PLACATE AND AVOID

In July of 1994 the Clinton administration faced a mutiny within Democratic ranks. Maria Cantwell, Democrat from the software filled state of Washington, had written an open letter taking the position that "exporting cryptography is good." Of course, exporting crypto to the Clinton administration is the equal of exporting an atomic bomb. Export without a license is a felony.

In response, Vice President Al Gore was sent to plug the gap and he wrote a letter in defense of Clipper. Therein, the Vice President affirmed his slavish "yes" man image by pledging his open support for a mandatory key escrow system. The letter offered no solutions, and no change in export controls. Instead, Mr. Gore proposed a 5 month study of the issue. In fact, the administration completed the study on time. However, the study was never released to the public despite a Freedom of Information Act (FOIA) request by EPIC. Too secret for American citizens.

Gore, of course, loved Clipper. He even lied to save it, stating that Clipper was for telephone security only. "The Clipper chips is an approved federal standard for telephone communication and not for computer networks," wrote Gore in his response letter. This statement directly contradicts the detailed design paper on Clipper sent to White House NSC advisor (now Director CIA) George Tenet on February 19, 1993. We now know, thanks to the detailed work of the NSA and Dept. of Justice, that Clipper was designed for mainframe computer operations with a top speed of 10 megabits (million bits of information) per second. In fact, according to the Tenet letter, the NSA felt that Clipper could handle up to 100 megabits per second with a little extra work. In short, Gore lied. He knew Clipper was designed to monitor your bank account.

Still, Gore stuck to the official cover-story, and asserted "users of key escrow encryption products ..... will not be subject to unauthorized electronic surveillance as we have done in the Clipper chip." Another lie. The fact is Clipper did have a back-door. Other agencies inside the government (eg... NASA) had already documented the back-door into all Clipper chips without a warrant.

The danger that another "Walker" like spy would penetrate Clipper did not seem to phase our brave second in command. In fact, Gore asserted he was hoping to work with industry to "design a more versatile, less expensive system." That too is a lie. The Clinton administration has NEVER worked with industry on cryptography. In reality, the plan was to nationalize the computer security industry by imposing a mandatory design.

Still, Gore envisioned a new system that "would not rely on a classified algorithm, would be voluntary and would be exportable." More or less everything that Clipper wasn't.

However, not everyone fell for Gore's baloney...

On August 2, 1994, The Deputy Director at DISA (Defense Information Security Agency) wrote an interoffice memo requesting the Director's office review the Gore letter. "Please prepare a position paper that addresses the potential impact of the Vice President's letter," wrote David T. Signori. "Be sensitive to our partnerships with NSA and ARPA by including their views and concerns."

In response, Robert Ayers, Deputy Commander Information Security Systems, concluded the Gore letter had no effect on the Dept. of Defense. "There will be no change in direction for R&D... There is no impact to on-going DISA programs," wrote Mr. Ayers in a Sept. 23, 1994 interoffice memo. Yet, despite the "no impact" conclusion, DISA could not help but slam Gore for lying so badly. "Vice President Gore prepared a letter to Maria Cantwell, H.R., after she proposed an amendment to the Export Administration Act... THE LETTER WAS INTENDED TO PLACATE REP. CANTWELL AND AVOID A NATIONAL DEBATE."

This one line summarizes the entire Clinton encryption policy. Placate and avoid debate. The administration has virtually an across the board gag order, using the false excuse of national security. That gag is imposed on the floor of Congress and in the press. No debate and no freedom of speech. Don't mention crypto - It's not "sensitive" to the NSA. No need for the people to know what is going on.

THE VICE PRESIDENT
WASHINGTON

July 20, 1994

The Honorable Maria Cantwell House of Representatives Washington, DC 20515

Dear Maria:

I write to you today to express my sincere appreciation of your efforts to move the national debate forward on the issue of information security and export controls. I share your strong conviction for the need to develop a comprehensive policy regarding encryption, incorporating an export policy that does not disadvantage American software companies in world markets while preserving our law enforcement and national security goals.

As you know, the Administration disagrees with you on the extent to which existing controls are harming U.S. industry in the short run and the extent to which their immediate relaxation would affect national security. For that reason we have supported a five month Presidential study. In conducting this study, I want to assure you that the Administration will use the best available resources of the federal government. That will include the active participation of the National Economic Council and the Department of Commerce. In addition, consistent with the Senate-passed language, the first study will be completed within 150 days of passage of the Export Administration Act reauthorization bill, with the second study to be completed within one year after the completion of the first. I want to personally assure you that we will reassess our existing export controls based on the results of these studies. Moreover, all programs with encryption that can be exported today will continue to be exportable.

On the other hand, we agree that we need to take action this year to ensure that over time American companies are able to include information security features in their program in order to maintain their international competitiveness. We can achieve this by entering into a new phase of cooperation among government, industry representatives and privacy advocates with a goal of trying to develop a key escrow encryption system that will provide strong encryption, be acceptable to computer users worldwide, and address our national security needs as well.

