A. Michael Froomkin: Morning. Welcome. Congratulations on get­ting up so ear­ly. I always man­age to get the dean not to give me morn­ing class­es, but Carey man­aged to do what the dean couldn’t. 

We have an extra­or­di­nar­i­ly dis­tin­guished pan­el today. I think none of these peo­ple need intro­duc­tion, so what I’m going to do is give tiny lit­tle intro­duc­tions just before their turns to speak [on the stage?]. As more peo­ple drift in they’ll want to know who the par­tic­u­lar speak­er is. Right now I’ll just say I sus­pect part of the rea­son for the turnout today is we have not one, not two, but three cur­rent or for­mer NSA per­son­nel here on this pan­el. And of course even bet­ter than that, four lawyers. Thank you. Thank you. 

I think I should explain how this pan­el came to be, in par­tic­u­lar how the top­ic came to be. I spent the past year writ­ing a real­ly long and prob­a­bly quite bor­ing paper on the Constitutional aspects of Clipper. There’s a trans­paren­cy you could put up for me, please, I’ve got a URL and oth­er ways of access­ing it for those of you who are into that sort of thing. It’ll be up on the screen, no doubt, in second. 

The paper’s in one sense incred­i­bly parochial, because it’s about United States rules. And in think­ing about what I could do to try to orga­nize some­thing that would sort of move the debate for­ward, my mind start­ed to turn to the inter­na­tion­al aspects of secure com­mu­ni­ca­tions. Because what came out to me from the Clipper debates were two things that every­body at least seemed to agree on. One is that in United States today at least, you have a free choice as to what kind of encryp­tion you wan to use for domes­tic com­mu­ni­ca­tions. And anoth­er is, nobody can fig­ure out what pos­si­ble incen­tive for­eign­ers would have to use Clipper. 

That means there’s a real prob­lem about inter­na­tion­al secure com­mu­ni­ca­tions, and we’ve got some­thing to talk about. Now, the term secure com­mu­ni­ca­tions” in this con­text is obvi­ous­ly a con­test­ed term, because secure from what? You have to talk some­times about a threat mod­el. And in par­tic­u­lar, you need to define whether or not var­i­ous gov­ern­ments are part of your threat mod­el or not. In an era when the FBI is telling American busi­ness that for­eign gov­ern­ments, in par­tic­u­lar the French, are one of the major threats they have to wor­ry about, that has impli­ca­tions for how you might want to struc­ture your com­mu­ni­ca­tions. (Thank you for the sign.) 

I’m told by the way that the PostScript file that’s cur­rent­ly on the server—our exper­i­men­tal tem­po­rary serv­er that they kind­ly put up just for this conference—is in fact com­plete garbage. We’re work­ing on that. They swear to me that by the end of the day we’ll have real PostScript—enough stuff that looks like PostScript, but isn’t. Worse than that; just…plain garbage. 

So, here we are to talk about this prob­lem. How do we do it? How do we talk secure­ly with peo­ple abroad? And in par­tic­u­lar what can we do…what’s fea­si­ble to do, to progress mat­ters from where we are today? And with the help of some of the mem­bers of the pan­el, I draft­ed the three ques­tions you’ll find in your book on page 150. Through some strange grem­lin of typog­ra­phy, Tim May’s answers to those ques­tions were print­ed as if they were either my or the pan­el’s answers and nobody— 

Unknown Speaker: We hacked into the com—

Froomkin: —put­er sys­tem. Something hap­pened. Those are our joint ques­tions, but they’re Tim’s answers and we should­n’t rob him of the pride of author­ship or attempt to asso­ciate them with any­one else who might not want that par­tic­u­lar pride. 

But for those of you who’ve man­aged to mis­lay your books already the ques­tions are what’s the sin­gle biggest imped­i­ment to inter­na­tion­al secure com­mu­ni­ca­tions? The sec­ond ques­tion is what’s the sin­gle fea­si­ble change that would most enhance inter­na­tion­al secure com­mu­ni­ca­tions, and what will be the imple­men­ta­tion path for that? And the third is how would you advise a friend or a client as to how to com­mu­ni­cate secure­ly today? 

And in the inter­est of being provoca­tive, let me just offer some sort of ten­ta­tive answers to those three ques­tions. I’m not entire­ly sure if I believe these 100% but I do believe them I think more than half. It’s the fear that I might believe these things which prompt­ed me to try to assem­ble the experts we’ve got here today to try to give you bet­ter answers than the ones I was able to come up with myself. But here they are. 

My answer to the first ques­tion of the sin­gle biggest imped­i­ment is not the ITAR. I’m actu­al­ly sort of tired of ITAR bash­ing. Because you see the biggest imped­i­ment is for­eign gov­ern­ments. Look what hap­pened in Pakistan a week ago when they cut off the entire cell phone net­work because they could­n’t eaves­drop on the cell phones. That wouldn’t—probably—happen here. We just get Digital Telephony. It’s quite a dif­fer­ent pro­ce­dure. And you know, you look at the French gov­ern­ment, the English gov­ern­ment, the Singaporean gov­ern­ment. And it seems to me that in fact if the ITAR were to dis­ap­pear tomor­row, you would have as great or worse prob­lems caused by for­eign gov­ern­ments try­ing to pre­vent total­ly secure communications. 

My answer to the biggest fea­si­ble thing you could do is sim­ply buy for­eign cryp­to and import it to the United States. Seems to me that that’s a very fea­si­ble way to get secure com­mu­ni­ca­tions today. Indeed I hear last night a gen­tle­man from Motorola say­ing that’s what they’re doing. 

And how would I advise some­one to com­mu­ni­cate? Well, if you’re in a sit­u­a­tion where you’re com­mu­ni­cat­ing between two coun­tries where they allow you to use strong foreign-purchased cryp­to that’s the thing to do. And if you’re deal­ing with a coun­try like Pakistan, where that’s not allowed, there’s only one thing you can do: go in per­son, and go to a restau­rant where you don’t have reser­va­tions. Or send a couri­er you trust with some­thing writ­ten on paper. 

With that I’m going to turn it over to the first of our sev­er­al experts. In the inter­est of brevi­ty I’ve asked each per­son to allow me to rob them of their dis­tin­guished resumes and just announce their cur­rent affil­i­a­tions and one oth­er fact about them. 

Stewart Baker’s cur­rent affil­i­a­tion is a part­ner at Steptoe & Johnson, a law firm in Washington DC. He was for­mer­ly the General Counsel of the NSA and he’s well-known to CFP. And he will now bring his exper­tise to bear on these questions. 

Stewart Baker: Thanks Michael. I think this’ll prob­a­bly be the last time that I speak to you, because the MIT orga­niz­ers of the event approached me last night and told me that they had decid­ed it would be both more direct and prob­a­bly raise more mon­ey if instead of speak­ing I just allowed them to set up a ten-dollar-a-throw dunk­ing booth. I’m gonna move quick­ly through the three ques­tions, because we’ve each agreed to do this in about three to five minutes. 

I think that Michael is prob­a­bly right for the long run that the biggest restraint on the spread of cryp­to­graph­ic secu­ri­ty will prove to be for­eign gov­ern­ments. I have writ­ten a piece, which actu­al­ly LA Times pub­lished a ver­sion of which is in the mate­ri­als, which takes on a com­plete­ly dif­fer­ent look at these issues. Approaches it from a ques­tion of real­ly is the net a proof against reg­u­la­tion? Is it some­how going to— I think I accused John Perry Barlow in one of our debates of being an Internet lib­er­a­tion the­olo­gian… Will the net set us free? And I think the answer is not. That for­eign gov­ern­ments will prove much more aggres­sive and much more imag­i­na­tive about reg­u­lat­ing the net than we imag­ine here because in fact gov­ern­ment and peo­ple share a lot of val­ues in the United States that aren’t shared in oth­er parts of the world. And so we will see much more aggres­sive reg­u­la­tion of encryp­tion and the net gen­er­al­ly in for­eign lands than we see here. 

For the short term I think that the restraints on cryp­tog­ra­phy have…probably could be ordered as one, lack of cus­tomer inter­est; and two, the ITARs. That Americans sim­ply have have gen­er­al­ly not cho­sen secu­ri­ty if they had a trade­off con­ve­nience or price for that. And you can see that in cel­lu­lar phones, you can see that in portable phones, you can see that in com­put­er systems. 

I think that will change as dig­i­tal com­merce goes to the net. People are will­ing to put up with a lot of poten­tial risk to their pri­va­cy, but los­ing mon­ey is a dif­fer­ent thing, and when you cre­ate incen­tives for peo­ple to hack into com­put­ers that have dol­lar signs attached to them you’ll see a lot more of that going on. And so I think that we are prob­a­bly now, although peo­ple have been say­ing this since Marconi invent­ed the radio…we’re on the verge of wide­spread use of cryp­tog­ra­phy for indi­vid­u­als and businesses. 

Policy changes. There’s an aspect that— As you all know, this cryp­to­graph­ic debate, it’s a lot like a bad mar­riage. People come to these con­fer­ences and say the same thing over and over again. Nobody seems much to come away per­suad­ed. I think the one area…the one new idea that is tick­ing around in this area that has some prospect for cre­at­ing com­mon ground has to do with pri­vate key escrow. I don’t think there’s any­body who thinks that’s their first choice, but it serves some val­ues for every­one involved. Phil Zimmerman was telling me he got a call from an execu­tor of an estate who… He had used PGP to encrypt a bunch of files and the ques­tion was, Well how can we find out what they say?” And answer was you can’t.”

I think indi­vid­u­als will want to have a way to recov­er keys. Businesses, there’s been a whole process… You can trace the cryp­to­graph­ic debate run­ning from a time when only NSA real­ized that there was a fun­da­men­tal con­flict between the impor­tance of main­tain­ing secu­ri­ty and the impor­tance of being able to undo it. To the FBI wak­ing up to that prob­lem. To I think busi­ness­es wak­ing up. As they start to imple­ment cryp­tog­ra­phy they real­ize that it won’t always be used by employ­ees in the com­pa­ny’s inter­ests. To indi­vid­u­als begin­ning to won­der whether they real­ly want strong cryp­tog­ra­phy, and unbreak­able cryp­tog­ra­phy, unre­cov­er­able keys. That’s not our… I don’t think every­body’s inter­ests there are iden­ti­cal, but at least it’s a new idea in the debate that’s real­ly worth exploring. 

Finally, on the advice that I would give to some­one who want­ed to have secure com­mu­ni­ca­tions I’d give two answers. As a prac­ti­cal mat­ter, I actu­al­ly think that the eas­i­est thing to do would be to use 40-bit RC4. And I rec­og­nize that there are peo­ple who will say that it is triv­ial to break. I think those are prob­a­bly not peo­ple who’ve tried to break it often. 

And I guess I would say that you know, com­put­er secu­ri­ty guys gen­er­al­ly mea­sure them­selves against Kevin Mitnick. It’s only the math­e­mati­cians who mea­sure them­selves against Fort Meade. And that results in a kind of skew­ing of the sense of what sort of secu­ri­ty is nec­es­sary cryp­to­graph­i­cal­ly com­pared to oth­er things. The fact is, the only rea­son to use cryp­tog­ra­phy is to raise the cost of inter­cept­ing and decrypt­ing your mes­sage above the cost of brib­ing your clean­ing lady. And once you’ve done that, I think you’ve prob­a­bly done as much as cryp­tog­ra­phy can do. It’s got to be part of a whole scheme for deal­ing with secu­ri­ty. And there are many holes in peo­ple’s secu­ri­ty that don’t have any­thing to do with cryp­tog­ra­phy, and my bet is that 40-bit RC4 is prob­a­bly the strongest part of almost any­body’s secure sys­tem. Thanks.

