The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 11 Issue 44

Thursday 11 April 1991


o Re: U.S. Senate 266, Section 2201 (cryptographics)
Jerry Leichter
Douglas S. Rand
Ed Wright
Gary Greene
o Re: SB 266
Willis H. Ware
Bill Murray
o Info on RISKS (comp.risks)

re: U.S. Senate 266, Section 2201 (cryptographics)

Jerry Leichter <>
Thu, 11 Apr 91 09:32:49 EDT
In a recent RISKS, Bill Murray comments on this "sense of the Senate" that
would require providers of information transfer equipment and services to
ensure that the government, as authorized by law, could obtain clear-text
copies of any messages sent.  Murray comments that that this would require the
providers to leave "trap doors" in their systems, and that as a result it would
be impossible to ensure that others did not gain access to the trap doors.

In fact, this claim is false.  A system with the properties desired was
proposed several years ago as a replacement for DES, and is used (where DES was
never approved to begin with) for classified information.  In this system, the
government supplies the cryptographic "boxes" as sealed units; details of their
operation is not made public.  Keys are also provided only by the government.
The algorithm has the property that only a tiny fraction of the possible keys
actually work; using an "incorrect" key either produces nonsense, or produces
an encryption that is easily breakable.  Note that, while the algorithm used
may be kept secret, it is quite possible that even if it were known, the
following two problems would still be very difficult: Reversing an encryption
with an unknown, good key; finding the algorithm for generating good keys.  DES
appears to have properties somewhat like this: Text encrypted with a "good" key
- any but one of a small set of weak keys - is hard to decrypt (no one appears
to have broken DES in years of trying, except by brute force); and the method
used for constructing the particular S and P tables in DES and showing that
they are "safe" remains secret to this day, despite all details of DES itself
being public.

With a system of this sort, the government (read some central authority) has in
its hands a registry of all keys used, and can read whatever it wants.  This is
no different from, say, French law, which has always required that all users of
cryptographic equipment register design details AND KEYS USED with the

A database of this sort, if properly implemented, would be fairly small.  It
could be centrally maintained and NOT available on networks.  (In fact, ideally
it might even be kept on paper, not in a computer!)  No system of protection is
foolproof, but a constrained system like this could be made quite secure.
Whether we SHOULD accept such a system is a political and moral question, quite
apart from its feasibility.  I will point out, however, that the strongest
argument FOR such a system is that it doesn't take away any rights that anyone
has ever had in the past - it simply refuses to create a new right to
(essentially) absolutely secure storage of information.  (I'll also point out a
strong argument AGAINST: The genie is long out of the bottle on this one.
There are too many computers out there, with too much power, and too many
reasonably good, well-known cryptographic algorithms to prevent anyone who
really wants to keep data secure from doing so.  Sure, the algorithms available
to most people will probably fall quickly to a concerted attack by the NSA -
but how many such attacks can the government reasonably expect to mount?  This
is difficult, labor-intensive work by highly skilled people who are a scarce

BTW, the same issue is certain to come up in a different form - in fact, I'm
surprised it hasn't yet.  I work for BIGCORP, which provides me with a
workstation on which I store all my "work product".  To keep the data secure, I
encrypt it, using a key only I know.  Can BIGCORP demand that I tell them the
key?  They, of course, argue, that the data is THEIRS, not mine.  If I'm hit by
a truck tomorrow, they need to be able to get at their data without me.
(Further, though they probably won't say so in public, it's intolerable to them
that I hold so much power over them: If I demand a raise "or the data stays
encrypted", they are in big trouble.  Sure, they can sue me, but they are
unlikely ever to be able to recover what the lost data could cost them.)
                                                — Jerry

Re: U.S. Senate 266, Section 2201 (cryptographics)

Thu, 11 Apr 91 10:06:00 -0400
It seems to me that it is not in the national interest for manufacturers of
cryptographic gear to retain anything resembling a back door for themselves or
"appropriate use of law enforcement."  The existence of such a back door
renders the equipment useless for secure transmission as those organizations
and agencies which rely on secure transmission would have to rely on not just a
private key remaining secret but also a constant, i.e. the back door.

It is not even the case that the entire US government would be sanguine about
even other sections of the government being able to wiretap secure

And as W. H. Murray points out, there are definitely problems with violating
the constitutional guarantees against unreasonable search and seizure.

So any gear manufactured for Sec 2201 would, by default, be useless for any
serious user of such gear.  Maybe someone should tell the senate?

Douglas S. Rand, MITRE, Burlington Road, Bedford, MA    <>

Re: U.S. Senate 266, Section 2201 (Cryptographics)(Bill Murray)

Ed Wright <>
Thu, 11 Apr 91 10:28:45 PDT
> ensure that communications systems permit the government to obtain the plain
> text contents of voice, data, and other communications when appropriately
> authorized by law.

It is precisely because of provision for such government snooping that people
in Germany may not have extension phones. The analogy of the Secret Police
listening in the phone is a bit crude but not entirely farfetched.  Should this
bill pass, I wonder how long it will take for the whiplash, or if society will
still be able to produce whiplash.

