by John Perry Barlow email@example.com
Reprinted from Communications of the ACM, June 1992
by permission of the author
"A little sunlight is the best disinfectant." --Justice Louis Brandeis
Over a year ago, in a condition of giddier innocence than I enjoy today, I wrote the following about the discovery of Cyberspace:
"Imagine discovering a continent so vast that it may have no other side. Imagine a new world with more resources than all our future greed might exhaust, more opportunities than there will ever be entrepreneurs enough to exploit, and a peculiar kind of real estate which expands with development."
One less felicitous feature of this terrain which I hadn't noticed then is what seems to be a long-encamped and immense army of occupation.
This army represents interests which are difficult to define, guards the area against unidentified enemies, meticulously observes almost every activity undertaken there, and continuously prevents most who inhabit its domain from drawing any blinds against such observation.
Imagining this force won't require from you the inventive powers of a William Gibson. The American Occupation Army of Cyberspace exists. Its name is the National Security Agency.
It may be argued that this peculiar institution inhibits free trade, has directly damaged American competitiveness, and poses a threat to liberty anywhere people communicate with electrons. It's principal function, as miff colleague John Gilmore puts it, is "wire-tapping the world," which it is free to do without a warrant from any judge.
It is legally constrained from domestic surveillance, but precious few people are in a good position to watch what, how, or whom the NSA watches. And those who are tend to be temperamentally sympathetic to its objectives and methods. They like power, and power understands the importance of keeping it own secrets and learning everyone else's.
Whether it is meticulously ignoring every American byte or not, the NSA is certainly pursuing policies which will render our domestic affairs transparent to anyone who can afford big digital hardware. Such policies could have profound consequences on our liberty and privacy.
More to point, the role of the NSA in the area of domestic privacy needs to be assessed in the light of other recent federal initiatives which seem directly aimed at permanently denying privacy to the inhabitants of Cyberspace, whether foreign or American.
Like most Americans I'd never given much thought to the NSA until recently. (Indeed its very existence was a secret for much of my life. Beltway types used to joke that NSA stood for "No Such Agency.")
I vaguely knew that it was another of the 12 or so shadowy federal spook houses which were erected shortly after the Iron Curtain with the purpose of stopping its further advance. It derives entirely from a memorandum sent by Harry Truman on October 24, 1952 to Secretary of State Dean Acheson and Defense Secretary Robert Lovatt. This memo, the official secrecy of which remained unpenetrated for almost 40 years, created the NSA, placed it under the authority of the Secretary of Defense, and charged it with monitoring and decoding any signal transmission relevant to the security of the United States.
Even after I started noticing the NSA, my natural immunity to paranoia combined with a general belief in the incompetence of all bureaucracies... especially those whose inefficiencies are unmolested by public scrutiny... to mute any sense of alarm. But this was before I began to understand the subterranean battles raging over data encryption and the NSA's role in them. Lately, I'm less sanguine.
In fact, we already have a strong-sounding federal law protecting our electronic privacy, the Electronic Communications Privacy Act or ECPA. But this law has not particular effective in those areas were electronic eavesdropping is technically easy. This is especially true in the area of cellular phone conversations, which, under the current analog transmission standard, are easily accessible to anyone from the FBI to you.
The degree of law enforcement apprehension over secure cellular encryption provides mute evidence of how seriously they've been taking ECPA. They are moving on a variety of fronts to see that robust electronic privacy protection systems don't become generally available to the public. Indeed, the current administration may be so determined to achieve this end that they may be willing to paralyze progress in America's most promising technologies rather than yield on it.
Push is coming to shove in two areas of communications technology: digital transmission of heretofore analog signals and the encryption of transmitted data.
As the communications service providers move to packet switching, fiber optic transmission lines, digital wireless, ISDN and other advanced techniques, what have been discrete channels of continuous electrical impulses, voices audible to anyone with alligator clips on the right wires, are now becoming chaotic blasts of data packets, readily intelligible only to the sender and receiver. This development effectively forecloses traditional wire-tapping techniques, even as it provides new and different opportunities for electronic surveillance.
The provision raised wide-spread concern in the computer community, which was better equipped to understand its implications than the general public, and in August of last year, the Electronic Frontier Foundation, in cooperation with Computer Professionals for Social Responsibility and other industry groups, successfully lobbied to have it removed from the bill.
