Computer-Mediated Communication Magazine / Volume 1, Number 5 / September 1, 1994 / Page 8
Cryptography has meant little to the majority of the population; such mathematical methods of encoding and decoding messages are the realm of spies, the secret services, and more recently computer hackers. Modern cryptography is based in advanced algorithmic theory. Personal computers and digital transmission and storage of most all sensitive personal information and business transactions have made cryptography critical.
Electronic information is readily movable and relatively easy to access. By 1990 the need for simple and effective cryptography had been identified and promised by the Federal government. This essay examines the issue of computer privacy and the efforts of civil libertarian groups to inform the public, businesses and media of the importance of cryptography issues following the Clinton Administration's February 4, 1994, formal acceptance of an encryption system. After discussing the development of the new "escrow" system and identifying major participants, a framework is applied to the development of this issue.
Management of an issue helps move it into the public domain, the aim being to change policy without direct influence. The role of the media has been to open up debate and encourage public participation in the democratic process. The new "media" of the Internet is no different and proves to be an efficient issue management tool.
Both envisioned a networked world and became concerned about Federal security agents not extending real life rights of search, seizure and questioning to computer related crimes and the virtual world. Barlow and Kapor agreed to form a civil liberties organization to protect the citizens of, what "sci-fi" writer William Gibson had termed, "Cyberspace" (Barlow, 1990). They were soon joined by Sun Microsystems founder John Gilmore and Jerry Berman, a lawyer for the ACLU. The Electronic Frontier Foundation (EFF) has since grown into a major force on the Internet and is a "household" name in the "dwellings" of Cyberspace.
In the move to the information age, the EFF's primary focus is to ensure that the principles embodied in the Constitution and the Bill of Rights are protected as new communications technologies emerge. The Constitution cannot enact itself and EFF realize that they need at take an aggressive role as the new medium of the Internet is sensitive to initial conditions, constraints and influences. EFF and several other computer groups have sponsored legal cases involving online rights and played roles in setting a less severe sentencing guideline for computer fraud and abuse (EFF, 1994).
Since inception, members of the Electronic Frontier Foundation have testified before Congress and advisory committees on communication and computer topics and have been published and interviewed for many publications and shows including; National Public Radio, Newsweek, CNN, Wired, Scientific American, Communications of the ACM, and Forbes. Due to this recent media coverage this essay emphasizes EFF's role. Many other groups are involved and will be mentioned; Computer Professionals for Social Responsibility (CPSR ftp site, CPSR gopher site). the Cypherpunks , Wired Magazine, Software Publishers Association (SPA), and the American Civil Liberties Union (ACLU).
The National Security Agency lost its virtual monopoly in cryptography when in the 1970's Whitfield Diffie, a computer scientist, produced a Public Key Cryptography system. The problem with previous "crypto" schemes, such as the US Federal Data Encryption Standard (DES), was that the recipient and sender needed a secure channel to pass between themselves the algorithm or "key" that would enable messages to be encoded for use over insecure channels. If such a secure channel exists, then why use cryptographyin the first place? (Zimmerman, 1993).
In Diffie's system everyone has two keys, a "public" key that can be widely disseminated and stored, and a private, "secret" key. To encrypt a message the sender uses the recipient's public key, the recipient turns this ciphered text back into plain text using their own secret key. The senders "digital signature" can also be checked. This would have been encrypted by the sender's secret key and the recipient would use the sender's public key to decrypt the signature. Three researchers took this system and made the Rivest-Shamir-Adleman (RSA) system that allowed for the safe conduit of public keys and provided a level of encryption superior to the DES (Levy, 1993).
The export of US-made "crypto" is subject to a Federal embargo, however. Hence companies such as Apple, IBM and Microsoft do not provide strong encryption in their products for either the domestic or international markets. This has meant that the private citizen, the grassroots organization and small businesses have not been encouraged or able to use crypto in the storage and transmittal of information. In a time when everyone's credit, medical, and criminal records are "online" somewhere, personal privacy is therefore impossible. The balance of national security and privacy had to be met and efforts began to formulate an encryption standard.
