ta­tions, both in the United States and abroad is some­how an irre­sistible tide of free­dom sweep­ing out from the mass­es that no government—either the US or foreign—that no gov­ern­ment can or should con­trol. And this cer­tain­ly has a strong appeal to it. But I think it flies in the face of facts.

The fact is that nation‐states do have a strong and endur­ing inter­est in the uses of cryp­tog­ra­phy. Both his­to­ry and the present sit­u­a­tion prove that cryp­tog­ra­phy affects every nation’s mil­i­tary, polit­i­cal, eco­nom­ic, and tech­no­log­i­cal secu­ri­ty. And I don’t think it’s an over­state­ment to say that no nation‐state is going to advo­cate con­trol of cryp­tog­ra­phy, includ­ing encryp­tion and con­fi­den­tial­i­ty func­tions, to out­side or domes­tic forces.

Having said that let me try to iden­ti­fy some of the inter­ests that a state, includ­ing the US, would have. From the US per­spec­tive those would be pro­tect­ing the pri­va­cy of Americans; pro­tect­ing both busi­ness and—importantly—government insti­tu­tions against hos­tile for­eign intel­li­gence threats and oth­er threats to their infor­ma­tion; pro­tect­ing law enforce­ment access to com­mu­ni­ca­tions, where law­ful­ly autho­rized; and then pre­serv­ing nation­al secu­ri­ty capa­bil­i­ties. Those are things that all have to be fac­tored into the debate. And if we’re going to move this debate for­ward, which we must and have to, I believe we have to over­come that myth.

My sec­ond answer…to answer the sec­ond ques­tion, fol­lows from what I just said. Which is that cryp­tog­ra­phers, soft­ware man­u­fac­tur­ers, every­one who’s involved in the com­mu­ni­ty, needs to—and Steve Walker’s begun that process—needs to come for­ward with pro­pos­als that rec­og­nize the state’s inter­est and then work with the gov­ern­ment to eval­u­ate and improve their pro­pos­als. The Vice President in the let­ter to Congresswoman Cantwell has laid out the cri­te­ria for a key escrow pro­pos­al that we need to meet. And that process of work­ing with indus­try is going on and will con­tin­ue.

This process, though, is not lim­it­ed to the United States. And so we shouldn’t assume in kind of a US‐centric way that we’re the only ones who mat­ter, we’re the only coun­try that has to go through this. Every oth­er coun­try that is going to face the encryp­tion issue needs to go through this as well. And nation­al cul­tures, polit­i­cal process, con­sti­tu­tion­al val­ues, all the things that are unique to a nation‐state are going to shape that process. And then once that weigh­ing process is tak­ing place, and this is gonna come back to the pol­i­cy issue here, how it all is put togeth­er. How wide­spread cryp­tog­ra­phy is use. How well the sys­tems oper­ate. That’s all going to depend on some of the things the oth­er pan­elists have talked about. Personal pref­er­ence, polit­i­cal will in each coun­try, and of course tech­no­log­i­cal devel­op­ment.

Let me just that com­ment briefly on the third point, what would I rec­om­mend if some­one wants to com­mu­ni­cate with a for­eign coun­ter­part abroad. The first point is I would tell them to learn about what the for­eign threat is. You have to know what you’re try­ing to pro­tect your­self against before you go out and pro­tect it. The NSA, actu­al­ly, through the direc­tor and oth­er gov­ern­ment agen­cies, have reached out to talk to pri­vate indus­try to tell them a lit­tle bit about what the for­eign intel­li­gence threat is. I’ve par­tic­i­pat­ed in the Overseas Security Advisory Council, which is a Department of State group which any busi­ness or indus­try that has sig­nif­i­cant oper­a­tions abroad is wel­come to join and par­tic­i­pate in.

But on the oper­a­tional side, I would say per­haps the obvi­ous to you, which is use an encryp­tion prod­uct that’s been approved for export from the United States. [some audi­ence laugh­ter]

Let me respond briefly to some­thing Phil said, which is Phil’s first slide was his effort to debunk the if you only knew” state­ment. One of the main activ­i­ties going on this week of course is the NRC Committee, which is here. Several of its members—Herv Lin and oth­ers are receiv­ing input through the Birds of a Feather ses­sions and so on. And of course there is that seg­ment of that com­mit­tee that will receive the appro­pri­ate infor­ma­tion, and it will enable them to real­ly study the [?]. They’ve put a lot of resources into it and they will be able to come up with a con­clu­sion that I think will address some of the pro­ce­dur­al con­cerns that Phil had. This has been done in the past but I think that this is an impor­tant step in get­ting the appro­pri­ate peo­ple involved in the process.

Froomkin: If we only knew. [audi­ence laugh­ter] Thank you. I apol­o­gize for that remark. A lit­tle.

Last but cer­tain­ly not least we have Tim May who’s a cofounder of the cypher­punk group and was for­mer­ly with the Intel cor­po­ra­tion.

Tim May: Thank you Michael. My only point will be you would sup­port my posi­tion if you only knew what I knew. [some audi­ence laugh­ter and applause]

Seriously. I think Stewart Baker was cor­rect in his writ­ten com­ments that the issues need to be raised and a debate needs to hap­pen. I believe an impor­tant phase change in the struc­tures of soci­ety around the world is com­ing. It has its neg­a­tive con­no­ta­tions, it has pos­i­tive con­no­ta­tions. I don’t wan­na ram­ble off on a bunch of tan­gents about the polit­i­cal issues and long‐range issues, but I do think this is very impor­tant and I think the pub­lic debate about cryp­tog­ra­phy is very healthy for the coun­try.