Our celebration was restrained. We knew we hadn't seen the last of it. For one thing, the movement to digital communications does create some serious obstacles to traditional wire-tapping procedures. I fully expected that law enforcement would be back with new proposals, which I hoped might be ones we could support. But what I didn't understand then, and am only now beginning to appreciate, was the extent to which this issue had already been engaged by the NSA in the obscure area of export controls over data encryption algorithms.
Encryption algorithms, despite their purely defensive characteristics, have been regarded by the government of this country as weapons of war for many years. If they are to be employed for privacy (as opposed to authentication) and they are any good at all, their export is licensed under State Department's International Traffic in Arms Regulations or ITAR.
Aside for marveling at the silliness of trying to embargo algorithms, a practice about as practicable as restricting the export of wind, I didn't pay much attention to the implications of NSA encryption policies until February of this year. It was then that I learned about the deliberations of an obscure group of cellular industry representatives called the Ad Hoc Authentication Task Force, TR45.3 and of the influence which the NSA has apparently exercised over their findings.
In the stately fashion characteristic of standard-setting bodies, this group has been working for several years on a standard for digital cellular transmission, authentication, and privacy protection to be known by the characteristically whimsical telco moniker IS-54B.
In February they met near Giants Stadium in East Rutherford, NJ. At that meeting, they recommended, and agreed not to publish, an encryption scheme for American-made digital cellular systems which many sophisticated observers believe to be intentionally vulnerable. It was further thought by many observers that this "dumbing down" had been done indirect cooperation with the NSA.
Given the secret nature of the new algorithm, its actual merits were difficult to assess. But many cryptologists believe there is enough in the published portions of the standard to confirm that it isn't any good.
One cryptographic expert, one of two I spoke with who asked not to be identified lest the NSA take reprisals against his company, said:
"The voice privacy scheme, as opposed to the authentication scheme, is pitifully easy to break. It involves the generation of two "voice privacy masks" each 260 bits long. They are generated as a byproduct of the authentication algorithm and remain fixed for the duration of a call. The voice privacy masks are exclusive_ORed with each frame of data from the vocoder at the transmitter. The receiver XORs the same mask with the incoming data frame to recover the original plain text. Anyone familiar with the fundamentals of cryptanalysis can easily see how weak this scheme is."
And indeed, Whitfield Diffie, co-inventor of Public Key cryptography and arguably the dean of this obscure field, told me this about the fixed masks:
"Given that description of the encryption process, there is no need for the opponents to know how the masks were generated. Routine cryptanalytic operations will quickly determine the masks and remove them.''
"It is the belief of the majority of the Ad Hoc Group, based on our current understanding of the export requirements, that a published algorithm would facilitate the cracking of the algorithm to the extent that its fundamental purpose is defeated or compromised."(Italics added.)
Now this is a weird paragraph any way you parse it, but its most singular quality is the sudden, incongruous appearance of export requirements in a paragraph otherwise devoted to algorithmic integrity. In fact, this paragraph is itself code, the plain text of which goes something like this: "We're adopting this algorithm because, if we don't, the NSA will slam an export embargo on all domestically manufactured digital cellular phones."
Obviously, the cellular phone systems manufacturers and providers are not going to produce one model for overseas sale and another for domestic production. Thus, a primary effect of NSA-driven efforts to deny some unnamed foreign enemy secure cellular communications is on domestic security. The wireless channels available to private Americans will be cloaked in a mathematical veil so thin that, as one crypto-expert put it, "Any county sheriff with the right PC-based black box will be able to monitor your cellular conversations."
When I heard him say that, it suddenly became clear to me that, whether consciously undertaken with that goal or not, the most important result of the NSA's encryption embargoes has been the future convenience of domestic law enforcement. Thanks to NSA export policies, they will be assured that, as more Americans protect their privacy with encryption, it will be of a sort easily penetrated by authority.
I find it increasingly hard to imagine this is not their real objective as well. Surely, they must be aware of how ineffectual their efforts have been in keeping good encryption out of inimical military possession. An algorithm is somewhat less easily stopped at the border than, say, a nuclear reactor. As William Neukom, head of Microsoft Legal puts it, "The notion that you can control this technology is comical."