Froomkin: Thank you. Our next speak­er is Phil Karn. Phil Karn, who asked me to empha­size this iden­ti­fi­ca­tion is only for iden­ti­fi­ca­tion pur­pos­es and he’s speak­ing for him­self, is cur­rent­ly a staff engi­neer at Qualcomm. He’s also…not yet a plain­tiff in a law­suit that may soon be filed against the gov­ern­ment that he’ll be telling us about. 

Phil Karn: Okay, good morn­ing. Thank you. I do appre­ci­ate this oppor­tu­ni­ty. As said in the intro­duc­tion I am not a lawyer. I’m here as an engi­neer who is deeply con­cerned about pri­va­cy and secu­ri­ty, and who over the last few years has been increas­ing­ly out­raged by the gov­ern­men­t’s treat­ment of one par­tic­u­lar­ly hero­ic per­son by the name of Phil Zimmerman, who has done prob­a­bly more than any­one else to bring cryp­tog­ra­phy to the mass­es. [applause] And I think I’m here large­ly because of that out­rage, and because of a case that I have start­ed that was just men­tioned that alludes to that. So first of all I’d like to answer the ques­tions that were posed, and then talk about the case that I’m involved in. 

First of all, I think I would still say that the answer to the first ques­tion, the biggest sin­gle imped­i­ment, is in fact US export con­trols. They’re absolute­ly absurd—but I have to qual­i­fy that answer. That answer applies only to the good guys, okay. The bad guys right now can go out and get a copy PGP any­where they like and use it, and I’d be very sur­prised if they’re not, okay. So the answer to the first ques­tion posed to the pan­el real­ly has to be qual­i­fied by whether or not this applies to the good guys or bad guys, cause only the good guys fol­low the laws any­way when it comes to this, because it’s so easy to break them with­out any­thing hap­pen­ing to you. 

So answer to the sec­ond ques­tion is obvi­ous: repeal US export con­trols on cryp­tog­ra­phy and stop harass­ing peo­ple who’re only try­ing to pro­tect their own privacy. 

The answer to the third ques­tion has to depend on some­thing. It depends on whether or not I could be held crim­i­nal­ly liable for my answer. I talked to a few attor­neys who know export con­trol. They tell me that I could actu­al­ly be in vio­la­tion of the ITARs, thrown in jail, for telling a for­eign­er where he could get a copy of PGP on a machine in his own coun­try. That would be ren­der­ing tech­ni­cal advice relat­ed to a defense item, okay. I could be held crim­i­nal­ly liable for that. So If I ever tell a client in Italy, let’s say, that you can go to this site in a new machine in Italy and pick up a copy of PGP I could be thrown in jail for that. So my answer would depend on whether I could be held crim­i­nal­ly liable for what I say. 

That’s obvi­ous­ly an absurd sit­u­a­tion. But assum­ing that I will not be held liable for what I would say I would say the answer’s obvi­ous. Right now if you want true pri­va­cy, and by that I mean pri­va­cy against the National Security Agency as best as we know, the answer’s clear­ly PGP. For now. And in the future I think you’re going to see that PGP is just the begin­ning of a wave of sim­i­lar prod­ucts that’re designed to give indi­vid­u­als the right to con­trol their own pri­va­cy. I am per­son­al­ly involved in an activ­i­ty with­in the Internet Engineering Task Force to stan­dard­ize pro­to­cols to secure the Internet. I am sick and tired of peo­ple like Kevin Mitnick. I’m sick and tired of the FBI com­ing in and fight­ing a bat­tle, on my land, against peo­ple like Kevin Mitnick. I feel like…you know, an irri­tat­ed par­ent who would like to take two quar­rel­ing kids and bash their heads together—that’s exact­ly how I feel about the FBI and the hack­ers. And one of the things I real­ly like about cryp­tog­ra­phy, it seems to piss them both off even­ly, so it’s won­der­ful. [laugh­ter]

[Slides men­tioned are unavailable]

So, with that I’d like to answer some of the com­ments made about about export con­trols. I’d like to have my first slide if I might. Okay. That seems to be the US gov­ern­men­t’s posi­tion on export con­trols when­ev­er you try to debate it with them. I don’t know how to deal with an answer like that. Unfort— I mean, I don’t know about all of you, but I’m old enough to remem­ber Vietnam and Watergate. It hap­pened at a very for­ma­tive time in my life when I was in high school, a very impres­sion­able time. I’ve nev­er for­got­ten that les­son. I would like to think that most Americans haven’t for­got­ten that les­son and I’m afraid they have. And unfor­tu­nate­ly argu­ments like this don’t car­ry the day, which is why they’re still made. 

So, if I could have my next slide. I thought I might try a test case here to con­vince even the peo­ple who still believe that the gov­ern­ment might actu­al­ly know some­thing that it can’t tell us that’s a good rea­son for the deci­sions they made. I decid­ed I’d file a test case which involves this [thick­er?] book, Applied Cryptography by Bruce Schneier. I don’t get a cut out of this so I’m not, you know, I’m not doing this for my own finan­cial ben­e­fit here. I sim­ply think it’s an excel­lent text­book as an engi­neer who prac­tices in this field. Of par­tic­u­lar inter­est in this text­book is the last chap­ter, which con­tains quite a bit of source code, in C, ready to exe­cute if you type it in and use it. It pro­vides strong cryp­tog­ra­phy. There’s a cou­ple toy ciphers in here but there’s a cou­ple of real­ly good ones, too, includ­ing the IDEA tak­en right out of PGP. It’s the heart of PGP

So, as I under­stand the International Traffic in Arms Regulations, the defense trade reg­u­la­tions, this book is a muni­tion, you know. I have to get per­mis­sion to export it from the coun­try. So I filed a for­mal request with the State Department to export this muni­tion, as I under­stand it. And back came a let­ter say­ing that well, This item’s in the pub­lic domain. It is not in in our licens­ing jurisdiction. 

Well, great. The State Department still under­stands that the First Amendment pro­tects books. That’s won­der­ful. But they went on specif­i­cal­ly to say that that only applies to the book and not to the flop­pies that the book men­tions are avail­able from the author. Well this is very inter­est­ing. I mean sup­pose the flop­pies con­tain exact­ly the same infor­ma­tion, are you real­ly going to dis­crim­i­nate on the basis of media? 

So I filed a sec­ond request, for this flop­py disk. It’s an exact copy of what is in the back of the text­book. Character by char­ac­ter. Okay. What did they do? They said sor­ry no, the flop­py is a defense arti­cle requir­ing a license for export. The book, con­tain­ing exact­ly the same infor­ma­tion is freely avail­able, freely exportable. The flop­py disk, which con­tains exact­ly the same infor­ma­tion byte by byte is not, it’s a defense arti­cle. Now you fig­ure that one out.

Next slide, please. I’ve appealed this case up through the admin­is­tra­tive lev­els… Oh I should point out that the main dis­tinc­tion they tried to draw in their let­ter was that I’d added val­ue to the files in the flop­py because they were sep­a­rat­ed into sep­a­rate files. And of course only Americans can type, so there’s sig­nif­i­cant val­ue added to some for­eign crim­i­nals here. 

As I men­tioned I’ve tak­en this up to the admin­is­tra­tive lev­els. The first-level appeal was designed. The second-level is still pend­ing. And it looks like we’re going to court in a few months unless some­thing changes drastically. 

And my last slide is a point­er to a web page with more infor­ma­tion on this sub­ject if you’re inter­est­ed. Thank you.

Froomkin: Thank you very much. Our next speak­er is—I believe it’s his first appear­ance at CFP although in some sense I think he’s no stranger to this group. It’s Steve Walker who is the President of Trust and Information Systems. He is for­mer­ly with the Defense Department and the National Security Administration for a grand total of twenty-two years. He tells me that it’s a great set of places to be from. 

Stephen Walker: Thank you. Those of you who are con­cerned that there are four cur­rent or for­mer mem­bers of NSA here, I only say I’m much more con­cerned that I’m up here with four lawyers. But I guess we each have our own devils. 

What I want to talk— In try­ing to answer these ques­tions, the sin­gle most sig­nif­i­cant imped­i­ment I believe has to be the US export con­trol pol­i­cy. It’s per­fect­ly legal for us to use DES and oth­er encryp­tion here, but our friends at Microsoft and else­where don’t offer it. The rea­son they don’t offer it isn’t cause they don’t want to give us good stuff. It’s that they can’t export it to half of their mar­ket. And there­fore, effec­tive­ly we don’t have it avail­able to us, even though it’s legal. And I think that’s a seri­ous prob­lem. We have to find a way around that so that we can pro­tect our sen­si­tive infor­ma­tion. But, we have to take into con­sid­er­a­tion the inter­ests of law enforce­ment and nation­al secu­ri­ty, too.

What I want to talk about a lit­tle bit here is an effort that we have begun last year on…we call it com­mer­cial key escrow. There is a paper on this in the pro­ceed­ings and I com­mend it to your read­ing. Our main objec­tive in doing this, and I guess this is my answer to the sec­ond ques­tion, is to get good cryp­tog­ra­phy rou­tine­ly avail­able to any­one in America. It ough­ta be the default. It ough­ta come on your lap­top or on your work­sta­tion in such a way that you have to ask not to have a file encrypt­ed. If we could oper­ate in that man­ner, we would have very sig­nif­i­cant­ly reduced secu­ri­ty issues across the board. 

But, in look­ing for ways to do this I par­tic­i­pat­ed some last year in dis­cus­sions with mem­bers of Congress on the Cantwell Bill, which was an attempt to say let’s change the rules. That’s a hard game to play. Congressmen don’t know any­thing about this and they’re being besieged by gov­ern­ment exec­u­tives and they’re being besieged by busi­ness­men and they decide, I’m gonna side with busi­ness exec­u­tives.” I can tell you sto­ries about that lat­er if you’d like. 

We’ve got­ta find a way to relax this ten­sion that has grown up between the needs of the American pub­lic to pro­tect their sen­si­tive infor­ma­tion and the legit­i­mate needs of law enforce­ment and gov­ern­ments to under­stand the com­mu­ni­ca­tions of their adver­saries. And bad­ger­ing them, or blunt attacks on chang­ing the ITARs um…may get there some­day but I don’t think it’s gonna hap­pen any­time soon, prob­a­bly in part because it becomes a win/lose sit­u­a­tion and lots of folks don’t like to lose. 

What we’re try­ing to do with exam­in­ing this key escrow set of ideas is come up with a win/win sit­u­a­tion if we can. The work we did began last May with as a tech­nol­o­gy exper­i­ment to say can you build a soft­ware ver­sion of Clipper?” We did. We showed it to the gov­ern­ment and we showed it to a lot of indus­try. Pretty much gen­er­al agree­ment we had suc­ceed­ed in that. The prob­lem of course is peo­ple did­n’t like Clipper so they don’t real­ly want a soft­ware Clipper, either. 

