
Joe Biden tried to ban email encryption back in 1991 - dmix
http://dustinkirkland.wordpress.com/2008/11/07/vp-elect-joe-biden-is-responsible-for-open-sourcing-email-encryption/
======
tptacek
The _whole US government tried to ban encryption wholesale_ in the 1990s; they
even attempted to standardize a bespoke algorithm (Skipjack) that provided key
escrow for law enforcement. During the same period, they religiously enforced
export controls that classified any encryption code, including simple hash
functions, as munitions. I remember buying a "this t-shirt is a munition"
shirt in '95 by giving a website the numbers off the bottom of a check(!).

The government lost (although export controls still create annoyances today).
Nobody in government seriously thinks industry is ever going to adopt a
government-controlled encryption algorithm. Also, this isn't part of some
secret history of the Internet; the entire cipherpunk movement was a reaction
to the attempt to ban crypto.

If you want to keep perspective, it's important to remember that the world of
1993 looked very different from that of 2012. Very few people believed that
every teenager in America would be using the Internet as their first line of
communication, or that the Internet would steadily consume retail, finance,
media, and even industrial controls. Commercial cryptography itself was merely
nascent; "cryptography 2.0", a trend of the _late_ 90s, _introduced_
authenticated cryptography to the mainstream (prior to that people just
encrypted and added checksums) --- look at SSHv1 and PGP for representative
designs. Nobody understood anything in 1993.

Also:

 _Sense of Congress resolutions don't create law_. They're literally just
statements of opinion. So the idea that this amendment would have "outlawed
SSH" is directly mistaken.

And, the targeting of cryptography in this language is incidental. It was not
only the "sense of Congress" but actual law that telco providers create
facilities to enable (warranted) wiretaps --- that's CALEA, which passed in
1994. Biden's sense-of-Congress resolution is essentially just a capsule
summary of CALEA made to sound slightly smarter with the word "plaintext".

~~~
declan
Although Biden's amendment by itself wouldn't have outlawed SSH, it was enough
to make programmers see the writing on the wall. A bill with domestic
restrictions on encryption was approved by a House committee in the 1990s, and
Biden's bill was what prompted PRZ to release PGP, as PRZ himself said at the
time. See:

<http://news.cnet.com/8301-31921_3-20032910-281.html> In response to lobbying
from the FBI, a House committee in 1997 approved a bill that would have banned
the manufacture, distribution, or import of any encryption product that did
not include a back door for the federal government. The full House never voted
on that measure.

~~~
tptacek
(a) You appear to be referring to a bill that died in a House committee.

(b) It's not in dispute that the DOJ opposed cryptography in the '90s (that's
the lede of the comment you're replying to).

(c) The bill you're referring to had nothing to do with Biden.

(d) The one crypto-relevant bill that does bear Biden's name explicitly
forbids the government from demanding that ISPs design networks so as to
provide plaintext to law enforcement.

Let's keep the goal-posts clear here. The thread we're commenting on says _Joe
Biden_ opposed encryption. That's relevant because Joe Biden is a part of the
current administration. I wouldn't want to perpetuate that unfounded idea by
pointing out that other people were opposed to encryption in the 1990s; it was
a common belief back then.

~~~
Create
"All right, among us now we that we are all in private just us girls all let
our hair down" he didn’t had much hair even then but he let it down "We are
not going to prosecute your client Mr Zimmermann he said public key encryption
will become available we fought a long loosing battle against it but it was
just a delaying tactic" and then he looked around the room and he said "But
nobody cares about anonymity do they?"

And a cold chilled went up my spine and I thought alright Stuart and now I
know you’re going to spent the next twenty years trying to eliminate anonymity
in human society and I am going to try to stop you and let’s see how it goes.

And it’s going badly.

We didn’t built the net with anonymity built in. That was a mistake now we are
paying for it.

Our network assumes that you can be tracked everywhere.

And we have taken the Web, and we made facebook out of it.

[http://benjamin.sonntag.fr/Moglen-at-Re-Publica-Freedom-
of-t...](http://benjamin.sonntag.fr/Moglen-at-Re-Publica-Freedom-of-thought-
requires-free-media)

------
waffle_ss
One little-known fact about Biden is that he authored the [Omnibus
Counterterrorism Act of 1995][1]. This bill was a precursor to the PATRIOT Act
in several ways, such as by ["allowing secret evidence to be used in
prosecutions, expanding FISA and wiretap laws, creating a new federal crime of
'terrorism' that could be invoked based on political beliefs, permitting the
U.S. military to be used in civilian law enforcement, and allowing permanent
detention of non-U.S. citizens without judicial review."][2] See the Center
for National Security Studies [analysis][3] (written in 1995) for more
detailed info.

In his own words: "I drafted a terrorism bill after the Oklahoma City bombing.
And the bill John Ashcroft sent up was my bill" (his bill was actually
introduced before the Oklahoma City bombing).

[1]: <http://thomas.loc.gov/cgi-bin/bdquery/z?d104:s.00390>: [2]:
[http://news.cnet.com/8301-13578_3-10024163-38.html?tag=newsL...](http://news.cnet.com/8301-13578_3-10024163-38.html?tag=newsLeadStoriesArea.0)
[3]:
[http://w2.eff.org/Legislation/Bills_by_number/s390_hr896_95_...](http://w2.eff.org/Legislation/Bills_by_number/s390_hr896_95_cnss.analysis)