Somehow my three answers to Michael’s ques­tions got fold­ed in, edit­ed in, to his list­ing of the ques­tions. So you can see them pret­ty clear­ly.

The sin­gle biggest imped­i­ment to secure inter­na­tion­al com­mu­ni­ca­tions I believe is basi­cal­ly igno­rance. It’s cus­tomers not ask­ing for soft­ware. I’m inter­est­ed to hear that cus­tomers are ask­ing. Most peo­ple I know—end users, not cor­po­rate cus­tomers but end users of dif­fer­ent systems—are pret­ty much unaware of what’s hap­pen­ing, and they’ve got­ten intrigued by PGP. MailSafe, for exam­ple, which I had from RSA Data Security. I actu­al­ly bought and paid for a copy from Jim some years back. I could nev­er find any­body to com­mu­ni­cate with. [audi­ence laugh­ter] [laugh­ing:] Nobody else had a copy of it, so I couldn’t send secret decoder mes­sages to any­one.

PGP changed that as a com­mu­ni­ty. For com­mu­ni­tar­i­an rea­sons it spread very wide­ly and has been inter­est­ing.

So I think if prod­ucts could be inte­grat­ed into things like Lotus Notes and Microsoft Word, Microsoft Network, NCI network—whatever’s com­ing, so peo­ple could just click on but­tons and get cer­tain fea­tures, then this will be a major suc­cess. To the extent that’s not hap­pen­ing because of ITAR rules I’m sure that’s an issue.

Anyway, the thing I want to talk about before my time runs out is I men­tioned multi­na­tion­als. There are two sizes of multi­na­tion­al com­pa­nies, inter­na­tion­al com­mu­ni­ca­tions. Big ones like Intel and Lockheed and Apple. And they’ve got cer­tain rules—they’ve got to play by the rules. Whit Diffie made an excel­lent com­ment a cou­ple of years ago to the extent that the war on drugs was large­ly suc­cess­ful against big com­pa­nies because you could tell Lockheed that if they don’t start drug test­ing and what­not you could fine them and penal­ize them and do all sorts of things. But small lit­tle com­pa­nies, small lit­tle enter­pris­es, aren’t affect­ed by these rules.

Nicholas Negroponte has a posi­tion that’s very sim­i­lar to the posi­tion many of us have had which is that we’re going to see a huge increase in the num­ber of fam­i­ly multi­na­tion­als. This is the mother’s in Hong Kong, the father’s in Paris, the broth­er and the son are in the US. It’s not clear where their income is local­ized, it’s not clear where their assets are, and they’re cer­tain­ly not going to be restrict­ed in the forms of com­mu­ni­ca­tion they use. They may use code books, things that essen­tial­ly can’t be stopped.

Or they’ll use PGP. I mean, it’s triv­ial to get PGP out of the coun­try. There’s a run­ning bet in the com­mu­ni­ty as to how many hours it takes to get a new ver­sion now. And this— [audi­ence laugh­ter] I’m not say­ing I would do it, I’m just say­ing that it gets out, fast. It can’t be stopped. The bor­ders are trans­par­ent. I car­ried sev­en giga­bytes of data to Monte Carlo recent­ly to talk to cryp­tog­ra­phy peo­ple over there. Seven giga­bytes on opti­cals and DATs. There’s no way to stop me. There’s no way to stop any­thing. This is the phase change that’s com­ing. I don’t demo­nize the NSA, as I think they did a great job help­ing to win the Cold War and I think they deserve a round of applause and [pan­el mem­ber laughs] Not clear what the future mis­sion will be in a world of trans­par­ent bor­ders— [record­ing cuts out on May’s pre­sen­ta­tion]

A. Michael Froomkin: —conversation. And preceding that assumption, before I go to questions from the floor, which we will definitely do, I want to throw a few pointed questions at a few members of the panel. I courage other people to follow up if they would like to do so.

I think my first question's for Stewart Baker. This is really a question that ought to be addressed to Ron Lee but he can't talk about it because it's the subject of current or future litigation. So you're the best-placed person to say the things he could never say.

How on Earth can the United States government justify denying Phil Karn's request? What's the logic behind that? The book is out. What's wrong with the floppy disk?

Stewart Baker: Yeah I think the best stab I can take at it is this. In 1975, if you had asked NSA or most government officials about the classification status of cryptography, they would have said it's equivalent to nuclear technology. It is so important to the national security that people who research it, who come up with ideas relating to cryptography, new cryptanalytic attacks or new cryptographic techniques, are engaged in classified research whether they know it or not, and they should not be releasing it to the public without talking to the government first about its national security consequences. That was pretty much its status for export control purposes.

In the late 70s, for a variety of reasons, that became a very controversial position. A lot of private sector and academic cryptographers did not want to submit to that kind of review and raised a First Amendment issue about academic discussions of cryptography.