So, we decid­ed to change attack and say well, is there some­thing that peo­ple do want? There’s been a lot of ref­er­ences to this even this morn­ing. Emergency data recov­ery. You’ve encrypt­ed some­thing and you lost the key. Or you encrypt­ed some­thing and you came out here to this con­fer­ence and your boss needs it. How does he get it? Some means of emer­gency data recov­ery. And that’s real­ly the focus for the activ­i­ty. We real­ized in the course of that that if we came up with some­thing that was owned by com­pa­nies, run by com­pa­nies for their own pur­pos­es, that law enforce­men­t’s inter­ests could be helped great­ly, with­out any change in any rules, with­out any changes in leg­is­la­tion. Simply through the process of the search war­rant that we already are sub­ject to. 

Notice in our dis­cus­sion of this, there are no. gov­ern­ment. data­bas­es. of escrow keys. Indeed, there are no data­bas­es of escrow keys at all. The sys­tem is entire­ly vol­un­tary and the moti­va­tion for using it is that you need emer­gency recov­ery of some sort. The intent is that com­pa­nies and orga­ni­za­tions would run their own data recov­ery cen­ters for their own pur­pos­es, and that indi­vid­u­als would be able to sub­scribe to ser­vices that might be pub­licly available. 

We are now seek­ing approval from the gov­ern­ment for the export of good cryp­tog­ra­phy, read that DES or equiv­a­lent, when com­bined with com­mer­cial key escrow. There are rumors float­ing around minute by minute of progress in this area. I’m not gonna make any pre­dic­tions on that. The focus of our work now is on file stor­age and email. I believe the tech­nol­o­gy will work equal­ly well in gen­er­al com­mu­ni­ca­tions encryp­tion and in tele­pho­ny, but the moti­va­tion for why one would want data recov­ery cen­ters for tele­pho­ny out­side of the gov­ern­ment inter­est just don’t seem to be there. We are now work­ing with soft­ware and hard­ware ven­dors to fig­ure out ways to include com­mer­cial key escrow into their prod­ucts, and we hope there’ll be some announce­ment in that area very soon. 

We’re try­ing to solve prob­lems for the aver­age busi­ness and the aver­age indi­vid­ual, by allow­ing rou­tine capa­bil­i­ties to pro­tect their sen­si­tive infor­ma­tion. I will say we’re not try­ing to solve every­body’s prob­lems, though. Two weeks ago I briefed Jerry Berman’s dig­i­tal secu­ri­ty and pri­va­cy work­ing group, and there were ques­tions from the audi­ence that wait a minute, you’re mak­ing it too easy for law enforce­ment to get my stuff.” Well if your stuff is rou­tine­ly avail­able in the clear now, no we’re not mak­ing it too easy. If you in fact con­tract that with some gov­ern­ment key escrow sys­tem where the gov­ern­ment has the keys, no this is not any­where near as easy as that. 

However, if your con­cern is that the gov­ern­ment, act­ing in any legal man­ner, can get at your data if you use this sys­tem, then my advice to you—and I guess this is answer­ing the third question—is…don’t use this sys­tem. In fact don’t use any com­mer­cial sys­tem because the gov­ern­men­t’s going to be able to get your stuff if they real­ly choose to. 

I want to close with a cou­ple of com­ments. This is in fact a pri­vate sec­tor ini­tia­tive. There are peo­ple who are say­ing this is Clipper Two or this is the gov­ern­ment about to impose yet anoth­er ver­sion of key escrow on us. This is a pri­vate sec­tor ini­tia­tive designed to make encryp­tion avail­able for pri­vate use. The gov­ern­ment has no invest­ment in this. We’ve asked them to review it rel­a­tive to export con­trol but it’s going to become avail­able anyway. 

I have a very small num­ber of write-ups here, that I’ll be glad to give away because I don’t want to take them back, about where we are. I’d be glad to sup­ply you with this if you in fact don’t have enough here. And I’ll be around to talk about it lat­er if you’d like. Thank you very much. 

Froomkin: Our next speak­er’s also from the pri­vate sec­tor. It’s Ira Rubinstein, the Senior Corporate Attorney for Microsoft. He want­ed me to say that one of his claims to fame is that he went to Yale Law School with Ron Lee. 

Ira Rubinstein: Good morn­ing. I’ve been involved for sev­er­al years in indus­try efforts to lib­er­al­ize export con­trols, and what I’ll try to do is to bring a very com­mer­cial per­spec­tive to the pan­el’s discussion. 

I think it’s pret­ty clear that the strongest imped­i­ment to secure inter­na­tion­al com­mu­ni­ca­tions has been export con­trols. Without those con­trols, American soft­ware com­pa­nies would’ve long ago imple­ment­ed pub­lic key and strong encryp­tion algo­rithms. With those con­trols that has not happened. 

I dis­agree strong­ly with Steve Baker’s obser­va­tion, and he knows this because we’ve had this dis­cus­sion before, that there’s a lack of cus­tomer demand that accounts for the absence of secu­ri­ty fea­tures. Any com­pa­ny in the last sev­er­al years that’s been in the client/server are­na has con­stant­ly heard from cus­tomers that in order to down­size to client/server solu­tions they need secu­ri­ty. And the rea­son that American com­pa­nies have not offered secu­ri­ty is not lack of cus­tomer demand. It’s real­ly more a mat­ter of dis­tri­b­u­tion chan­nels. Most American com­pa­nies are not will­ing to offer a dual-product strat­e­gy where they have a prod­uct in the US and a sep­a­rate prod­uct abroad. Because the dis­tri­b­u­tion chan­nels don’t allow that to hap­pen with­out impos­ing a great deal of cost. Product is dis­trib­uted pre­loaded on machines, those machines go any­where in the world. You can’t force the com­put­er man­u­fac­tur­ers to only ship a machine with an American prod­uct to cer­tain mar­kets and with any oth­er prod­uct to only those mar­kets. Increasingly prod­uct is dis­trib­uted on CD-ROM in mul­ti­ple lan­guage ver­sions. Once again, it would be pro­hib­i­tive to try to track where each CD-ROM goes so that you can offer the dual-product in just the mar­ket that would accept it. 

What cus­tomers do want is inte­grat­ed, easy-to-use, con­ve­nient secu­ri­ty, and that’s what American com­pa­nies have not been able to offer because of export restrictions. 

As to the sec­ond ques­tion of the fea­si­ble pol­i­cy change and a path to imple­ment that, I think clear­ly the sin­gle most impor­tant change that could occur is a change in the export laws. But whether that’s fea­si­ble is anoth­er mat­ter. For sev­er­al years now the soft­ware indus­try has pushed for leg­is­la­tion to change the export rules. I think it was back in 91 there was the Levine amend­ment and more recent­ly the Cantwell pro­vi­sions. Those leg­isla­tive efforts have not been suc­cess­ful. There’s been one major change in admin­is­tra­tion rules, the July 1992 agree­ment that result­ed in the iden­ti­fi­ca­tion of a suite of algo­rithms that if you…the 40-bit algo­rithms that if you designed to you could be rea­son­ably assured of rapid export approval. And I think it’s very inter­est­ing to note that as soon as that rule was enact­ed, or pro­mul­gat­ed, soft­ware com­pa­nies respond­ed and we now see a large num­ber of prod­ucts with secu­ri­ty fea­tures designed around those stan­dards. So I would main­tain, and this is where Michael and I will dis­agree, that if those rules were changed again and the key length was expand­ed to 48 or 56 or 64 bits, com­pa­nies would react very swift­ly and put out prod­ucts that met those new criteria. 

There’s been talk by sev­er­al pan­el mem­bers about pri­vate key escrow ini­tia­tives. The Cantwell Bill died last sum­mer main­ly because Congress has been unable and unwill­ing to pass a new export admin­is­tra­tion act for many years now and the Cantwell Bill went down in defeat with that bill—not real­ly in defeat because it nev­er even went to the floor. But at that time, as some of you may know, Vice President Gore issued a let­ter to Maria Cantwell in which he laid out some prin­ci­ples for pri­vate key escrow. They includ­ed that the pri­vate key escrow sys­tem would have to be imple­mentable in soft­ware or hard­ware, would have to use non-classified algo­rithms. It would have to be voluntary—and I think indus­try inter­prets that to mean vol­un­tary in the sense that non-escrow alter­na­tives would remain avail­able as well. And it would have to be exportable.

Whether that will lead to a solu­tion at this point is very dif­fi­cult to say but I’d like to make two obser­va­tions. One is that there will have to be suf­fi­cient com­mer­cial demand for key escrow, or as Steve calls it data recov­ery, in order for that solu­tion to take off. Without com­mer­cial demand it sim­ply won’t hap­pen because it would require a great deal of work on the part of com­pa­nies to imple­ment these fea­tures, and if cus­tomers are sim­ply not inter­est­ed in it then it won’t hap­pen. The mar­ket for it won’t grow. 

But even more than that, I think it’s got to be viewed as a long-term solu­tion because there’s got­ta be a legal frame­work in place in order for this to work. There has to be a clear sense of…where keys can be deposit­ed, what it means to deposit them in a com­mer­cial sense, who bears lia­bil­i­ty if keys are…you know, if the escrow agent who is a fidu­cia­ry with respect to those keys abus­es that duty or fails to ade­quate­ly pro­tect the keys, and so on and so forth. And with­out that struc­ture not only in the United States but inter­na­tion­al­ly, this is sim­ply not gonna hap­pen. Because it won’t be enough for the admin­is­tra­tion to announce a set of cri­te­ria unless there’s an infra­struc­ture in place not only in the US but abroad as well. Because after all, the impe­tus for this is relief on the export side. But if there’s no infra­struc­ture avail­able in for­eign juris­dic­tions, then it’ll be rather mean­ing­less to begin sell­ing that prod­uct abroad. 

On the last point I guess I agree with both Michael and Phil in terms of how to com­mu­ni­cate secure­ly at this time. You could cer­tain­ly import for­eign DES box­es, or you could by a wink and a nod indi­cate where your for­eign coun­ter­part might find PGP. But I think both of those sug­ges­tions point out some of the absur­di­ties of cur­rent export rules. Why is it that an American com­pa­ny has to import for­eign DES box­es in order to achieve secu­ri­ty among its multi­na­tion­al sub­sidiaries? Clearly that indi­cates that the tech­nol­o­gy is read­i­ly avail­able abroad. And what’s the sense ITAR rules that would make it a crime as still sug­gest­ed to tell some­one where they can find PGP when the tech­nol­o­gy is read­i­ly avail­able and eas­i­ly downloadable. 

Froomkin: Thank you very much. 

Our next speak­er is Ron Lee, who’s the cur­rent gen­er­al coun­sel for the National Security Administration hav­ing succeeded—

Ron Lee: Agency.

Froomkin: Sorry, agency. The NSA. Among his many many accom­plish­ments on his illus­tri­ous resume he tells me the one he want­ed me to men­tion was that he was a Rhodes Scholar at Oxford—perhaps some­thing he has in com­mon with the President. Ron? 

Lee: Perhaps the best way to intro­duce myself is to tell you that like you I did­n’t go to Woodstock, either. But the rea­son was I was too young and it was past my bedtime. 

