31 March 1997

---------------------------------------------------------------------------

To: <cypherpunks@cyberpass.net>
Date: Mon, 31 Mar 1997 12:04:03 -0800
From: tcmay@got.net (Tim May)
The Balloon is Going Up....criminalization of noncompliant crypto
(A copy of this message has also been posted to the following newsgroups: alt.cypherpunks, talk.politics.crypto, comp.org.eff.talk, alt.privacy) This message is my analysis of the "Electronic Data Security Act of 1997," which identifies, licenses, and regulates "Key Recovery Agents." It is very similar to the U.K. draft of proposed legislation on "Trusted Third Parties." Of critical importance are these issues: Does the language of the draft impinge in any way on the rights of individual, organizations, companies, etc. to set up key rings, signature data bases, and other parts of a key management system? Does the language restrict in any way the rights of anyone, or any entity, to "sign" the key of another person or entity? I believe the answer is "yes." In various parts of the draft are various definitions of what a Key Recovery Agent is, whether registered or not registered (even unregistered Key Recovery Agents are bound by the "stick" parts of the legislation, though not sheltered by the "carrot" parts). It seems clear to me, though I am not a lawyer, that the examples above, of companies setting up their own signature data bases, or offering cryptographic services (including key signings, access to directories of keys, etc.) would make them Key Recovery Agents. (The exact definition is included below.) This is worse than Clipper. Worse because it sets out to outlaw key infrastructure alternatives that do not meet the approval (defined in the draft) of the government. While Alice and Bob are apparently able to communicate with the crypto product of their choice, for now, they are basically locked out of any key management schemes, even private, unregistered ones, which do not hand over keys to authorities upon presentation of a scrap of paper (not even a search warrant, under this draft). And they become Key Recovery Agents, as I read the draft, as soon as they sign a key for another or act in any position of trust to hold keys, dispense keys, manage keys, etc. Worse than Clipper. This is the "balloon going up." (An inside joke. It was four and a half years ago, five months before Clipper, that I wrote an article for sci.crypt entitled "A Trial Balloon to Ban Crypto?" This outlined Dorothy Denning's "trial balloon" to restrict cryptography in various ways, including Clipper and key escrow schemes. There were hundreds of responses to this article, as old archives may show, and it was one of the first warnings about what has since come to pass.) This proposed legislation must be seen in the context of the OECD guidelines on crypto. OECD is essentially the de facto "New World Crypto Order" program, and the U.S. and U.K. drafts, and probably the French draft (though I haven't looked at it recently), are consistent with this OECD agreement. The proposed law ("Electronic Data Security Act of 1997") says (http://www.cdt.org/crypto/970312_admin.html): "SEC. 201. REGISTRATION OF CERTIFICATE AUTHORITIES "The Secretary may register any suitable private sector entity, government agency, or foreign government agency to act as a Certificate Authority in the Secretary determines that the entity or agency meets minimum standards, as specified in regulations promulgated by the Secretary. for security, performance, and practices in order to accomplish the duties of a Certificate Authority registered under this Act. The Secretary may condition, modify or revoke such a registration if the registered entity or agency has violated any provision of this Act or any rule, regulation, or requirement prescribed by the Secretary under this Act, or for any other reasons specified by the Secretary in rule or regulation." This establishes that Key Recovery Agents may be registered. So far, no big deal, so long as _competing_ systems are not outlawed. If the government wants to give its mark of approval to someone, OK. (It's not my idea of what government ought to be doing, but not the end of the world....) Ah, but the proposed law goes on to say: "SEC. 301. CIRCUMSTANCES IN WHICH INFORMATION MAY BE RELEASED "A Key Recovery Agent, whether or not registered by the Secretary under this Act, is prohibited from disclosing recovery information stored by a persons unless the disclosure is -- ...." [a bunch of conditions for release elided] So what's this about "whether or not registered"? (Key Recovery Agents are also formally defined as "The term "Key Recovery Agent" means a person trusted by one or more persons to hold and maintain sufficient information to allow access to the data or communications ..." so it is clear, to me, that Key Recovery Agents are a broad class of entities dealing with keys, signing keys, etc. And, to repeat again, various provisions of the law apply to Key Recovery Agents "whether or not registered," so it is not necessary to register to be classed as a Key Recovery Agent. Could it be argued that one who merely signs a key, or issues a public key certificate, etc., is _not_ acting as Key Recovery Agent because he or she is not acting to "allow access to the data or communications"? I hope more lawyers will comment, but this seems to be a wedge in the door folks like us to claim that key signers, web of trust keyring holders, maintainers of PGP tools, etc., to claim that they are _not_ at all in the business of "allowing access" and hence are not Key Recovery Agents, registered or unregistered. However, much of the other language of the proposed law talks about the "publi key infrastructures," which PGP and its web of trust is certainly one instance of, and the definition of a "key" is broadly defined as: " (10) the term "key" means a parameter, or a component thereof, used with an algorithm to validate, authenticate, encrypt or decrypt a message." Access to keys then means more than just access to the plaintext of messages: it also means access to validation and authentication keys. I surmise that this broadens the "allow access" language to more than just access to plaintext (data). I surmise that the "public key infrastructure" which Key Recovery Agents are the maintainers of, registered or not, will include key signings, key ring propagation, and other acts commonly done by Cypherpunks and their colleagues. As a specific example, a signature data base of persons authorized, say, to sign for specific amounts