It turns out that at least for the short term, or maybe the medium term, it is possible to do a lot that protects national security if you can restrict the spread of commercialized encryption. It's not a perfect result but it is better than letting it go entirely. And I think that the— This is before my time at NSA, but I think that the final policy decision that was made sometime in the early 80s was to say for First Amendment reasons we have to give up on trying to regulate what academics say when they talk about cryptography. But we have to control commercial cryptography.

Froomkin: But Phil has anticipated your reply in his slides. I mean, he claims that that answer is based on saying foreigners can't type.

[long pause; audience laughter]

Baker: I don't think entirely that it is. The fact is that… We've heard a lot of people say they think that the existence of export controls on strong cryptography has prevented companies from selling it widely. And as Tim said you know, if there isn't somebody at the other end, then you're not as likely to use this stuff. And so restraining the installation of point-and-click DES encryption probably has meant that there are a whole lot less DES-encrypted transmissions in international communications than there would be otherwise. So I think it's not a perfect line. And I'm not speaking for NSA when I say this 'cause I wasn't there when that decision was made. I think if you take the view that as an effort to accommodate the First Amendment people said, "Well why don't we try this line: commercial, no; academic, yes," the difference between a book and a disk begins to make sense. It's not perfect by any means. But I think if you're trying to get a sense of why this might seem like a sensible distinction, that's the best I can do.

Froomkin: Want to say anything? You want to add or subtract to—

Tim May: Yeah, I just wanted to add that—Ira may prove me wrong on this, but I think companies that make commercial software…you know, encryption or whatever [?], are going to be quite reluctant to take the crown jewels of their corporations and just…publish them in a book so that Phil and his nimble-fingered friends can type it in.

Phil Karn: Of course there is something that I don't think was actually anticipated by people who made this distinction between commercial software and academic discussion is the rise of free software, which PGP is probably the best example. I've written cryptographic code; as far as I'm concerned it's in the public domain. I put it out there because I think it actually facilitates those who were, you know, interested in academic discussion. I mean, a lot of people give away source code because it is a very powerful instructive tool. Stewart and I had a conversation about this last night at dinner, where he was asking why would I ever want to give away source code? What instructional value is there to that? It was obvious just from the question he's not a programmer. [audience laughter and clapping]

Froomkin: Anyone else want to jump in or…deploy my next cool question. I guess my next cool question is actually for Phil. It's an equal opportunity process.

Do you ever worry about the consequence— We have people from the government here, at previous conferences, who tell us in all seriousness that they have thought really hard about the national interest, and they're trying to the best thing given what they know, and bad things will happen if this stuff gets out. Do you ever lie awake at night worrying that there might be some truth to it, you're contributing to some bad thing happening if win your case?

Karn: Actually I have to say yes. I do worry about that, okay. I mean I have to be honest about it. All technology can be used for either good or bad. That's not just true with cryptography, I've been very active in the Internet for the last ten years. I've helped develop a lot of technology along with many other people. For all I know Saddam Hussein used it in the Gulf War. I mean that would explain some of the silly rules we saw after the fact about controlling Internet routers; another technology that's out of the barn.

So any technology can be abused, not just for cryptography and yeah, I am concerned about that but I also realize I can't do much to stop it it. All I can really do is make sure the good guys also have it.

Froomkin: Anybody else wanna…?

Tim May: I'd like to make one comment. I think someday I'm gonna wake up, turn on CNN, and hear that some Eastern European city or Middle Eastern city has just been nuked, maybe with a fizzle nuke. And I think that's likely to happen. And I'm not too worried about it. And I know that sounds callous. I like making outrageous callous remarks. But the world is much safer. There's almost zero likelihood of a global thermonuclear war, which to me is a very good thing. The weapon stockpiles are gradually decaying, at least the Russian ones are. We think.

Some terrorism will occur. I don't support any kind of terrorism but I think if you look at the number of people who die in terrorist attacks, it's relatively small and it's not—to me—sufficient grounds for suppressing free and open societies. And I hope we don't see anything of that sort. [applause]

Froomkin: The reference to Saddam Hussein sort of raises a question I think has to go to Steve Walker. And as I understand your proposal, you want to help produce shrink-wrapped products which are exportable, which are going to provide strong encryption with voluntary escrow where the users get to choose who's going to hold the escrowed material, who's going to have the data recovery center.

So if Saddam Hussein wants to set one up, he can do that. And the system will be fully functional. And the good guys, as we've been calling them, are probably not gonna find it very easy to serve a warrant on Saddam.

Now, given that's the situa—if that's the correct description of the technical situation, why would the United States government give you export permission? What's in it for them?

Stephen Baker: Well in reality Saddam Hussein and the terrorists and all can in fact get anything they want now. In reality you can't sell…anything to Iraq because of embargo.

Froomkin: [indistinct]

Baker: There are rules that say you can't send to terrorist-supporting countries and to the former Soviet Bloc or whatever. So those rules will still apply. The fact is that terrorists can get anything they want, and they do. It is only really that good guys in the United States and in other countries that are the ones that are losing here. The ones that abide by the rules are the ones that have no encryption to protect their information now. So I believe it's really a specious argument. I don't think terrorists are going to use commercially-available products with key escrow or without key escrow, I think they're going to do their own thing because they don't want to fear that they can be ripped off.

