US, Dissent. 30. âJustice Louis Brandeis & Justice Holmes-June 4,1928. PART III. LOBBYING FOR SURVEILLANCE: THE DIGITAL TELEPHONY PROPOSAL.
The Electronic Privacy Papers Documents on the Battle for Privacy in the Age of Surveillance
Bruce Schneier David Banisar
WILEY COMPUTER PUBLISHING
JOHN WILEY & SONS, INC. New York • Chichester
. Weinheim
• Brisbane
• Singapore
• Toronto
Contents Foreword -Hon. John Anderson Preface
PART I
PRIVACY AND THE INFORMATION SNOOPERHIGHWAY
Chapter 1 Roadblocks on the Information Superhighway
3
The Information Snooperhighway
3
The Future of Privacy
3
PART II
WIRETAPPING
7
Chapter 2 Overview of Wiretapping
9
2.1 Report on Applications for Orders Authorizing or Approving the Interception of Wire, Oral, or Electronic Communications (Wiretap Report) —Statistics Division, Administrative Office of the U.S. Courts - May 1995
10
2.2 Can Wiretaps Remain Cost Effective? —Robin Hanson - December 1994, Communications of the ACM
19
2.3 Public Attitudes Toward Wiretapping, U.S. Department of Justice —Sourcebook of Criminal Justice Statistics, 1992, Table 2.52 - 1993
26
vi
Contents 2.4
Olmstead v. US, Dissent —Justice Louis Brandeis & Justice Holmes-June 4,1928
30
PART III LOBBYING FOR SURVEILLANCE: THE DIGITAL TELEPHONY PROPOSAL 39
Chapter 3 Government Pronouncements: The Digital Telephony Proposal
41
3.1 H. Rept. 103-827, Conference Report on H.R. 4922 (excerpts) —House Judiciary Committee - October 4,1994
43
3.2
78
Communications Assistance for Law Enforcement Act of 1994 —Public Law 103-414 - October 25,1994
3.3 Law Enforcement Requirements for the Surveillance of Electronic Communications —Federal Bureau of Investigation -June 1994 3.4
99
Speech before the American Law Institute (FBI Director Louis J. Freeh) —FBIDirectorWilliam Freeh-May 19,1994
Chapter 4
Behind the Curtain: Operation Root Canal
124
135
4.1 An Overview: Pre-WiretappingTelephones: Operation Root Canal —David Banisar - July 1996
138
4.2 Legislative Strategy for Digital Telephony —Brent Scowcroft -January 17,1992
160
4.3 Memorandum for the President —Brent Scowcroft - December 29,1991
163
4.4 Technological, Competitiveness, and Policy Concerns —National Telecommunications and Information Agency, U.S. Department of Commerce - February 6,1992
165
4.5 Teletype "DigitalTelephony"—Request for Briefing by the Special Agents in Charge —FBI DirectorWilliam Sessions - March 23,1992
166
4.6 Digital Telephony Industry Meeting Information Memorandum —FBIDirectorWilliam Sessions -April 10,1992
170
4.7 Justice Revised Proposed Draft on Justice Draft Bill Digital Telephony —Lonnie P.Taylor, General Services Administration - May 7,1992
172
Contents
vii
4.8 Department of Justice Responses to GSA Comments on Digital Telephony Legislation —U.S. Department ofJustice
175
4.9 Benefits and Costs of Legislation to Ensure the Government's Continued Capability to Investigate Crime with the Implementation of New Telecommunications Technologies —Federal Bureau of Investigation - 1992
179
4.10 Digital Telephony—Cost-Benefit Analysis —Betsy Anderson and Todd Buchholz, The White House - May 22,1992
202
4.11 Digital Telephony —David Mclntosh and James Gattuso, Office of the Vice President - May 22,1994
205
4.12 Department of Justice's Cost Analysis, Digital Telephony, D-867 —Ron Levy, Treasury - May 26,1992
