NATIONALIZE AN INDUSTRY

EPIC (Electronic Privacy Information Center) performed an FOIA from the Justice Dept. to obtain materials about President Clinton's encryption policy meetings held in 1993. This paper was produced two weeks after Vince Foster, Benard Nussbaum, and Webb Hubbell attended a SECRET meeting at NSA headquarters to plot out strategy to IMPOSE mandatory government bugs on every telephone, fax and computer in the U.S. In addition, the "holders" of the keys would be picked by the administration.

NOTE - XXXs ARE AREAS DEEMED SECRET AND HAVE NOT BEEN RELEASED BY THE NSA.

SECRET
U.S. Department of Justice
Criminal Division

May 17, 1993

MEMORANDUM FOR ADDRESSES

FROM: Geoffrey R. Greiveldinger DOJ/CRM/NDDS

SUBJECT: PDR/NSC-27: Draft Answers to Questions 5.2 and 5.6

Enclosed are first drafts of response to PRD Questions 5.2 and 5.6, dealing, respectively, with voluntary vs. mandatory and with identification of key escrow agents. The drafts are mine, but they have been substantially improved by suggestions from other members of the sub-working group, whose assistance I hereby publicly acknowledge. Whatever, shortcomings remain are not their fault.

As requested at our organizational meeting, I;d appreciate any comments by noon Wednesday. May phone number is (202) 514-8711, STU-III phone (202) 514-3989. Faxes are (202)514-6122 (unclas) and (202) 514-3554 (STU-III). Thanks.

DISTRIBUTION:


  • CC:

    QUESTION: Access the relative practicality of voluntary versus mandatory uses of this (key escrow) approach.

    ISSUES: This question requires consideration of a number of issues, including:

    - For what applications is the key escrow technique useful?

    - What market or other factors will likely affect voluntary use of key escrow technique devices?

    - How extensive need legislation or other controls be to ensure satisfactory levels of use of key escrow technique encryption?

    CURRENT SITUATION:
    High-quality encryption of private telecommunications is rapidly becoming readily and inexpensively available. Law enforcement is very worried that encrypted telecommunications, voice and fax, will frustrate authorized electronic surveillance and thereby preclude, in life-threatening situations, a crucial technique for investigating and preventing crime. The government developed key escrow microchip, used in the AT&T TSD 3600, provides a balance between strong privacy protection and assurance of law enforcement's ability to decrypt when authorized to do so,XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    (REST OF PAGE AND NEXT TWO PAGES ARE BEING WITHHELD as SECRET)

    SECRET

    QUESTION: What institutional agents are feasible for key escrow safekeeping?

    Issues: What entities may be suitable key escrow agents? Who should decide among acceptable candidates?

    Current situation: Key-Escrow agents must be identified for the AT&T TSD 3600, already on the market, and for devices using the key-escrow system expected to be marketed in the near future.

    Foreseeable changes: As encryption becomes more readily available and a more common feature of modern telecommunications and information devices, an increase in the number of devices using key-escrow encryption technology can be expected.

    Discussion: PDD/NSC-5 states, in part, "The Attorney General shall make all arrangement with appropriate entities to hold the keys for the key-escrow microcircuits installed in communications equipment." The Department of Justice is consulting with other agencies, including the NSC staff, regarding suitable candidates among Federal agencies. The Attorney General's selection of agents will not be slowed down by the PRD/NSC-27 process.

    All agencies agree that any entity serving as a key-escrow agent must, among other things, be able to provide th keys adequate security and be able to respond on short notice to certifications of the need for a key. In addition, any such entity will need to have a suitably high public reputation for integrity and competence.

    Some have suggested that key-escrow agency be vested in one or two private entities, commercial or non-profit. While appealing for the standpoint of public perceptions about protection of privacy interests, the suggestion seems to have a number of critical shortcomings. For example, those entities likely to generate the highest level of public confidence about privacy protection are unlikely to want to participate. Those entities, especially commercial enterprises, that may be willing to serve will almost certainly do so only on commercial terms that would include substantial remuneration, as well as other considerations, including indemnification from liability. Commercial entities, moreover, could become subject to foreign control. Perhaps the most important consideration, however, is that no private entity would be under the direct control of the President. Even with one having the necessary security and 24 hour response capability, the government's only ability to ensure response to a certified request for a key would be through enforcement of its contract with the private entity. In short, the possible benefits of using a private entity appear to be outweighed by the probable disadvantages.

    Some thought has also been given to vesting key escrow agency responsibility in an entity of another branch of the government, such as the Administrative Office of the U.S. Courts, or in an independent agency, such as the Federal Reserve. Considerations of separation of powers and concern about the Executive's ability to exercise the necessary control to ensure proper discharge of key-escrow responsibilities militate against designation of such entities.

    Finally, among Executive Branch agencies, the Department of Justice believes that at least one of the key escrow agents must be associated with law enforcement. Assigning key escrow responsibility to such an entity , whether an appropriately senior office with the Department itself or a component such as the FBI, will help ensure an expeditious response capability with full security of escrowed keys. Possible public misunderstandings that key escrow protections may be diminished if law enforcement hold one or both keys can be overcome by clear public explanations of both the key escrow process and the applicable laws on electronic surveillance.

    SECRET

    Real time access to and decryption of stored electronic information secured by hardware-based encryption could be performed utilizing the "Clipper" technique.

    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (Two paragraphs blanked out by NSA withheld as still secret)

    Technical solutions, such as they are, will only work if they are incorporated into all encryption products. To ensure that this occurs, legislation mandating the use of Government-approved encryption products or adherence to Government encryption criteria is required.

    TOP SECRET

    Impacts of Telecommunications and Encryption Technology on Law Enforcement and Intelligence Collection:

    Assessment, Options and Recommendations (C)

    Prepared in accordance with Presidential Review Directive/NSC-27

    Working Draft November 19, 1993

    Distributions and Use Restrictions:



    BACKGROUND XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (FIRST PARAGRAPH CLASSIFIED AS PER NSA)

    - FBI/NSA/NIST have worked together to assure standards NIST promulgates pursuant to its authority for use by the Federal government are compatible with law enforcement XXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    - - These efforts have led to the design of a microelectronics chip that would provide high quality encryption while still enabling government decryption when authorized.

    - The encryption chip is only a partial solution as it does not address:

    - - encryption products that are in software.

    - - encryption products (hardware or software) available for use by non-government entities/individuals.

    - - telecommunications technologies employed by common carriers and private branch exchange (PBX) operators that also effectively thwart authorized government electronic surveillance -

    TOP SECRET

    - The FBI proposed legislation to authorize the FCC to regulate common carriers, PBX operators, and manufacturers of encryption devices available for use in the U.S. to ensure such systems and devices are compatible with law enforcement electronic surveillance interests.

    - Interagency group reviewed proposed legislation and concluded:

    - - Legislation to regulate common carriers and PBX operators to assure their systems are compatible with law enforcement interests may be refined and pursued with manageable political risk.

    - - Legislation to authorize regulation of encryption product manufacturers would be considerably more difficult and required further study.

    - Interagency group studied issues related to encryption products and considered six options for addressing. The options and the pros/cons of each are discussed below.

    OPTIONS DISCUSSED

    I. MANDATE THE GOVERNMENT SOLUTION:

    Legislation to prohibit use of any encryption product in the United States that does not employ the chip designed by NIST/NSA/FBI, (discussed above).

    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (REMAINING PAGES REMAIN CLASSIFIED AS PER NSA)


    All content COPYRIGHT SOFTWAR (C) 2000. Any reproduction or use of content herein must be approved by SOFTWAR.