5 September 1997
Source: Declan McCullagh
---------- Forwarded message ---------- Date: Wed, 3 Sep 1997 14:13:37 -0700 (PDT) From: Declan McCullagh <declan@well.com> To: fight-censorship@vorlon.mit.edu Subject: FBI calls for mandatory key escrow; Denning on export ctrls All encryption products sold or distributed in the U.S. must have a key escrow backdoor "like an airbag in a car," law enforcement agents advised a Senate panel this afternoon. FBI Director Louis Freeh also told a Senate Judiciary subcommittee that "network service providers should be required to have some immediate decryption ability available" permitting agents to readily descramble encrypted messages that pass through their system. This marks the most aggressive push to date for mandatory domestic key escrow (or "key recovery"), which means someone else other than the recipient can decipher messages you send out. Now, the easiest way to win such a political tussle in Washington is to control the terms of the debate. And nobody understands that rule better than Sen. Jon Kyl (R-Arizona), chair of the Judiciary subcommittee on technology, terrorism, and government information. Kyl opened today's hearing not by saying its purpose was to discuss crypto in a balanced manner, but that he wanted "to explore how encryption is affecting the way we deal with criminals, terrorists, and the security needs of business." Then he talked at length about "criminals and terrorists" using crypto, and child pornographers "using encryption to hide pornographic images of children that they transmit across the Internet." Kyl also stacked the three panels. Out of seven witnesses, five were current or former law enforcement agents. No privacy or civil liberties advocates testified. Some companies including FedEx apparently dropped out when told they'd have to pay lip service to key escrow if they wanted to speak. Dorothy Denning, a Georgetown University professor of computer science, did testify. Kyl made a point of asking her if she still supported key escrow systems (two recent articles by Will Rodger and Simson Garfinkel said she was changing her mind). "I think key recovery offers a very attractive approach," Denning said. What about export controls? "In the absence of any controls, the problem for law enforcement would get worse," she replied. But when Sen. Dianne Feinstein (D-Calif) asked if Denning would support a *mandatory* key escrow system, the computer scientist said she wouldn't. "No, because we don't have a lot of experience we key recovery systems... a lot of people are legitimately nervous." (Keep in mind that although Feinstein supposedly represents Silicon Valley, she's no friend of high tech firms. She opposes lifting export controls; in fact, she says that "nothing other than some form of mandatory key recovery really does the job" of preventing crime. Of course, Feinstein doesn't have a clue. She talks about whether businesses would want "a hard key or digital key or a key infrastructure." Yes, folks, this is in fact meaningless blather.) Marc Rotenberg, director of the Electronic Privacy Information Center in Washington, DC, says, "Simply stated, the Senate train is headed in the wrong direction. But of course this doesn't answer the question of what will ultimately be resolved by Congress? There's a very popular measure in the House right now that's heading in a different direction." Rotenberg is talking about Rep. Bob Goodlatte's SAFE bill, which is much more pro-business than S.909, the McCain-Kerrey Senate bill that Kyl supports. Now, S.909 doesn't mandate key recovery; it only strongly encourages it by wielding the federal government's purchasing power to jumpstart a key recovery infrastructure. But Kyl would go further. At a recent Heritage Foundation roundtable on encryption, I asked him, "Why not make key recovery technology mandatory -- after all, terrorists, drug kingpins and other criminals won't use it otherwise. Kyl's response? Not that it would be a violation of Constitutional due process and search and seizure protections or a bad idea. Instead, he told me he simply didn't have enough votes... -Declan