207
4.13 Digital Telephony Information Memorandum (7/17/92) —FBI DirectorWilliam Sessions - May 26,1992
208
4.14 Airtel, Digital Telephony Legislative Initiative —FBI DirectorWilliam Sessions - July 17,1992
211
4.15 Survey of Problems Encountered in Conducting Authorized Electronic Surveillance as Reported by FBI Field Offices —FBI - June 30,1994
214
4.16 Letter to Peter Cassidy on NSA Role in Digital Telephony Proposal —Louise A. Baer, National Security Agency - November 30,1994
219
Chapter 5 Digital Telephony: The Public Response
221
5.1 Keep Snoops Off-Line —Editorial - USA Today - March 7,1994
223
5.2 A Closer Look on Wiretapping —Editorial - The NewYork Times -June 12,1994
225
5.3 Statement of AT&T Corporation Before the House Committee on Civil and Constitutional Rights and Senate Subcommittee on Technology and the Law —AT&TCorporation -August 11,1994
227
5.4 Testimony before the Subcommittee on Telecommunications and Finance Committee, U.S. House of Representatives —Roy Neel, U.S. Telephone Association - September 13,1994
233
viii
Contents 5.5 Letter to Congressman Jack Brooks —American Civil Liberties Union - September 22,1994
248
5.6 Letter to Senator Malcolm Wallop —Marc Rotenberg and David Sobel, Electronic Privacy Information Center - October 6,1994
252
PART IV
CRYPTOGRAPHY
255
Chapter 6 Cryptography: The Cure for the Common Bug 6.1
Cryptography Primer —Bruce Schneier - 1995
6.2 Who Owns Cryptography? —Carl M. Ellison - September 7,1994
257 258 264
6.3 E-Mail Security 275 —Bruce Schneier - Dr. Dobb's Information Highway Sourcebook - Winter 1994 6.4 A Cypherpunk's Manifesto —Eric Hughes - March 9,1993
PART V
THE BATTLE FOR CONTROL OF CRYPTOGRAPHY
Chapter 7 The Field of Battle: An Overview
285
289
291
Overview
291
Who Will Watch the Watchers?
292
The Early Days
293
The Data Encryption Standard
293
Classification and Secrecy: Executive Orders, Directives, and Policies
298
Congress Steps In: The Computer Security Act of 1987
301
The Digital Signal Standard
304
The Clipper Chip and Key Escrow
307
Clipper with a Happy Face: Commercial Key Escrow
319
Export Controls
325
Contents
ix
Conclusion
332
Notes
332
Chapter 8 Early Skirmishes
339
8.1 Executive Order —President Harry S. Truman - October 24,1952
341
8.2 The NSA Perspective on Telecommunications Protection in the Nongovernmental Sector —Admiral Bobby Inman - 1979
347
8.3 National Security Decision Directive (NSDD) 145 —National Security Council - September 17,1984
356
8.4 National Policy on Protection of Sensitive, but Unclassified Information in Federal Government Telecommunications and Automated Information Systems, National Telecommunications and Information Systems Security Policy (NTISSP 2) —Admiral John Poindexter - October 29,1986
367
8.5 House Committee on Science, Space and Technology Report on the Computer Security Act of 1987 (H.R. 145) —U.S. Congress -June 11,1987 (excerpts)
371
8.6 Memorandum (NSDD-145 and the Computer Security Act) —Dr. Clinton Brooks -April 28,1992
400
8.7 Memorandum of Understanding between the Director of the National Institute of Standards and Technology and the Director of the National Security Agency Concerning the Implementation of Public Law 100-235 —Raymond G. Kammer (NIST) and W. O. Studeman (NSA) - March 23,1989