And so I mean… Why would the US government to approve this? In fact I think if the US government thinks this through for law enforcement interests and for national security interests they're going to be better off if there is a widespread use of some sensible key escrow approach than if there's just a proliferation of thousands of ad hoc solutions for which they will never have a chance of ever recovering anything. And so I don't think it's the fact that the terrorists might use it that's going to dissuade them. It's the benefit to the overall common good. In the paper that is in the proceedings I go through an analysis of the various alternatives to this. And the proliferation of thousands of ad hoc products makes law enforcement's job virtually impossible in this area. And I think it's actually a positive benefit they're going to get from that that outweighs any possible terrorist problems.

Froomkin: Anybody else? Phil's trying to—

Karn: Yeah, I wanted to speak to the topic of software key escrow, because I'm not sure we actually need a whole new product to support this. I'd like to make a proposal in the spirit of voluntary software escrow. Those who use PGP know that it has a feature in which you can encrypt to multiple recipients. Well, I would like to offer Mr. Lee here to give me a PGP key with NSA's name on it, show me that it's really his. I will be glad to sign it. My key is widely signed signed in the PGP database. You put it out on the database, let the whole world have it. Anybody who wishes to voluntarily escrow their communications with the NSA simply has to include the NSA's key in their mail. I think the problem is solved. [applause]

Froomkin: Ron, you want to take that offer?

Ron Lee: Yeah, if you're an American we don't want your key. [laughter]

Karn: I'm giving you an invitation.

Froomkin: You have anything else you want to add besides that or…

Well let me throw one last question out before we turn it to the audience. And this I guess is really for Ron to the extent that you can speak to it, which is… I guess it's a two-part question. First, how far does the genie have to be out of the bottle before the United States government's willing to recognize that something's exportable? And why isn't DES there, yet?

And in a similar vein, the NSA recently took a very public position in front of the X9 Secretariat against Triple DES. Why is the NSA standing in the way of the banking community's desire for ultra-secure communications when in the past it was supportive of the desire to have DES even when it wasn't going to give it to other people? So, they're related… To the extent you can what can you tell us about those things?

Lee: Yeah, on the first one this sort of gets back to a point that I think Steve made. You sort of look at what is a best-case or worst-case or second-order solution. Perhaps the worst thing to have out there would be to have a world of uniform, widespread encryption that does not provide law enforcement and national security with what it needs. But it's not clear to me that it would be so horrible to have a multitude of non-interoperating systems out there. Because you know, people who are the targets of foreign intelligence make mistakes. They don't always use cryptography for all the reasons that have been explained. So again, it's not clear that the solution is all or nothing.

On the other point about Triple DES, what I'm willing to say is that the process of deciding what the international standard is for banking is an ongoing process. As you know, the standard will be up for renewal. And I would prefer not to go into sort of the details of that decision.

Froomkin: Well I think the audience has been very patient. Let me start with Eric Hughes. We'll go back and forth between the two sides.

Eric Hughes: I'm Eric Hughes. I have a small dialogue I'd like to engage Ron Lee in. Because I'm feeling kind of stupid today. And…so let me make sure I understand your position. What you're saying is that…you're acknowledging I think that the people of the United States and citizens of the world want to use secure cryptography that allows them to choose whoever they want to talk to, which doesn't include the government. Is that right? Is that what I heard you say?

Lee: I'm not sure I understand you, but—

Hughes You're saying— Well I think I heard you say that there's a large demand for secure cryptography by people of the world, like me and the rest of the people in this room who don't work for the government.

Lee: That's right.

Hughes: Okay. And you're also saying that there are national security and law enforcement reasons that aren't being taken into account in the debate. Is that right?

Lee: Well I'm saying that the greatest obstacle to reaching an accommodation that gives most people and most interests most of what they want—

Hughes: Well that's the point I've been trying to make, is these interests. These interests are law enforcement interests and national security interests, right?

Lee: Right. Well I mentioned the other two, privacy for Americans and privacy for businesses—

Hughes: Okay okay. I'm just… I understand this. I'm getting to my point of…something where I'm really, really confused. So, you do acknowledge that we have a democratically run country, right?

Froomkin: Cut to the chase. Cut to the chase.

Hughes: We're getting there. You do acknowledge we have a democratically run country right?

Lee: Have you been watching the OJ trial too much.

Hughes: Yeah yeah, no I just— [laughter]

Froomkin: Touché.

Hughes: What I want to know is that if we have a democratically run country, and we have people who want to have secure cryptography, why is it that we have these other interests that seem not to be democratically controlled that seem to have become independent interests contrary to the will of the people, and having these interests be pertinent to this debate in any sense at all? Personally, I want to have a world with secure cryptography where no one can listen to my conversation unless I want them to. And I think this is what a lot of people want. And I think that these law enforcement needs are in fact not needs but in fact an attempt at a seizure of power. So can you comment on that? [applause]

Lee: I certainly would be delighted to. You are free to go out tomorrow and back whatever political candidate you want, whatever Constitutional amendments and referenda you want to promote. The system we have now—and I'm just stating the fact—is one that invests the power of government in elected representatives. Not to give you the civics lesson, but it is through that process that the administration decided what the relevant factors were to be balanced, including law enforcement. And I think it's appropriate for everyone in this room to think about what the world would be like without law enforcement capabilities. I sat in on some of the sessions yesterday, talking about the First Amendment and the Internet and so on. And I don't think there was anyone in the room who disagreed that there was a point at which there was an appropriate role for law enforcement to play, even in this great bastion of freedom called the net.