~~~
tptacek
The anti-terrorism bill to which you refer does not simply criminalize
political beliefs, as you imply; rather, it would have allowed prosecutions to
raise federal terrorism charges for violent crimes if they met one 9 tests
mostly having to do with deliberate attempts to disrupt commerce, target the
US government explicitly, or involved people who were not US nationals. It was
in that sense like "hate crimes" legislation.

The indefinite detention provision concerned foreign nationals _who could not
be repatriated_ (which is a sticky problem everywhere), and provided for
judicial review in the US DC Circuit.

It was a stupid bill, but that doesn't mean we should be imprecise about it.

------
Kynlyn
This is the kind of thing one can expect when their leaders are so far removed
from the people that they govern. Joe Biden has been in office since 1973. I'd
wager that's longer than many of the HN readers have even been alive. When you
have politicians who have been running around in the Washington circles that
long, some really bad things will come of it.

So, at the time he proposed that, he had been in Washington for nearly 20
years. Shouldn't surprise anyone that he was pushing an agenda for a larger,
more powerful federal government.

~~~
tptacek
This statement would make sense if you could provide examples of (at the time)
younger Senators who actively opposed crypto regulation so we could compare
their track records as well.

~~~
Kynlyn
Representative Bob Goodlatte was a proponent of relaxation of encryption
controls; pushing for a law in 1999, only 6 years after assuming office.
<http://en.wikipedia.org/wiki/Bob_Goodlatte>

Conrad Burns was a sponsor of the PROTECT Act which was an attempt to overhaul
encryption regulations, including prohibiting domestic controls of encrypted
software. He did this after being in office for about 8 years.
[http://www.techlawjournal.com/cong106/encrypt/19990414burns....](http://www.techlawjournal.com/cong106/encrypt/19990414burns.htm)

edit: Goodlatte was a Rep, not a Senator.

~~~
canttestthis
John Kerry was anti-export control and pro-encryption rights at that time, and
he's been a senator since 1985, so I don't think this is true.

------
kabdib
Feinstein supported this, too. I wrote her a letter; her response was along
the lines of "I don't care, and in any event it's good for you."

Haven't voted for her since.

With recent events, even though I don't live in CA any more, I plan to give
her opponents money, for any election she's a candidate in.

~~~
mtgx
I hope she loses in the next election. She was the one that pretty forcefully
pushed the FISA reauthorization with as little debate as possible through
Senate. It made me angry just hearing her talk about how the Senate shouldn't
waste any time with the amendments and just quickly pass FISA before the year
is over.

~~~
tptacek
She cosponsored the bill they were renewing back in 2008. What did you expect
her to think?

~~~
underdown
presumably learn from her mistakes?

------
downandout
On this issue, Biden was clearly on the wrong side of history (and some of the
fundamental tenets upon which the US was founded). But I don't think anyone,
even ardent Obama supporters, would argue that he's the brightest star in the
sky anyway. He is perhaps the strongest protection against an Obama
assassination, since no one would want him to take office.

Fortunately, the system worked in this case. A dangerous law introduced by a
dimwitted person was not allowed to weave its way into our system. As a
result, the Internet flourished and we are able to discuss this issue on
Hacker News. While we haven't been so lucky on other such laws, in general, we
should all be grateful that the US system is as effective as it is in muzzling
these types of people and the changes they try to make.

~~~
asveikau
I personally consider myself a Biden fan. I have witnessed him talk sense on a
number of issues in ways many politicians do not. (Example: several statements
on Iraq, from before it was common in US politics to think that war was a bad
idea.) The "Biden is dumb" narrative IMO mainly comes from DC-based press that
exaggerates gaffes (real and perceived) and tends to blindly re-state existing
DC press narratives.

I think the real story here is that US senator is not a good qualification for
understanding crypto or technology as a whole. I don't believe that Biden
inserted this language out of maliciousness. So our task then becomes to
educate our representatives, or if it gets to that point on a single issue
vote them out, though my impression is that Biden's opponents are also
unlikely to understand crypto or do anything different about what is honestly
something of a fringe issue - my vote this year was certainly not about sound
crypto policy, and I doubt yours was either.