401
8.8 S-266, Omnibus Crime Bill of 1991, § 2201, Cooperation of Telecommunications Providers with Law Enforcement —U.S. Congress - 1991
405
8.9
406
Congressional Record 137 Cong. Rec. SI 159-03 (Floor Statement on S-266) —Senator Joseph Biden - 1991
Chapter 9 The Clipper Chip Proposal 9.1 Statement by the Press Secretary —The White House -April 16,1993
407 409
x
Contents 9.2 Questions and Answers About the Clinton Administration's Telecommunications Initiative —TheWhite House -April 16,1993
414
9.3 Announcement of Clipper Adoption, Statement of the Press Secretary —TheWhite House - February 4,1994
417
9.4 Fact Sheet: Public Encryption Management —TheWhite House - February 4,1994
420
9.5 Working Group on Data Security —The White House - February 4,1994
423
9.6
425
Questions and Answers about the Clinton Administration's Encryption Policy —The White House - February 4,1994
9.7 Attorney General Makes Key Escrow Encryption Announcements —U.S. Department ofJustice - February 4,1994
428
9.8 Authorization Procedures for Release of Encryption Key Components in Conjunction with Intercepts Pursuant to Title III —U.S. Department of Justice - February 4,1994
430
9.9 Approval of Federal Information Processing Standards Publication 185, Escrowed Encryption Standard (EES) —U.S. Department of Commerce and National Institute of Standards and Technology - February 9,1994 (excerpts)
433
9.10
Clipper Chip Technology —National Institute of Standards and Technology -April 1993
454
9.11
Capstone Chip Technology —National Institute of Standards and Technology -April 1993
456
9.12 Testimony Before the House Science, Space and Technology Committee's Technology, Environment, and Aviation Subcommittee —Dr. Clinton Brooks, Assistant-Director, NSA - May 3,1994
457
Chapter 10 Unclassified: The Story behind Clipper
463
10.1 Presidential Decision Directive 5, Public Encryption Management —William J. Clinton, The White House -April 15,1993
466
10.2 Presidential Review Directive 27, Advanced Telecommunications and Encryption —William J. Clinton -April 16,1993
468
Contents
xi
10.3
TWG Issue Number 1 —National Institute of Standards and Technology May 5,1989
472
10.4
Memorandum for the Record re: First Meeting of the NIST/NSA Technical Working Group (TWG) —Lynn McNulty - May 8,1989
475
10.5 NIST Public Key Issues Outline —National Security Agency - May 1989
477
10.6
Status Report on TWG Issue Number 1 —Lynn McNulty, NIST, and Anonymous, NSA - May 19,1989
479
10.7
Technical Support to NIST —National Security Agency - October 19,1990
481
10.8 Memorandum for the Record, NSA-NIST Technical Working Group (TWG) Meeting 11 April 1991 —National Security Agency -April 24,1991
482
10.9
Letter to Attorney General Barr —Vice-Admiral J.M. McConnell, NSA - October 28,1992
484
10.10
Memorandum for Leon Fuerth re: Encryption —George J. Tenet, NSC -January 26,1993
485
10.11
Memorandum for Leon Fuerth re: Encryption —George J. Tenet, NSC - February 9,1993
486
10.12
Memorandum for Leon Fuerth and William Wise re: Help —George J. Tenet, NSC - March 5,1993
487
10.13 Memorandum re: Meeting on Encryption Policy —Vice President Albert Gore, Jr. - March 30,1993
488
10.14
491
Memorandum re: Package #20321 20322 —George J. Tenet, NSC -April 12,1993.
