Report on the 1998 EPIC Cryptography Conference

(8th June, Washington DC)

by Brian Gladman (with help from Stefek Zaba)

*** Keynotes ***

There were two Keynote speeches given respectively by Representative Bob
Goodlatte and Senator Conrad Burns. Goodlatte is the driver of the SAFE
Bill in Congress and Burns the driver of the ProCODE Bill in the Senate.

Goodlatte indicated that support for SAFE on the floor was now 250 plus
which is a majority. However the Bill was now being scrutinised by a
number of 'interested' committees and this was stalling its progress.
The Rules Committee would have to resolve this and it appears that the
Chairman of this committee is not in favour of the Bill.

There appeared to be a US Administration wish to negotiate with
Americans for Computer Privacy (ACP) on the crypto issue but a
condition here was that SAFE is suspended.  He argued that this would
be very bad since the US Administration only ever moved on the crypto
issue when under pressure.

In overall terms I gained the impression that the Bill would be unlikely
to succeed this session (I stress that this is MY view - I may be wrong).

Senator Burns gave a light hearted summary of crypto issues and argued
strongly that constraining technological progress in the crypto area
would be very damaging for the US.  He suggested that most legislators
did not understand the issues involved and this meant that there was a
desperate need for education. He characterised Washington DC as "17
square miles of logic free environment"

*** Technology: Key Escrow/Key Recovery ***

The 'Technology Panel' was led by Dave Banisar of EPIC with Matt Blaze,
Bruce Schneier and myself as speakers.

Matt Blaze presented an updated version of last year's "11 Cryptographers"
report.  He pointed out that the conclusions of the original report
were unchanged and essentially unchallenged.

Bruce Schneier then covered the technical issues of maintaining security
with KE/KR solutions. He pointed out that maintaining security in any
KE/KR infrastructure would be extremely difficult and well beyond the
current state of the art.  He pointed people to NSA's analysis of the
risks of KE/KR which pointed out these risks very clearly.

I presented my paper on KR and its 'conversion' into KE by government
support and sponsorship.  In particular I emphasised that there was
little overlap between the interests of governments in seeking
access to information and those of private citizens in maintaining
their privacy. Although there were some business requirements for KR,
if these were pursued in a way that imposed the on private citizens
then mass market Electronic Commerce would be stillborn.

*** US Encryption Policy - Where Next? ***

The session on US Encryption Policy involved two speakers (Bob Litt and
Bill Reinsch) speaking for continued controls and two (David Peyton and
Jeffrey Smith) calling for their removal.

Bob Litt (US Justice Department) stressed that the law enforcement
community did not want to stand in the way of the widespread use of
encryption, which they saw as a benefit for law-abiding citizens. But
this would have an adverse impact on law enforcement and this could not
be ignored.

He considered that the law enforcement case had been largely
misunderstood and rejected a number of common 'myths':

* law enforcement is opposed to the use of strong encryption

* the code breaking capabilities of governments gave ready access for
  law enforcement - the cost of this was way beyond typical law
  enforcement resources

* law enforcement wishes to expand its information gathering

He went on to give examples of cases where intercept had been very
important for law enforcement and suggested that if we did not tackle
this issue now a future 'crypto related calamity' might result in
draconian measures that no one wanted.

Bill Reinsch gave a summary of the Administration's position on crypto.
He pushed the Key Recovery line and stressed the need for this for
stored data (I felt that this was a reaction to the realisation that
the case for comms KR was weak, hence requiring a shift of ground on
the Administration's part). He said that he saw KR solutions emerging
even for comms and seemed to  suggest that there were business needs
here despite the previous session presentations.

He suggested that discussions with other countries indicated that they
were moving along the same lines as the US and pointed to UK policy
announcements as an example here.

Jeff Smith, Counsel to ACP, described the competing interests in the
crypto policy debate, emphasising the ACP desire to work co-operatively
with the US administration to find solutions. He overviewed the an ACP
proposal for the way ahead on crypto policy:

* a presidential commitment to oppose any domestic controls

* more interim export relief

* the formation of a "Net Center" as a forum for the multiple interests
  to work out a compromise solution.

David Peyton, National Association of Manufacturers, made the business
case for the deployment of strong cryptographic information protection.
He quoted a recent study suggesting that the cost of economic and
industrial espionage for the US was now 250 billion dollars (per annum?
- this was not clear).

He suggested that we were still recovering from the 'Clipper fiasco' but
noted that this was still a government standard!  He felt that voluntary
(user controlled) KR was a valuable possibility but strongly criticised
the Administration's "back door" discouragement of non-KR products
through such means as the export control regulations.

*** Discussion ***

A number of interesting points came out in discussion

1. Bill Litt admitted that he had never seen the NRC report - he had
   been told that it was badly flawed and had not therefore read it!!!!

2. Bill Reinsch was asked about US government Department efforts to
   obtain exemption from requirements for KR in their systems.  He said
   that he did not think exemptions would be easily obtained (apparently
   his staff touted this for BXA but he said that they would have to
   take their own medicine!).

