There are some interesting ways around government crypto restrictions. Ciphersaber [1] is designed so that you can memorize how to write a program to implement it. Bruce Schneier proposed Solitaire, [2] which is designed to be carried out with playing cards rather than on a computer. (Later, Paul Crowley discovered some weaknesses [3] in Solitaire.) Diceware [4] is a method of generating secure passphrases with (you guessed it) regular dice.

[1] http://ciphersaber.gurus.org/

[2] https://www.schneier.com/solitaire.html

[3] http://www.ciphergoth.org/crypto/solitaire/

[4] http://world.std.com/~reinhold/diceware.html

Am I reading this GPO link wrong or did that not make it in? Section 2804 here actually eliminates an enforced key escrow, so I don't know.

http://www.gpo.gov/fdsys/pkg/BILLS-106hr850rh/pdf/BILLS-106h...

The history here is non-intuitive; I'll try to explain it. I was living in DC during the Crypto Wars of the late 1990s and covering them as a reporter (I've since shifted to working on http://recent.io/, of course).

The SAFE Act as originally introduced in the House of Representatives was designed to be generally pro-crypto by relaxing export controls. But as it made its way through the various committees, the anti-crypto forces got their hands on it and turned it on its head. It became a ban-non-backdoored-crypto bill instead.

More precisely, in 1997, a House committee approved a ban on domestic encryption without backdoors for .gov access. Here's an excerpt from the amended anti-crypto version of the SAFE Act:

"After January 31, 2000, it shall be unlawful for any person to manufacture for distribution, distribute, or import encryption products intended for sale or use in the United States, unless that product [...] permits immediate decryption of the encrypted data..."

Here's how one of the anti-crypto politicos, Rep. Bill McCollum, who went on to be Florida's attorney general, justified it while debating the House Judiciary version of that bill:

"Because this bill will promote greater use of stronger encryption, law enforcement may not be able to gather evidence that it can use to investigate and prosecute cases. Imagine a situation where the police with a search warrant seize the computer of a terrorist but cannot decrypt the list of people and places that he intends to strike next. Or the situation where the police seize the computer of a purveyor of child pornography but cannot decrypt the files to download the images to prosecute him." http://www.techlawjournal.com/cong106/encrypt/19990324mcc.ht...

So yes, you're right that sec. 2804 in one version of SAFE eliminates mandated key escrow. But other versions, including the one approved by that House committee in 1997, went exactly in the opposite direction.

> Imagine a situation where the police with a search warrant seize the computer of a terrorist but cannot decrypt the list of people and places that he intends to strike next.

Imagine a situation where a corrupt totalitarian government decrypts and monitors all traffic in the name of terrorism and then uses that information against anybody that gets out of line.

We can play the imagination game all day. I like how it's always terrorists and child pornographers.

I love it how every time something like this comes up for discussion the reasons why we need this are trotted out and invariable those are 'terrorists and child pornographers'.

And then those ignore the law and everybody else has to live with the consequences.

I agree that this is non-intuitive, and we've arrived at another time in DC when time has looped back on itself, and wars have to be re-fought.

Your site, http://politechbot.com/, was one go-to source for information during the last crypto war. These days I could consult the EFF, EPIC or the ACLU, but I wonder if there's a place again for a cypherpunk-ish focus on DC policy, or if you've found sources covering the current policy with a politech-like mindset.

In either case, thanks for all those years of good reading.

<ipsin>: Thanks for your kind words! I've felt the urge to restart/resume the Politech mailing list a few times in the last few years but haven't been able to dedicate the time such an effort deserves. Also it works better if moderated by a practicing journalist, I think.

The short answer is I don't think there is such a source. EFF has good action alerts and blog posts (even if I may occasionally disagree with some of their legislative endorsements). EPIC and the ACLU are often more DC-centric, and Marc (who runs EPIC) is essentially an anti-cypherpunk in his views about the private sector.

Among advocacy groups, TechFreedom.org is a relatively new entrant with free-market, liberalize-crypto views. But Berin, who runs it, is a lawyer, not a technologist, and is spending a lot of time on topics like Net neutrality and telecom regulation nowadays.

If anyone is thinking of starting such a source of information with a cypherpunk-ish/politech-like focus on DC policy, I'd be happy to offer some advice, tips, and introductions.

Cheers.

If I could make a suggestion, I think this kind of history belongs with the bill text on a blog post; providing the 1997 version without commentary caused a bit of confusion.

It felt a wee bit misleading/alarmist because that text - again as far as I can tell, given the text of the later version that was approved - never actually made it into the final version. As presented it makes it seem like that's the law as it stands today.

Section 2804 refers to products manufactured and used in the US. But section 2803 is pretty clear:

"New section 2803 will make it unlawful after January 31, 2000, to sell in interstate or foreign commerce any encryption product that does not provide duly authorized persons an immediate access to plaintext capability, or immediate decryption capability."

and

"Sec. 2803. Unlawful sale of encryption

Whoever, after January 31, 2000, sells in interstate or foreign commerce any encryption product that does not include features or functions permitting duly authorized persons immediate access to plaintext or immediate decryption capabilities shall be imprisoned for not more than 5 years, fined under this title, or both."