So, that's a decision that's been made by society. You and anyone else is free to go out and try to remove law enforcement or national security as a factor, but you would want to think through very carefully the consequences of doing that before you did that or before people supported you.

Hughes: I—

Froomkin: No, I think I'm gonna have to cut you off and pick our next speaker.

Hughes: One final comment, though. And this is just a parting shot—

Froomkin: Two seconds.

Hughes: The black budget is taxation without representation, and the closure of the [?] taken on security prevents the democratic process from doing as you say it does.

Froomkin: If President Clinton told you to change the policy, you'd change it wouldn't you? I mean that's really what he— The claim seems to be that you're operating independent of the President. That's not the position is it?

Lee: It's the President's decision.

Froomkin: So have you ever talked to the President about these issues?

Lee: We didn't overlap at Oxford. [Froomkin laughs]

Karn: Didn't I read somewhere once that someone at the NSA was quoted as saying the President doesn't speak for NSA? I think that was in the [indistinct].

Ross Stapleton-Gray: Ross Stapleton-Gray, TeleDiplomacy, Inc. I think Tim May said something that really ought to be underscored about global trends. I went to a hearing on openness in the intelligence community, where I went in expecting to hear all sorts of great debate across the aisle, only to see an incredible unity of thought that more openness might embarrass our President and his conduct at foreign policy. More openness might embarrass the past President and ensure we never get back in power. A unity of the two halves of the government, the two sides of the aisle, in favor of preserving the stability and the security of…somewhat of the status quo.

And I think we're going to do the same thing globally with governments besieged by the rose growers in collusion internationally. And every other group. Such that we will find—and I think we've seen for sometime, it's much more in the interest of the US government to reach accord with the governments of Pakistan and China and Uganda against destabilizing forces from below, I think leading towards an absolute extreme where we find we're in lockstep with the governments of China and Pakistan and Uganda against these nasty rose growers. This ceased to become an academic exercise for me about a week ago when I got an email note saying, "Did you write this document?" Some person in some country out there, where we don't have meetings on computers, freedom, and privacy. A country of a number of people and we're a fifteenth of less of the world, even all of us in the US combined. This person said, "Did you write this document?" and it was some gibberish.

I said God no, I don't think so. And it came back and it said "well this is…" and it gave me the title. It was an article I've written called "Opening Doors in the Global Village."

And the person said, "The editor said you work for a certain company." And my affiliation as a CIA analyst was on there. And it said, "If you work for this company, and if you care about my country, could you tell me where I find PGP, UUEncode, etc." I got my first electronic walk-in only after I left the agency.

But this person out there, one of a larger bunch of people who are not us, living in a government that is not anywhere near as nice as the one we may be complaining about now, desperately wants to get the tools. And what I suspect, given what Tim has described in the general trend that the governments are going to start circling wagons against the threats which are indeed numerous and are indeed real… We'll see that there will be a general consensus among the various governments that, "Well, we better not let it be imported, better not let it be exported."

Just to note, I think Tim's exactly right. There's where the tension lies. I agree, from having been an intelligence analyst, that there are indeed major threats. I'll add as a former intelligence analyst, if you knew what I knew you wouldn't take so…you wouldn't let Mike Nelson say, "If you knew what I knew." [applause and cheering] There are indeed threats but I think—

Froomkin: Let me put this question to a couple members of the panel as a matter of fact. We've had a suggestion in a sense there's going to be a conspiracy of government against their people. Stewart, Ron…

Baker: I actually wanted to address a different point first, because I think it's… For those of you… I'm kind of surprised to find that Tim May and I agree upon more than most of the people on this panel. But let me turn to something I think—

May: I'm not surprised.

Baker: —that we actually agree on in terms of freedom for the world, and concerns about censorship and oppression around the world. There is one aspect of US export control policy that could be changed without invoking any of the "if you knew what I knew" kind of stuff. It wouldn't cause any harm to the national security and would be good for democracy. And that is, currently because of a Congressional law imposing sanctions on the Chinese government for slaughtering its people in Tiananmen Square, it's not possible to sell munitions without special Presidential waiver to anybody in China. What that means is you can't sell a human rights group in China secure communications that have been approved to export other parts of the world.

I don't think that makes any sense. [applause] I don't think that that's a concern at the national security level, it is a political concern. People are afraid within the administration, within the State Department, of looking as though they're being nice to China. And they're unwilling to recommend to the President that the President issue a waiver allowing the sale of encryption that's been approved for export into China. There've been some modifications to that policy but it's by no means complete the last time I looked.

That's something that could be changed. It could be changed if people thought the politics went the other way, and I think that is a doable thing that folks in this room ought to be trying to do.

Froomkin: Ron, you want to add anything to that?

Lee: Well I'd sort of like to turn the "if you knew what I knew" thing around, and a lot of what underlies the questions here is that the US government is engaged in some conspiracy or that it's not to be trusted inherently. And I'm wondering, beyond sort of the political philosophy underlying that, what specific examples are that lead people to have that concern?

[several things from audience indistinctly]


Lee: And I think when you look at each of these you'll see that appropriate oversight mechanisms have sprung up and been strengthened in response to that.