Re: U.S. Senate 266, Section 2201 (cryptographics)

Gary Greene <>
Thu, 11 Apr 91 11:54:35 PDT
>The referenced language requires that manufacturers build trap-doors
>into all cryptographic equipment and that providers of cconfidential
>channels reserve to themselves, their agents, and assigns the ability to
>read all traffic.

...Stuff intimating that leaks of back-doors are likely deleted...
It is quite likely, so no argument.

>Is there anybody out there who would buy crypto gear or confidential services
>from vendors who were subject to such a law?

Given any choice in the matter, I likely would not.  I am not a drug dealer, but
still have some things (strictly legal) that are my business and nobody else's.
I may seem hypocritical to you in light of my comments below, but I see no

>David Kahn asserts that the sovereign always attempts to reserve the use of
>cryptography to himself.  Nonetheless, if this language were to be enacted into
>law, it would represent a major departure.  An earlier Senate went to great
>pains to assure itself that there were no trapdoors in the DES. Mr. Biden and
>Mr. DeConcini want to mandate them.  The historical justification of such
>reservation has been "national security;" just when that justification begins
>to wane, Mr. Biden wants to use "law enforcement."  Both justifications rest
>upon appeals to fear.

>In the United States the people, not the Congress, are sovereign; it should not
>be illegal for the people to have access tto communications that the government
>cannot read.  We should be free from unreasonable search and seizure; we should
>be free from self-incrimination.  The government already has powerful tools of
>investigation at its disposal; it has demonstrated precious little restraint in
>their use. < ...restatement deleted>

The problem I see in the above is what does the government do when there is
grounds for "reasonable" search or seizure.  And yes we should be free from
self-incrimination, but as I understand the term (and I'm a pointy-headed
liberal who worked for McGovern in '72 ...wonder how many of us are left who
admit to it?) this protection from self-incrimination extends to our being
forced to give testimony against ourselves.  Fifth Amendment does not give
blanket coverage to all our documents or uterances to third parties.
A search warrent or a wire tap must have means of entry to be enforceable,
or are you saying that all electronic data communications should be off
limits because they already can tap our phones and search our homes with an
appropriate warrent?  I can think of a few people in organized crime who would
promptly move ALL their data and communications to this media if this were
true.  The guarantees in the Bill of Rights never said nor have the courts
ever upheald, to my knowledge at least, any assertion that the government had
no right of search or seizure, nor have the courts ever upheld that the
people as a whole or individualy had a blanket right to communications which
the the government could not access during proper and reasonable process.

While any process is subject to abuse by self-rightious people under color of
office, and we can certainly point to many abuses in the past to our civil
liberties (and not just in recent times ...look at the Palmer raids under
Woodrow Wilson, and still earlier abuses throughout our history) I personally
find your assertion that the government "has demonstrated precious little
restraint" specious without supporting evidence.  What I would like to see in
your arguments is something more to the practical point of how we balance these
various rights against the daily value and practice of law enforcement.
Government should never be trusted blindly to protect our interests; that is
the central theory behind seperation of powers.  The problem with government in
a libertarian democracy is how do we protect ourselves while extending to
government the powers necessary for it to protect us from wolves.  As JFK
observed riding the tiger is often uncomfortable.

Gary Greene, Unisys/Convergent Technology, San Jose, California

SB 266 — MORE

"Willis H. Ware" <>
Thu, 11 Apr 91 15:46:45 PDT
Everything Bill Murray has raised about SB 266 is appropriate.  But do note
that the draft legislation says "It is the sense of Congress ...."  It's a
strange section in a way; Congress is simply stating its position on the
matter, not doing something about it.  SB 266 per se would take no action as
Bill has outlined, but it sets the stage for action later by someone else.

The more subtle and real RISK in SB 266 is that it opens the door for putting
such provisions into effect at other times.  Then the Washington pols can
claim: "It didn't happen on my shift."

Some time, some place, somebody — legislator or agency bureaucrat — will
propose an action under SB 266 [if this Section passes] that will be socially
acceptable and maybe even innocuous at the time.  Then another one will come
along, and maybe some ideas would not make it.  But the cumulative consequence
of all such indivdually small and individually socially acceptable actions will
be disasterous to the established traditions and mores of the country and its
basic structure.
                     Willis H. Ware

S. 266

Thu, 11 Apr 91 15:57 EDT
On re-reading S. 266, I find that I may have overstated my case a little.  If
this section were a stand-alone resolution of the Congress, then it is fairly
clear that it would not be binding upon anyone.  That is, the fact it is the
sense of the Congress that someone ought to do something, does not mean that
they must do so.  As a part of this bill the provision has great potential for
mischief, but it is still not clear that it would have the force of law.

William Hugh Murray, Executive Consultant, Information System Security
21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840
203 966 4769, WHMurray at DOCKMASTER.NCSC.MIL

Please report problems with the web pages to the maintainer