In August, 1991 the National Institute of Standards and Technology (NIST), guided by the NSA, introduced a new and powerful public encryption system. Instead of offering validation to this move, however, encryption specialists criticized the method and inherent secrecy of the new Digital Signature Algorithm (DSA). They pointed to the highly respected RSA public key system already used by the computer industry and ironically, government agencies. DSA was called "weak," "dangerous" and critics feared the ramifications of a government imposed security standard (Communications of the ACM, July 1992).
Among these critics was a coalition of 50 major computer and communication companies, including IBM, Microsoft, Sun and AT&T, the Digital Privacy and Security Working Group (DPSWG), now coordinated by EFF. In 1986, they helped enact the Electronic Communications Privacy Act that established developing the information infrastructure in a manner consistent with traditional notions of privacy, free speech and civil liberty (Berman, 1994).
Another measure DPSWG fought rigorously to influence and defeat was Senate Bill 266, a 1991 anti-crime bill that included a resolution that would have forced manufacturers of secure communications to insert "trap doors" so the government could read encrypted messages: "It is the sense of Congress that providers of electronic communications services and manufacturers of electronic communications service equipment shall insure that communications systems permit the Government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law" (Zimmerman, 1993, p.5).
In 1992, the FBI Digital Telephony wiretap proposal was introduced to Congress. This legislation would require special remote wiretap ports be built into communication products that would enable the FBI to remotely wiretap all forms of electronic communication from FBI offices. Due to stern opposition no sponsors in Congress were attracted although the Bill has since been reintroduced (Zimmerman, 1993, p.5).
On April 15th, 1993, the Clinton Administration signed a decision to encourage the use of a national encryption standard. Encrypted Clipper Chips would be built into all communication devices, telephones, modems and fax machines. The information passed between recipient and sender would become encrypted via an electronic algorithm (key) based on the information contained on each of the chips. This system is both secure and private yet in order to meet law enforcement concerns about access to information the "escrow" keys of all chips would be held in trust by a third party who would release keys upon presentation of valid warrants (Steele & Weitzner, 1993). In this way data would be accessible by law enforcement but presumably under the same safeguards as currently provided for the collection of evidence and related law enforcement activities.
According to Stewart Baker, Chief Counsel for the NSA, this system allows security agents to keep up with their ability to monitor criminals that rely on communication technology. He cites high- tech pedophile rings, drug cartels and terrorists as potential users of unescrowed encryption and suggests that a national standard will allow current analog wiretap provisions be extended to digital communications (Baker, 1994). This proposal has been met with strong protests and EFF (See "EFF Announces its Official Policy on Cryptography and Privacy") suggest the following problems, although they recognize the national security concerns.
The algorithm developed by the NSA and used to encrypt each chip is classified. This means the ability of independent encryption experts to test the chip has been taken away so no independent confidence can be given in Clipper's real ability. In fact in June 1994 an engineer working for AT&T labs, relying on the limited public information released on the Clipper system, discovered a flaw that would enable encrypting messages with Clipper that even the NSA could not decipher (Stahl, 1994). Furthermore, EFF and others have suggested that the algorithm may have a "back door" allowing for real time deciphering of encrypted messages without the presentation of, or even application for, a wiretap warrant.
The Administration insists the proposal is voluntary and organizations will have the right to choose this method of encryption among many. However, civil libertarians argue that people will be forced to adopt this system due to the governments leverage. Opponents also ask why, if the system is voluntary, would criminals be motivated to adopt this standard in the first place?
The proposed holders of the "keys" have also been disputed. In order to add security each chip has a unique key pair, a split that makes decryption less convenient. The current plan will place one key within a division of the Treasury Department, the other with the NIST (The Bureau of National Affairs, 1994). EFF's commentary on Clipper has referenced previous government abuses such as Watergate and the FBI's power during the Hoover years (Groves, 1994). Other arguments include the cost and impracticality of the Clipper proposal, and calls for changes in current legislation that inhibits export of US-made encryption technology.
After nine months of deliberation, debates and unreciprocated submissions by lobbyist and Internet users, the Clinton Administration announced plans to keep Clipper, key escrow, and the escrow agents as proposed. Further, Clipper was proposed as the new Federal Information Processing Standard (FIPS) and the private sector was invited to use Clipper. This is when "the other jackboot dropped" (Barlow, 1994) for the various lobbyists and civil liberty groups and the Clipper debate accelerated from imminent to a critical issue. Since that date, efforts have increased to gain media coverage and public involvement for the issue.
