[Cryptography] NSA's Clint Brooks retrospective on key escrow

[John Gilmore]

I was searching the Web to see if Clint Brooks might still be around,
and came across this autobiography published in his alumni magazine
in 2020:

  https://www.hotchkiss.org/post-page/~board/alumni-news/post/july-2020-alum-of-the-month-clinton-brooks-56-p83-84

I learned a lot more than I'd known about his career before and in NSA.
He had worked on intercepting and reverse-engineering Russian rocket
launch telemetry, a very challenging job compared to the kinds of
reverse-engineering that cypherpunks tend to do in our own personal
technology.  He also worked on the system that "became GPS", and got
involved in DARPA's early Internet work, to help the government with
survivability of communications networks after a massive nuclear strike.

He also admits, for the first time I've seen it this clearly acknowledged:

  "For years, NSA had worked with U.S. allies to try to keep the
  strength of encryption in commercial products at a level where we
  could break into it if terrorists or foreign adversaries were to use
  it."

We all knew they were doing this, but they would Never Say Anything.
And his characterization is too conditional; they WERE breaking into
commercial encryption WHEN (not "if") any significant adversaries were
using it.

He also admitted that in 1998, the NSA Director said (regarding strong
encryption):

  "For years we have successfully been able to put a finger in the dike
  when a leak occurred, but the dike is about to break open. We need a
  new strategy."

This showed more intelligence in high places than we perhaps gave them
credit for.  We knew the encryption dike was about to break open,
because we were actively working to break it open.  We always treated
their opposition as being mossbound "we always did it this way so we're
going to force it to continue this way, no matter what the costs to the
public's privacy or security".  We saw this over and over, like when
we'd defeat their unconstitutional regime in a court, suddenly the
President would sign an order ghostwritten by NSA that would move the
same unconstitutional export controls to a separate agency.  Clint's
quote above doesn't show that they actually cared about the costs to the
public, but it does show that at least they were realists that the
efforts of the public cryptography community were likely to overcome
their strategy soon.  (It happened two years later, when NSA capitulated
on Commerce Department export of strong encryption, after losing the
appeal in the Bernstein lawsuit).

Clint developed the key escrow concept and tried to get it adopted.  He
says, "I dreamed, it turned out naively, and too idealistically, of
using the developing Internet to foster a national deliberation on this
and how to implement it."  Unfortunately, NSA did not have good answers
to the major issues that the national deliberation raised, like why key
escrow would not be demanded by every government, not just the alleged
good guys in the US Government.  Indeed, the same thing is playing out
today around the covert UK demand for plaintext access to all of Apple's
icloud backups.  You can't give one government access to all the
plaintext unless you give it to all of them, because they are all
co-equal jurisdictions with similar rights to compel companies acting in
their jurisdiction.  And that would give carte blanche to major
goverments already running massive spyware throughout our
infrastructures and societies.

Unfortunately, Brooks maligned the honest opposition to key escrow (and
to NSA mass wiretapping) in a paragraph, claiming that we "distort and
misinform about Clipper" and said that we engaged in "deliberate
misinformation and disinformation".  I didn't see it that way.  Not only
the cypherpunks, but the engineering community at IETF, and the privacy
policy community, and the press, were pointing out real problems that
had precedents in recent history (like NSA wiretapping every telegram
sent in or out of the US, the White House's Watergate spying on
opposition political parties, and the FBI's massive COINTELPRO effort to
wiretap and smear legitimate and principled citizen opposition to
government policies such as racism against black people, or the Vietnam
war).  Not to mention the international government problem from the
previous paragraph.  And in response to our critiques, NSA and Clint had
no response.  They just ignored those illicit government overreach
problems, and pushed through an escrow policy anyway, that would have
offered the public zero protection against recurrence.  It also turned
out that their technical solution (Clipper/Capstone) was easy to defeat,
once opponents could get their hands on the chips.  That, plus the
increasing ease of deploying encryption in software as the industry
increased general CPU processing power, was the death knell of the
effort.  If NSA was as capable as they claim, they should have been able
to predict all of these things that defeated their effort.  Key escrow
was just a bad idea, not one that failed due to misinformation.

Anyway, Clint Brooks's brief bio made for fascinating reading.  Clint,
if you're out there, thank you for (finally!) breaking the Cone of
Silence a bit.  Sorry it took us five years to notice.

	John Gilmore