3. Reinar Fuchs (NATO attendee) strongly distinguished - and asked
   Reinsch to acknowledge the basic difference between - domestic law
   enforcement, i.e. police, access, under lawful warrant, and mass
   surveillance by intelligence authorities under such programmes as
   Echelon. He indicated the hostility in Europe to such government
   activities.  He did  not get any answer from Reinsch. Fuchs followed
   up with a second question asking if intelligence agencies would have
   to escrow their keys if KE/KR became mandated!! Reinsch suggested
   that self escrow would be sensible here!!!!!!

4. In response to a question (from me) on why export controls would help
   in stopping criminals and terrorists from using strong non-KR
   encryption Bill Reinsch indicated that 'in abstract terms' he could
   not characterise such controls as 'either fair or effective', they
   were, however, 'available'.

*** Lunch - Jim Bizdos, RSA ***

Jim did a good job at criticising the Administration's position on
crypto policy.  He pointed out that this was exporting jobs and
technology leadership from the US at an increasing rate.  He suggested
that the economic cost of the current policy was already high and could
be expected to grow rapidly if it was not changed soon.

He expressed amazement that Bill Litt had not read the NRC report and
said that he was organising a collection so that a copy could be
purchased for him to read!

*** International Perspectives ***

* Helen McDonald, Industry Canada

Helen gave an overview of developments in Canada (Industry Canada is
the Canadian equivalent of the US Commerce Dept or the UK DTI).

The Canadian Government was working on three fronts:

* privacy legislation

* establishing a PKI

* clarifying crypto policy

On privacy, there will be federal legislation in those policy areas
which are federally controlled; for the other policy areas, minimum
standards have been agreed with the provinces, based on the 1988 OECD
"fair information handling" principles.

On PKI for federal government use, the intention is to have the
foundations in place this year (1998). Though Entrust has the major
share of current implementations, the PKI itself is open and will
support other products.

On crypto policy, Canada has issued an "options" paper and solicited
wide public comment. The current position is of no usage or import
regulations; export regulations are compatible with the Wassenaar
agreement. Hence no restrictions on the export of weak or
authorisation-only crypto, nor on Public domain or mass-market

Current thinking for the future was that Canada's Charter of Rights and
Freedoms requires that any restrictions should be proportionate and have
a realistic chance of being effective.  [I felt that Helen was leaning
towards the privacy argument in what she said].

More detail at:

* Ulrich Sandl, Ministry of Economics, Germany

Ulrich gave a very strong statement of the German position on crypto
policy and came as close to being critical of the US government as any
speaker did.  In effect he was outspoken in rejecting US government
efforts to impose their crypto thinking on Germany (and others).

He emphasised that the privacy of German citizens was of great
importance and that the real issue for Germany was not giving law
enforcement access but rather that of preventing access by 'foreign
agencies' not under German control.  He said that there was serious
concern in Germany about 'one country's' attempts to impose solutions
meeting such needs!!!

In my view this talk was, in effect, a strong German rejection of US
government efforts for international consensus on KE/KR crypto

* Nigel Hickson, UK Department of Trade and Industry

Nigel gave an overview of the recent UK policy developments that
members of this list will know well (so I won't repeat them here). He
did suggest at one point that the UK industry response to the earlier
UK policy paper had been pathetic, with only civil liberties making a
serious input (I think that this was a somewhat 'tongue in cheek'
statement). He also suggested that the UK law enforcement community
should start making their own case rather than asking him to do it for
them (and taking the flak as a result!).

On a wider front he referred to support in Europe for measures designed
to provide law enforcement access and to the EU dual-use Directive,
which would possibly remove internal EU crypto controls but also impose
controls on 'intangible goods' (that are currently not controlled).

* The French Scene

The scheduled representative from France was unable to attend; Deborah
Hurley read out a short statement, in which Prime Minister Lionel
Jospin's administration was painted as much more aware of E-issues than
the previous government.  On crypto policy, there is now an intention
to have a public consultation and debate process by the end of this
year (1998)!

* The European Commission

The Commission representative did not attend and no position was given
for the EU (I was very disappointed about this given the progress now
being made by the Commission).

* Discussion

During discussion Nigel pointed out that the Wassenaar agreement will
come up for review shortly (I cannot remember the timescale he quoted).
It was also pointed out that if nations could not agree on carrying
some form of agreement forward, it would simply lapse

[comment: this will be an opportunity for rational action - removal of
all crypto controls except those targeted at specific and achievable
aims - e.g. preventing military crypto going to terrorists or
undemocratic countries.]

*** US Export Control Litigation ***

This session covered three cases (Bernstein, Junger, and Karn) with
their attorneys giving presentations and the US Administration defence
attorney also speaking.

* Ken Bass - counsel to Phil Karn

This case concerned the export from the US of the floppy disc with Bruce
Schneier's 'Applied Cryptography' book. The case is based on 'free
speech' and 'due process' issues. Ken indicated that in following up
the case he  had discovered that US crypto export controls are on very
shaky ground because they based on the "Emergency Economic Powers Act"
which where the President has year-by-year powers to impose short-term
economic and trade sanctions. He argued that the repeated use of this
procedure was an abuse of these provisions which were not enacted for
such purposes.