~~~
rdtsc
> I think the real story here is that US senator is not a good qualification
> for understanding crypto or technology as a whole.

I think the issue the tendency of the government to constantly chip away at
privacy. Terrorism, communism, illegal porn and drugs are all used as reasons.

Trying to find the reason Biden did what he did is not effective. We may never
know the reason. We can look at actions -- what bills were supported, by whom
and how far they have gotten in the pipeline. Biden's name or track record
might not be relevant. This could have also been someone else.

For example the top half of the whole discussion is between chernevik and
tptachek whether Biden is in general pro or against encryption. It doesn't
really matter what Biden personally believes. But it matters how many and how
far and how often such bills make it. Some are passed (like the warrant-less
wiretapping), some die quickly.

Also there are countries that make use of encryption illegal. In this country,
other laws have passed that chipped away at privacy, so it is understandable
why a lot of people feel a little jittery about this topic -- because they can
see this kind of bills passing with not too much opposition.

------
kylemaxwell
As I recall, the 1991 version of me thought a lot of things that the 2012
version of me doesn't. I presume this is true for most humans, including Vice
President Biden.

~~~
dmix
What's interesting was that it was a last minute addition to an omnibus crime
bill.

The same thing is still happening today where amendments attacking internet
freedom get tagged onto existing bills under the guise of targeting
"terrorists, drug dealers, pedophiles, and organized crime" aka "The Four
Horsemen of the Infocalypse".

[http://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyps...](http://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalypse)

~~~
tptacek
It was the official, overt policy of the Clinton administration through the
1990s.

I'm curious as to which amendments you refer to that "attack Internet freedom"
in the guise of catching Internet predators.

~~~
dmix
I'm from Canada, last year we had an omnibus crime bill that included an
amendment for government to warrantlessly track online activity which they
defended as a way to track pedophiles.

[http://www.thestar.com/opinion/editorialopinion/article/1131...](http://www.thestar.com/opinion/editorialopinion/article/1131446
--conservative-bill-c-30-will-let-police-spy-on-canadians-online)

In the USA, this wasn't an amendment but would have affected far more than
just predators: "Protecting Children from Internet Pornographers Act of 2011".

[http://en.wikipedia.org/wiki/Protecting_Children_from_Intern...](http://en.wikipedia.org/wiki/Protecting_Children_from_Internet_Pornographers_Act_of_2011)

In the UK, there is the snoopers bill for monitoring online communication,
choice quote [3]:

> "Criminals, terrorists and pedophiles will want MPs to vote against this
> bill. Victims of crime, police and the public will want them to vote for it.
> It’s a question of whose side you’re on,” said Home Secretary Theresa May.

<http://rt.com/news/uk-snoopers-charter-may-276/>

There is certainly a pattern of using the "4 horsemen" to pass bills attacking
internet freedom that affect all citizens not just the criminals.

------
declan
I wrote about this four years ago when Obama chose Biden as his running mate:
<http://news.cnet.com/8301-13578_3-10024163-38.html>

Note one House committee did vote in the 1990s to ban the "manufacture,
distribution, or import of any encryption product that did not include a back
door for the federal government," but that bill failed to become law:
<http://news.cnet.com/8301-31921_3-20032910-281.html>

Excerpts: Biden's bill -- and the threat of encryption being outlawed -- is
what spurred Phil Zimmermann to write PGP, thereby kicking off a historic
debate about export controls, national security, and privacy. Zimmermann,
who's now busy developing Zfone, says it was Biden's legislation "that led me
to publish PGP electronically for free that year, shortly before the measure
was defeated after vigorous protest by civil libertarians and industry
groups." ... After taking over the Foreign Relations committee, Biden became a
staunch ally of Hollywood and the recording industry in their efforts to
expand copyright law. He sponsored a bill in 2002 that would have make it a
federal felony to trick certain types of devices into playing unauthorized
music or executing unapproved computer programs. Biden's bill was backed by
content companies including News Corp. but eventually died after Verizon,
Microsoft, Apple, eBay, and Yahoo lobbied against it. A few months later,
Biden signed a letter that urged the Justice Department "to prosecute
individuals who intentionally allow mass copying from their computer over
peer-to-peer networks." Critics of this approach said that the Motion Picture
Association of America and the Recording Industry Association of America, and
not taxpayers, should pay for their own lawsuits. ... The ACLU also had been
at odds with Biden over his efforts to censor bomb-making information on the
Internet. One day after a bomb in Saudi Arabia killed several U.S. servicemen
and virtually flattened a military base, Biden pushed to make posting bomb-
making information on the Internet a felony, punishable by up to 20 years in
jail, the Wall Street Journal reported at the time. ...

