EFF Analysis of Vice-President Gore's Letter on Cryptography Policy ------------------------------------------------------------------- July 22, 1994 Two days ago, Vice-President Al Gore signaled a major setback in the Administration's Clipper program, and a willingness to engage in serious negotiations leading to a comprehensive new policy on digital privacy and security. Many questions remain about the future, but one thing is certain: Clipper is a dead end, and those of us who are concerned about digital privacy have won a new opportunity to shape a better policy. The Vice-President's letter to Rep. Maria Cantwell (D-WA) made it clear that while Clipper might have a small place in the telephone security market, it has no future in the digital world. "...[T]he Clipper Chip is an approved federal standard for telephone communications and not for computer networks and video networks. For that reason, we are working with industry to investigate other technologies for those applications.... We welcome the opportunity to work with industry to design a more versatile, less expensive system. Such a key escrow system would be implementable in software, firmware, hardware, or any combination thereof, would not rely upon a classified algorithm, would be voluntary, and would be exportable." Clipper does not meet most of these criteria, so, according to the Vice- President, it is a dead end. END OF THE LINE FOR CLIPPER -- LONG-RUN EFFORT TO DRIVE MARKET WILL FAIL The premise of the Clipper program was that the government could drive the market toward use of encryption products which incorporated government-based key escrow agents. A series of subtle and not so subtle government actions would encourage private citizens to use this technology, thus preserving law enforcement access to encrypted communications. Clipper was originally announced as the first element of a family of hardware-based, government key escrow encryption devices that would meet security needs for both voice and data communications on into the future. Clipper itself was purely a voice and low-speed data product, but other members of the Skipjack family, including Tessera and Capstone, were to be compatible with Clipper and were intended to lead the way from escrowed encryption in voice to escrowed encryption for data. Plans are already announced, in fact, to use Tessera and Capstone in large government email networks. At the time, the hope was that government use of this technology would push private sector users toward key escrow systems as well. Now, the announcement that the Administration is re-thinking plans for data encryption standards leaves Clipper a stranded technology. No one wants to buy, or worse yet, standardize on, technology which has no upgrade path. As a long-run effort to force the market toward government-escrowed encryption standards, Clipper is a failure. WE STILL MUST WORK FOR VOLUNTARY, OPEN, EXPORTABLE STANDARDS The fight for privacy and security in digital media is by no means over. Though the Administration has backed away from Clipper, and expressed willingness to talk about other solutions, we are pursuing serious progress on the following issues: * Improved telephone encryption standards For the reasons listed by the Vice-President, in addition to the inherent problems of making copies of all your keys available, Clipper is a poor choice for telephone encryption. Industry should develop a standard for truly secure and private telephones, make them available from multiple manufacturers worldwide, and make them interoperate securely with audio conferencing software on multimedia PC's. * Truly voluntary standards Any cryptographic standard adopted by the government for private sector use must be truly voluntary. Voluntary means, to us, that there are statutory guarantees that no citizen will be required or pressured into using the standard for communications with the government, or with others. No government benefits, services, or programs should be conditioned on use of a particular standard, especially if it involves government or private key escrow. * Open standards Standards chosen must be developed in an open, public process, free from classified algorithms. The worldwide independent technical community must be able to create and evaluate draft standards, without restriction or government interference, and without any limits on full participation by the international cryptographic community. * No government escrow systems Any civilian encryption standard which involves government getting copies of all the keys poses grave threats to privacy and civil liberties, and is not acceptable in a free society. * Liberalization of export controls Lifting export controls on cryptography will make the benefits of strong cryptography widely available to our own citizens. U.S. hardware, software and consumer electronics manufacturers will build encryption into affordable products once they are given access to a global marketplace. Today's widespread availability of "raw" cryptographic technology both inside and outside the United States shows that the technology will always be available to "bad guys". The real question is whether our policies will allow encryption to be built into the fabric of our national and international infrastructure, to provide significantly increased individual privacy, improved financial privacy, increased financial security, enhanced freedom of association, increased individual control over identity, improved security and integrity of documents, contracts, and licenses, reduced fraud and counterfeiting, the creation of significant new markets for buying and selling of intellectual property, and a lessened ability to detect and prosecute victimless crimes. These benefits are not free, however. EFF does recognize that new communications technologies pose real challenges to the work of law enforcement. Just as the automobile, the airplane, and even the telephone created new opportunities for criminal activity, and new difficulties for law enforcement, encryption technology will certainly require changes in traditional investigative techniques. We also recognize that encryption will prevent many of the online crimes that will likely occur without it. We further believe that these technologies will create new investigative tools for law enforcement, even as they obsolete old ones. Entering this new environment, private industry, law enforcement, and private citizens must work together to balance the requirements of both liberty and security. Finally, the export controls used today to attempt to control this technology are probably not Constitutional under the First Amendment; if the problems of uncontrolled export are too great, a means of control must be found which does not restrict free expression. CONGRESSIONAL LEADERSHIP TOWARD COMPREHENSIVE POLICY FRAMEWORK IS CRITICAL The efforts of Congresswoman Maria Cantwell, Senator Patrick Leahy, and other members of Congress, show that comprehensive policies on privacy, security and competitiveness in digital communication technologies can only be achieved with the active involvement of Congress. Unilateral policy efforts by the Executive branch, such as Clipper and misguided export control policies, will not serve the broad interests of American citizens and businesses. So, we are pleased to see that the Vice-President has pledged to work with the Congress and the private sector in shaping a forward-looking policy. We see the Vice-President's letter to Congresswoman Cantwell as an important opening for dialogue on these issues. The principles of voluntariness and open standards announced in the Vice- President's letter, as well as those mentioned here, must be incorporated into legislation. We believe that under the leadership of Senator Leahy, Reps. Cantwell, Valentine, Brooks and others, this will be possible in the next congress. EFF is eager to work with the Congress, the Administration, along with other private sector organizations to help formulate a new policy. EFF is also pleased to be part of the team of grass roots activism, industry lobbying, and public interest advocacy which has yielded real progress on these issues. FOR MORE INFORMATION CONTACT: Jerry Berman, Executive Director Daniel J. Weitzner, Deputy Policy Director For the full text of the Gore/Cantwell letter, see: ftp.eff.org, /pub/Alerts/gore_clipper_retreat_cantwell_072094.letter gopher.eff.org, 1/Alerts, gore_clipper_retreat_cantwell_072094.letter http://www.eff.org/pub/Alerts/gore_clipper_retreat_cantwell_072094.letter