Before I get to the sin­gle biggest imped­i­ment I want to set the stage a lit­tle bit by point­ing out that we’ve all focused on the word secu­ri­ty” as focus­ing on one aspect of the uses of cryp­tog­ra­phy that Willis Ware talked about. Security has many aspects, as you saw from his talk. We’re focus­ing this morn­ing, and quite prop­er­ly so, on the con­fi­den­tial­i­ty or encryp­tion aspect, but there are oth­er equal­ly valid and impor­tant uses for it which are nec­es­sary to build the glob­al infor­ma­tion infra­struc­ture. And those of course would include and non­re­pu­di­a­tion and dig­i­tal sig­na­ture and authen­tic­i­ty. All of that suite of fea­tures that you need to have. And I would sub­mit that for many busi­ness­es who are try­ing to fig­ure out how to get involved and how to reach cus­tomers, these are as impor­tant or more impor­tant than the issue of how to secure their data. 

So with that com­ment in mind, let me say that I think right now the sin­gle biggest imped­i­ment to secure inter­na­tion­al com­mu­ni­ca­tions is the roman­tic myth, or almost the rever­ie, that the devel­op­ment of cryp­to­graph­ic stan­dards and imple­men­ta­tions, both in the United States and abroad is some­how an irre­sistible tide of free­dom sweep­ing out from the mass­es that no government—either the US or foreign—that no gov­ern­ment can or should con­trol. And this cer­tain­ly has a strong appeal to it. But I think it flies in the face of facts. 

The fact is that nation-states do have a strong and endur­ing inter­est in the uses of cryp­tog­ra­phy. Both his­to­ry and the present sit­u­a­tion prove that cryp­tog­ra­phy affects every nation’s mil­i­tary, polit­i­cal, eco­nom­ic, and tech­no­log­i­cal secu­ri­ty. And I don’t think it’s an over­state­ment to say that no nation-state is going to advo­cate con­trol of cryp­tog­ra­phy, includ­ing encryp­tion and con­fi­den­tial­i­ty func­tions, to out­side or domes­tic forces. 

Having said that let me try to iden­ti­fy some of the inter­ests that a state, includ­ing the US, would have. From the US per­spec­tive those would be pro­tect­ing the pri­va­cy of Americans; pro­tect­ing both busi­ness and—importantly—government insti­tu­tions against hos­tile for­eign intel­li­gence threats and oth­er threats to their infor­ma­tion; pro­tect­ing law enforce­ment access to com­mu­ni­ca­tions, where law­ful­ly autho­rized; and then pre­serv­ing nation­al secu­ri­ty capa­bil­i­ties. Those are things that all have to be fac­tored into the debate. And if we’re going to move this debate for­ward, which we must and have to, I believe we have to over­come that myth. 

My sec­ond answer…to answer the sec­ond ques­tion, fol­lows from what I just said. Which is that cryp­tog­ra­phers, soft­ware man­u­fac­tur­ers, every­one who’s involved in the com­mu­ni­ty, needs to—and Steve Walker’s begun that process—needs to come for­ward with pro­pos­als that rec­og­nize the state’s inter­est and then work with the gov­ern­ment to eval­u­ate and improve their pro­pos­als. The Vice President in the let­ter to Congresswoman Cantwell has laid out the cri­te­ria for a key escrow pro­pos­al that we need to meet. And that process of work­ing with indus­try is going on and will continue. 

This process, though, is not lim­it­ed to the United States. And so we should­n’t assume in kind of a US-centric way that we’re the only ones who mat­ter, we’re the only coun­try that has to go through this. Every oth­er coun­try that is going to face the encryp­tion issue needs to go through this as well. And nation­al cul­tures, polit­i­cal process, con­sti­tu­tion­al val­ues, all the things that are unique to a nation-state are going to shape that process. And then once that weigh­ing process is tak­ing place, and this is gonna come back to the pol­i­cy issue here, how it all is put togeth­er. How wide­spread cryp­tog­ra­phy is use. How well the sys­tems oper­ate. That’s all going to depend on some of the things the oth­er pan­elists have talked about. Personal pref­er­ence, polit­i­cal will in each coun­try, and of course tech­no­log­i­cal development. 

Let me just that com­ment briefly on the third point, what would I rec­om­mend if some­one wants to com­mu­ni­cate with a for­eign coun­ter­part abroad. The first point is I would tell them to learn about what the for­eign threat is. You have to know what you’re try­ing to pro­tect your­self against before you go out and pro­tect it. The NSA, actu­al­ly, through the direc­tor and oth­er gov­ern­ment agen­cies, have reached out to talk to pri­vate indus­try to tell them a lit­tle bit about what the for­eign intel­li­gence threat is. I’ve par­tic­i­pat­ed in the Overseas Security Advisory Council, which is a Department of State group which any busi­ness or indus­try that has sig­nif­i­cant oper­a­tions abroad is wel­come to join and par­tic­i­pate in. 

But on the oper­a­tional side, I would say per­haps the obvi­ous to you, which is use an encryp­tion prod­uct that’s been approved for export from the United States. [some audi­ence laughter]

Let me respond briefly to some­thing Phil said, which is Phil’s first slide was his effort to debunk the if you only knew” state­ment. One of the main activ­i­ties going on this week of course is the NRC Committee, which is here. Several of its members—Herv Lin and oth­ers are receiv­ing input through the Birds of a Feather ses­sions and so on. And of course there is that seg­ment of that com­mit­tee that will receive the appro­pri­ate infor­ma­tion, and it will enable them to real­ly study the [?]. They’ve put a lot of resources into it and they will be able to come up with a con­clu­sion that I think will address some of the pro­ce­dur­al con­cerns that Phil had. This has been done in the past but I think that this is an impor­tant step in get­ting the appro­pri­ate peo­ple involved in the process. 

Froomkin: If we only knew. [audi­ence laugh­ter] Thank you. I apol­o­gize for that remark. A little. 

Last but cer­tain­ly not least we have Tim May who’s a cofounder of the cypher­punk group and was for­mer­ly with the Intel corporation. 

Tim May: Thank you Michael. My only point will be you would sup­port my posi­tion if you only knew what I knew. [some audi­ence laugh­ter and applause]

Seriously. I think Stewart Baker was cor­rect in his writ­ten com­ments that the issues need to be raised and a debate needs to hap­pen. I believe an impor­tant phase change in the struc­tures of soci­ety around the world is com­ing. It has its neg­a­tive con­no­ta­tions, it has pos­i­tive con­no­ta­tions. I don’t wan­na ram­ble off on a bunch of tan­gents about the polit­i­cal issues and long-range issues, but I do think this is very impor­tant and I think the pub­lic debate about cryp­tog­ra­phy is very healthy for the country. 

Somehow my three answers to Michael’s ques­tions got fold­ed in, edit­ed in, to his list­ing of the ques­tions. So you can see them pret­ty clearly. 

The sin­gle biggest imped­i­ment to secure inter­na­tion­al com­mu­ni­ca­tions I believe is basi­cal­ly igno­rance. It’s cus­tomers not ask­ing for soft­ware. I’m inter­est­ed to hear that cus­tomers are ask­ing. Most peo­ple I know—end users, not cor­po­rate cus­tomers but end users of dif­fer­ent systems—are pret­ty much unaware of what’s hap­pen­ing, and they’ve got­ten intrigued by PGP. MailSafe, for exam­ple, which I had from RSA Data Security. I actu­al­ly bought and paid for a copy from Jim some years back. I could nev­er find any­body to com­mu­ni­cate with. [audi­ence laugh­ter] [laugh­ing:] Nobody else had a copy of it, so I could­n’t send secret decoder mes­sages to anyone. 

PGP changed that as a com­mu­ni­ty. For com­mu­ni­tar­i­an rea­sons it spread very wide­ly and has been interesting. 

So I think if prod­ucts could be inte­grat­ed into things like Lotus Notes and Microsoft Word, Microsoft Network, NCI network—whatever’s com­ing, so peo­ple could just click on but­tons and get cer­tain fea­tures, then this will be a major suc­cess. To the extent that’s not hap­pen­ing because of ITAR rules I’m sure that’s an issue. 

Anyway, the thing I want to talk about before my time runs out is I men­tioned multi­na­tion­als. There are two sizes of multi­na­tion­al com­pa­nies, inter­na­tion­al com­mu­ni­ca­tions. Big ones like Intel and Lockheed and Apple. And they’ve got cer­tain rules—they’ve got to play by the rules. Whit Diffie made an excel­lent com­ment a cou­ple of years ago to the extent that the war on drugs was large­ly suc­cess­ful against big com­pa­nies because you could tell Lockheed that if they don’t start drug test­ing and what­not you could fine them and penal­ize them and do all sorts of things. But small lit­tle com­pa­nies, small lit­tle enter­pris­es, aren’t affect­ed by these rules. 

Nicholas Negroponte has a posi­tion that’s very sim­i­lar to the posi­tion many of us have had which is that we’re going to see a huge increase in the num­ber of fam­i­ly multi­na­tion­als. This is the moth­er’s in Hong Kong, the father’s in Paris, the broth­er and the son are in the US. It’s not clear where their income is local­ized, it’s not clear where their assets are, and they’re cer­tain­ly not going to be restrict­ed in the forms of com­mu­ni­ca­tion they use. They may use code books, things that essen­tial­ly can’t be stopped. 

Or they’ll use PGP. I mean, it’s triv­ial to get PGP out of the coun­try. There’s a run­ning bet in the com­mu­ni­ty as to how many hours it takes to get a new ver­sion now. And this— [audi­ence laugh­ter] I’m not say­ing I would do it, I’m just say­ing that it gets out, fast. It can’t be stopped. The bor­ders are trans­par­ent. I car­ried sev­en giga­bytes of data to Monte Carlo recent­ly to talk to cryp­tog­ra­phy peo­ple over there. Seven giga­bytes on opti­cals and DATs. There’s no way to stop me. There’s no way to stop any­thing. This is the phase change that’s com­ing. I don’t demo­nize the NSA, as I think they did a great job help­ing to win the Cold War and I think they deserve a round of applause and [pan­el mem­ber laughs] Not clear what the future mis­sion will be in a world of trans­par­ent bor­ders— [record­ing cuts out on May’s presentation]

A. Michael Froomkin: —con­ver­sa­tion. And pre­ced­ing that assump­tion, before I go to ques­tions from the floor, which we will def­i­nite­ly do, I want to throw a few point­ed ques­tions at a few mem­bers of the pan­el. I courage oth­er peo­ple to fol­low up if they would like to do so. 

I think my first ques­tion’s for Stewart Baker. This is real­ly a ques­tion that ought to be addressed to Ron Lee but he can’t talk about it because it’s the sub­ject of cur­rent or future lit­i­ga­tion. So you’re the best-placed per­son to say the things he could nev­er say.

How on Earth can the United States gov­ern­ment jus­ti­fy deny­ing Phil Karn’s request? What’s the log­ic behind that? The book is out. What’s wrong with the flop­py disk? 

Stewart Baker: Yeah I think the best stab I can take at it is this. In 1975, if you had asked NSA or most gov­ern­ment offi­cials about the clas­si­fi­ca­tion sta­tus of cryp­tog­ra­phy, they would have said it’s equiv­a­lent to nuclear tech­nol­o­gy. It is so impor­tant to the nation­al secu­ri­ty that peo­ple who research it, who come up with ideas relat­ing to cryp­tog­ra­phy, new crypt­an­a­lyt­ic attacks or new cryp­to­graph­ic tech­niques, are engaged in clas­si­fied research whether they know it or not, and they should not be releas­ing it to the pub­lic with­out talk­ing to the gov­ern­ment first about its nation­al secu­ri­ty con­se­quences. That was pret­ty much its sta­tus for export con­trol purposes.

