1. Government, Cryptography and the Right To Privacy Jenny Shearer and Peter Gutmann Presented by Paul Conti 4/3/00

2. Presentation Layout Introduction The State Standards Dilemma The Citizen The Market Conclusion

3. Introduction Consequences of Government Control Imbalance of power relationship Surveillance of citizens Disruption of int’l commerce because of lack of powerful cryptography and no standardization Human rights abuses Limit political potential of I*net politics

4. Introduction Cont. The Problem: Public use of free, easy to use, strong cryptography. Strong cryptography: cryptography which the government cannot break. Government Reaction: Try to implement more restrictions on cryptography Key forfeiture, weak encryption Done with much resistance

5. Introduction Cont. Privacy as a right vs. national security Loss of communications privacy Monitor dissent New Zealand Hard for less democratic countries

6. Data Security Cryptography classed as “munitions” Hardware & software implementations cannot be exported without permission Central issue: key forfeiture Covert Regulation Patent secrecy orders Cut funding Discourage standardization Harrasment of encryption providers

7. Key Forfeiture Key forfeiture: involuntary relinquishing of keys to trusted agencies No suitable agency found so far Terrible track records for government agencies and protection of data Non-government agencies also flawed

8. Weak Encryption Weak encryption: encryption capable of being broken by government Problem: Other agencies and bad guys can break it too. Especially applies to banking Electronic payment systems Medical and personal data

9. Political Implications Why a chaotic international cryptographic situation? Democracy can’t cope Citizens have predefined notion of cryptography – leave it to the govt. Infringement of internet “community” will bring backlash

10. The State United States Cryptography as munitions Export allowed if encryption is weak or crippled Netscape Normally 128-bit session key Exported with only 40 secret bits, 88 free Cracked many times Challenge to policy, denied – national security

11. The State Cont. Pro Regulation: France, Russia, Germany France: Export of cryptography needs approval, Foreign companies register keys Russia: Presidential decree – all cryptography government approved Use regulation for spying; U.S. has too Hard to regulate people using other encryption. e.g. PGP

12. The State Cont. Anti-encryption regulation: U. K. Most political parties favor broad use of encryption Reasons: wrong in principle, unworkable in practice, damaging to long-term economics of information network Rule #1 for all: Don’t export cryptography to the “bad” countries –Lybia, Iraq, etc.

13. The Standards Dilemma United states and national interest Government’s most used reason for regulation Govt. places national security issues and economic interests before Internet development

14. Interoperability Issue Lack of well-recognized international standards including interoperability hinders the use of cryptography One internationally standard encryption algorithm – DES Approved with much resistance NSA -“worst mistake ever”

15. Interoperability Issue Cont. Similar problems with Triple-DES Easily incorporated into a system with DES Backwards compatible with single DES with an appropriate choice of keys NSA opposed, agencies weakened Oppose civilian use, but developed its own encryption for military Result - still no standards

16. Privacy of Voice Comm. Privacy protection through encryption ignored Cell phones easily interceptable Encryption could have saved $1.5 million dollars/day GSM phones used A5 encryption – altered to suit governments needs

17. Government Covert Action NSA is a big bully Discourage research, attempt to block patents, impede symposiums, prevent release of software, issue death threats Public /media outcries usually stopped them

18. The Citizen Electronic Frontier Foundation formed to fight for electronic civil rights Stress cryptography, quell hacking

19. Clipper Chip Uses NSA skipjack algorithm; used for voice transmissions; capstone for data Objection: Key forfeiture system would bring universal surveillance Other problems: key forfeiture system could be easily bypassed, messages can be forged with out encryption key, FBI planned to outlaw all other encryption

20. Clipper II –“Clipper’s Revenge” Govt. outlined 10 criteria to allow for exportable encryption Problem: Clipper II had weak encryption through short keys and key forfeiture Short key requirement allowed for legal access via escrow agents Possible to decrypt messages without key Only compatible with government products Conductive to U.S. spying of other countries

21. Cryptography Regulation Tough for government to justify regulation “Four Horsemen of the Infocalypse” justification Actual evidence hard to find Intelligence agency $28 billion budget, more than housing or education Can avoid regulation with steganography

22. The Market Internet marketplace growing Secure cryptography needed to protect transactions Isolationism will cause U.S. to fall behind cryptography of other countries No standards likely for future

23. Conclusion Cryptography slow to advance because of politics mostly. Government will continue to try to impose regulations, while getting opposition Internationally, a weapon of e-commerce Protected heavily by countries If other countries become too advanced, deregulation will be necessary

24. Conclusion cont. Government trade-off between security, civil rights, and economic advantage Civilian use of strong cryptography will tip the scales of power a little, show social progress. Research into cryptography should be open and results freely distributable Did you find the steganography?

25. Conclusion cont. Questions/Comments?