


























































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
This article discusses the history of encryption law and policy in the US and how it is relevant to the current global debate on encryption policies. It examines the technology, law, and policy of encryption and explains why it is important to ensure the widespread and global availability of strong encryption for data and communications. The article also discusses the recent changes to Indian and Chinese laws regarding encryption technologies and their impact on international trade, national security, and communications security. The article is written by Peter Swire and Kenesa Ahmad and was published in the Columbia Science & Technology Law Review in 2012.
Typology: Essays (university)
1 / 66
This page cannot be seen from the preview
Don't miss anything!



























































416 COLUM. SCI. & TECH. L. REV. [Vol. XIII
Peter Swire^ and Kenesa Ahmad* During the 1990s, encryption was one of the most hotly debated areas of technology law and policy. Law enforcement and security agencies initially supported limits on the export of strong encryption for national security reasons. In 1999, however, the administration shifted position to allow largely unrestricted export of encryption technologies. Encryption law and policy discussions largely faded from view. Recently, encryption is again resurfacing as a major point of pol- icy discussion. Changes to Indian and Chinese laws regarding encryp- tion technologies have raised questions of international trade, national security, and communications security. There are key lessons learned from the U.S. experience that are highly relevant when the debate shifts from one country to a globalized setting. However, since the U.S. encryption question was settled in 1999, a new generation of policy makers, lawyers, and technologists † This Article may be cited as http://www.stlr.org/cite.cgi? volume=13&article= 9. This work is made available under the Creative Com- mons Attribution–Non-Commercial–No Derivative Works 3.0 License.
has emerged with little or no experience in the area of encryption pol- icy. This Article seeks to fll an important gap in the literature, and to inform the debate on encryption policies in the face of increasing glob- alization. By examining the relevant history, technology, law, and pol- icy, this Article explains why it is vital to assure the widespread and global availability of strong encryption for our data and communica- tions. Introduction................................................................................. 417 I. A Short History of Wiretaps for Phone and Data in the U.S.. 420 II. Encryption Concepts Relevant to the Legal and Policy Analysis ................................................................................................ 425 A. Private Key or Symmetric Encryption............................. 425 B. Public Key or Asymmetric Encryption............................. 427 C. Cryptographic Uses of Hashes and Authentication........ 429 D. Categories of Encryption Vulnerabilities ........................ 430 III. From the U.S. “Crypto Wars” to the New Global Encryption Debates................................................................................... 433 A. The Crypto Wars............................................................. 433 B. Encryption Issues Today in India, China, and Globally.. 441 IV. Why Globalization Strengthens the Case for Encryption..... 449 A. The Central Role of Encryption in Cybersecurity.......... 450 B. Globalization and the “Least Trusted Country” Problem .......................................................................................... 457 V. Responses to Common Concerns........................................... 459 A. Backdoors are Unlikely to Exist in Cryptosystems, but More Likely to Exist Elsewhere................................................. 460 B. “Going Dark” v. A “Golden Age for Surveillance”.......... 463 C. Domestic Industry, Trade Policy, and Encryption............ 474 D. Summary of trade policy considerations......................... 480 Conclusion................................................................................... 480 INTRODUCTION During the explosive growth of the Internet in the 1990s, encryption was quite likely the single most passionate area of legal and policy debate. Broadly speaking, law enforcement and national security agencies supported limits on the export of strong encryption, fearing that encryption would block their vital ability to protect public safety and national security. On the other side, sup-
Good encryption policy results from a mix of history, technol- ogy, policy, and law. Part I of this Article offers a short history of wiretaps for phone and Internet data, illustrating why communica- tions across the Internet are far more vulnerable than traditional phone calls, unless encryption is used. Part II provides a primer on basic encryption concepts that are relevant to the subsequent legal and policy analysis. The discussion assumes no prior knowledge of the topic. Part III highlights key lessons learned from the U.S. crypto wars of the 1990s, informed by the perspective of one of the authors, who chaired the White House Working Group on Encryption in the lead-up to the 1999 change in U.S. encryption policy. This his- tory includes an explanation of the major technical and other flaws in the key escrow approach, such as that attempted with the Clip- per Chip proposal. The U.S. encryption debates provide highly useful background for the current global encryption debates. In addition to highlight- ing the most compelling arguments from the U.S. experience in the 1990s, the Article proposes two additional reasons why effective encryption becomes even more important when the debate shifts from one country to a globalized setting. The first is the large and growing importance of cybersecurity for nations around the world. In cybersecurity today, the “offense” (in the form of thousands of attacks per day) is significantly ahead of the “defense” (in the form of tools and systems deployed by individuals and organizations to protect their data). Cryptography has become deeply integrated into all aspects of computing since the 1990s, and is today the sin- gle most important category of cybersecurity tools. In an increas- ingly interconnected and globalized world, security holes in one country (such as India or China) directly lead to security holes else- where. The second reason why encryption is especially important for globalization is what we call the “least trusted country problem.” The U.S. encryption debates during the 1990s focused primarily on the best policy for one nation, the United States. A repeated criti- cism of the Clipper Chip was the lack of trust that the United States would escrow the encryption keys securely, or use its decryp- tion powers wisely. In a globalized setting, the consequences of limiting encryption are much more dire if key escrow or other lim- its are imposed in a dozen, 50, or 200 countries. How much trust would India place in its communications in the hands of Pakistan, China in the hands of Taiwan, and so forth? As the debate shifts from a setting of one to many nations, the level of trust placed in data traveling through the Internet becomes that of the country that we trust least.