In the late 70s, for a vari­ety of rea­sons, that became a very con­tro­ver­sial posi­tion. A lot of pri­vate sec­tor and aca­d­e­m­ic cryp­tog­ra­phers did not want to sub­mit to that kind of review and raised a First Amendment issue about aca­d­e­m­ic dis­cus­sions of cryptography. 

It turns out that at least for the short term, or maybe the medi­um term, it is pos­si­ble to do a lot that pro­tects nation­al secu­ri­ty if you can restrict the spread of com­mer­cial­ized encryp­tion. It’s not a per­fect result but it is bet­ter than let­ting it go entire­ly. And I think that the— This is before my time at NSA, but I think that the final pol­i­cy deci­sion that was made some­time in the ear­ly 80s was to say for First Amendment rea­sons we have to give up on try­ing to reg­u­late what aca­d­e­mics say when they talk about cryp­tog­ra­phy. But we have to con­trol com­mer­cial cryptography.

Froomkin: But Phil has antic­i­pat­ed your reply in his slides. I mean, he claims that that answer is based on say­ing for­eign­ers can’t type. 

[long pause; audi­ence laughter]

Baker: I don’t think entire­ly that it is. The fact is that… We’ve heard a lot of peo­ple say they think that the exis­tence of export con­trols on strong cryp­tog­ra­phy has pre­vent­ed com­pa­nies from sell­ing it wide­ly. And as Tim said you know, if there isn’t some­body at the oth­er end, then you’re not as like­ly to use this stuff. And so restrain­ing the instal­la­tion of point-and-click DES encryp­tion prob­a­bly has meant that there are a whole lot less DES-encrypted trans­mis­sions in inter­na­tion­al com­mu­ni­ca­tions than there would be oth­er­wise. So I think it’s not a per­fect line. And I’m not speak­ing for NSA when I say this cause I was­n’t there when that deci­sion was made. I think if you take the view that as an effort to accom­mo­date the First Amendment peo­ple said, Well why don’t we try this line: com­mer­cial, no; aca­d­e­m­ic, yes,” the dif­fer­ence between a book and a disk begins to make sense. It’s not per­fect by any means. But I think if you’re try­ing to get a sense of why this might seem like a sen­si­ble dis­tinc­tion, that’s the best I can do.

Froomkin: Want to say any­thing? You want to add or sub­tract to—

Tim May: Yeah, I just want­ed to add that—Ira may prove me wrong on this, but I think com­pa­nies that make com­mer­cial software…you know, encryp­tion or what­ev­er [?], are going to be quite reluc­tant to take the crown jew­els of their cor­po­ra­tions and just…publish them in a book so that Phil and his nimble-fingered friends can type it in. 

Phil Karn: Of course there is some­thing that I don’t think was actu­al­ly antic­i­pat­ed by peo­ple who made this dis­tinc­tion between com­mer­cial soft­ware and aca­d­e­m­ic dis­cus­sion is the rise of free soft­ware, which PGP is prob­a­bly the best exam­ple. I’ve writ­ten cryp­to­graph­ic code; as far as I’m con­cerned it’s in the pub­lic domain. I put it out there because I think it actu­al­ly facil­i­tates those who were, you know, inter­est­ed in aca­d­e­m­ic dis­cus­sion. I mean, a lot of peo­ple give away source code because it is a very pow­er­ful instruc­tive tool. Stewart and I had a con­ver­sa­tion about this last night at din­ner, where he was ask­ing why would I ever want to give away source code? What instruc­tion­al val­ue is there to that? It was obvi­ous just from the ques­tion he’s not a pro­gram­mer. [audi­ence laugh­ter and clapping]

Froomkin: Anyone else want to jump in or…deploy my next cool ques­tion. I guess my next cool ques­tion is actu­al­ly for Phil. It’s an equal oppor­tu­ni­ty process. 

Do you ever wor­ry about the con­se­quence— We have peo­ple from the gov­ern­ment here, at pre­vi­ous con­fer­ences, who tell us in all seri­ous­ness that they have thought real­ly hard about the nation­al inter­est, and they’re try­ing to the best thing giv­en what they know, and bad things will hap­pen if this stuff gets out. Do you ever lie awake at night wor­ry­ing that there might be some truth to it, you’re con­tribut­ing to some bad thing hap­pen­ing if win your case?

Karn: Actually I have to say yes. I do wor­ry about that, okay. I mean I have to be hon­est about it. All tech­nol­o­gy can be used for either good or bad. That’s not just true with cryp­tog­ra­phy, I’ve been very active in the Internet for the last ten years. I’ve helped devel­op a lot of tech­nol­o­gy along with many oth­er peo­ple. For all I know Saddam Hussein used it in the Gulf War. I mean that would explain some of the sil­ly rules we saw after the fact about con­trol­ling Internet routers; anoth­er tech­nol­o­gy that’s out of the barn. 

So any tech­nol­o­gy can be abused, not just for cryp­tog­ra­phy and yeah, I am con­cerned about that but I also real­ize I can’t do much to stop it it. All I can real­ly do is make sure the good guys also have it. 

Froomkin: Anybody else wanna…?

Tim May: I’d like to make one com­ment. I think some­day I’m gonna wake up, turn on CNN, and hear that some Eastern European city or Middle Eastern city has just been nuked, maybe with a fiz­zle nuke. And I think that’s like­ly to hap­pen. And I’m not too wor­ried about it. And I know that sounds cal­lous. I like mak­ing out­ra­geous cal­lous remarks. But the world is much safer. There’s almost zero like­li­hood of a glob­al ther­monu­clear war, which to me is a very good thing. The weapon stock­piles are grad­u­al­ly decay­ing, at least the Russian ones are. We think. 

Some ter­ror­ism will occur. I don’t sup­port any kind of ter­ror­ism but I think if you look at the num­ber of peo­ple who die in ter­ror­ist attacks, it’s rel­a­tive­ly small and it’s not—to me—sufficient grounds for sup­press­ing free and open soci­eties. And I hope we don’t see any­thing of that sort. [applause]

Froomkin: The ref­er­ence to Saddam Hussein sort of rais­es a ques­tion I think has to go to Steve Walker. And as I under­stand your pro­pos­al, you want to help pro­duce shrink-wrapped prod­ucts which are exportable, which are going to pro­vide strong encryp­tion with vol­un­tary escrow where the users get to choose who’s going to hold the escrowed mate­r­i­al, who’s going to have the data recov­ery center. 

So if Saddam Hussein wants to set one up, he can do that. And the sys­tem will be ful­ly func­tion­al. And the good guys, as we’ve been call­ing them, are prob­a­bly not gonna find it very easy to serve a war­rant on Saddam. 

Now, giv­en that’s the situa—if that’s the cor­rect descrip­tion of the tech­ni­cal sit­u­a­tion, why would the United States gov­ern­ment give you export per­mis­sion? What’s in it for them? 

Stephen Baker: Well in real­i­ty Saddam Hussein and the ter­ror­ists and all can in fact get any­thing they want now. In real­i­ty you can’t sell…any­thing to Iraq because of embargo. 

Froomkin: [indis­tinct]

Baker: There are rules that say you can’t send to terrorist-supporting coun­tries and to the for­mer Soviet Bloc or what­ev­er. So those rules will still apply. The fact is that ter­ror­ists can get any­thing they want, and they do. It is only real­ly that good guys in the United States and in oth­er coun­tries that are the ones that are los­ing here. The ones that abide by the rules are the ones that have no encryp­tion to pro­tect their infor­ma­tion now. So I believe it’s real­ly a spe­cious argu­ment. I don’t think ter­ror­ists are going to use commercially-available prod­ucts with key escrow or with­out key escrow, I think they’re going to do their own thing because they don’t want to fear that they can be ripped off. 

And so I mean… Why would the US gov­ern­ment to approve this? In fact I think if the US gov­ern­ment thinks this through for law enforce­ment inter­ests and for nation­al secu­ri­ty inter­ests they’re going to be bet­ter off if there is a wide­spread use of some sen­si­ble key escrow approach than if there’s just a pro­lif­er­a­tion of thou­sands of ad hoc solu­tions for which they will nev­er have a chance of ever recov­er­ing any­thing. And so I don’t think it’s the fact that the ter­ror­ists might use it that’s going to dis­suade them. It’s the ben­e­fit to the over­all com­mon good. In the paper that is in the pro­ceed­ings I go through an analy­sis of the var­i­ous alter­na­tives to this. And the pro­lif­er­a­tion of thou­sands of ad hoc prod­ucts makes law enforce­men­t’s job vir­tu­al­ly impos­si­ble in this area. And I think it’s actu­al­ly a pos­i­tive ben­e­fit they’re going to get from that that out­weighs any pos­si­ble ter­ror­ist problems. 

Froomkin: Anybody else? Phil’s try­ing to—

Karn: Yeah, I want­ed to speak to the top­ic of soft­ware key escrow, because I’m not sure we actu­al­ly need a whole new prod­uct to sup­port this. I’d like to make a pro­pos­al in the spir­it of vol­un­tary soft­ware escrow. Those who use PGP know that it has a fea­ture in which you can encrypt to mul­ti­ple recip­i­ents. Well, I would like to offer Mr. Lee here to give me a PGP key with NSA’s name on it, show me that it’s real­ly his. I will be glad to sign it. My key is wide­ly signed signed in the PGP data­base. You put it out on the data­base, let the whole world have it. Anybody who wish­es to vol­un­tar­i­ly escrow their com­mu­ni­ca­tions with the NSA sim­ply has to include the NSA’s key in their mail. I think the prob­lem is solved. [applause]

Froomkin: Ron, you want to take that offer?

Ron Lee: Yeah, if you’re an American we don’t want your key. [laugh­ter]

Karn: I’m giv­ing you an invitation. 

Froomkin: You have any­thing else you want to add besides that or…

Well let me throw one last ques­tion out before we turn it to the audi­ence. And this I guess is real­ly for Ron to the extent that you can speak to it, which is… I guess it’s a two-part ques­tion. First, how far does the genie have to be out of the bot­tle before the United States gov­ern­men­t’s will­ing to rec­og­nize that some­thing’s exportable? And why isn’t DES there, yet? 

And in a sim­i­lar vein, the NSA recent­ly took a very pub­lic posi­tion in front of the X9 Secretariat against Triple DES. Why is the NSA stand­ing in the way of the bank­ing com­mu­ni­ty’s desire for ultra-secure com­mu­ni­ca­tions when in the past it was sup­port­ive of the desire to have DES even when it was­n’t going to give it to oth­er peo­ple? So, they’re relat­ed… To the extent you can what can you tell us about those things?

Lee: Yeah, on the first one this sort of gets back to a point that I think Steve made. You sort of look at what is a best-case or worst-case or second-order solu­tion. Perhaps the worst thing to have out there would be to have a world of uni­form, wide­spread encryp­tion that does not pro­vide law enforce­ment and nation­al secu­ri­ty with what it needs. But it’s not clear to me that it would be so hor­ri­ble to have a mul­ti­tude of non-interoperating sys­tems out there. Because you know, peo­ple who are the tar­gets of for­eign intel­li­gence make mis­takes. They don’t always use cryp­tog­ra­phy for all the rea­sons that have been explained. So again, it’s not clear that the solu­tion is all or nothing. 