I became further persuaded that this was the case upon hearing, from a couple of sources, that the Russians have been using the possibly uncrackable (and American) RSA algorithm in their missile launch codes for the last ten years and that, for as little as five bucks, one can get a software package called Crypto II on the streets of Saint Petersburg which includes both RSA and DES encryption systems.
Nevertheless, the NSA has been willing to cost American business a lot of revenue rather than allow domestic products with strong encryption into the global market.
With hardware, the job has been easier. NSA levied against the inclusion of a DES chip in the AS/390 series IBM mainframes in late 1990 despite the fact that, by this time, DES was in widespread use around the world, including semi-official adoption by our official enemy, the USSR.
I now realize that Soviets have not been the NSA's main concern at any time lately. Naively hoping that, with the collapse of the Evil Empire, the NSA might be out of work, I then learned that, given their own vigorous crypto systems and their long use of some embargoed products, the Russians could not have been the threat from whom this forbidden knowledge was to be kept. Who has the enemy been then? I started to ask around.
Cited again and again as the real object of the embargoes were Third-World countries. terrorists and... criminals. Criminals, most generally drug-flavored, kept coming up, and nobody seemed terribly concerned that some of their operations might be located in areas supposedly off-limits to NSA scrutiny.
Presumably the NSA is restricted from conducting American surveillance by both the Foreign Intelligence Surveillance Act of 1978 (FISA) and a series of presidential directives, beginning with one issued by President Ford following Richard Nixon's bold misuse of the NSA, in which he explicitly directed the NSA to conduct widespread domestic surveillance of political dissidents and drug users.
Certainly in the case of the digital cellular standard, cultural congruity between foreign intelligence, domestic law enforcement, and what somebody referred to as "spook wannabes on the TR45.3 committee" might have a lot more to do with the its eventual flavor than any actual whisperings along the Potomac.
Unable to get anyone presently employed by the NSA to comment on this or any other matter and with little opportunity to assess the NSA's congeniality toward domestic law enforcement from the inside, I approached a couple of old hands for a highly distilled sample of intelligence culture.
I called Admirals Stansfield Turner and Bobby Ray Inman. Not only had their Carter administration positions as, respectively, CIA and NSA Directors, endowed them with considerable experience in such matters, both are generally regarded to be somewhat more sensitive to the limits of democratic power than their successors. None of whom seemed likely to return my calls anyway.
My phone conversations with Turner and Inman were amiable enough, but they didn't ease my gathering sense that the NSA takes an active interest in areas which are supposedly beyond its authorized field of scrutiny.
Turner started out by saying he was in no position to confirm or deny any suspicions about direct NSA-FBI cooperation on encryption, but he didn't think I was being exactly irrational in raising the question. In fact, he genially encouraged me to investigate the matter further.
Most alarmingly, this gentleman who has written eloquently on the hazards of surveillance in a democracy did not seem terribly concerned that our digital shelters are being rendered permanently translucent by and to the government.
He said, "A threat could develop...terrorism, narcotics, whatever...where the public would be pleased that all electronic traffic was open to decryption. You can't legislate something which forecloses the possibility of meeting that kind of emergency."
Admiral Inman had even more enthusiasm for assertive governmental supervision. Although he admitted no real knowledge of the events behind the new cellular encryption standard, he wasn't the least disturbed to hear that it might be flawed.
And, despite the fact that his responsibilities as NSA Director had been restricted to foreign intelligence, he seemed a lot more comfortable talking about threats on the home front.
"The Department of Justice," he began, "has a very legitimate worry. The major weapon against white collar crime has been the court-ordered wiretap. If the criminal elements go to using a high quality cipher, the principal defense against narcotics traffic is gone." This didn't sound like a guy who, were he still head of NSA, would rebuff FBI attempts to get a little help from his agency.
He brushed off my concerns about the weakness of the cellular encryption standard. "If all you're seeking is personal privacy, you can get that with a very minimal amount of encipherment."
Well, I wondered, Privacy from whom?
And he seemed to regard real, virile encryption to be something rather like a Saturday Night Special. "My answer," he said, "would be legislation which would make it a criminal offense to use encrypted communication to conceal criminal activity."