This case had been going a long time - since 1995 - it has gone
thorough rulings and appeals; it has suffered delay when crypto control
moved from the State Dept to Commerce and when the original judge died.
It continues.

* Gino Scarselli - counsel to Peter Junger

This case is essentially a restraint-of-free-speech case whose central
issue challenges the claim of the EAR (Export Administration Regulations)
that posting source code on a Web page is in itself an act of export.
The code in question is a chapter in a book published on-line by Peter
Junger, a law professor.  A related free-speech issue is whether Junger
can teach this particular class when a non-US student is present. The
case has yet to be ruled on at the first (District) court level.

* Cindy Cohn, counsel to Dan Bernstein

This case is another challenge to the crypto export legislation, which
started in early 1995. Judge Patel's initial rulings established that
source code is speech for US legal purposes and potentially protected
under the First Amendment; she also ruled the ITAR regulations partly
unconstitutional in restricting the "speaking" of crypto source code.

Judge Patel issued a relatively narrow decision, affirming the rights of
Bernstein and others to export (make available) his source code, but not
necessarily removing export regulation.  The decision was further
narrowed after the Administration made an emergency motion, to affirm
only Bernstein's right to export the source code, pending review of the
entire judgement.

Cindy Cohn's presentation coincided with her recent congressional
testimony, available on the Web at:

* Tony Coppolino - counsel for US Department of Justice

Tony Coppolino has been the Administration counsel in all three of the
above cases. He started by saying that the "proper" place for challenges
to the substance, as opposed to particular implementation, of US crypto
policy is not the courts, but the political process.

He faulted Cohn's First Amendment analysis by saying no one was arguing
whether source code was speech; but that it has another characteristic
as well - that of being an "effective machine". It was the latter that
gave the government the right to regulate it. He also argued that
'unreasonableness' or 'illogically' were not grounds on which any
regulations can be overthrown - they have to be wildly or recklessly
unreasonable for this to succeed!

* Micheal Froomkin, Professor of Law, University of Miami

Froomkin gave a "futures' view of these legal challenges. The only
confident prediction he felt able to make was that the cases would go
all the way to the US Supreme Court!

Whichever way the decision fell, and at each stage of litigation, it
would be necessary to look not only at who had won or lost, but also
at how broad or narrow the decision was, and at whether it focussed
on the nature of the medium involved.

* Discussion -

This session evoked by far the most discussion.

There was a lively exchange on the characteristics of 'speech' and the
fact that speech is always capable of being a 'machine' or 'engine' in
evoking or provoking active events.  Stefek argued persuasively that
the primary function of source code was to convey ideas to other human
beings - it this was not the case we would write software directly in

It was also pointed out that the PGP transfer to Europe using paper
and high quality scanning had progressed this technology for source
code reconstruction to the point where there the control of source
code export would how require the banning of books. The response to
this was interesting in that most of the people present did not feel
that the export of books would be challenged.  Some, however, thought
that such technological developments might well lead down this path!


From here on this stuff is *** my opinion *** with no attempt to be
objective or balanced!

* Crypto Controls

It was clear that the 'stand off' between governments and their informed
citizens on crypto issues remain as big as ever. The US administration
is determined to continue with its stance even though the US informed
public roundly rejects its approach.

All groups representing the public, commerce and business were against
crypto controls and clearly wanted them removed.  No-one on this side
of the argument spoke for controls in order to provide for public safety
or security and, while the argument for such was understood, the general
view seemed to be:

* controls do not, and cannot, have the desired effect but
  impose great economic (and social) damage

* on balance the widespread deployment of cryptography would be
  positive for society - "cars kill but we do not ban cars as a
  result" was a quoted argument.

There seems to be a recognition within the US administration that export
controls are ineffective and unfair but there seems little if any
activity to find more effective or acceptable approaches.

* Key Escrow and Key Recovery

The US and UK governments are pushing Key Recovery despite unchallenged
concerns about its effectiveness when deployed in a form that meets
their needs.  Given the weaknesses it will introduce in terms of
national information protection (economic and industrial intelligence
gathering) this is surprising. Germany appears to be the one country in
Europe that has recognised this problem and set its crypto policy with
this in mind.

Probably the issue here is whether a particular Nation believes it gains
more from spying on other Nations than others do in spying on it. The
recent revelations about Echelon (which were referenced several times
at the Conference) have bought this issue home to a number of
non-English speaking European Nations in particular.  This is leading
to an increasing group of Nations who no longer support the US policy
line (note, however, that US Officials still claim support for their
policy). This situation was most in evidence in what Germany said at
the Conference but I have heard similar views expressed by representatives
of several other EU countries in recent months.  It is possible, therefore,
that the  balance of view in Europe is now shifting towards crypto
deployment rather than the continuation of crypto controls.  This is
certainly the tone of some recent EU Directives (although Nigel noted
moves in Europe in the opposite direction).

There was even a hint that France might be considering a softening of
its strong stance on crypto controls by seeking opinions of its
citizens on such matters - I never thought that I would live to see

    Brian Gladman, 20th June 1998