Froomkin: So the position basically is "It can't happen again…trust us!"

Lee: Cabazon, Wackenhut, Casolaro. [cheering and clapping] Now, I don't… I follow the conspiracy theories fairly carefully. I don't know that there's anything to the Mena, Arkansas CIA drug supply blah blah blah blah blah. I don't know. And I don't know that that's my major concern. I think that any kind of government at a certain size is going to have corrupt people in it. It's gonna have ex-CIA people who ship drugs around. It's gonna have current CIA people. It's gonna have French intelligence…all sorts of things. That's just the nature of humanity. That's not gonna change.

I believe the larger issue is not whether there's a conspiracy in government, but the issue of what government does, what governments do around the world when there are so many degrees of freedom. Such a vast number of communication channels. This has been a change in the world. The Medieval guilds fell apart 800 years ago. The medieval guilds had a position of intellectual property very comparable to what current corporations have. That is, the silversmiths' guild owned the knowledge of how to make silver. And the king supported that right. And this was intellectual property law of 1300.

Well, technologically that changed when printing became available. Because first, religious books were published. They were the first hot off the press. After the first initial print run of hymnals and bibles came out, the next thing that came out, somebody told me a couple nights ago it was porn. I sort of doubt it, but. What I've always heard is the next series that was out, and it's supported by the early publishing, were these books on how to do home farming-type things. How to shoe horses, how to sew… It was knowledge, basic knowledge. Within the next fifty years the guilds collapsed. This was independent of all the law and all the morality. The development of a technology that allowed increased degrees of freedom of that sort changed fundamental structures.

I think we're seeing the same thing today. These various virtual communities exceed the number of nations in the world. And arguably they're much more coherent, much more cohesive, much more dedicated. Some of them we call terrorists, others we call freedom fighters. I'm remarkably…unconcerned with what their causes are. I'm more interested in the general phenomenon of 250 nations in the world, and at least a thousand different special interest groups. And you can't stop them. You can't just say, "We're not going to allow communication." As long as you allow communication, these are going to form. And I think it's going to change over the next fifty years the nature of governments around the world. I think we're already seeing it. [applause]

Karn: Yeah I'd like to speak to the point about conspiracies. I'm not a conspiracy theorist. I don't think a conspiracy theory is necessary to explain what governments have been trying to do to suppress cryptography. There's a very simple explanation. I very strongly believe in the principle of not attributing to malice what can be adequately explained by stupidity. In the case of government, the overriding concern is CYA: cover your ass. And that explains everything they've been doing. You don't need to have a national conspiracy to explain it.

Froomkin: In the spirit let me call the next person before the audience lynches me.

Audience 3:

Frank R[?], Stanford. And since we're privileged to have a council here from Microsoft, I thought I would ask about some of the products like Word, or Excel, or other products that have password protection. I've looked in manuals for Microsoft products as well as others, trying to find out just exactly how secure data would be if I used those features. And to this day I really don't know what kind of protection there is in there. But if there is protection in there I wonder if that comes within cryptographic regulations. And if there isn't I wonder why there isn't some kind of a warning letting me know about the security of what I put in those products.

Froomkin: The question is, do we trust Microsoft? [laughter]

Audience 3: [inaudible]

Ira Rubinstein: I think it would be best to answer that question with a bit of historical perspective. And you can laugh all you want but it's still a serious point. The export regulations predating the July 19th, '92 agreement that identified the criteria for exporting products made it virtually impossible for any American company with significant foreign revenue to design adequate security features. Because the way export controls worked at that time, if you approached the government and said, "This is what we're planning to implement," they would say, "Well…we don't know if that's exportable. Why don't you go ahead and implement it and then we'll look at your implementation." And the companies would say, "We're not going to implement it unless we know that we can sell it abroad." And you'd quickly get into this dance that resulted in no serious encryption being implemented because nobody wanted to spend the resources on the next rev of a product if that meant that you would lose your foreign markets.

So a lot of companies, not just Microsoft but other companies with password protection in application products, implemented what can only be described as weak protection. Protection that without question would not interfere with the export status of the product. Which didn't even require much discussion with the government to establish that. Anything that did require discussion meant that you either had to commit to expending the resources to develop that, to put it in a product, to test it, and then possibly have to remove it at the last minute. Or you didn't develop it at all. So, the level of the encryption that's generally available in products that had a long history prior to that July 19th, '92 agreement is quite unsatisfactory.

Following that agreement, a number of commercial companies quickly introduced a whole suite of products that were designed around the criteria identified. And they'd be in a position today if those criteria were changed to quickly respond to those changes to increase the keylength and to offer more sophisticated features.

But I want to make this point very clear because the major impact of the ITAR on US software companies to date… And bear in mind that throughout the industry the foreign revenue accounts for as much as as 50% of total sales. And US software product in the prepackaged category accounts for as much as 75% of total world prepackaged software. So, what US companies are permitted to put in their products determines what's available worldwide but also the determines what's going to be available in the US. And that's why I emphasized earlier the impact of export controls on cryptography.