Chapter 11 Clipping the Clipper: Public Response to Desktop Surveillance
493
11.1
Sink the Clipper Chip —William Safire - The NewYork Times - February 14,1994
495
11.2
Key Escrow: Its Impact and Alternatives,Testimony Before the Senate Judiciary Subcommittee on Technology and Law —Dr. Whitfield Diffie, Sun Microsystems - May 3,1994
497
xii
Contents 11.3 Statement of the Computer and Business Equipment Manufacturers Association (CBEMA) —Computer and Business Equipment Manufacturers Association (CBEMA) - May 27,1993
506
11.4 Statement on Encryption Technology and Policy Before the Subcommittee on Telecommunications and Finance, U.S. House of Representatives —Marc Rotenberg, CPSR -June 9,1993
520
11.5 Statement Before NIST Computer System Security and Privacy Advisory Board Hearing —American Civil Liberties Union -May 28,1993
530
11.6 Proposed FIPS for Escrowed Encryption Standard (CPSR Comments to NIST) —CPSR Washington Office - September 27,1993
534
11.7 Letter to President Clinton on Clipper —Computer Professionals for Social Responsibility, Washington Office - December 8,1993
538
11.8 Experts Letter to President Clinton on Clipper —Various Authors -January 24,1994
541
11.9 Position Statement on Encryption Policy
543
—The Institute of Electrical and Electronics Engineers United States Activities Board-January 1994
11.10 USACM Position on the Escrowed Encryption Standard
548
—Association for Computing, U.S. Public Policy Committee - 1994
PART VI PUTTING THE GENIE BACK IN THE BOTTLE: EXPORT CONTROLS ON CRYPTOGRAPHY 551
Chapter 12 Atom Bombs, Fighter Planes, Machine Guns, and Cryptography: Export Controls
553
12.1 Electronic Speech—for Domestic Use Only —Bruce Schneier - Network World - January 15,1995
555
12.2 My Life as an International Arms Courier —Matt Blaze, AT&T - January 1995
557
12.3 Testimony Before the Committee on the Judiciary, Subcommittee on Technology and the Law, United States Senate —Stephen Walker, TIS - May 3,1994 (excerpts)
562
Contents
xiii
12.4 Report on Foreign Legal and Regulatory Controls on Imports and Use of Data Encryption Systems —DCI Counterintelligence Center - February 3,1993
589
12.5 CIA Memorandum: Selected Foreign Trends in Telecommunications Technology —Central Intelligence Agency - 1993 (excerpt)
596
12.6 Identification and Analysis of Foreign Laws and Regulations Pertaining to the Use of Commercial Encryption Products for Voice and Data Communications —National Institute of Standards and Technology -January, 1994
608
12.7 Advanced Telecommunications and Encryption (Memoranda, PRD/NSC 27) —Office of the Assistant Secretary of Defense -April 20,1993
622
12.8 A Study of the International Market for Computer Software with Encryption —Commerce Department & NSA -July 1995
629
Chapter 13 Untying the Gordian Knot: Efforts to Relax Export Controls
635
13.1 Letter to President Clinton on Export Controls —U.S. Congress, House of Representatives Committee on Foreign Affairs - September 30,1993
637
13.2 S. 1726 Promotion of Commerce On-Line in the Digital Era (Pro-CODE) Act —Senator Conrad Burns - March 5,1996
640
13.3 Testimony before the Senate Committee on Commerce, Science and Transportation on S. 1726 —Jim Barksdale, Netscape Communications -June 12,1996
648
13.4 Report on H.R. 3627 Omnibus Export Administration Act of 1994 —House Intelligence Committee -June 16,1994 (excerpts)
662
PART VII BIG BROTHER AS THE KEEPER OF THE KEYS: WILL THE GOVERNMENT TAKE OVER CRYPTO? 671
Chapter 14 Banning Cryptography
673
14.1 Options to Address Encryption Effects on Law Enforcement [censored] —National Security Agency - Undated (1993)
674
14.2 Jacking in from the Narco-Terrorist Encryption Port —Brock Meeks - Cyberwire Dispatch - May 1995
676
xiv
Contents 14.3 S. 974 Anti-Electronic Racketeering Act of 1995 —Senator Charles Grassley
681
14.4 Floor Statement on the Anti-Electronic Racketeering Act of 1995 —Senator Charles Grassley
686
14.5 EPIC Analysis of Encryption Provisions of S. 974
688
—David Sobel, Electronic Privacy Information Center-July
Chapter 15
19,1995
Software Key Escrow
691
15.1 Letter to Rep. Maria Cantwell —Vice President Al Gore -July 20,1994
692
15.2 Commercial Key Escrow —Steven Walker et al., Trusted Information Systems -January 3,1995
694
15.3 Administration Statement on Commercial Encryption Policy —White House -July 12,1996
709
15.4 Comments on Draft Export Criteria for Key Escrow Encryption
717
—David Sobel, Electronic Privacy Information Center - December 5,1995
Epilog
723 —Bruce Schneier
Bibliography of Books and Articles on Wiretapping and Cryptography
729
Index
735