of money at a company, would be this kind of Key Recovery Agent. So companies having data bases of customers would almost certainly be forced, effectively, to use whatever Trusted Information Systems, Hewlett-Packard, or suchlike software to administer their key data base. And further indication that the law is intended to apply even to those Key Recovery Agents who choose not to register is contained in this language: " (1) The amount of the civil penalty may not exceed $10,000 per violation, unless the violation was willful, or was committed by a Key Recovery Agent or a Certificate Authority not registered under this Act. " Note the "not registered" bit. The penalties referred to are for violations of the various criminal parts of the bill, such as the conditions under which key information may be disclosed, or must be disclosed, etc. As I read these sections, it says that if Alice signs a key other than her own, or puts a keyring up on her site, or does any similar sort of things we associate with being part of a "web of trust," then: * she is a de facto Key Recovery Agent, as defined by the language of the law * whether she chooses to register or not, she still is a Key Recovery Agent * the law does not specify that her Key Recovery Agent functions be done via computer...the management of key signatures can of course be done in purely textual form (with keys manually typed in)...that this is not the usual way things are done does not mean that a purely manual system will escape the provisions of the law (else there could be a thriving business in such manual forms!) * if Alice chooses to register, to meet certification requirements, etc., (and probably keep her nose clean, avoid unsavory associations with anarchists and cyber-terrorists and other Horsemen), she gets various benefits bestowed by the government. Limits on civil penalties, immunity from certain charges, and an "affirmative defense" in criminal cases where she might otherwise face conviction for holding keys, facillitating crimes, etc. (Oh, and she probably gets a better shot at government contracts, is able to file her taxes and other forms electronically, etc.) * failure to register does not, as the language clearly states, exempt a Key Recovery Agent from being required to meet the provisions of the law So, until I see a more convincing counter-explanation, I believe the Key Recovery Agents language in this proposed bill sets out to establish the government as licensor and regulator of those who work with the keys of others. Sure, Alice and Bob can "voluntarily" use PGP or S/MIME or whatever, but if they look up a key in a key directory, that directory had better comply with the language of this law. It may not register, but it is still held to provisions of the law (about release of keys without a search warrant, and all the other stuff). This is the "stick." The "carrot" is the set of provisions about the affirmative defense, and (presumably) the likelihood that key infrastructure maintainers will not be prosecuted if they have cooperated (and registered). The U.K. language about their "Trusted Third Parties" (= Key Recovery Agents in the U.S. language) was even more blunt: (http://www.dti.gov.uk/pubs/) "The legislation will prohibit an organisation from offering or providing encryption services to the UK public without a licence. Prohibition will be irrespective of whether a charge is made for such services. The offering of encryption services to the UK public (for example via the Internet) by an unlicensed TTP outside of the UK will also be prohibited. For this purpose, it may be necessary to place restrictions on the advertising and marketing of such services to the public. " Given the strong similarities in many places between the language of the U.K. and U.S. drafts, the similar timing in introduction, and, obviously, the common roots in the OECD/Waasenaar/David Aaron/Stewart Baker set of developments, it is clear that the U.S. legislation is very similar to the U.K. legislation. I did not see a specific mention in the U.S. draft of how _foreign_ services would be treated, whether they are outlawed, etc. It is likely that a key certificate authority in, say, Anguilla, would not recognized in U.S. courts. (This is not the end of the world, in my view, as I don't think court recognization is the sine qua non of electronic commerce.) More serious would be any outlawing of the use of such offshore services. Anyway, others, especially Internet-savvy lawyers, need to look at this draft in more detail. It's never too early to start thinking about different ways to frame the debate. As with the framing of digital money as the act of "uttering a check," and thus placing digital money in the same context as free speech, why not rethink what it is to _sign_ a key? The government is clearly thinking in terms of key signing as being a quasi-official act, to be regulated the way Notary Publics are today. (The parallels are indeed quite strong, if viewed from this angle.) If, however, one views key signing as a statement of belief, as in "I believe this key is one generated and held by Hal Finney, whom I have met in realspace," then attempting to regulate key signing becomes a regulation of statements of belief. (On a tangent, the parallels with Notary Publics continue. Anyone can make an attestation of the sort, "This signature was witnessed by me at this time and place," and these attestations may have significance in a court of law, as any sworn statement may have. Licensing of Notary Publics, by local authorities, does not preclude others from making attestations....they just don't carry quite as much weight, or so the theory goes.) Framing key signing as a sacrament, to pick this seemingly whimsical example, makes it even clearer to any who doubt that regulation of key signing would violate various constitutional protections. (And the related idea, of attorney-client communications, priest-penitent communications, etc., similarly sharpens the debate about "access to keys." How many people really want government and local police departments to have access to "digital confessionals" without even a search warrant?! Or even _with_ a search warrant?) If this proposed legislation becomes law, the balloon has really gone up. And the Constitution will be further shredded. Didn't Jefferson say the tree has to be watered with blood of tyrants every 20 years or so? Well, maybe it's time. --Tim May -- Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
See related Broiles: Survey of Crypto/TTP/GAK Regs