I don't know what this document is, or what it's relevance is, but that was my reading.

The document seemed to be a report (suggestion) to alter the SAFE Act to include those provisions.

The GPO link I shared doesn't list those recommendations so it looked like they didn't make it in to the final draft. So I'm not sure what the purpose of the original linked document is either.I've edited my original comment to make it clear since it was ambiguous as to what I may have been "reading wrong".

Ah I see. Thanks! I guess one take away from this document is that there have been attempts to limit the availability of encryption for at least 20 years. But I think that's relatively well known.

This might be a bit of a stretch, but if you were to send in plain text just something meta-ish like datetime and the actual message would be sent as image for example, could we get around this?

E.g. when your-favorite-three-letter-agency comes asking for decryption you just decrypt the plaintext portion for them?

You still are thinking about technological measures where a vehement political response is needed.

In long run, you can't keep running and hiding. You stand up and stand your ground.

The GPO link is from the 106th Congress. The original link was from the 105th.

The short version: Get it (encryption software) while you can.

I can't imagine anyone'll be able to keep encryption software out of people's hands, even if it gets as dire as requiring fallback to sneakernet.

"Oh, they taught us encryption in school... and for free, on the Internet."

"Never do anything against conscience even if the state demands it." --Einstein

The benefit of hindsight, eh, Einstein?

The first statute you're quoting, 47 USC 1002, was part of the 1994 CALEA legislation. A basic principle of legal interpretation is that newer laws trump old ones if that is clearly the legislative intent.

So if the 1997 ban-strong-crypto bill had been enacted, it would have overriden that portion of CALEA -- effectively repealing it -- to the extent it was in conflict.

Put another way, if Congress has the power to say X one year, they typically have the power to say not(X) the next year.

It would be interesting to see what a crypto ban would do if it were to override CALEA and the Stored Communications Act. Where a key escrow solution was previously required, a sudden ban on encryption would do what - force the companies to change key sizes? Since companies are already required to give plaintext access to communications and records (if they provide the security themselves), what difference would a crypto-ban really achieve other than removing the companies in question from knowing which records law enforcement sought to access?

Well, there is no U.S. law requiring key escrow. There are a very few laws that impose escrow-like requirements on some sectors. If you're a financial services firm you may be required to monitor employees' email, which makes some forms of encryption tricky. And even the CALEA excerpt you quoted above authorizes telecom carriers to provide secure end-to-end crypto (they wouldn't have "the information necessary to decrypt the communication"). CALEA doesn't apply to the tech firms HN knows and loves; they're not telecom carriers, a term of art.

But putting all that aside for the moment, banning crypto without backdoors would, at a minimum, create real difficulties for U.S. companies and require many open source/free software projects to move overseas. It would also make felons of many HN readers. That's no exaggeration; an ex-Mozilla fellow now building the crypton.io framework wrote to me this evening saying: "That bill would have made my work criminal." https://twitter.com/deezthugs/status/556678844120576000

To be clear, I don't believe the FBI|NSA|DOJ|DEA|DHS|CIA|etc. cadre of TLAs are pushing for a ban on domestic crypto now. But they tend to take the long view. Look very carefully at what is eventually proposed. Is it a ban on whole-disk encryption without backdoors? Would it extend to PCs? What about open source projects and AOSP? Would mere possession of non-backdoored crypto be a crime, or distribution, or commercial sale? Etc.

I view a lot of this as the Feds trying to pressure Apple and Google into adopting an escrowed solution for encrypted devices -- without actually enacting a law. Laws are public, subject to legal challenge (a federal appeals court in the Junger case held there are 1A issues involved in a crypto ban), and tend not to make it through Congress very quickly. But extralegal pressure can be applied in secret, is not subject to legal challenge, and can happen much sooner.

HN threads in the past have discussed some of these extralegal pressures that can be brought to bear. Multi-billion dollar .gov contracts are a big one too.

Thank you for the informative post.

By letter of the law, CALEA does not require key escrow. Do you believe that in practice along with extralegal pressure in the manner described above, that CALEA and associated laws amount to near ubiquitous key escrow?

Nope. I think the opposite, in fact. But it's late in the SF area, and it's time for me to go to sleep. Happy to resume this in the morning.

Cheers for good sleep!

Do you believe that the USG can get access to nearly any telecommunication record in close to real time for emergencies if it needs it, and to nearly any telecommunication record history up to some amount of time later for investigations? If you do not, could you defend this belief - it runs counter to conventional wisdom.

Presuming you do believe that access to telecommunication records can be made post hoc and/or on demand: do you believe this is because of weak crypto (KASUMI, A/5, etc) or because there is no encryption for there to be escrowed for large or critical parts of the infrastructure? Or is it something else?