Wouldn't that render all encrypted traffic automatically suspect? I asked.
You can have my encryption algorithm, I thought to myself, when you pry my cold dead fingers from its private key.
It wasn't a big sample, but it was enough to gain a better appreciation of the cultural climate of the intelligence community. And these guys are the liberals. What legal efficiencies might their Republican successors be willing to employ to protect the American Way?
Without the comfortably familiar presence of the Soviets to hate and fear, we can expect to see a sharp increase in over-rated bogeymen and virtual states of emergency. This is already well under way. I think we can expect our drifting and confused hardliners to burn the Reichstag repeatedly until they have managed to extract from our induced alarm the sort of government which makes them feel safe.
This process has been under way for some time. One sees it in the war on terrorism, against which pursuit "no liberty is absolute," as Admiral Turner put it. This, despite the fact that, during last year for which I have a solid figure, 1987, only 7 Americans succumbed to terrorism.
You can also see it clearly under way in the War on Some Drugs. The Fourth Amendment to the Constitution has largely disappeared in this civil war. And among the people I spoke with, it seemed a common canon that drugs (by which one does not mean Jim Beam, Marlboros, Folger's, or Halcion) were a sufficient evil to merit the government's holding any more keys it felt the need for.
One individual close to the committee said that at least some of the aforementioned "spook wannabes" on the committee were "interested in weak cellular encryption because they considered warrants not to be "practical" when it came to pursuing drug dealers and other criminals using cellular phones."
In a miscellaneously fearful America, where the people cry for shorter chains and smaller cages, such privileges as secure personal communications are increasingly regarded as expendable luxuries. As Whitfield Diffie put it, "From the consistent way in which Americans seem to put security ahead of freedom, I rather fear that most of them would prefer that all electronic traffic was open to government decryption right now if they had given it any thought."
In any event, while I found no proof of an NSA-FBI conspiracy to gut the American cellular phone encryption standard, it seemed clear to me that none was needed. The same results can be delivered by a cultural "auto-conspiracy" between like-minded hardliners and cellular companies who will care about privacy only when their customers do.
As Ron Rivest (the "R" in RSA) said to me, "We have the largest information based economy in the world. We have lots of reasons for wanting to protect information, and weakening our encryption systems for the convenience of law enforcement doesn't serve the national interest."
But by early March, it had become clear that this supposedly business- oriented administration had made a clear choice to favor cops over commerce even if the costs to the American economy were to become extremely high.
A sense of White House seriousness in this regard could be taken from their response to the first serious effort by Congress to bring the NSA to task for its encryption embargoes. Rep. Mel Levine (D-Calif.) proposed an amendment to the Export Administration Act to transfer mass market software controls to the Commerce Department, which would relax the rules. The administration responded by saying that they would veto the entire bill if the Levine amendment remained attached to it.
Even though it appeared the NSA had little to fear from Congress, the Levine amendment may have been part of what placed the agency in a bargaining mood for the first time. They entered into discussions with the Software Publishers Association who, acting primarily on behalf of Microsoft and Lotus, got to them to agree "in principle" to a streamlined process for export licensing of encryption which might provide for more robust standards than have been allowed previously.
Furthermore, some cryptographers worried that the encryption key lengths to which the SPA appeared willing to restrict its member publishers might be too short to provide much defense against the sorts of brute-force decryption assaults which advances in processor technology will yield in the fairly near future. And brute force has always been the NSA's strong suit.
But the economic damage which the NSA-SPA agreement might cause would be minor compared to what would result from a startling new federal initiative, the Department of Justice's proposed legislation on digital telephony. If you're wondering what happened to the snooping provisions which were in Senate Bill 266, look no further. They're back. And they're bigger and bolder than ever.
They are contained in a sweeping proposal which have been made by the Justice Department to the Senate Commerce Committee for legislation which would "require providers of electronic communications services and private branch exchanges to ensure that the Government's ability to lawfully intercept communications is unimpeded by the introduction of advanced digital telecommunications technology or any other telecommunications technology."
