Rendering Unto CESA?Clinton's contradictory encryption policy
It was September 28, 1999. Some officials from the Clinton administration Noun 1. Clinton administration - the executive under President Clinton
executive - persons who administer the law were briefing the Congressional Internet Caucus, and Rep. Curt Weldon Curtis "Curt" Weldon (born July 22, 1947) is an American politician. He served as a Republican member of the United States House of Representatives from 1987 to 2007, representing the 7th district of Pennsylvania. (R-Penn.) was getting visibly angry.
The officials were outlining the White House's new policy on encryption, the practice of coding and decoding electronic messages using computer programs. Since the Bush years, encryption software Encryption software is software whose main task is encryption and decryption of data, usually in the form of files on hard drives and removable media, email messages, or in the form of packets sent over computer networks. has been classified as a munition, meaning that companies need a special export license to ship products overseas, just as if they were shipping guns or warheads. Encryption has long been a contentious issue, pitting privacy advocates against the national security apparatus; now, with e-commerce expanding and requiring stronger protections against intruders, even more parties have been weighing in on the issue. The administration's new approach seemed to make it much easier to export encryption products, and Weldon, a long-time supporter of strict encryption controls, couldn't understand why.
How could you be implementing this policy? he asked the panel. On countless occasions, this administration has sent high-powered people to the Hill, including Attorney General Janet Reno Janet Reno (born July 21, 1938) was the first and to date only female Attorney General of the United States (1993–2001). She was nominated by President Bill Clinton on February 11, 1993, and confirmed on March 11. and FBI Director Louis Freeh, warning us that if encryption is freely exported, it will create serious domestic and international security problems and hamstring our law enforcement and intelligence operations The variety of intelligence and counterintelligence tasks that are carried out by various intelligence organizations and activities within the intelligence process. Intelligence operations include planning and direction, collection, processing and exploitation, analysis and production, . And now you're telling us you've changed your minds?
Did they change their minds? At the same briefing, the White House reaffirmed its support for the Cyberspace Electronic Security Act CESA (Cyberspace Electronic Security Act of 1999) is a bill enacted by the US Congress that allows the government the ability to harvest keys used in encryption. External links
CESA Cooperative Educational Service Agency
CESA Coverdell Education Savings Account
CESA Catering Equipment Suppliers Association (UK)
CESA Clean Energy States Alliance ), a bill rooted in the government's traditional distrust of private encryption. Along with some less controversial provisions, the bill said the government need not disclose, in the course of a criminal proceeding, how it recovered the decrypted information that it's using against the defendant. The theory is that if the government reveals its decryption (cryptography) decryption - Any procedure used in cryptography to convert ciphertext (encrypted data) into plaintext. secrets--which may involve classified techniques, industry trade secrets, or software flaws that government researchers have discovered--criminals will be forewarned and will be able to thwart decryption in future investigations. But civil libertarians point out that this will make it harder for defendants to authenticate the state's evidence A colloquial term for testimony given by an Accomplice or joint participant in the commission of a crime, subject to an agreement that the person will be granted Immunity . It may even pose constitutional problems: How can you confront your accuser in court if you don't know Don't know (DK, DKed)
"Don't know the trade." A Street expression used whenever one party lacks knowledge of a trade or receives conflicting instructions from the other party. the basis of his charges?
The administration's crypto schizophrenia didn't end in September. Earlier this year, the White House announced a new set of crypto-export rules that, while complex enough to require a lawyer to parse, seem to take the lid off the export of encryption almost entirely. Most encryption tools will be cleared for export after a one-time review by the Commerce Department. There will still be restrictions on products that aren't widely available in domestic retail outlets, exports to "terrorist" pariah states will still be banned, and there will still be some restrictions on programs' source codes. But the new policy is unquestionably un·ques·tion·a·ble
Beyond question or doubt. See Synonyms at authentic.
un·question·a·bil a significant deregulation Deregulation
The reduction or elimination of government power in a particular industry, usually enacted to create more competition within the industry.
Traditional areas that have been deregulated are the telephone and airline industries. .
And yet: At the same time, the Department of Justice is vigorously litigating for export restrictions in Bernstein v. U.S., a case involving a college professor who claims the First Amendment protects his right to distribute encryption-related source code. Between that and CESA, observers are beginning to wonder whether the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. has a consistent encryption policy at all.
For most of the post-World War II era, the government didn't need a general policy on encryption. Because of the massive computing power necessary to generate cryptographic codes, such activity was the province of intelligence agencies and almost no one else. Over the past couple of decades or so, as the personal computer revolution placed more (and cheaper) processing power within reach of virtually anyone, that changed. In response to a world of decentralized computing Decentralized computing is a trend in modern day business environments. This is the opposite of centralized computing, which was prevalent during the early days of computers. , U.S. law enforcement responded with a single, panicky policy: Stop the spread of cryptography at all costs.