There are too many questions here crossing too many areas of the law to answer in an HN comment; some of the language you're using includes legal terms of art where the meaning is not necessarily intuitive. A blog post would be more suitable and I can't take that much time away from my work on http://recent.io/

But briefly: You should assume, as I've written in many places in the past, that your records in the hands of the AT&T/VZ/etc. phone companies can easily be accessed by TLAs. The NSA itself brags of a surveillance "partnership" with those companies, as I wrote in this CNET piece: http://www.cnet.com/news/surveillance-partnership-between-ns... In those cases, crypto has little to do with it.

In this HN comment yesterday, I wrote here about some of the privacy differences between our favorite Silicon Valley companies and AT&T/VZ/etc.: https://news.ycombinator.com/item?id=8902638

Thanks. From what I can tell you agree with:

> there is no encryption for there to be escrowed for large or critical parts of the infrastructure

That is to say that TLAs get access to records before encryption is ever applied to them (I would tend to agree with this) thus obviating the need for escrow. Laws requiring key escrow, then, become red herrings to the larger discussion about the legality of access.

I personally would classify 'partnerships' under extralegal pressure. Under this interpretation you do seem to agree with the GP comment - though I would understand if one were to argue that for some important semantic reason I asked the question with the wrong word. I would probably agree that 'partnerships' are only a strict subset and not synonyms for extralegal pressure.

It does appear that there are partnerships with some digital corporations and that PRISM is a program for corporations that resist 'partnered' access to records. Given the history of telecoms and their development of partnerships, current development of partnerships in our industry and known applications of extralegal pressure in our industry, we ought to be especially watchful.

Briefly: There has been plenty of misreporting about PRISM. I tried to correct some of that in 2013 here: http://www.cnet.com/news/no-evidence-of-nsas-direct-access-t... (Note the Washington Post backed away from their initial claims and rewrote its original PRISM story.)

Thank you again for your reply. I am aware of the confusion regarding PRISM and its 'vernacular' use to encompass the activities from other disclosed programs in addition to confusion about its particular details.

In your haste I'm afraid you may have drafted a response that is not on the topic of its parent, though this is okay since it appears the conversation found a natural and agreeable conclusion.

Bernstein v. United States[1] maybe?

[1] https://en.wikipedia.org/wiki/Bernstein_v._United_States

and Junger v.Daley

http://en.wikipedia.org/wiki/Junger_v._Daley

http://www.jstor.org/discover/10.2307/1342657?sid=2110509888...

This is the big one.

The late Peter Junger, who brought this case, was a principled civil libertarian and law professor who deserves to be remembered for dealing the final blow to the federal government's anti-encryption regime. He was the first person to secure a precedential court decision that said this:

"Because computer source code is an expressive means for the exchange of information and ideas about computer programming, we hold that it is protected by the First Amendment." http://caselaw.findlaw.com/us-6th-circuit/1074126.html (The 9th Circuit in _Bernstein_ didn't go that far, despite valiant efforts by EFF, as I recall it.)

Peter was a computer tinkerer as well as a lawyer. He once did me the favor of speaking to a class I taught at Case Western, and, in addition to discussing his own encryption case, talked about setting up a mail server --I recall the school let him place a colo'd box in one of their server rooms because he was an emeritus. He also wrote an article called "You Can't Patent Software: Patenting Software Is Wrong": http://samsara-blog.blogspot.com/

TLDR: One big reason why we haven't seen a proposed US law restricting mobile device encryption today is because of what Peter Junger did in the 1990s.

Thanks, all

> Something like 9-11 happens and we blame our national security officials. Something like the Boston Marathon happens and we do the same.

Lots of people might, but a lot of the younger generation most certainly doesn't - these are black swan events. Given that they don't happen more often, I'd say the Government have more than enough power - you can't stop 100% of terrorism, just like you can't stop 100% of crime.

> We should have a very high threshold for using these communications against people, and making sure they can only be used for matters of the people's security.

We already have laws which empower the Government with additional powers in cases of "national security". The result? Suddenly, drug busts are national security.

Now, that's not to say the Government should not have some well-thought-out powers to combat terrorism if they actually need them. What they have now, and what you are proposing, is not well-thought-out.

I am baffled as to why you think a criminal or terrorist would follow the rules set forth by the US Congress and not use unbreakable encryption in their communications. The only people that would be successfully watched would be law-abiding engineers of products and law-abiding users of those products.

Certainly having the ability to read all messages is not built with the intention that we will find a message from the chief of ISIS emailing his top generals.

As a strategist, to disintegrate/infiltrate any terrorist cell, you will not begin from the top and work your way down.

Every organization is more fragile at the bottom, hence you can expect someone will make the mistake of using the system and leaking information, allowing national security officials to work their way up from there.

So your theory is that we should all be spied on in the off chance some of the low-hanging fruit in a hypothetical criminal organization simply makes a mistake or goofs up enough to put it in the officials lap.

Working off that theory, why not just not spy on millions of innocent civilians and let the criminal bunglers bungle anyway?

> At the same time we are asking for the government to protect us.

Speak for yourself.