420 COLUM. SCI. & TECH. L. REV. [Vol. XIII Part V addresses major criticisms voiced by those who wish to limit use of effective encryption. Notably, law enforcement and national security agencies fear they are “going dark” as criminals and terrorists increasingly use a bewildering variety of new com- munications tools. On more careful examination, however, this Article contends that this mix of new technology is actually enabling a “golden age of surveillance.” Understanding the enor- mous surveillance capabilities coming into the hands of agencies, rather than focusing on the manageable obstacles created by encryption, is important to reaching an accurate conclusion about the overall need for strong encryption. This Article concludes by synthesizing the key reasons support- ing effective encryption in today’s globalized world, despite the security objections of law enforcement and national security agen- cies, and the trade interests of some countries. By examining the relevant history, technology, law, and policy, this Article explains why it is vital to assure the widespread and global availability of strong encryption for our data and communications. I. A SHORT HISTORY OF WIRETAPS FOR PHONE AND DATA IN THE U.S. To understand the importance of encryption today it is helpful to consider how wiretap technology has evolved in recent decades.^1 Originally, wiretaps were conducted through copper telephone wires. In this scenario, Alice would make a phone call to Bob, as illustrated in Figure 1.^2 The police or other wire-tapper would touch a separate copper wire to the copper wire between Alice’s house and her local telephone company switch. Through the process of induction, the sound waves traveling through the circuit between Alice’s phone and Bob’s phone could be listened to through the wiretap. This was a fairly simple process, merely con- necting a listening device (the wiretap) to the circuit carrying sound waves between phones.
422 COLUM. SCI. & TECH. L. REV. [Vol. XIII cepted. Then, at the switch, the wiretap order could be imple- mented. Figure 2. Fiber Optic Wiretapping CALEA provided critical new tools for law enforcement and, in many ways, made wiretapping much more effective than before. Notably, CALEA made it far easier to implement wiretaps remotely, with a feed running from the switch to the agent’s office. Along with these advantages for surveillance agencies, a clear limit was written into the statute. The legislative compromise at the core of CALEA provided that new wiretap ready requirements only applied to voice networks and did not apply to internet protocol communications.^4 Coincidentally or not, the exponential growth of the Internet began just as CALEA was enacted. CALEA required telephone companies to submit new technologies to the FBI for review before they could be used. By contrast, new Internet software and hard- ware technologies proliferated as the estimated number of users grew at an incredible rate from 1994 to 2000, when the estimated number of Internet users exceeded 400 million people.^5 It is hard to imagine attaining this level of growth if software and hardware developers had been subject to the same FBI clearance require- ments as their voice network counterparts.