On the oth­er point about Triple DES, what I’m will­ing to say is that the process of decid­ing what the inter­na­tion­al stan­dard is for bank­ing is an ongo­ing process. As you know, the stan­dard will be up for renew­al. And I would pre­fer not to go into sort of the details of that decision. 

Froomkin: Well I think the audi­ence has been very patient. Let me start with Eric Hughes. We’ll go back and forth between the two sides. 

Eric Hughes: I’m Eric Hughes. I have a small dia­logue I’d like to engage Ron Lee in. Because I’m feel­ing kind of stu­pid today. And…so let me make sure I under­stand your posi­tion. What you’re say­ing is that…you’re acknowl­edg­ing I think that the peo­ple of the United States and cit­i­zens of the world want to use secure cryp­tog­ra­phy that allows them to choose who­ev­er they want to talk to, which does­n’t include the gov­ern­ment. Is that right? Is that what I heard you say?

Lee: I’m not sure I under­stand you, but—

Hughes You’re say­ing— Well I think I heard you say that there’s a large demand for secure cryp­tog­ra­phy by peo­ple of the world, like me and the rest of the peo­ple in this room who don’t work for the government.

Lee: That’s right.

Hughes: Okay. And you’re also say­ing that there are nation­al secu­ri­ty and law enforce­ment rea­sons that aren’t being tak­en into account in the debate. Is that right?

Lee: Well I’m say­ing that the great­est obsta­cle to reach­ing an accom­mo­da­tion that gives most peo­ple and most inter­ests most of what they want—

Hughes: Well that’s the point I’ve been try­ing to make, is these inter­ests. These inter­ests are law enforce­ment inter­ests and nation­al secu­ri­ty inter­ests, right?

Lee: Right. Well I men­tioned the oth­er two, pri­va­cy for Americans and pri­va­cy for businesses—

Hughes: Okay okay. I’m just… I under­stand this. I’m get­ting to my point of…something where I’m real­ly, real­ly con­fused. So, you do acknowl­edge that we have a demo­c­ra­t­i­cal­ly run coun­try, right?

Froomkin: Cut to the chase. Cut to the chase.

Hughes: We’re get­ting there. You do acknowl­edge we have a demo­c­ra­t­i­cal­ly run coun­try right? 

Lee: Have you been watch­ing the OJ tri­al too much. 

Hughes: Yeah yeah, no I just— [laugh­ter]

Froomkin: Touché.

Hughes: What I want to know is that if we have a demo­c­ra­t­i­cal­ly run coun­try, and we have peo­ple who want to have secure cryp­tog­ra­phy, why is it that we have these oth­er inter­ests that seem not to be demo­c­ra­t­i­cal­ly con­trolled that seem to have become inde­pen­dent inter­ests con­trary to the will of the peo­ple, and hav­ing these inter­ests be per­ti­nent to this debate in any sense at all? Personally, I want to have a world with secure cryp­tog­ra­phy where no one can lis­ten to my con­ver­sa­tion unless I want them to. And I think this is what a lot of peo­ple want. And I think that these law enforce­ment needs are in fact not needs but in fact an attempt at a seizure of pow­er. So can you com­ment on that? [applause]

Lee: I cer­tain­ly would be delight­ed to. You are free to go out tomor­row and back what­ev­er polit­i­cal can­di­date you want, what­ev­er Constitutional amend­ments and ref­er­en­da you want to pro­mote. The sys­tem we have now—and I’m just stat­ing the fact—is one that invests the pow­er of gov­ern­ment in elect­ed rep­re­sen­ta­tives. Not to give you the civics les­son, but it is through that process that the admin­is­tra­tion decid­ed what the rel­e­vant fac­tors were to be bal­anced, includ­ing law enforce­ment. And I think it’s appro­pri­ate for every­one in this room to think about what the world would be like with­out law enforce­ment capa­bil­i­ties. I sat in on some of the ses­sions yes­ter­day, talk­ing about the First Amendment and the Internet and so on. And I don’t think there was any­one in the room who dis­agreed that there was a point at which there was an appro­pri­ate role for law enforce­ment to play, even in this great bas­tion of free­dom called the net. 

So, that’s a deci­sion that’s been made by soci­ety. You and any­one else is free to go out and try to remove law enforce­ment or nation­al secu­ri­ty as a fac­tor, but you would want to think through very care­ful­ly the con­se­quences of doing that before you did that or before peo­ple sup­port­ed you. 

Hughes: I—

Froomkin: No, I think I’m gonna have to cut you off and pick our next speaker. 

Hughes: One final com­ment, though. And this is just a part­ing shot—

Froomkin: Two seconds.

Hughes: The black bud­get is tax­a­tion with­out rep­re­sen­ta­tion, and the clo­sure of the [?] tak­en on secu­ri­ty pre­vents the demo­c­ra­t­ic process from doing as you say it does.

Froomkin: If President Clinton told you to change the pol­i­cy, you’d change it would­n’t you? I mean that’s real­ly what he— The claim seems to be that you’re oper­at­ing inde­pen­dent of the President. That’s not the posi­tion is it?

Lee: It’s the President’s decision. 

Froomkin: So have you ever talked to the President about these issues?

Lee: We did­n’t over­lap at Oxford. [Froomkin laughs]

Karn: Didn’t I read some­where once that some­one at the NSA was quot­ed as say­ing the President does­n’t speak for NSA? I think that was in the [indis­tinct].

Ross Stapleton-Gray: Ross Stapleton-Gray, TeleDiplomacy, Inc. I think Tim May said some­thing that real­ly ought to be under­scored about glob­al trends. I went to a hear­ing on open­ness in the intel­li­gence com­mu­ni­ty, where I went in expect­ing to hear all sorts of great debate across the aisle, only to see an incred­i­ble uni­ty of thought that more open­ness might embar­rass our President and his con­duct at for­eign pol­i­cy. More open­ness might embar­rass the past President and ensure we nev­er get back in pow­er. A uni­ty of the two halves of the gov­ern­ment, the two sides of the aisle, in favor of pre­serv­ing the sta­bil­i­ty and the secu­ri­ty of…somewhat of the sta­tus quo. 

And I think we’re going to do the same thing glob­al­ly with gov­ern­ments besieged by the rose grow­ers in col­lu­sion inter­na­tion­al­ly. And every oth­er group. Such that we will find—and I think we’ve seen for some­time, it’s much more in the inter­est of the US gov­ern­ment to reach accord with the gov­ern­ments of Pakistan and China and Uganda against desta­bi­liz­ing forces from below, I think lead­ing towards an absolute extreme where we find we’re in lock­step with the gov­ern­ments of China and Pakistan and Uganda against these nasty rose grow­ers. This ceased to become an aca­d­e­m­ic exer­cise for me about a week ago when I got an email note say­ing, Did you write this doc­u­ment?” Some per­son in some coun­try out there, where we don’t have meet­ings on com­put­ers, free­dom, and pri­va­cy. A coun­try of a num­ber of peo­ple and we’re a fif­teenth of less of the world, even all of us in the US com­bined. This per­son said, Did you write this doc­u­ment?” and it was some gibberish. 

I said God no, I don’t think so. And it came back and it said well this is…” and it gave me the title. It was an arti­cle I’ve writ­ten called Opening Doors in the Global Village.” 

And the per­son said, The edi­tor said you work for a cer­tain com­pa­ny.” And my affil­i­a­tion as a CIA ana­lyst was on there. And it said, If you work for this com­pa­ny, and if you care about my coun­try, could you tell me where I find PGP, UUEncode, etc.” I got my first elec­tron­ic walk-in only after I left the agency. 

But this per­son out there, one of a larg­er bunch of peo­ple who are not us, liv­ing in a gov­ern­ment that is not any­where near as nice as the one we may be com­plain­ing about now, des­per­ate­ly wants to get the tools. And what I sus­pect, giv­en what Tim has described in the gen­er­al trend that the gov­ern­ments are going to start cir­cling wag­ons against the threats which are indeed numer­ous and are indeed real… We’ll see that there will be a gen­er­al con­sen­sus among the var­i­ous gov­ern­ments that, Well, we bet­ter not let it be import­ed, bet­ter not let it be export­ed.”

Just to note, I think Tim’s exact­ly right. There’s where the ten­sion lies. I agree, from hav­ing been an intel­li­gence ana­lyst, that there are indeed major threats. I’ll add as a for­mer intel­li­gence ana­lyst, if you knew what I knew you would­n’t take so…you would­n’t let Mike Nelson say, If you knew what I knew.” [applause and cheer­ing] There are indeed threats but I think—

Froomkin: Let me put this ques­tion to a cou­ple mem­bers of the pan­el as a mat­ter of fact. We’ve had a sug­ges­tion in a sense there’s going to be a con­spir­a­cy of gov­ern­ment against their peo­ple. Stewart, Ron… 

Baker: I actu­al­ly want­ed to address a dif­fer­ent point first, because I think it’s… For those of you… I’m kind of sur­prised to find that Tim May and I agree upon more than most of the peo­ple on this pan­el. But let me turn to some­thing I think—

May: I’m not surprised.

Baker: —that we actu­al­ly agree on in terms of free­dom for the world, and con­cerns about cen­sor­ship and oppres­sion around the world. There is one aspect of US export con­trol pol­i­cy that could be changed with­out invok­ing any of the if you knew what I knew” kind of stuff. It would­n’t cause any harm to the nation­al secu­ri­ty and would be good for democ­ra­cy. And that is, cur­rent­ly because of a Congressional law impos­ing sanc­tions on the Chinese gov­ern­ment for slaugh­ter­ing its peo­ple in Tiananmen Square, it’s not pos­si­ble to sell muni­tions with­out spe­cial Presidential waiv­er to any­body in China. What that means is you can’t sell a human rights group in China secure com­mu­ni­ca­tions that have been approved to export oth­er parts of the world. 

I don’t think that makes any sense. [applause] I don’t think that that’s a con­cern at the nation­al secu­ri­ty lev­el, it is a polit­i­cal con­cern. People are afraid with­in the admin­is­tra­tion, with­in the State Department, of look­ing as though they’re being nice to China. And they’re unwill­ing to rec­om­mend to the President that the President issue a waiv­er allow­ing the sale of encryp­tion that’s been approved for export into China. There’ve been some mod­i­fi­ca­tions to that pol­i­cy but it’s by no means com­plete the last time I looked. 

That’s some­thing that could be changed. It could be changed if peo­ple thought the pol­i­tics went the oth­er way, and I think that is a doable thing that folks in this room ought to be try­ing to do. 

Froomkin: Ron, you want to add any­thing to that?

Lee: Well I’d sort of like to turn the if you knew what I knew” thing around, and a lot of what under­lies the ques­tions here is that the US gov­ern­ment is engaged in some con­spir­a­cy or that it’s not to be trust­ed inher­ent­ly. And I’m won­der­ing, beyond sort of the polit­i­cal phi­los­o­phy under­ly­ing that, what spe­cif­ic exam­ples are that lead peo­ple to have that concern?

[sev­er­al things from audi­ence indistinctly]


Lee: And I think when you look at each of these you’ll see that appro­pri­ate over­sight mech­a­nisms have sprung up and been strength­ened in response to that. 