Froomkin: Let me follow that up just a little bit. Tim told us, in his talk, that he thought one of the biggest problems was ignorance. And there've been many many suggestions on the net and elsewhere that perhaps— [And which Tim says to you?], you've sort of confirmed this: Microsoft products are not as secure as one might dream they could be. Why doesn't Microsoft put a disclaimer in the manuals and educational tools? Tell people you know, "We'd love to give you something better, but we can't." Wouldn't that be the best way of solving Tim's problem of educating the world?

Rubinstein: You're saying why don't they trash their product?

Froomking: No! They're saying, "We've given you the best thing we can, under the laws." You know, "It's better than what anybody else has! It's the best thing—" They're going to make whatever claims they want. "We would like to give you something even better but we can't."

Rubinstein: And what problems do you think that would solve?

Froomkin: Well Tim's claim that people are ignorant about the possibility of strong cryptography.

Rubinstein: We've not encountered ignorance about the need for cryptography, at all.

Karn: Would a product liability lawsuit help? [laugther and clapping]

Froomkin: Surely one lawsuit's enough. Americans sellers of mass-market prepackaged software make no strong warranties about their product. [laughther]


Audience 4: [indistinct sentence; name?] A couple of things, specifically to Mr. Baker. I think your point about that customers don't want secure cell phones completely misses the point. And I believe specifically if you look at one that aren't currently deployed, the CDMA, it's possible to provide domestic users completely secure authenticated privacy with no threat, because you can always control the base station sales; much easier to control.

The other thing I would answer to one of the questions originally posed, which is if you wanted to have a secure international communication, which many multinationals do—people, friends, family internationally—is that I would recommend that you speak to the people you know who are technically able and interested and urge them to participate in various international standard-setting bodies. It's clear that if you're interested in truly secure communication—uncompromised—that it will not be brought to you by any of your local governments.

And I understa— I…I'm concerned. I mean I'm concerned. I you know, think about this at night like what is this going to mean? And I don't think that we're going to stop the march towards strong cryptography. Clearly the export controls are working. I mean it slows it down. And there's consequences. There's basically…nil deployment of strong crypto domestically. And that's costing everybody.

Baker: I have to say, I think it's…as I said earlier I think it's quite likely, though not…quite proven, that we've reached a takeoff point for people wanti— You know, the mass of people wanting strong cryptography.

But I am also struck by the fact, when I was an NSA agent in [?] I went up to talk to a big hardware and software company deep into systems and networks that offers DES as an option for security. And I asked them, "Well, of your US customers, how many buy this option?"

And they said about 1%.

If you're going to make the case to get rid of export controls, the missing element… In the end, you're never going to be able to argue very effectively on either side of that…how valuable this is for national security purposes because it gets…sort of hard to talk about national security intelligence successes without blowing them…

But you can talk about what the economic impact is on US industry. And there have been some efforts in that regard. Steve Walker and the STA and the BSA have produced a lot of indications of the fact there are a lot of products out there offering security.

The missing element—I can say this about the debate inside the government. The missing element has been a credible analysis of what the actual market for that stuff is. What people are actually willing to pay. Listen, you have to develop the facts if you want to win this fight. And the way to do it is to show that there is a substantial market for this product. The best way to do it is to start with US sales and show what those US sales of secure products are. And argue that there would be the same kind of market penetration outside the United States as in if there weren't export controls.

That's the missing element in the argument again, you know. Free advice, and worth every penny. If I were working to end export controls, I would be working to develop credible estimates of actual existing market value of sales of cryptography inside the United States. And that has yet to be produced.

Froomkin: Steve, you—

Rubinstein: I am working to relieve export controls, and I can say that the Business Software Alliance did a study, and the study demonstrated that customers were prepared not to buy US software products that failed to offer strong security. I think the response…it was a Fortune 1,000 study, and the response was about right around 50% of respondents answered that question in that fashion. I think much of the problem with this man, and this is another debate that Stew and I have had previously, is that the question has been posed in the wrong way.

The question has been proposed such that the US companies are asked to demonstrate their lost sales. But US companies don't track their lost sales. Customers that want integrated security, and then buy a different product do not report to US vendors that we chose not to buy your product because it lacked these security features. I just think that's a silly request, and it's… It's not commercially feasible to provide that kind of data. It's a very complex decision that any large buyer makes as to what networking product, for example, they're going to buy. And if they end up buying one product rather than another they simply do not report back that this was…"Dear Sir, this is why I didn't buy the product. Because it lacked a security feature." I would not say that this is easy. But the fact is that the telecommunication industry was able to show very substantial sales of advanced switches when they wanted to decontrol exports of advanced switches.

And the same thing for the supercomputer industry and the computer industry when they wanted to decontrol sales of those products abroad. And it's going to be a more persuasive argument if you can show that there are actually very substantial sales of strong cryptography around the United States. And I think that you know… I don't have a stake in saying this but—

Baker: Again I disagree because—

Froomkin: Hold on, let me get Steve Walker in here, because I think you've done a study, haven't you?

Walker: Well we've actually been performing this study of what's available worldwide and what's available in the US, and we found over 400 products available overseas.

More importantly in this, we have actually gone out to try to buy products. Products from England, products from Germany, from Israel, from Poland, from Russia. And in every case where we have attempted to do that we have succeeded trivially. We are buying them in the US, sometimes from US distributors of these companies in these foreign countries, sometimes from overseas—we like to keep the stamps from the different countries, they're nice to show to Congress.