Figure 3. Internet Packet Routing As the telephone networks complied with CALEA, the rapid growth of the Internet in the 1990s made the importance of strong encryption increasingly apparent. Figure 3 illustrates this basic point. In this diagram, Alice is once again communicating with Bob. The difference, however, is that she is now sending Bob an e- mail through the Internet. The connection between Alice and her local Internet Service Provider (ISP) is quite similar to the connec- tion between Alice and her local telephone switch. The crucial dif- ference arises, however, in how the communication travels from Alice’s ISP to Bob’s ISP. The Internet was originally designed to enable communication even in the face of severe damage to the networks. This resilience is possible through the availability of numerous nodes to receive packets of information from Alice’s ISP and route them on towards Bob’s ISP. Peter Huber termed this the “geodesic network” in which each node of the Internet is analo- gous to the nodes of the geodesic domes pioneered Buckminster Fuller.^6 Figure 4 provides an example of a geodesic dome. In a geo- desic network, there are innumerable paths between any two points in a large network. If one route is blocked, the communication can simply travel through alternate nodes to arrive at its destination.^7
attack from outsiders who had taken control of the amateurs’ com- puters. Additionally, nodes could be operated by hostile foreign governments or by entities reporting to such governments. The systematic insecurity of the intervening Internet nodes is a fundamental reason why encryption became essential to the growth of the Internet. As commercial and government use of the Internet grew, it became impractical to allow communications to travel unprotected and to be intercepted by unknown and possibly mali- cious parties third parties. Consider financial transactions that could be intercepted by criminals. These malicious parties could steal payments intended for others, or make copies of the transac- tions and attempt to cash in multiple times. Few would conduct serious business on the Internet if they believed that malicious par- ties would access and read their communications. Technical experts familiar with this vulnerability argued vehemently in favor of strong encryption so that personal communications and business transactions would be protected. As discussed below in Part III, technology industry leaders, civil right activists and technical experts alike quickly recognized the need for strong encryption on the Internet. II. ENCRYPTION CONCEPTS RELEVANT TO THE LEGAL AND POLICY ANALYSIS In order to understand the policy and legal issues discussed later in this Article, it is helpful to review some basic cryptographic concepts: private-key (or “symmetric”) encryption; public-key (or “asymmetric”) encryption; other cryptographic tools such as one- hashes and authentication; and major categories of how encryp- tion is subject to attack. A. Private Key or Symmetric Encryption Long before the advent of the Internet, there were numerous reasons for sending messages in a format that only intended recipi- ents could read and understand.^8 Since ancient days, military com- manders sought mechanisms for communicating with allies without revealing secrets to enemies. Merchants used codes when sending commercially sensitive information to distant lands. The telegraph created a new and significant need for encryption due to the numerous intervening parties between the sender and recipient. The radio also encouraged the development of encryption,
426 COLUM. SCI. & TECH. L. REV. [Vol. XIII because both friends and enemies could listen to transmissions. One well-known example of radio encryption was the Enigma encryption system, used by the Germans during World War II to communicate between radio towers in Europe and U-boats operat- ing in the Atlantic Ocean. A cryptosystem consists of three major elements: (1) an encryp- tion mechanism, typically a mathematical algorithm for turning plaintext (the original message) into ciphertext (the message in encrypted form); (2) a decryption mechanism, typically an algo- rithm for turning ciphertext back into plaintext; and (3) a mecha- nism for generating and distributing keys. A cryptographic key functions similarly to a physical key or combination lock. A physi- cal key is cut slightly differently to fit a particular lock, such as for a car. Similarly, a combination lock, similar to those used for high school lockers, uses a sequence of numbers or symbols to open the lock. To take a simple example, suppose that encryption occurs by changing each letter in plaintext into a letter x spaces later in the alphabet. If x=2, then “a” shifts two letters to “c” and “b” becomes “d.” Decryption happens by reversing the operation, so “c” becomes “a” and “d” becomes “b.” In this example, the key is “2”, or the number of letters to shift in the alphabet. In this exam- ple, there are 26 possible keys, because “a” can turn into any one of the 26 letters of the alphabet (including “a,” which would leave the message in plaintext). In that situation, the key could range from the numbers 1 to 26. In this approach, Alice and Bob would use the same encryption algorithms for encoding and decoding a message. When Alice wishes to send a message to Bob, she wraps the plaintext message with an agreed-upon secret key. Upon receipt of the encrypted message, Bob unwraps the message using the same private key. This approach is known as “symmetric” encryption, because the key is the same on both ends of the communication. It is also known as “private key encryption,” because the key has to remain private—secret—to possible attackers, and known only to Alice and Bob. The critical element in this approach is to generate and share the key securely. To distribute and share the symmetric keys, the Germans printed codebooks for each U-boat and other naval ves- sel. German officers were instructed to destroy the codebooks if faced with imminent capture. Eventually the Allies captured Ger- man codebooks revealing the keys used for particular dates.^9 Large
428 COLUM. SCI. & TECH. L. REV. [Vol. XIII Figure 5. Public Key Encryption System This simplified explanation of public key encryption leads to two important themes for encryption and the global Internet. First, the public key approach directly addresses the most glaring weakness of the private-key approach. It allows people to send messages to each other without first having to securely share a secret key. Instead, all communications to Bob are wrapped up with the same, publically available key. This public-key approach is a good fit for communication between geographically dispersed peo- ple on the Internet. It also addresses the traditional distrust for shared secrets among cryptographers, who often quote Benjamin Franklin’s observation that “three may keep a secret, if two of them are dead.”^15 A second and related theme of public key encryption is that the approach can scale to very large numbers of users. With the old symmetric key approach, the risk of compromise increased each time that one more unwanted party, or U-boat, gained access to the key. By contrast, the public key approach simply requires publi- cation of one additional public key when a new user wishes to par- ticipate. The addition of this incremental user does not change the risk for existing users.