It gets worse. The initiative also provides that, if requested by the Attorney General, "any Commission proceeding concerning regulations, standards or registrations issued or to be issued under authority of this section shall be closed to the public." This essentially places the Attorney General in a position to shut down any telecommunications advance without benefit of public hearing.
Taken together with NSA's continued assertion of its authority over encryption, a pattern becomes clear. The government of the United States is so determined to maintain law enforcement's traditional wire-tapping abilities in the digital age that it is willing to fundamentally cripple the American economy to do so. This may sound hyperbolic, but I believe it is not.
The greatest technology advantage this country presently enjoys is in the areas of software and telecommunications. Furthermore, thanks in large part to the Internet, much of America is already wired for bytes, as significant an economic edge in the Information Age as the existence of a railroad system was for England one hundred fifty years ago.
If we continue to permit the NSA to cripple our software and further convey to the Department of Justice the right to stop development the Net without public input, we are sacrificing both our economic future and our liberties. And all in the name of combating terrorism and drugs.
This has now gone far enough. I have always been inclined to view the American government as pretty benign as such creatures go. I am generally the least paranoid person I know, but there is something scary about a government which cares more about putting its nose in your business than it does about keeping that business healthy.
As I write this, a new ad hoc working group on digital privacy, coordinated by the Electronic Frontier Foundation, is scrambling to meet the challenge. The group includes representatives from organizations like AT&T, the Regional Bells, IBM, Microsoft, the Electronic Mail Association and about thirty other companies and public interest groups.
Under the direction of Jerry Berman, EFF's Washington office director, and John Podesta, a capable lobbyist and privacy specialist who helped draft the ECPA, this group intends to stop the provisions in digital telephony proposal from entering the statute books.
We also intend to work with federal law enforcement officials to address their legitimate concerns. We don't dispute their need to conduct some electronic surveillance, but we believe this can be assured by more restrained methods than they're proposing.
We are also preparing a thorough examination of the NSA's encryption export policies and looking into the constitutional implications of those policies. Rather than negotiating behind closed doors, as the SPA has been attempting to do, America's digital industries have a strong self-interest in banding together to bring the NSA's procedures and objectives into the sunlight of public discussion.
Finally, we are hoping to open a dialog with the NSA. We need to develop a better understanding of their perception of the world and its threats. Who are they guarding us against and how does encryption fit into that endeavor? Despite our opposition to their policies on encryption export, we assume that NSA operations have some merit. But we would like to be able to rationally balance the merits against the costs.
We strongly encourage any organization which might have a stake in the future of digital communication to become involved. Letters expressing your concern may be addressed to: Sen. Ernest Hollings, Chairman, Senate Commerce Committee, U.S. Senate, Washington, DC and to Don Edwards, Chairman, Subcommitee on Constitutional Rights, House Judiciary Committee. (I would appreciate hearing those concerns myself. Feel free to copy me with those letters at my physical address, c/o P.O. Box 1009, Pinedale, WY 82941 or in Cyberspace, firstname.lastname@example.org.)
If your organization is interested in becoming part of the digital privacy working group, please contact EFF's Washington office at: 666 Pennsylvania Avenue SE, Suite 303, Washington, DC 20003, 202/544- 9237, FAX: 202/547-5481. EFF also encourages individuals interested in these issues to join the organization. Contact us at: Electronic Frontier Foundation, 155 Second Street, Cambridge, MA 02141,617/864- 0665, email@example.com.
The legal right to express oneself is meaningless if there is no secure medium through which that expression may travel. By the same token, the right to hold certain unpopular opinions is forfeit unless one can discuss those opinions with others of like mind without the government listening in.
Even if you trust the current American government, as I am still largely inclined to, there is a kind of corrupting power in the ability to create public policy in secret while assuring that the public will have little secrecy of its own.
In its secrecy and technological might, the NSA already occupies a very powerful position. And conveying to the Department of Justice what amounts to licensing authority for all communications technology would give it a control of information distribution rarely asserted over English-speaking people since Oliver Cromwell's Star Chamber Proceedings.
Are there threats, foreign or domestic, which are sufficiently grave to merit the conveyance of such vast legal and technological might? And even if the NSA and FBI may be trusted with such power today, will they always be trustworthy? Will we be able to do anything about it if they aren't?
San Francisco, California May, 1992