~~~
tptacek
You wrote about this incorrectly; you cited Biden's language, which begins "It
is the sense of Congress that", and then wrote "Translated, that means turn
over your encryption keys", which it plainly does not mean, because sense-of-
the-Senate language doesn't create law.

Then, you wrote "Joe Biden made his second attempt to introduce such
legislation in the form of the Communications Assistance for Law Enforcement
Act (CALEA)", although Leahy sponsored CALEA. You also failed to note that the
_only mention of encryption in the bill exempts providers from responsibility
for providing plaintext_ , instead casting CALEA as attempt to ban encryption,
which it was not.

I would at this point like to ask you, as a journalist who claims to have
covered this topic in detail, what evidence you can present that Joe Biden is
"staunchly anti-cryptography".

~~~
declan
There are two separate points here: first, whether PRZ released PGP because of
what Biden's bill symbolized, and second, whether Biden was anti-crypto.

For the first, see PRZ's contemporaneous statement:
<http://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html> It was this bill
that led me to publish PGP electronically for free that year, shortly before
the measure was defeated after vigorous protest by civil libertarians and
industry groups.

For the second, I'd say Biden was more pro-law enforcement (and law
enforcement wanted domestic controls on encryption) rather than anti-crypto.
This played out not just in crypto but also Biden's support for CALEA, FISA
expansion in the 1990s, the Patriot Act, etc:
<http://news.cnet.com/8301-13578_3-10024163-38.html>

~~~
tptacek
Sorry, I was needlessly hostile in my preceding comment.

You wrote about the bill as was part of an actual effort to restrict
cryptography. But it wasn't. In fact, the bill preceded CALEA, which was a
very important bill that established statutory authority for lawful intercept;
lawful intercept is the most important concept captured in Biden's
(practically meaningless) amendment, and cryptography is only ancillary.

Further, the record over the rest of the '90s supports that interpretation.
Most importantly CALEA, which Biden cosponsored, and which forbids the federal
government from requiring telcos to adopt any specific equipment (ie, the
government could not mandate that MCI use switches with specific lawful
intercept features) and which all but demands that telcos stay out of the
business of encrypting and decrypting altogether, which is exactly what the
cipherpunks wanted.

I'd like to see actual evidence supporting the idea that Biden opposed
general-purpose cryptography. It may well exist, but I haven't found it on the
record. Phil Zimmerman is many things, but "legal expert" is not one of them;
we need to do better than "Phil Zimmerman felt like he was under attack" (all
commercial cryptographers felt that way even after CALEA passed) and "Biden
thought the director of NSA was competent" (hey, he probably was.)

------
jacoblyles
It's worth noting that Silicon Valley's lobbying organization is inchoate and
ineffective compared to more established causes. I'd love to change this. Why
can't we use our strengths in crowd-funding and crowd-activism to flex our
muscle a bit in some primaries?

California isn't going to be anything but solid blue anytime soon, but we
could easily primary anti-privacy Democrats and replace them with pro-privacy
Democrats. This is what the Tea Party has done to get rid of fiscal moderates
in the Republican House caucus. There's no need to accept whatever creeps the
major parties deign to give us.

------
lubujackson
Read Crypto by Steven Levy. An amazing account of how cryptography was finally
opened up for the Internet. Because before the Net, the wording of the law was
very, very restrictive in a way that made no sense with how the Internet
operated. It really is eye opening to see the role the NSA played and the
tactics they used to try to keep things smothered. Not very different than
what is still happening right now with the NSA, apparently.

~~~
tptacek
What law are you referring to here?

~~~
lubujackson
[http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_U...](http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States)

I was thinking of when the limit of crypto for export was 40 bits SSL, which
would have made all e-commerce impossible due to the uselessness of 40 bit
crypto. Luckily that was changed.

~~~
tptacek
Export controls were a pain in the ass, but strong cryptography (or what we
considered to be strong crypto at the time) was prevalent during the worst of
it. Cryptography itself was never outlawed.

~~~
IheartApplesDix
Useless semantics. Just because that strong crypto was somewhat de facto while
the gears in washinton turned, doesn't negate the fact that the US has and
still has a Orwellian slant to technology law, predicated on the desire for
control and power over everyday interactions.