The new stance was driven by some pioneering work in the late 1970s by American cryptographers--work that, for once, was not performed by people in the pay of the intelligence agencies, and therefore was not "born classified." This academic revolution--the development of a public science of cryptography and a resulting colloquy col·lo·quy
n. pl. col·lo·quies
1. A conversation, especially a formal one.
2. A written dialogue.
[From Latin colloquium, conversation; see about it--was accompanied by a similar, equally dramatic revolution on the microcomputer front.
The result: Ordinary people with desk top PCs could encrypt their messages or data to a degree that only governments could have achieved not long before. For intelligence and police agencies, this ushered in a new era, one in which merely intercepting a terrorist's or criminal's (or dissident's) communications was no guarantee that the government could figure out what the communicator was saying. On top of that, telephone companies were relying more and more on computers to run their networks and phone services, raising the specter of a world in which every call might be encrypted. Effective wiretaps might become a thing of the past.
The Bush administration responded to these developments in two ways. First, there was the "Digital Telephony Digital telephony is a technology used in the provision of digital telephone services and systems. Since the 1960s it has almost entirely replaced the old telephone system that used analog telephony. " initiative, which required phone companies to structure their networks and services so as to facilitate wiretapping A form of eavesdropping involving physical connection to the communications channels to breach the confidentiality of communications. For example, many poorly-secured buildings have unprotected telephone wiring closets where intruders may connect unauthorized wires to listen in on phone . It eventually passed into law in 1994 as the Communications Assistance to Law Enforcement Act. Second, there was an effort to regulate the use and sale of encryption tools, domestically and abroad. When Bill Clinton took over the White House in 1993, he adopted Bush's strategy without any significant changes.
While the digital telephony guidelines went ahead with nary nar·y
Not one: "Frequently, measures of major import . . . glide through these chambers with nary a whisper of debate" George B. Merry. a hitch, the encryption initiative proved harder to implement. In spring 1993, the Clinton administration introduced the "Clipper Chip" program, in hopes that this would steer the growing market for computer security in the direction the feds wanted. The Clipper Chip was a hardware device developed under the supervision of the National Security Agency. Each chip had a "backdoor See trapdoor. " key that would be held in escrow by a trusted government agency. Thus, while the device would let computer or telephone users encrypt their communications, it would also let the government recover the content of the coded messages.
The government hoped that by requiring all future federal purchases of phone and computer systems to be Clipper Chip-compliant (and enforcing the same standard for all outside government contractors), the private sector would have to follow suit. Instead, the chip ignited a firestorm of criticism from privacy activists, high-tech industries, and others. By 1996, the administration had abandoned the Clipper Chip as such, but it continued to lobby both at home and abroad for software-based "key escrow In cryptography, placing a secret key into the hands of a trusted third party. See key management.
(security) key escrow - A controversial arrangement where the keys needed to decrypt encrypted data must be held in escrow by a third party so that government agencies can " encryption standards. Again, the goal was to make it easier for law enforcement and intelligence agencies to recover encrypted data when they believed they needed to. This was marginally successful outside the United States--33 countries, including Britain, Russia, Canada, France, and Germany, adopted the "Wassenaar Arrangement (The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies) An initiative of more than 30 countries, including the U.S. and U.K., that restricts the export of armaments and other products such as cryptographic software and hardware to on Export Controls for Conventional Arms and Dual-Use Goods and Technologies." But in the domestic software market, few accepted the push for key escrow standards (now relabeled "key recov ery").
Civil libertarians didn't just argue against the Clipper Chip per se; they also complained that the United States was pushing privacy-undermining standards precisely in countries that lacked the United State's strong legal protections for privacy. Faced with both industry pressure and public criticism to kill the Clipper Chip, the administration scotched the plan and moved most export control authority from the Department of State to the Department of Commerce. However, most of the encryption controls themselves remained largely unchanged.
Pressure for liberalization lib·er·al·ize
v. lib·er·al·ized, lib·er·al·iz·ing, lib·er·al·iz·es
To make liberal or more liberal: "Our standards of private conduct have been greatly liberalized . . . continued to increase; even people within the administration were now pushing for change. Several factors were responsible, according to according to
1. As stated or indicated by; on the authority of: according to historians.
2. In keeping with: according to instructions.
3. Dorothy Denning, a computer science professor at Georgetown who's been a strong defender of the government s wiretapping and cryptography policies throughout the 1990s. On the export front, Denning says, the administration had begun to recognize "the futility of trying to force the whole market into a Clipper kind of model." Meanwhile, as law enforcement "started dealing with [more encryption-related] cases, they were learning how to handle them." The police were still panicked by encryption, but they were also beginning to relax a little.