In terms of "issue life-cycle," the debate moved from being potential to imminent and toward current. Crable and Vibbert (1985) describe the potential stage is when interest has been shown and participants formulate questions, answers and solutions to an issue. This status may be applied to the initial attempts of the NIST and NSA to formulate a new standard in the early nineties. Imminent status began when the DSA standard and Digital Telephony acts were announced and the issue became of legitimate concern to the parties involved - the NSA wanted to maintain law enforcement access in the digital age, while civil libertarians argued for preserving privacy. The issue was not important to citizens in general, had not received mass media recognition and not become part of the social agenda.
McCombs & Shaw's (1972) agenda setting research noted that the media coverage of a topic results in public concern for this topic. Coverage in the media has been found to be enhanced when an information subsidy or source, such as a press release, enables reporters and editors to save time, money and expend less effort. Press release production has been attributed to increasing coverage by 50% or more (Walters & Walters, 1992).
Charles Bantz (1990) has offered Weick's theory of organizing to explain the production of news. When faced with new information with multiple meanings, the news agencies seek to reduce this equivocality. Reporters might use the press release, rely on an interview or follow the stories run in the Times or Post. The power of opinion leaders, such as the New York Times, to almost construct the environment for other media to follow leads to astonishingly similar reporting. In the days following the Clipper announcement, the media relied on information to create coverage of the complicated Clipper issue. Explaining cryptography, DES, DSA, algorithm's, escrow agents and the Clipper/Skipjack/Capstone system was highly equivocal.
Press coverage of this period turns up little or no mention of EFF or CPSR. The opposition cited by the press in April 1993 was from Stephen Bryen of Secure Communications Technology, a competitor to Mykotronx, the company chosen to manufacture the Clipper chips (Murray, 1993; Markoff, 1993). EFF was becoming a respected voice in Washington, often giving testimony in House Committee and Congressional hearings discussing the National Information Infrastructure, but efforts to bring the issue to the public appear minimal.
The government sought to introduce Clipper with as little fanfare as possible and EFF did not do enough to move the issue to the "current" stage and into the public domain at this time. Complex features such as Clipper would benefit from early, timely and articulate press releases to enable ease of work for the reporters and more understanding of the EFF's concerns regarding privacy issue, as well as the security issues outlined by the Administration.
From April, 1993 to February, 1994 EFF began to build a pool of goodwill on the Internet and started to be recognized by the specialist press and technology beat reporters. The media strategy, however, was by now reactive. It was not until the February 4, 1994 announcement that the Clinton Administration was to adopt the proposed Clipper system that EFF and CPSR managed to move the discussion into the current stage - a stage where citizens and groups identify with the issues and take sides, and a stage where media coverage is heightened. By this time, however, the issue was also at the critical stage - the time where policy decisions are made (Crable & Vibbert, 1985). (You can read EFF's Press Release, "EFF Announces its Official Policy on Cryptography and Privacy".
Another life cycle analysis can be applied to media coverage using Molitor's identification of emerging issues table (Coates, Coates, Jarrett & Heinz, 1986, p. 24). In the early 1980's discussion of encryption and digital eavesdropping was limited to readers of science-fiction, fringe media and technical journals. During this stage, ideas were being applied to the issue by cryptology experts in a dialogue similar to how academics use journal articles. The moves of the government in 1991 and 1992 began the diffusion of the discussion amongst opinion and business leaders; articles were printed in Scientific American, Science, Communications of the ACM and other "academic" journals during this time. Following such coverage, popular intellectual magazines picked up the story that lead to coverage in more general interest publications such as Time and Newsweek. Finally, newspapers, radio and television that allow "instantaneous coverage for mass consumption" feature the issue.
This trend can be spotted in the emergence of Clipper issue and since February, 1994 the New York Times has regularly published articles relating to Clipper (especially the 8500 word "Battle of the Clipper Chip" article of June 12th, 1994), CNN and NPR have given the debate considerable coverage and the popular media such as ABC's Nightline and Rolling Stone magazine have featured discussions of privacy in communications and information.
The second half of this essay will focus on how EFF finally helped move Clipper into these final stages of media coverage, made it into an issue and brought the debate to the users of the Internet, the mass media and almost to the general citizens of the population.