Froomkin: So the posi­tion basi­cal­ly is It can’t hap­pen again…trust us!” 

Lee: Cabazon, Wackenhut, Casolaro. [cheer­ing and clap­ping] Now, I don’t… I fol­low the con­spir­a­cy the­o­ries fair­ly care­ful­ly. I don’t know that there’s any­thing to the Mena, Arkansas CIA drug sup­ply blah blah blah blah blah. I don’t know. And I don’t know that that’s my major con­cern. I think that any kind of gov­ern­ment at a cer­tain size is going to have cor­rupt peo­ple in it. It’s gonna have ex-CIA peo­ple who ship drugs around. It’s gonna have cur­rent CIA peo­ple. It’s gonna have French intelligence…all sorts of things. That’s just the nature of human­i­ty. That’s not gonna change. 

I believe the larg­er issue is not whether there’s a con­spir­a­cy in gov­ern­ment, but the issue of what gov­ern­ment does, what gov­ern­ments do around the world when there are so many degrees of free­dom. Such a vast num­ber of com­mu­ni­ca­tion chan­nels. This has been a change in the world. The Medieval guilds fell apart 800 years ago. The medieval guilds had a posi­tion of intel­lec­tu­al prop­er­ty very com­pa­ra­ble to what cur­rent cor­po­ra­tions have. That is, the sil­ver­smiths’ guild owned the knowl­edge of how to make sil­ver. And the king sup­port­ed that right. And this was intel­lec­tu­al prop­er­ty law of 1300

Well, tech­no­log­i­cal­ly that changed when print­ing became avail­able. Because first, reli­gious books were pub­lished. They were the first hot off the press. After the first ini­tial print run of hym­nals and bibles came out, the next thing that came out, some­body told me a cou­ple nights ago it was porn. I sort of doubt it, but. What I’ve always heard is the next series that was out, and it’s sup­port­ed by the ear­ly pub­lish­ing, were these books on how to do home farming-type things. How to shoe hors­es, how to sew… It was knowl­edge, basic knowl­edge. Within the next fifty years the guilds col­lapsed. This was inde­pen­dent of all the law and all the moral­i­ty. The devel­op­ment of a tech­nol­o­gy that allowed increased degrees of free­dom of that sort changed fun­da­men­tal structures. 

I think we’re see­ing the same thing today. These var­i­ous vir­tu­al com­mu­ni­ties exceed the num­ber of nations in the world. And arguably they’re much more coher­ent, much more cohe­sive, much more ded­i­cat­ed. Some of them we call ter­ror­ists, oth­ers we call free­dom fight­ers. I’m remarkably…unconcerned with what their caus­es are. I’m more inter­est­ed in the gen­er­al phe­nom­e­non of 250 nations in the world, and at least a thou­sand dif­fer­ent spe­cial inter­est groups. And you can’t stop them. You can’t just say, We’re not going to allow com­mu­ni­ca­tion.” As long as you allow com­mu­ni­ca­tion, these are going to form. And I think it’s going to change over the next fifty years the nature of gov­ern­ments around the world. I think we’re already see­ing it. [applause]

Karn: Yeah I’d like to speak to the point about con­spir­a­cies. I’m not a con­spir­a­cy the­o­rist. I don’t think a con­spir­a­cy the­o­ry is nec­es­sary to explain what gov­ern­ments have been try­ing to do to sup­press cryp­tog­ra­phy. There’s a very sim­ple expla­na­tion. I very strong­ly believe in the prin­ci­ple of not attribut­ing to mal­ice what can be ade­quate­ly explained by stu­pid­i­ty. In the case of gov­ern­ment, the over­rid­ing con­cern is CYA: cov­er your ass. And that explains every­thing they’ve been doing. You don’t need to have a nation­al con­spir­a­cy to explain it. 

Froomkin: In the spir­it let me call the next per­son before the audi­ence lynch­es me.

Audience 3:

Frank R[?], Stanford. And since we’re priv­i­leged to have a coun­cil here from Microsoft, I thought I would ask about some of the prod­ucts like Word, or Excel, or oth­er prod­ucts that have pass­word pro­tec­tion. I’ve looked in man­u­als for Microsoft prod­ucts as well as oth­ers, try­ing to find out just exact­ly how secure data would be if I used those fea­tures. And to this day I real­ly don’t know what kind of pro­tec­tion there is in there. But if there is pro­tec­tion in there I won­der if that comes with­in cryp­to­graph­ic reg­u­la­tions. And if there isn’t I won­der why there isn’t some kind of a warn­ing let­ting me know about the secu­ri­ty of what I put in those products. 

Froomkin: The ques­tion is, do we trust Microsoft? [laugh­ter]

Audience 3: [inaudi­ble]

Ira Rubinstein: I think it would be best to answer that ques­tion with a bit of his­tor­i­cal per­spec­tive. And you can laugh all you want but it’s still a seri­ous point. The export reg­u­la­tions pre­dat­ing the July 19th, 92 agree­ment that iden­ti­fied the cri­te­ria for export­ing prod­ucts made it vir­tu­al­ly impos­si­ble for any American com­pa­ny with sig­nif­i­cant for­eign rev­enue to design ade­quate secu­ri­ty fea­tures. Because the way export con­trols worked at that time, if you approached the gov­ern­ment and said, This is what we’re plan­ning to imple­ment,” they would say, Well…we don’t know if that’s exportable. Why don’t you go ahead and imple­ment it and then we’ll look at your imple­men­ta­tion.” And the com­pa­nies would say, We’re not going to imple­ment it unless we know that we can sell it abroad.” And you’d quick­ly get into this dance that result­ed in no seri­ous encryp­tion being imple­ment­ed because nobody want­ed to spend the resources on the next rev of a prod­uct if that meant that you would lose your for­eign markets. 

So a lot of com­pa­nies, not just Microsoft but oth­er com­pa­nies with pass­word pro­tec­tion in appli­ca­tion prod­ucts, imple­ment­ed what can only be described as weak pro­tec­tion. Protection that with­out ques­tion would not inter­fere with the export sta­tus of the prod­uct. Which did­n’t even require much dis­cus­sion with the gov­ern­ment to estab­lish that. Anything that did require dis­cus­sion meant that you either had to com­mit to expend­ing the resources to devel­op that, to put it in a prod­uct, to test it, and then pos­si­bly have to remove it at the last minute. Or you did­n’t devel­op it at all. So, the lev­el of the encryp­tion that’s gen­er­al­ly avail­able in prod­ucts that had a long his­to­ry pri­or to that July 19th, 92 agree­ment is quite unsatisfactory. 

Following that agree­ment, a num­ber of com­mer­cial com­pa­nies quick­ly intro­duced a whole suite of prod­ucts that were designed around the cri­te­ria iden­ti­fied. And they’d be in a posi­tion today if those cri­te­ria were changed to quick­ly respond to those changes to increase the keylength and to offer more sophis­ti­cat­ed features. 

But I want to make this point very clear because the major impact of the ITAR on US soft­ware com­pa­nies to date… And bear in mind that through­out the indus­try the for­eign rev­enue accounts for as much as as 50% of total sales. And US soft­ware prod­uct in the prepack­aged cat­e­go­ry accounts for as much as 75% of total world prepack­aged soft­ware. So, what US com­pa­nies are per­mit­ted to put in their prod­ucts deter­mines what’s avail­able world­wide but also the deter­mines what’s going to be avail­able in the US. And that’s why I empha­sized ear­li­er the impact of export con­trols on cryptography. 

Froomkin: Let me fol­low that up just a lit­tle bit. Tim told us, in his talk, that he thought one of the biggest prob­lems was igno­rance. And there’ve been many many sug­ges­tions on the net and else­where that per­haps— [And which Tim says to you?], you’ve sort of con­firmed this: Microsoft prod­ucts are not as secure as one might dream they could be. Why does­n’t Microsoft put a dis­claimer in the man­u­als and edu­ca­tion­al tools? Tell peo­ple you know, We’d love to give you some­thing bet­ter, but we can’t.” Wouldn’t that be the best way of solv­ing Tim’s prob­lem of edu­cat­ing the world?

Rubinstein: You’re say­ing why don’t they trash their product? 

Froomking: No! They’re say­ing, We’ve giv­en you the best thing we can, under the laws.” You know, It’s bet­ter than what any­body else has! It’s the best thing—” They’re going to make what­ev­er claims they want. We would like to give you some­thing even bet­ter but we can’t.” 

Rubinstein: And what prob­lems do you think that would solve? 

Froomkin: Well Tim’s claim that peo­ple are igno­rant about the pos­si­bil­i­ty of strong cryptography. 

Rubinstein: We’ve not encoun­tered igno­rance about the need for cryp­tog­ra­phy, at all. 

Karn: Would a prod­uct lia­bil­i­ty law­suit help? [laugth­er and clapping]

Froomkin: Surely one law­suit­’s enough. Americans sell­ers of mass-market prepack­aged soft­ware make no strong war­ranties about their prod­uct. [laugh­ther]


Audience 4: [indis­tinct sen­tence; name?] A cou­ple of things, specif­i­cal­ly to Mr. Baker. I think your point about that cus­tomers don’t want secure cell phones com­plete­ly miss­es the point. And I believe specif­i­cal­ly if you look at one that aren’t cur­rent­ly deployed, the CDMA, it’s pos­si­ble to pro­vide domes­tic users com­plete­ly secure authen­ti­cat­ed pri­va­cy with no threat, because you can always con­trol the base sta­tion sales; much eas­i­er to control. 

The oth­er thing I would answer to one of the ques­tions orig­i­nal­ly posed, which is if you want­ed to have a secure inter­na­tion­al com­mu­ni­ca­tion, which many multi­na­tion­als do—people, friends, fam­i­ly internationally—is that I would rec­om­mend that you speak to the peo­ple you know who are tech­ni­cal­ly able and inter­est­ed and urge them to par­tic­i­pate in var­i­ous inter­na­tion­al standard-setting bod­ies. It’s clear that if you’re inter­est­ed in tru­ly secure communication—uncompromised—that it will not be brought to you by any of your local governments. 

And I under­s­ta— I…I’m con­cerned. I mean I’m con­cerned. I you know, think about this at night like what is this going to mean? And I don’t think that we’re going to stop the march towards strong cryp­tog­ra­phy. Clearly the export con­trols are work­ing. I mean it slows it down. And there’s con­se­quences. There’s basi­cal­ly…nil deploy­ment of strong cryp­to domes­ti­cal­ly. And that’s cost­ing everybody. 

Baker: I have to say, I think it’s…as I said ear­li­er I think it’s quite like­ly, though not…quite proven, that we’ve reached a take­off point for peo­ple wan­ti— You know, the mass of peo­ple want­i­ng strong cryptography. 

But I am also struck by the fact, when I was an NSA agent in [?] I went up to talk to a big hard­ware and soft­ware com­pa­ny deep into sys­tems and net­works that offers DES as an option for secu­ri­ty. And I asked them, Well, of your US cus­tomers, how many buy this option?”

And they said about 1%. 

If you’re going to make the case to get rid of export con­trols, the miss­ing ele­ment… In the end, you’re nev­er going to be able to argue very effec­tive­ly on either side of that…how valu­able this is for nation­al secu­ri­ty pur­pos­es because it gets…sort of hard to talk about nation­al secu­ri­ty intel­li­gence suc­cess­es with­out blow­ing them… 

But you can talk about what the eco­nom­ic impact is on US indus­try. And there have been some efforts in that regard. Steve Walker and the STA and the BSA have pro­duced a lot of indi­ca­tions of the fact there are a lot of prod­ucts out there offer­ing security. 