As a result, on the last day of 1998, the administration announced that it would further liberalize lib·er·al·ize
v. lib·er·al·ized, lib·er·al·iz·ing, lib·er·al·iz·es
To make liberal or more liberal: "Our standards of private conduct have been greatly liberalized . . . its export restrictions. The new rules flatly legalized the export of encryption products using 56-bit keys. (The strength of encryption products is generally taken to be a function of key length. The previous standard had been 40-bit keys.) It also allowed for the export of stronger encryption products in industry sectors with a special need for data security-the banking industry, the health and medicine sectors, certain online merchants, and foreign subsidiaries of U.S. companies.
Outside the administration, critics charged the government with not going far enough--it had talked a good game about liberalization, they argued, but had failed to deliver. Rep. Bob Goodlatte Robert William "Bob" Goodlatte (born September 22 1952) [ g?d? læt ] is a Republican U.S. Representative from Virginia. He serves as the congressman for the 6th District. (R-Va.) began gathering support for the Security and Freedom through Encryption Act The 'Security and Freedom Through Encryption Act' was approved on 1997 by the US Congress to affirm the rights of United States persons to use and sell encryption and to relax export controls on encryption. Overview
The government's export policy was faring no better in the courts. Dan Bernstein, a professor at the University of Illinois at Chicago This article is about the University of Illinois at Chicago. For other uses, see University of Illinois at Chicago (disambiguation).
UIC participates in NCAA Division I Horizon League competition as the UIC Flames in several sports, most notably Basketball. , wanted to post the source code for an encryption-related algorithm on the World Wide Web, and had asked the government whether he would need a license. (Under present law, to publish something on the Web is effectively to export it.) The feds replied that his source code qualified as a munition, so he couldn't do it. In August 1997, a federal district court in San Francisco ruled in Bernstein's favor, finding that this restriction looked a great deal like prior restraint Government prohibition of speech in advance of publication.
One of the fundamental rights guaranteed by the First Amendment to the U.S. Constitution is the freedom from prior restraint. of publication, which is prohibited by the First Amendment. On appeal, the trial court's ruling was affirmed, albeit on slightly narrower grounds; and while the DOJ (Department Of Justice) The legal arm of the U.S. government that represents the public interest of the United States. It is headed by the Attorney General. has continued to litigate the case, encryption-policy mavens inside the government know that the feds were not necessarily going to prevail. The courts will hear further arguments later this year.
Facing challenges in both Congress and the courts, the administration knew it had to take action if it was going to regain control of the issue. In the words of Jerry Berman, director of the pro-privacy Center for Democracy and Technology, "The government has realized that delay is no longer a policy."
So by late 1999, America's once-monolithic encryption policy--stop the spread at all costs!--had been reduced to fragmented and perhaps self-contradictory rubble. Perhaps the biggest reason for the Clinton administration's latest liberalization is the heat they've been feeling from the American computer industry. As Vice President Al Gore has hit the campaign trail in earnest, he's been working to strengthen his support among the leaders of high-tech industries. To the extent that such restrictions have prevented these businesses from developing domestic products with encryption features, software companies have been at a disadvantage in the global marketplace. They've made their dissatisfaction known.
What's more, as Georgetown's Denning has noted, the government has simply had more time to adjust to the spread of encryption tools, further easing its once-vivid panic. That point is seconded by Stewart Baker, former general counsel of the National Security Agency, who adds a twist: The original export-control regime has largely served its purpose of limiting the spread of encryption. Absent those controls, he argues, computer and software manufacturers would have almost certainly incorporated encryption tools into the operating system of every mass-market computer. That may still happen, he continues, but right now encryption is far from ubiquitous. This gives the intelligence community some breathing space to adapt.
And the police? Berman notes that "the FBI has been strangely silent," and policy watchers believe there is still serious debate within the administration about the wisdom of the new liberalization. CESA, apparently, is meant to mollify mol·li·fy
tr.v. mol·li·fied, mol·li·fy·ing, mol·li·fies
1. To calm in temper or feeling; soothe. See Synonyms at pacify.
2. To lessen in intensity; temper.
3. those in Congress and in the executive branch who remain concerned about encryption's alleged threat to law enforcement. The Department of Justice, of course, is still engaged in a full-court press in the Bernstein case.
So: Is there a consistent encryption policy framework now? To Baker, the current muddle, for all its inconsistencies, "is as coherent as government policy gets." Meanwhile, Berman is cautiously optimistic that we're seeing the beginning of the end of encryption controls. Congress seems prepared to pass SAFE, he notes, if the administration fails to fully liberalize the export of encryption products.
But, he warns, "one terrorist incident involving encryption could change the landscape."
Mike Godwin (mnemonic Pronounced "ni-mon-ic." A memory aid. In programming, it is a name assigned to a machine function. For example, COM1 is the mnemonic assigned to serial port #1 on a PC. Programming languages are almost entirely mnemonics. @well.com) is the author of Cyber Rights: Defending Free Speech in the Digital Age (Times Books, 1998).