Key escrow encryption offers a very effective way to accomplish our mutual goals. That is why the Administration adopted the key escrow encryption standard in the "Clipper Chip" to provide very secure encryption for telephone communications while preserving the ability for law enforcement and national security. But the Clipper Chip is an approved federal standard for telephone communication and not for computer networks and video networks. For that reason, we are working with industry to investigate other technologies.

The administration understands the concerns that industry has regarding the Clipper Chip. We welcome the opportunity to work with industry to design a more versatile, less expensive system. Such a key escrow scheme would be implementable in software, firmware or hardware, or any combination thereof, would not rely on a classified algorithm, would be voluntary, and would be exportable. While there are many severe challenges to developing such a system, we are committed to a diligent effort with industry and academics to achieve such a system. We welcome your offer to assist us in furthering this effort.

We also want to assure users of key escrow encryption products that they will not be subject to unauthorized electronic surveillance. As we have done with the Clipper Chip, future key escrow schemes must contain safeguards to provide for key disclosures only under legal authorization and should have audit procedures to ensure the integrity of the system. Escrow holders should be strictly liable for releasing keys without legal authorization.

We also recognize that a new key escrow encryption system must permit the use of private-sector key escrow agents as one option. It is also possible that as key escrow encryption technology spreads, companies may establish layered escrowing services for their own products. Having a number of escrow agents would give the individuals and businesses more choice and flexibility in meeting their needs for secure communications.

I assure you the President and I are acutely aware of the need to balance economic and privacy needs with law enforcement and national security. This is not an easy task, I think that our approach offers the best opportunity to strike an appropriate balance. I am looking forward to working with you and others who share our interest in developing a comprehensive national policy on encryption. I am convinced that our cooperative endeavors will open new creative solutions to this critical problems.

Sincerely,

Al Gore

DISA RESPONDS TO THE VEEP

INTEROFFICE MEMORANDUM

TO: Director JIEO

FROM: AD

DATE: 3 Aug 94

SUBJECT: Gore Letter

Preparer: SFC Smith/AC/764-3642/sls

1. Please prepare a position paper that addresses the potential impact of the Vice President's letter on (1) the DOD policy regarding the use of TESCERA for encryption; (2) ongoing R&D and acquisition programs for encryption; and (3) DISA programs that are planning to use this technology, e.g., DMS, EC/EDI, DISN. The paper should address the question of whether or not a ne direction is needed for DOD. If so, it should outline what the course should be and what our strategy should be for pursuing it. Be sensitive to our partnerships with NSA and ARPA by including their views and concerns.

2. Prepare the response at a level of classification that permits a thorough airing of the issues. This action should be thoroughly coordinated with NSA and ARPA. The paper should be provided to this office not later than 12 August.

3. POC for this issue is LCDR Nagel, (703) 746-3642.

Thanks,

David T. Signori, Jr.
Deputy Director

Copy to:
Lt Gen Edmonds
Mr. Leyden

DISA REVEALS THE REAL AL-GORE-RITHM

INTEROFFICE MEMORANDUM

TO: DD

THRU: D6

FROM: TG

DATE: 23 Sep 94

SUBJECT: Gore Letter

Reference: DIS IM, AD, subject as above, 2 Aug 94

Preparer: Ms. Pickens/TGAD/756-7957

1. As requested by the reference, the following is provided:

a. Vice President Gore prepared a letter to the Honorable Marie Cantwell, H.R., after she proposed an amendment to the Export Administration Act reauthorization bill espousing a position that "exporting cryptography is good." The letter was intended to placate Rep. Cantwell and avoid a national debate: It specifically stated that Clipper is an approved federal standard for telephone communication, not for computer networks and video networks; and made no commitments other than to conduct two studies.

b. In answer to questions relating to the potential impact to DISA, the following responses are provided:

(1) There is no DoD policy regarding the use of MISSI/MOSAIC; however, ASD/C3I memo of July 7, 1994, regarding PCMCIA card slots in PC and workstation contracts, states that the protection of DoD sensitive but unclassified electronic mail is a minimum need that DoD must meet through the use of MISSI Release 1.

(2) There will be no change in direction for R&D and acquisition encryption programs; in fact, the letter recommends R&D that is already being planned, to include alternative escrow encryption concepts (e.g., owner-based escrow).

(3) There is no impact to on-going DISA programs planned to use MOSAIC security card technology, which includes: the acquisition of MOSAIC security cards for DMS; EC/EDI; DISN; and the DoD Goal Security Architecture (DGSA). Technical considerations are provided as an enclosure.

DISA IM, TGA, Gore Letter, 23 Sep 94

2. CISS will work to draft two DoD policy statements for ASD/C3I considerations, one which would require the use of MOSAIC security cards for specified INFOSEC requirements (e.g., digital signatures, message encryption, challenge-response authentication), and a second to preclude adoption of a variety of different encryption based capabilities that are not compatible or interoperable.

Robert L. Ayers
Deputy Commander
Information System Security


All content COPYRIGHT SOFTWAR (C) 2000. Any reproduction or use of content herein must be approved by SOFTWAR.