Encryption Controls - A Psychological Battle?

Brian Gladman gladman at seven77.demon.co.uk
Mon, 28 Jun 1999 18:02:16 +0100 

From: David Swarbrick <david@swarb.demon.co.uk>
To: <ukcrypto@maillist.ox.ac.uk>
Sent: 24 June 1999 19:14 PM
Subject: Re: IOCA Consultation documents available

[snip]

> .pdf stinks. It is a last resort for those too lazy to do a job
> properly, and it reeks of people saying how important they are.
>

Anyone who is seriously interested in dealing with issues in the crypto
business will have to get used to dealing with a wide range of document
formats.  But I agree with others that this is not the intended topic
of this list although, as the discussion here suggests, it may well be
interesting in its own right.  If so, is there already a list where this
is or can be discussed and, if not, can we create a SEPARATE one?

I, for one, am pleased to see David Hendon post here once again but I
would much prefer him to answer the issues raised by the PIU report
(in which he played a major role) instead of diverting attention onto
a discussion of document formats.

It is a disappointment that David now only seems to post when he has
no responsibility for crypto and hence does not follow Nigel's efforts
to take part in the debate.  We may disagree with Nigel but I would
hope that we are all prepared to congratulate and support him in his
efforts here to comment on what is going on.  As an ex civil servant I
know how risky commenting on mailing lists can be since the very
formation of this list was, in part, the result of the pressures I came
under while still in MOD not to discuss crypto issues openly with Paul
Leyland (then at Oxford) on sci.crypt.

As leader of the PIU study team, David played a major role in the work
leading to the recent PIU report which killed off key-escrow.  This is
a step forward of sorts which we should thank him for, but it is
important to remember that crypto export controls are still with us.
And, despite its remit, the PIU report offers absolutely no coverage
here.  Moreover it is very easy to interpret the report as an attempt
to divert attention from such controls since, not only are they not
mentioned, but a highly misleading assertion is made that 'there is
remarkably little international co-ordination' on encryption policy.
Nigel made a half hearted attempt on this list to justify this
statement but he  did not answer the following questions, I suspect
because he is an honest and an honourable person who does not
want to find himself defending the indefensible.

In fact there are now two outstanding 'Open Government' requests with
the DTI that seek to find out more about a number of visits of David
Aaron - the US Crypto Ambassador - to the UK. The DTI is dragging its
feet on these and I believe that one or both of them are now with the
Ombudsman.  If this evidence is eventually published it will show
clearly that the Government (or, maybe, parts of the civil service) is
being 'economical with the truth' here. The political stakes could
hardly be higher given that this has happened in a document issued in
the name of the Prime Minister, so it will be very interesting to see
how the Ombudsman moves on this.  I and many others on this are very
well aware of the full extent of the international coordination of
crypto policy that goes on 'behind the scenes' but most will not speak
out because it does not pay to alienate government when in industry. I
don't have any such constraints and I am more than happy to reveal the
full extent of crypto co-ordination if I have to in order to show that
the government is lying in the PIU document.  I am very clear that
this PIU statement was a lie but I do not yet know the extent to
which those involved are implicated in this.  My advice to the uk
government (they never take my advice but what the heck) is to come
clean now before things get a great deal worse.  Watch this space.

Returning to the issue of government controls on crypto, what appears
to be widely underestimated is the breadth and the depth of the effort
being made by governments - especially the US - to prevent the spread
of crypto.  Their fight at a technical level was lost almost a decade
ago but the fight at a ***psychological level*** is still being very
successfully waged to the point that there is almost no good crypto
being used by 99.9....% of users despite the fact that there are no
technical barriers standing in the way of this.

Even more interesting, there are no legal barriers to the deployment
of good cryptographic protection either - although you would hardly
believe this if you listened to the arguments now raging.  But the
promotion of this debate is just a part of the psychological battle.

We can deploy 56 (or 64) bit crypto in:

* a wide range of products, in
* several network layers
* in many different host-to-host applications protocols.

By deploying 56 bit crypto in this way we would ensure that
each application layer data stream was subject to protection by
several different cryptographic systems using several different keys
implemented in different ways in a range of different products.  The
diversity of  protection provided by this approach would create
added resistance to  attack in its own right and the end result would
be a great deal stronger than the rather lame attempts made by
major software suppliers to give us apparently strong protection in
products that are a great deal weaker than the key lengths being
used might lead us to expect.

All of this is both technically and legally possible but it is not
happening because we have been duped into wanting the 'forbidden
fruit' of longer keys that are always being put just beyond our reach
by a new round of crypto export controls.

Many are puzzled by this move on the part of the US government since,
at a technical level, these controls do not appear to make any sense
since they do not prevent the use of 128 bit cryptography. But at a
psychological level the impact of these controls is still massive since
they serve two purposes, ONE of which is vital but covert:

*first they prevent crypto at these key lengths being deployed in mass
market products

*MORE IMPORTANTLY, they create the ***perception*** that products at
56/64 bits are useless and not even worth deploying.

And the latter is the real purpose of crypto export controls - they are
NOT there to stop 128 bit crypto being deployed - they are there to
create 'forbidden fruit' - all the time just beyond our reach - so
that we draw conclusions from this with the result that ***NO CRYPTO
IS DEPLOYED AT ANY STRENGTH***.

It would be impossible to over-emphasise this part of my message:

THE REAL PURPOSE OF CRYPTO EXPORT CONTROLS IS TO
MANIPULATE PUBLIC OPINION IN SUCH A WAY THAT NO CRYPTO
AT ANY STRENGTH IS  DEPLOYED.

And once this has been twigged, anyone who looks at the evidence of
the last 20+ years with open eyes and an analytical mind will see this
as an obvious truth.

So I call on all major companies involved in Internet products of all
kinds:

* telecoms providers
* LAN product providers
* router and related product suppliers
* suppliers of VPN and firewall products
* suppliers of process layer protocols (SSL etc.)
* applications suppliers (email, voice, video, ....)

to each implement ***high quality 56 bit DES*** in all their products.

Moreover, I call for telcos, ISPs, Banks, e-commerce companies and end
users to stop complaining that DES is not good enough.   Deployed
ubiquitously as I have suggested, as an all pervasive capability at
all levels within  the global information infrastructure, this will
offer far more effective protection that we will ever achieve by
waiting for the 'forbidden  fruit' that is being so skilfully denied to us.

Most of all, however, once the  nature of 'the game' becomes widely
understood it will no longer be worth playing.

         Brian Gladman