31 March 1997
Date: Mon, 31 Mar 1997 12:04:03 -0800
From: firstname.lastname@example.org (Tim May)
The Balloon is Going Up....criminalization of noncompliant crypto
(A copy of this message has also been posted to the following newsgroups:
alt.cypherpunks, talk.politics.crypto, comp.org.eff.talk, alt.privacy)
This message is my analysis of the "Electronic Data Security Act of 1997,"
which identifies, licenses, and regulates "Key Recovery Agents." It is very
similar to the U.K. draft of proposed legislation on "Trusted Third
Of critical importance are these issues: Does the language of the draft
impinge in any way on the rights of individual, organizations, companies,
etc. to set up key rings, signature data bases, and other parts of a key
management system? Does the language restrict in any way the rights of
anyone, or any entity, to "sign" the key of another person or entity?
I believe the answer is "yes." In various parts of the draft are various
definitions of what a Key Recovery Agent is, whether registered or not
registered (even unregistered Key Recovery Agents are bound by the "stick"
parts of the legislation, though not sheltered by the "carrot" parts).
It seems clear to me, though I am not a lawyer, that the examples above, of
companies setting up their own signature data bases, or offering
cryptographic services (including key signings, access to directories of
keys, etc.) would make them Key Recovery Agents.
(The exact definition is included below.)
This is worse than Clipper. Worse because it sets out to outlaw key
infrastructure alternatives that do not meet the approval (defined in the
draft) of the government. While Alice and Bob are apparently able to
communicate with the crypto product of their choice, for now, they are
basically locked out of any key management schemes, even private,
unregistered ones, which do not hand over keys to authorities upon
presentation of a scrap of paper (not even a search warrant, under this
draft). And they become Key Recovery Agents, as I read the draft, as soon
as they sign a key for another or act in any position of trust to hold
keys, dispense keys, manage keys, etc.
Worse than Clipper. This is the "balloon going up."
(An inside joke. It was four and a half years ago, five months before
Clipper, that I wrote an article for sci.crypt entitled "A Trial Balloon to
Ban Crypto?" This outlined Dorothy Denning's "trial balloon" to restrict
cryptography in various ways, including Clipper and key escrow schemes.
There were hundreds of responses to this article, as old archives may show,
and it was one of the first warnings about what has since come to pass.)
This proposed legislation must be seen in the context of the OECD
guidelines on crypto. OECD is essentially the de facto "New World Crypto
Order" program, and the U.S. and U.K. drafts, and probably the French draft
(though I haven't looked at it recently), are consistent with this OECD
The proposed law ("Electronic Data Security Act of 1997") says
"SEC. 201. REGISTRATION OF CERTIFICATE AUTHORITIES
"The Secretary may register any suitable private sector entity,
government agency, or foreign government agency to act as a Certificate
Authority in the Secretary determines that the entity or agency meets
minimum standards, as specified in regulations promulgated by the
Secretary. for security, performance, and practices in order to
accomplish the duties of a Certificate Authority registered under this
Act. The Secretary may condition, modify or revoke such a registration
if the registered entity or agency has violated any provision of this
Act or any rule, regulation, or requirement prescribed by the Secretary
under this Act, or for any other reasons specified by the Secretary in
rule or regulation."
This establishes that Key Recovery Agents may be registered. So far, no big
deal, so long as _competing_ systems are not outlawed. If the government
wants to give its mark of approval to someone, OK. (It's not my idea of
what government ought to be doing, but not the end of the world....)
Ah, but the proposed law goes on to say:
"SEC. 301. CIRCUMSTANCES IN WHICH INFORMATION MAY BE RELEASED
"A Key Recovery Agent, whether or not registered by the Secretary under
this Act, is prohibited from disclosing recovery information stored by a
persons unless the disclosure is -- ...."
[a bunch of conditions for release elided]
So what's this about "whether or not registered"? (Key Recovery Agents are
also formally defined as "The term "Key Recovery Agent" means a person
trusted by one
or more persons to hold and maintain sufficient information to allow
access to the data or communications ..." so it is clear, to me, that Key
Recovery Agents are a broad class of entities dealing with keys, signing
keys, etc. And, to repeat again, various provisions of the law apply to Key
Recovery Agents "whether or not registered," so it is not necessary to
register to be classed as a Key Recovery Agent.
Could it be argued that one who merely signs a key, or issues a public key
certificate, etc., is _not_ acting as Key Recovery Agent because he or she
is not acting to "allow access to the data or communications"?
I hope more lawyers will comment, but this seems to be a wedge in the door
folks like us to claim that key signers, web of trust keyring holders,
maintainers of PGP tools, etc., to claim that they are _not_ at all in the
business of "allowing access" and hence are not Key Recovery Agents,
registered or unregistered.
However, much of the other language of the proposed law talks about the
"publi key infrastructures," which PGP and its web of trust is certainly
one instance of, and the definition of a "key" is broadly defined as:
" (10) the term "key" means a parameter, or a component thereof,
used with an algorithm to validate, authenticate, encrypt or decrypt a
Access to keys then means more than just access to the plaintext of
messages: it also means access to validation and authentication keys. I
surmise that this broadens the "allow access" language to more than just
access to plaintext (data). I surmise that the "public key infrastructure"
which Key Recovery Agents are the maintainers of, registered or not, will
include key signings, key ring propagation, and other acts commonly done by
Cypherpunks and their colleagues.