C. Cryptographic Uses of Hashes and Authentication The term “cryptography” (Greek for “hidden writings”) applies to more than just encryption (Greek for “putting into hiding”). First, cryptography includes “one way hashes.” The term “hash” conveys the image of a one-way operation—it is easy to turn an animal into the “hash” that people sometimes eat for breakfast; it is impossible to turn that hash back into a breathing cow or pig. Hashes are used widely in modern computing. One category of one-way hashes is a digital signature. Hashes travel with a message and mathematically ensure that the original message has not changed in transit—if even one letter is altered, the hash of that message will not match the hash of the original message.^16 Hashes can be strong or weak, and similar to encryption, a stronger hash is more difficult for an attacker to reverse. Second, modern cryptography relies heavily on secure authen- tication to distinguish authorized from unauthorized users. One well-known example is the two-factor authentication key fob sold by RSA and other providers. These key fobs are widely used by government and businesses to provide secure, remote access to vir- tual private networks.^17 In a typical implementation, the fob dis- plays a randomly generated access code, which changes often, such as once a minute. The user must log in by entering the current access code displayed on the fob. The string of numbers on the user end must match the string of numbers calculated on the server end during that one-minute window. With this authentication sys- tem, any hacker who uses an old key will be blocked from entry.^18 D. Categories of Encryption Vulnerabilities Although public-key encryption greatly helps key distribution, all forms of encryption are subject to three basic categories of attack: 1) brute force attacks; 2) attacks that are more efficient than brute force; and 3) attacks assisted by a flaw known to the attacker,
Long key length is important in a cryptosystem, but by itself, does not guarantee that an encrypted message is secure. Flaws may exist in the implementation of the cryptosystem or the cryp- tosystem itself. As an analogy, imagine that an attacker is attempt- ing to break into a room. A long key is akin to a steel door—it is very difficult to penetrate. A short key is similar to a paper door—it is easy to break through. A steel door is useful but will not keep attackers out if a window is open or the wall is made out of flimsy wood. Sufficiently long keys are thus necessary but only one ele- ment of a secure cryptosystem.
432 COLUM. SCI. & TECH. L. REV. [Vol. XIII [t]here is no known way of testing whether a system is secure. In the security and cryptography research commu- nity... what we try to do is publish our systems and then get other experts to look at them.... Even with many sea- soned eyes looking at the system, security deficiencies may not be uncovered for years.^25 Until a cryptosystem has withstood public scrutiny and rigorous peer review, it will endure considerable skepticism from experts. This has been a controversial issue in relation to China’s encryp- tion algorithms, which, as described below, were developed without public peer review. In addition, a strong cryptosystem and a long key length are not sufficient to ensure security—many vulnerabili- ties may arise at the implementation level, when the cryptosystem is actually deployed in a larger information technology system.
434 COLUM. SCI. & TECH. L. REV. [Vol. XIII cryptographers.^29 The NSA’s dominant role diminished as com- puter technology advanced and public key cryptography developed in public, rather than being classified as a national security secret. Law enforcement and national security agencies became increas- ingly concerned that the proliferation of private sector encryption would erode their ability to monitor criminals and foreign entities. The NSA in particular made numerous attempts to stifle the out- side development of encryption.^30 By the end of the George H.W. Bush administration in 1992, non-NSA encryption had become an important issue for national security policymakers.^31
ment planned to establish two separate key-escrow data banks, to be run by independent entities, each of which would hold one part of the key.^34 Upon proof of a proper court order for a suspect’s communications, the two key-escrow data banks would reveal their parts of the key to the agency.^35 That agency could then use the two parts of the key together to decipher the encrypted communi- cations and read them in plain text. Unrelated communications would remain strongly encrypted and unavailable to the govern- ment agencies. The Clipper chip was the government’s first attempt at imple- menting a key escrow system. The basic concept was that a chipset would be installed in all new voice communication devices, each of which would be designated an encryption key. Each half of the key would be escrowed with a different and separate entity. Through proper legal process, law enforcement and national security agen- cies could retrieve the escrowed keys and access the plaintext com- munications. The Clipper chip used a data encryption algorithm called Skipjack, which was sharply criticized by many in the encryption community because it had not been peer reviewed. The term “Clipper chip” soon became shorthand for referring to a much broader policy debate about government controls on encryp- tion. The Clipper chip was never launched on a meaningful scale, as manufacturers failed to warm to the controversial govern- ment-designed chip. Also, in 1994, cryptographer Matt Blaze dis- covered ways in which the Chip’s implementation was technically flawed, so that the escrowed key would not decipher phone com- munications.^36 Perhaps most importantly, the proposal incited impassioned opposition to government controls on encryption, especially from leading civil liberties groups and “techies”^37 —a vocal constituency who were in the midst of creating the revolution fulfillment of a condition.” Defnition of Escrow, Merriam-Webster, http://www.merriam-webster.com/dictionary/escrow (last visited Aug. 7, 2011). Applied to encryption, the key would be the property held in trust by an escrow authority established by the U.S. government. The key would be turned over to law enforcement or national security agencies when legal conditions were ful- filled.