Reasons why private cryptography should not be regulated.
This is material is out of date.
Rose Key Logo by David
Paul Elliott is solely responsible for this document
PMB 181,11900 Metric Blvd. Ste J
Austin Texas 78758-3117
This is a dated document!
It was written in 1995. Still available for historical reasons. The battles
refered to here have been largely been won by the free encryption forces.
Some links are broken.
Freeh proposes cryptography regulations.
FBI director Freeh has been promoting his plan for cryptography regulation.
( Freeh and Crypto
and Crypto Reference 2,
and Crypto Reference 3, and
and Crypto Reference 4). Usually, these plans take the form of some
kind of mandatory key escrow. Mandatory key escrow schemes are requirements
that decryption keys be given to government agencies with the promise that
the keys will not be used without a warrant.
Freeh's requests should be rejected.
There are a number of reasons why Freeh's requests for cryptography regulations
should be not be granted.
Private Cryptography Regulations are unconstitutional.
Government regulations on private cryptography are unconstitutional for
a number of reasons:
Since all Senators and Congressmen take an oath to preserve and defend
the constitution of the U.S., this should be the end of the argument. However,
watching some of the stupid laws that have come out of congress in past
years, tells me I should supplement the above with additional argument.
First amendment. Electronic communications are a form of speech and the
cryptography regulations try to regulate this speech to a form the government
understands. Congress shall make NO LAW ....or abridging the freedom
of speech or of the press; ...
Second amendment. Cryptography is arms. Even U.S. government ITAR regulations
admit this. Therefore cryptography is protected by Second amendment.
Ninth & tenth amendments. Article I section 8 does not give congress
the power to tell us what computer software we can run on our computers.
Therefore that power remains with us, and we should be able to run whatever
cryptography software we want the displeasure of congress not withstanding.
The power to search, if a warrant exists, which is mentioned by the fourth
amendment, does not grant the government the right to succeed in finding
what the it is looking for. In other words the power to search, is not
a power to guarantee a successful search.
is not a power to require citizens to run their lives in such a manner
that any government search will be successful.
Note for lawyers
I am not a lawyer and I am not trying to be one. I have no
opinion as to whether private cryptography regulations will be
unconstitutional. There are a number of cases where out courts have made
decisions which do great violence to the plain meaning of the text of our
constitution. Knowing what the courts will actually do is the business
of lawyers. Understanding the constitution so that one may know what the
courts should do should be the business of every citizen.
Michael Froomkin, Associate Professor at the University of Miami School
of Law believes that although
the issues are complex, the Supreme Court might possibly find the regulation
of non-escrowed encryption constitutional. I believe that this shows
the sad state of our courts and laws.
Cryptography is already in use.
Cryptography is already in use by legitimate business. Any government regulation
of cryptography will probably cost huge amounts of money for software and
hardware costs for existing systems to be changed to a form that the government
existing ITAR regulations probably cost the U.S. economy large amounts
of money because U.S. companies can not market cryptography software internationally.
By discouraging private cryptography, the ITAR regulations probably enables
a large amount of computer crime since it makes it difficult for people
to protect themselves. The ITAR regulations have not and can not prevent
strong cryptography from making it outside the U.S. How many tons of cocaine
illegally enter the U.S. every year? Yet the government ITAR regulations
propose to regulate the export of software that can fit in a shirt pocket,
or travel by wire concealed with billions of bytes of data that leave the
U.S. every year. It is time for the U.S. government to start living in
the real world!
According to an article in the August 17, 1995 Wall Street Journal,
ITAR regulations have required Netscape to use inferior encryption methods
in the international version of its World Wide WeB browser software.
inferior encryption method has actually been broken by a French Hacker!
Because of its computational intensity, this weakness in the encryption
method does not represent an immediate danger. However as more powerful
computers continue to develop, this and similar vulnerabilities will present
a danger for those who wish to use the internet for commerce.
When cryptography is outlawed only outlaws will have cryptography!
The excellent NRA argument "when guns are outlawed only outlaws will have
guns" applies with equal force to cryptography! Professional criminals
will circumvent with ease any government regulations on cryptography. Trillions
of bytes travel the internet yearly. The techniques of steganography make
it absolutely trivial for any motivated person to conceal any encrypted
messages. The Big Brother cryptography regulations will affect only ordinary
Regulations limit security.
These regulations make it impossible for an individual to have greater
privacy than the U.S. government. The Adlrich Ames case makes it clear
that the U.S. is incompetent to keep a secret.
The proposed regulations require the American people trust the government,
but on the contrary, the government should be required to trust the American
people. Recent news stories (Waco ect.) make it clear that it is common
for government agents to lie to get a search warrants. Government should
be viewed as George Washington did as ``a fearful servant and a dangerous
A recent poll conducted by the Americans Talk Issue Foundation
said 76% of the people questioned responded that they rarely or never trust
"government to do what is right".
This mistrust is well founded. At the same
time as administration sources were saying that key escrow schemes would
remain voluntary, FBI, NSA, and DOJ experts were saying that the schemes
must be made mandatory if they were to be at all effective. If the
government is willing to lie to establish a key escrow key system, what
makes us believe that the government will not lie when applying for warrants
to use that system?
The Secret FISA Court will issue warrants for decryption keys.
If any key escrow system is adopted,
secret FISA court will undoubtedly be given the power to issue warrants
for decryption keys. The FISA court has granted over 7,500 wiretap requests
in complete secrecy with only one refusal. The secrecy of this court creates
a great opportunity for abuse. If the court is lied to, the lie is not
exposed, because the people with an interest in exposing the lie do not
know the lie exists. If the court grants legally unwarranted warrants,
there is no one to appeal or to try to stop the practice, because no one
knows about the problem.
Don't tread on me
It is too humiliating to require a free people to participate in the establishment
of their own surveillance prisons. This is what key escrow requires. Consider
the words of our revolutionary heritage:
Those who would sacrifice essential freedoms for temporary
safety deserve neither.
If ye love wealth greater than liberty, the tranquility of
servitude greater than the animating contest for freedom, go home from
us in peace. We seek not your counsel, nor your arms. Crouch down and lick
the hand that feeds you; and may posterity forget that ye were our countrymen.
Do you think that these men would approve the government's key escrow
Back to EFH how to use PGP Workshop?
Other sources of information on Cryptography Policy