As a specific example, a signature data base of persons authorized, say, to
sign for specific amounts of money at a company, would be this kind of Key
Recovery Agent. So companies having data bases of customers would almost
certainly be forced, effectively, to use whatever Trusted Information
Systems, Hewlett-Packard, or suchlike software to administer their key data
And further indication that the law is intended to apply even to those Key
Recovery Agents who choose not to register is contained in this language:
" (1) The amount of the civil penalty may not exceed $10,000 per
violation, unless the violation was willful, or was committed by a
Key Recovery Agent or a Certificate Authority not registered under
this Act. "
Note the "not registered" bit. The penalties referred to are for violations
of the various criminal parts of the bill, such as the conditions under
which key information may be disclosed, or must be disclosed, etc.
As I read these sections, it says that if Alice signs a key other than her
own, or puts a keyring up on her site, or does any similar sort of things
we associate with being part of a "web of trust," then:
* she is a de facto Key Recovery Agent, as defined by the language of the law
* whether she chooses to register or not, she still is a Key Recovery Agent
* the law does not specify that her Key Recovery Agent functions be done
via computer...the management of key signatures can of course be done in
purely textual form (with keys manually typed in)...that this is not the
usual way things are done does not mean that a purely manual system will
escape the provisions of the law (else there could be a thriving business
in such manual forms!)
* if Alice chooses to register, to meet certification requirements, etc.,
(and probably keep her nose clean, avoid unsavory associations with
anarchists and cyber-terrorists and other Horsemen), she gets various
benefits bestowed by the government. Limits on civil penalties, immunity
from certain charges, and an "affirmative defense" in criminal cases where
she might otherwise face conviction for holding keys, facillitating crimes,
etc. (Oh, and she probably gets a better shot at government contracts, is
able to file her taxes and other forms electronically, etc.)
* failure to register does not, as the language clearly states, exempt a
Key Recovery Agent from being required to meet the provisions of the law
So, until I see a more convincing counter-explanation, I believe the Key
Recovery Agents language in this proposed bill sets out to establish the
government as licensor and regulator of those who work with the keys of
Sure, Alice and Bob can "voluntarily" use PGP or S/MIME or whatever, but if
they look up a key in a key directory, that directory had better comply
with the language of this law. It may not register, but it is still held to
provisions of the law (about release of keys without a search warrant, and
all the other stuff). This is the "stick."
The "carrot" is the set of provisions about the affirmative defense, and
(presumably) the likelihood that key infrastructure maintainers will not be
prosecuted if they have cooperated (and registered).
The U.K. language about their "Trusted Third Parties" (= Key Recovery
Agents in the U.S. language) was even more blunt:
"The legislation will prohibit an organisation from offering or providing
encryption services to the UK public without a licence. Prohibition
will be irrespective of whether a charge is made for such services.
The offering of encryption services to the UK public (for example via the
Internet) by an unlicensed TTP outside of the UK will also be
prohibited. For this purpose, it may be necessary to place restrictions on
advertising and marketing of such services to the public. "
Given the strong similarities in many places between the language of the
U.K. and U.S. drafts, the similar timing in introduction, and, obviously,
the common roots in the OECD/Waasenaar/David Aaron/Stewart Baker set of
developments, it is clear that the U.S. legislation is very similar to the
I did not see a specific mention in the U.S. draft of how _foreign_
services would be treated, whether they are outlawed, etc.
It is likely that a key certificate authority in, say, Anguilla, would not
recognized in U.S. courts. (This is not the end of the world, in my view,
as I don't think court recognization is the sine qua non of electronic
More serious would be any outlawing of the use of such offshore services.
Anyway, others, especially Internet-savvy lawyers, need to look at this
draft in more detail.
It's never too early to start thinking about different ways to frame the
debate. As with the framing of digital money as the act of "uttering a
check," and thus placing digital money in the same context as free speech,
why not rethink what it is to _sign_ a key?
The government is clearly thinking in terms of key signing as being a
quasi-official act, to be regulated the way Notary Publics are today. (The
parallels are indeed quite strong, if viewed from this angle.)
If, however, one views key signing as a statement of belief, as in "I
believe this key is one generated and held by Hal Finney, whom I have met
in realspace," then attempting to regulate key signing becomes a regulation
of statements of belief.
(On a tangent, the parallels with Notary Publics continue. Anyone can make
an attestation of the sort, "This signature was witnessed by me at this
time and place," and these attestations may have significance in a court of
law, as any sworn statement may have. Licensing of Notary Publics, by local
authorities, does not preclude others from making attestations....they just
don't carry quite as much weight, or so the theory goes.)
Framing key signing as a sacrament, to pick this seemingly whimsical
example, makes it even clearer to any who doubt that regulation of key
signing would violate various constitutional protections.
(And the related idea, of attorney-client communications, priest-penitent
communications, etc., similarly sharpens the debate about "access to keys."
How many people really want government and local police departments to have
access to "digital confessionals" without even a search warrant?! Or even
_with_ a search warrant?)
If this proposed legislation becomes law, the balloon has really gone up.
And the Constitution will be further shredded.
Didn't Jefferson say the tree has to be watered with blood of tyrants every
20 years or so? Well, maybe it's time.
Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
Timothy C. May | Crypto Anarchy: encryption, digital money,
email@example.com 408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
Licensed Ontologist | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."
See related Broiles: Survey of Crypto/TTP/GAK Regs