WMadsen777@aol.com (by way of Patrice Riemens ) on Tue, 7 Jul 1998 23:19:22 +0200 (MET DST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> Internet Malcontents

[from somewhere deep within <http://www.acm.org/cacam/
 forwarded w/ author's and ACM's permissions]

Internet "Malcontents" of the world - Unite!

Wayne Madsen

Ever since the Clinton administration announced its program to
escrow encryption keys for law enforcement and national security,
it has tried to convince a skeptical international community that
other governments around the world favored a similar scheme. The
government, as usual when it launches an inept policy, began to
alter the name of the scheme to chisel back doors into everyone's
coded communications. Over a four year period, key escrow begat
key management infrastructure which begat the two twins of key
recovery and trusted third parties.

The Electronic Privacy Information Center (EPIC), on behalf of
the Global Internet Liberty Campaign (GILC), decided to test the
U.S. government's veracity on the issue of international support.
EPIC sent a survey letter to over 230 nations and territories. The
four questions posed to the governments were simple: 1) Does your
nation have export controls on cryptography? 2) Does your nation
maintain import controls on cryptography? 3) Does your government
restrict the domestic use of cryptography? 4) Is there a
government agency in your country charged with setting policy on
the use of cryptography? 

>From the small island nation of Nauru in the central Pacific to
the Kingdom of Swaziland in southern Africa and Lithuania in the
Baltic, answers began to arrive by fax, email, and regular mail.
Many countries, including some influential countries, expressed
confusion about what we were asking. Many embassies in Washington,
including Australia's, called EPIC to ask which of their
ministries should be forwarded the questionnaire. Many of the
respondent nations answered "No" to the four questions. These
included many developing nations in Africa and Eastern Europe.
Nations that the U.S. cited as being in the American camp on key
recovery indicated that they did not domestically control the use
of encryption. These included Germany, Sweden, Finland, and

The Clinton administration even appointed its own "Crypto Czar"
to market key recovery controls to the rest of the world. For this
unenviable task, Clinton chose David Aaron, a former national
security type from the Carter administration, who was serving as
American ambassador to the Organization for Economic Cooperation
and Development (OECD) in Paris. During a March 26, 1998 hearing
before the House of Representatives Subcommittee on Courts and
Intellectual Property, Aaron, recently-promoted to Undersecretary
of Commerce for International Trade, was peppered with questions
from Bob Goodlatte, the anti-crypto controls congressman from
Virginia. Goodlatte, citing the results of the EPIC survey,
questioned Aaron on his lack of success in convincing other
nations to adopt the U.S. approach. 

Aaron responded by stating he did not agree with the EPIC
assessment. He said many foreign governments, including Canada,
Sweden, Britain, and France, were making their own policies. He
contended that many nations were coming to the same "net judgment"
as the United States in seeing the need to "balance privacy with
law enforcement." However, two of the nations cited by Aaron,
Canada and Sweden, were distancing themselves from U.S. policy,
while France's Socialist government was considering liberalizing
its draconian laws on cryptography. Only Britain, which the United
States hoped to use as a Trojan horse to advance its crypto
policies during Prime Minister Blair's six months in the European
Union's presidency, showed signs of supporting Washington's stance
in key recovery. This, after Blair's own Labor Party platform
rejected the notion of government control of encryption.

Aaron's own failure to convince foreign nations to go along
with Washington are documented in several memoranda and State
Department cables released to EPIC following a Freedom of
Information Act (FOIA) request. The documents show that Canada's
Privy Councilor told Aaron that "Canada would not be in a position
to apply the same type of [key recovery] conditions to its own
industry." The American embassy in Tokyo told Aaron to take the
shuttle bus into Tokyo from Narita upon his arrival. It was too
expensive to send a staff car and a driver. His reception by the
Japanese government was no less cordial. One Japanese official
rhetorically asked Aaron, "Once use is made of a third-party key,
won't all future communications of that user be compromised?"

The situation in Italy was so fraught with confusion that the
U.S. embassy in Rome suggested that Aaron try to influence the
Italian legislative process on developing an encryption policy.
Aaron was told by the embassy that he should particularly meet
with a legislative deputy of the National Alliance Party, the
successor to Benito Mussolini's Fascist movement! When Aaron
arrived in Canberra, Australia, that nation's Attorney General,
with whom the Crypto Czar had desperately hoped to meet, decided
to fly to Perth. Placing an entire continent between U.S. and
Australian encryption policy, while possibly not the intent of the
Australian official, was its diplomatic consequence.

The only allies the U.S. government can muster on supporting
its international key recovery network are "friendly" foreign
intelligence and police agencies. In some countries, these
agencies have "hijacked" the cryptography issue for the benefit of
their surveillance infrastructures. In some cases, foreign
affairs, trade, and science ministries have been cut out of the
crypto policy picture. A 1996 white paper issued by the Australian
government claims such a lack of coordination has occurred there.

During the March 1998 House hearing, Aaron added a new villain
to the list of international users of non-escrowed/non-recoverable
cryptography. "Malcontents" joined drug dealers, terrorists,
pedophiles, and organized criminals as the fifth "Horseman of the
cyber-Apocalypse." The dictionary defines a malcontent as a person
"dissatisfied with the existing government, administration,
system, etc." By adding political dissidents to a list of
criminals to be barred from using strong cryptography, Aaron may
have showed his cards. Many privacy advocates have thought for
many years that the real intention of back doors into cryptography
is to crack down on political activists who are shielding their
communications from the CIAs, NSAs, and FBIs of the world. Recent
fanciful talk about an "electronic Pearl Harbor" bringing down the
world's computers by a terrorist group, is often laced with
references to political activist groups using the Internet. Herein
lies the true nature of key recovery. It has very little to do
with fighting criminals because, as the administration will even
concede, they will continue to have access to non-recoverable
crypto technology. But the windfall resulting from political
intelligence gathering as more and more political groups around
the world go "on line," will ensure continued expansion of the
surveillance budgets and responsibilities for the NSA and FBI. To
counter this goal, we "malcontents" must continue to live up to
our government-given names. 

Wayne Madsen (madsen@epic.org) is a senior fellow of Electronic
Privacy Information Center (EPIC) is Washington, DC. 
#  distributed via nettime-l : no commercial use without permission
#  <nettime> is a closed moderated mailinglist for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@desk.nl and "info nettime-l" in the msg body
#  URL: http://www.desk.nl/~nettime/  contact: nettime-owner@desk.nl