From: firstname.lastname@example.org (Aaron Schuman)
Subject: Congress to order crypto trapdoor?
Message-ID: <1991apr11 .231215.19779="" dragon.wpd.sgi.com="">
Date: 11 Apr 91 23:12:15 GMT 1991apr11>
The United States Senate is considering a bill that would require
manufacturers of cryptographic equipment to introduce a trap door,
and to make that trap door accessible to law enforcement officials.
If you feel, as I do, that the risk of abuse far outweighs the
potential benefits, please write to Senators Joseph Biden and Dennis
DeConcini, and to the Senators that represent your state, asking that
they propose a friendly amendment to their bill removing this
I don't have exact addresses for Senators Biden and DeConcini, and
I hope someone will post them here, but the Washington DC post office
can deliver letters addressed to
Senator Joseph Biden Senator Dennis DeConcini
United States Senate and United States Senate
Washington, DC 20510 Washington, DC 20510
RISKS-LIST: RISKS-FORUM Digest Wednesday 10 April 1991 Volume 11 : Issue 43
Date: Wed, 10 Apr 91 17:23 EDT
Subject: U.S. Senate 266, Section 2201 (cryptographics)
Senate 266 introduced by Mr. Biden (for himself and Mr. DeConcini)
contains the following section:
SEC. 2201. COOPERATION OF TELECOMMUNICATIONS PROVIDERS WITH LAW ENFORCEMENT
It is the sense of Congress that providers of electronic communications
services and manufacturers of electronic communications service equipment shall
ensure that communications systems permit the government to obtain the plain
text contents of voice, data, and other communications when appropriately
authorized by law.
The referenced language requires that manufacturers build trap-doors
into all cryptographic equipment and that providers of confidential
channels reserve to themselves, their agents, and assigns the ability to
read all traffic.
Are there readers of this list that believe that it is possible for
manufacturers of crypto gear to include such a mechanism and also to reserve
its use to those "appropriately authorized by law" to employ it?
Are there readers of this list who believe that providers of electronic
communications services can reserve to themselves the ability to read all the
traffic and still keep the traffic "confidential" in any meaningful sense?
Is there anybody out there who would buy crypto gear or confidential services
from vendors who were subject to such a law?
David Kahn asserts that the sovereign always attempts to reserve the use of
cryptography to himself. Nonetheless, if this language were to be enacted into
law, it would represent a major departure. An earlier Senate went to great
pains to assure itself that there were no trapdoors in the DES. Mr. Biden and
Mr. DeConcini want to mandate them. The historical justification of such
reservation has been "national security;" just when that justification begins
to wane, Mr. Biden wants to use "law enforcement." Both justifications rest
upon appeals to fear.
In the United States the people, not the Congress, are sovereign; it should not
be illegal for the people to have access to communications that the government
cannot read. We should be free from unreasonable search and seizure; we should
be free from self-incrimination. The government already has powerful tools of
investigation at its disposal; it has demonstrated precious little restraint in
Any assertion that all use of any such trap-doors would be only
"when appropriately authorized by law" is absurd on its face. It is not
humanly possible to construct a mechanism that could meet that
requirement; any such mechanism would be subject to abuse.
I suggest that you begin to stock up on crypto gear while you can still get it.
Watch the progress of this law carefully. Begin to identify vendors across the
William Hugh Murray, Executive Consultant, Information System Security 21
Locust Avenue, Suite 2D, New Canaan, Connecticut 06840 203 966 4769
We fought this battle once and thought that we won the war.