You can trivially buy cryptography in the United States from overseas. We are told by the government that other countries have the same kind of export rules that we do. That in fact is not the case. Many countries have followed the CoCom rule that says "okay, don't sell it to terrorists countries, don't sell it to former Soviet Union countries. Sell it to anybody else." France I'm told is more than happy to have their products exported. They don't want anything imported that might be used against them but they're most happy to have them put in the United States or anywhere else.

There is an enormous amount of growth in the availability of products from overseas. We for example have a firewall that we're selling, and we've added IP encryption into it. And the IP encryption we've added uses a German [?] and Infosys board that does does DES and Triple DES at T1 rates. It's available for a hundred bucks. You can buy it in the United States, you can buy it from Germany. It's trivial.

There's no one in the United States that makes that stuff anymore because they can't sell it anywhere else. If we're going to have protection for security for the NII it's going to come from foreign sources. We have to do something about that. [applause]

Froomkin: We have time for one last, incredibly fast question. And I'm told despite my protests we have to stop. I would keep going if we could.

Audience 5: This dovetails actually with the last question and I would address it to Mr. Baker and then maybe toss it over to Mr. Lee to see what the—

Froomkin: Really fast.

Audience 5: would be. If the justification from the NSA and from the government for passing regulations regulating the cryptography exports was that the market didn't exist, why did the regulations have to be there in the first place? [cheering and clapping] I mean if Microsoft was going to make the product and nobody was going to buy it, why did the government then need to pass a regulation to say "even if there were a market, you can't sell it?"

Baker: I was shorthanding the analysis. Anytime… I mean… We're not an island, we don't have all the technology in the world. It may have been true in 1950, it ain't true now. And our companies have to succeed internationally. If you're not earning 50% of your income abroad, you're not competitive anymore as an American industry. So you you can't make national security and export controls policy in a vacuum, you have to consider its impact. You have to balance the impact on national security of letting go of those controls versus the impact on US industry upkeeping them. That's the balance that everybody goes through and that's certainly true for the Clinton administration; I think that's true for the Bush administration as well.

It's very hard to have a public debate about what's the national security impact of letting go of control. But you can have a very public debate about what the impact on US industry of keeping them. and there have been—and Steve Walker's work is a useful data point. But it lacks an indication of the size of those markets, the actual market value of the products that he's identified. And I were building a case to get rid of export controls, I'd want more data on the size of that market.

Karn: It does seem that no matter how much data we find there's more that's needed to make the argument. And that's…very very frustrating.

Baker: If I could add one PS, the marketing question is not the market for standalone cryptography products. The marketing question is the entire future of electronic commerce on a worldwide basis.

Karn: That's right.


Froomkin: Ron?

[general crosstalk from panel]

Froomin: Ron first, then Phil then Tim. And that'll be a wrap-up.

Lee: A couple of [?] to the question. One is that your question assumes kind of a static world where if export controls ended tomorrow nothing else would happen. And I think what the government has a responsibility to do is to look at what its actions are promoting, what its actions are inhibiting, what direction government policy is moving the world abroad, and whether that's a helpful or unhelpful development for all the factors that I identified before. And so even if your hypothesis is true at the moment, which I don't accept, it would certainly be different the next year and the year after that.

The other thing I wanted to point out is we've been talking about global competitiveness and export prospects for US companies as if shrink-wrapped software manufacturers are the only companies in the US that export. Those are, and Ira of course is a representative, very significant contributors to the balance of payments in the US. But there are other companies, too, that don't have anything to do with photography. And the way they sell abroad is to be able to compete on a level playing field a fair basis with foreign bidders for foreign contracts. They need a level playing field to do that. And the United States government representative that make sure that happens rely heavily on foreign intelligence to be able to do that. That's another reason why preserving foreign intelligence capabilities is important.

Froomkin: Phil, last thoughts.

Karn: I have a question still, here. I'm a little disturbed. If I wanted to publish a book I might have to convince my publisher that there's a market for this book. But are you saying that then my publisher would then have to convince the government that there's a market for this book before they'd be allowed to publish it? Something doesn't quite ring true here.

Baker: Export controls… Well. I guess I would say export controls are there because there is perceived to be a real national security danger to letting the product go. And the question is whether the economic interests of the United States and the competitiveness of its industry requires that you give up the national security interest.

Karn: In other words the dollar is much more important than fundamental human dignity. [laughter]

How else can it be said?

May: One last comment, since I don't have anything to add to this. Last night, Phil Zimmerman said that there's remarkable unanimity of purpose amongst people who ask about the crypto policy, and everybody from liberal Democrats to right-wing Republicans agree that the policy is flawed. I don't want to say that, actually.

I want to say that there's a fundamental dichotomy in American culture that's been with us for the last two or three hundred years. Two simultaneously-held views that are in conflict with each other, like a tensor. And the angle between these two things I know because I was doing my trigonometry homework during Woodstock. [laughter]

And that is there's one view which most Americans hold, which is "none of your damn business." A man's home is his castle. Get the hell out of my business.

Another view, which is simultaneously held, is "what have you got to hide?"

Froomkin: Thank you very much. And let's thank the panel.

Help Support Open Transcripts

If you found this useful or interesting, please consider supporting the project monthly at Patreon or once via Square Cash, or even just sharing the link. Thanks.