The miss­ing element—I can say this about the debate inside the gov­ern­ment. The miss­ing ele­ment has been a cred­i­ble analy­sis of what the actu­al mar­ket for that stuff is. What peo­ple are actu­al­ly will­ing to pay. Listen, you have to devel­op the facts if you want to win this fight. And the way to do it is to show that there is a sub­stan­tial mar­ket for this prod­uct. The best way to do it is to start with US sales and show what those US sales of secure prod­ucts are. And argue that there would be the same kind of mar­ket pen­e­tra­tion out­side the United States as in if there weren’t export controls. 

That’s the miss­ing ele­ment in the argu­ment again, you know. Free advice, and worth every pen­ny. If I were work­ing to end export con­trols, I would be work­ing to devel­op cred­i­ble esti­mates of actu­al exist­ing mar­ket val­ue of sales of cryp­tog­ra­phy inside the United States. And that has yet to be produced.

Froomkin: Steve, you—

Rubinstein:am work­ing to relieve export con­trols, and I can say that the Business Software Alliance did a study, and the study demon­strat­ed that cus­tomers were pre­pared not to buy US soft­ware prod­ucts that failed to offer strong secu­ri­ty. I think the response…it was a Fortune 1,000 study, and the response was about right around 50% of respon­dents answered that ques­tion in that fash­ion. I think much of the prob­lem with this man, and this is anoth­er debate that Stew and I have had pre­vi­ous­ly, is that the ques­tion has been posed in the wrong way. 

The ques­tion has been pro­posed such that the US com­pa­nies are asked to demon­strate their lost sales. But US com­pa­nies don’t track their lost sales. Customers that want inte­grat­ed secu­ri­ty, and then buy a dif­fer­ent prod­uct do not report to US ven­dors that we chose not to buy your prod­uct because it lacked these secu­ri­ty fea­tures. I just think that’s a sil­ly request, and it’s… It’s not com­mer­cial­ly fea­si­ble to pro­vide that kind of data. It’s a very com­plex deci­sion that any large buy­er makes as to what net­work­ing prod­uct, for exam­ple, they’re going to buy. And if they end up buy­ing one prod­uct rather than anoth­er they sim­ply do not report back that this was…“Dear Sir, this is why I did­n’t buy the prod­uct. Because it lacked a secu­ri­ty fea­ture.” I would not say that this is easy. But the fact is that the telecom­mu­ni­ca­tion indus­try was able to show very sub­stan­tial sales of advanced switch­es when they want­ed to decon­trol exports of advanced switches. 

And the same thing for the super­com­put­er indus­try and the com­put­er indus­try when they want­ed to decon­trol sales of those prod­ucts abroad. And it’s going to be a more per­sua­sive argu­ment if you can show that there are actu­al­ly very sub­stan­tial sales of strong cryp­tog­ra­phy around the United States. And I think that you know… I don’t have a stake in say­ing this but—

Baker: Again I dis­agree because—

Froomkin: Hold on, let me get Steve Walker in here, because I think you’ve done a study, haven’t you? 

Walker: Well we’ve actu­al­ly been per­form­ing this study of what’s avail­able world­wide and what’s avail­able in the US, and we found over 400 prod­ucts avail­able overseas. 

More impor­tant­ly in this, we have actu­al­ly gone out to try to buy prod­ucts. Products from England, prod­ucts from Germany, from Israel, from Poland, from Russia. And in every case where we have attempt­ed to do that we have suc­ceed­ed triv­ial­ly. We are buy­ing them in the US, some­times from US dis­trib­u­tors of these com­pa­nies in these for­eign coun­tries, some­times from overseas—we like to keep the stamps from the dif­fer­ent coun­tries, they’re nice to show to Congress. 

You can triv­ial­ly buy cryp­tog­ra­phy in the United States from over­seas. We are told by the gov­ern­ment that oth­er coun­tries have the same kind of export rules that we do. That in fact is not the case. Many coun­tries have fol­lowed the CoCom rule that says okay, don’t sell it to ter­ror­ists coun­tries, don’t sell it to for­mer Soviet Union coun­tries. Sell it to any­body else.” France I’m told is more than hap­py to have their prod­ucts export­ed. They don’t want any­thing import­ed that might be used against them but they’re most hap­py to have them put in the United States or any­where else. 

There is an enor­mous amount of growth in the avail­abil­i­ty of prod­ucts from over­seas. We for exam­ple have a fire­wall that we’re sell­ing, and we’ve added IP encryp­tion into it. And the IP encryp­tion we’ve added uses a German [?] and Infosys board that does does DES and Triple DES at T1 rates. It’s avail­able for a hun­dred bucks. You can buy it in the United States, you can buy it from Germany. It’s trivial. 

There’s no one in the United States that makes that stuff any­more because they can’t sell it any­where else. If we’re going to have pro­tec­tion for secu­ri­ty for the NII it’s going to come from for­eign sources. We have to do some­thing about that. [applause]

Froomkin: We have time for one last, incred­i­bly fast ques­tion. And I’m told despite my protests we have to stop. I would keep going if we could. 

Audience 5: This dove­tails actu­al­ly with the last ques­tion and I would address it to Mr. Baker and then maybe toss it over to Mr. Lee to see what the—

Froomkin: Really fast.

Audience 5: would be. If the jus­ti­fi­ca­tion from the NSA and from the gov­ern­ment for pass­ing reg­u­la­tions reg­u­lat­ing the cryp­tog­ra­phy exports was that the mar­ket did­n’t exist, why did the reg­u­la­tions have to be there in the first place? [cheer­ing and clap­ping] I mean if Microsoft was going to make the prod­uct and nobody was going to buy it, why did the gov­ern­ment then need to pass a reg­u­la­tion to say even if there were a mar­ket, you can’t sell it?” 

Baker: I was short­hand­ing the analy­sis. Anytime… I mean… We’re not an island, we don’t have all the tech­nol­o­gy in the world. It may have been true in 1950, it ain’t true now. And our com­pa­nies have to suc­ceed inter­na­tion­al­ly. If you’re not earn­ing 50% of your income abroad, you’re not com­pet­i­tive any­more as an American indus­try. So you you can’t make nation­al secu­ri­ty and export con­trols pol­i­cy in a vac­u­um, you have to con­sid­er its impact. You have to bal­ance the impact on nation­al secu­ri­ty of let­ting go of those con­trols ver­sus the impact on US indus­try upkeep­ing them. That’s the bal­ance that every­body goes through and that’s cer­tain­ly true for the Clinton admin­is­tra­tion; I think that’s true for the Bush admin­is­tra­tion as well. 

It’s very hard to have a pub­lic debate about what’s the nation­al secu­ri­ty impact of let­ting go of con­trol. But you can have a very pub­lic debate about what the impact on US indus­try of keep­ing them. and there have been—and Steve Walker’s work is a use­ful data point. But it lacks an indi­ca­tion of the size of those mar­kets, the actu­al mar­ket val­ue of the prod­ucts that he’s iden­ti­fied. And I were build­ing a case to get rid of export con­trols, I’d want more data on the size of that market. 

Karn: It does seem that no mat­ter how much data we find there’s more that’s need­ed to make the argu­ment. And that’s…very very frustrating. 

Baker: If I could add one PS, the mar­ket­ing ques­tion is not the mar­ket for stand­alone cryp­tog­ra­phy prod­ucts. The mar­ket­ing ques­tion is the entire future of elec­tron­ic com­merce on a world­wide basis.

Karn: That’s right.


Froomkin: Ron?

[gen­er­al crosstalk from panel]

Froomin: Ron first, then Phil then Tim. And that’ll be a wrap-up.

Lee: A cou­ple of [?] to the ques­tion. One is that your ques­tion assumes kind of a sta­t­ic world where if export con­trols end­ed tomor­row noth­ing else would hap­pen. And I think what the gov­ern­ment has a respon­si­bil­i­ty to do is to look at what its actions are pro­mot­ing, what its actions are inhibit­ing, what direc­tion gov­ern­ment pol­i­cy is mov­ing the world abroad, and whether that’s a help­ful or unhelp­ful devel­op­ment for all the fac­tors that I iden­ti­fied before. And so even if your hypoth­e­sis is true at the moment, which I don’t accept, it would cer­tain­ly be dif­fer­ent the next year and the year after that. 

The oth­er thing I want­ed to point out is we’ve been talk­ing about glob­al com­pet­i­tive­ness and export prospects for US com­pa­nies as if shrink-wrapped soft­ware man­u­fac­tur­ers are the only com­pa­nies in the US that export. Those are, and Ira of course is a rep­re­sen­ta­tive, very sig­nif­i­cant con­trib­u­tors to the bal­ance of pay­ments in the US. But there are oth­er com­pa­nies, too, that don’t have any­thing to do with pho­tog­ra­phy. And the way they sell abroad is to be able to com­pete on a lev­el play­ing field a fair basis with for­eign bid­ders for for­eign con­tracts. They need a lev­el play­ing field to do that. And the United States gov­ern­ment rep­re­sen­ta­tive that make sure that hap­pens rely heav­i­ly on for­eign intel­li­gence to be able to do that. That’s anoth­er rea­son why pre­serv­ing for­eign intel­li­gence capa­bil­i­ties is important. 

Froomkin: Phil, last thoughts. 

Karn: I have a ques­tion still, here. I’m a lit­tle dis­turbed. If I want­ed to pub­lish a book I might have to con­vince my pub­lish­er that there’s a mar­ket for this book. But are you say­ing that then my pub­lish­er would then have to con­vince the gov­ern­ment that there’s a mar­ket for this book before they’d be allowed to pub­lish it? Something does­n’t quite ring true here. 

Baker: Export con­trols… Well. I guess I would say export con­trols are there because there is per­ceived to be a real nation­al secu­ri­ty dan­ger to let­ting the prod­uct go. And the ques­tion is whether the eco­nom­ic inter­ests of the United States and the com­pet­i­tive­ness of its indus­try requires that you give up the nation­al secu­ri­ty interest. 

Karn: In oth­er words the dol­lar is much more impor­tant than fun­da­men­tal human dig­ni­ty. [laugh­ter]

How else can it be said?

May: One last com­ment, since I don’t have any­thing to add to this. Last night, Phil Zimmerman said that there’s remark­able una­nim­i­ty of pur­pose amongst peo­ple who ask about the cryp­to pol­i­cy, and every­body from lib­er­al Democrats to right-wing Republicans agree that the pol­i­cy is flawed. I don’t want to say that, actually. 

I want to say that there’s a fun­da­men­tal dichoto­my in American cul­ture that’s been with us for the last two or three hun­dred years. Two simultaneously-held views that are in con­flict with each oth­er, like a ten­sor. And the angle between these two things I know because I was doing my trigonom­e­try home­work dur­ing Woodstock. [laugh­ter]

And that is there’s one view which most Americans hold, which is none of your damn busi­ness.” A man’s home is his cas­tle. Get the hell out of my business. 

Another view, which is simul­ta­ne­ous­ly held, is what have you got to hide?”

Froomkin: Thank you very much. And let’s thank the panel.