------
bediger4000
Why does it surprise anyone that the US government tried to ban encryption
early on? That's the general direction the US government has taken for a long
time. The Supreme Court has shaved the "unreasonable search and seizure"
protection so thin, that it almost doesn't ever apply. The COINTELPRO
(<http://en.wikipedia.org/wiki/COINTELPRO>) efforts in the 60s shows that the
US government hasn't really respected any kind of privacy for a very long
time. Banning encryption is the end point of a couple of trends, copy
protection (a.k.a. "Digitial Rights Management") and "The War on
Terrorism"/"The War on Drugs". The US government just can't make certain that
nobody's "Intellectual Property" isn't being "stolen" if any encrypted
information flows. Similarly, encryption only helps "terrorists" and "drug
dealers" trying to "launder money" or recruit other terrorists to sell crack
or something, I get all confused.

But seriously folks, read the writing on the wall: banning encryption is the
end point of some trends with a lot of power behind them.

------
mtgx
I wonder if Biden is whispering similar ideas into Obama's ears, and if it's
why Obama is so keen on trampling on the 4th amendment these days.

~~~
tptacek
This statement is profoundly ignorant on many levels, including the
relationship between Obama and Biden, Biden's relationship to '90s crypto
regulation, and Obama's take on the 4th amendment.

Let's try to catalog the misconceptions here:

* Biden is not a key Obama influencer. The VP rarely is, but this one in particular.

* Obama's tensions with the 4th Amendment stem from counterterrorism and a desire to continue joint NSA/FBI programmatic surveillance systems that they believe are catching terrorists. At the time Biden proposed this language, _we were still subsidizing those same terrorists_.

* Biden was not the point person for '90s anti-crypto legislation.

* Biden was a cosponsor of CALEA, which actually explicitly exempts providers from decrypting encrypted content.

~~~
declan
I'd add a friendly amendment: CALEA was intended to be a first step, a
"beachhead," toward domestic controls on encryption. The fact that the second
step was not successful came despite efforts by Biden, the FBI, the NSA, etc.
-- not because of them. See below.

<http://news.cnet.com/8301-13578_3-10024163-38.html> "Joe Biden made his
second attempt to introduce such legislation" in the form of the
Communications Assistance for Law Enforcement Act (CALEA), which was also
known as the Digital Telephony law, according to an account in Wired magazine.
Biden at the time was chairman of the relevant committee; he co-sponsored the
Senate version and dutifully secured a successful floor vote on it less than
two months after it was introduced. CALEA became law in October 1994, and is
still bedeviling privacy advocates: the FBI recently managed to extend its
requirements to Internet service providers. CALEA represented one step in the
FBI and NSA's attempts to restrict encryption without backdoors. In a top-
secret memo to members of President George H.W. Bush's administration
including Defense Secretary Dick Cheney and CIA director Robert Gates, one
White House official wrote: "Justice should go ahead now to seek a legislative
fix to the digital telephony problem, and all parties should prepare to follow
through on the encryption problem in about a year. Success with digital
telephony will lock in one major objective; we will have a beachhead we can
exploit for the encryption fix; and the encryption access options can be
developed more thoroughly in the meantime."

~~~
tptacek
I'd ask here how a bill can be a "beachhead" against encryption when it
forbids the government from even requiring that telcos adopt equipment for
which wiretaps are feasible, and when it specifically exempts telcos from
being required to facilitate decryption.

~~~
harshreality
For clarity, you're talking about 103(b)(3)?

[http://en.wikisource.org/wiki/Communications_Assistance_for_...](http://en.wikisource.org/wiki/Communications_Assistance_for_Law_Enforcement_Act_of_1994)

That doesn't look like a ward against anything, to me. It looks like a
compromise stuck into the bill because of push-back from "cypherpunks". If the
political winds had changed, or change in the future, that part of CALEA would
be removed by a new law.

I think most politicians have no problem banning strong encryption and
mandating ISP decryption of it all. Even most citizens have no problem banning
strong encryption.

------
hakaaak
To the OP: thanks for the post, but the font is nearly unreadable for older
guys like me on smaller devices.

------
bradfeld
Fortunately, Biden stayed up all night last night trying to solve the fiscal
cliff. Or maybe unfortunately.

------
gunter69
Joe biden, the titular head of freedom in the Senate.

------
16s
Only the government should have access to encryption and guns. Why would
ordinary citizens need these things?

------
Zoophy
I wish he had succeed. Digital, not just email, encryption is a threat to
national security.

~~~
1337biz
When I read these kind of comments, I am not sure if these commentators are
compensated better than China's 50 cent party. Some mturk generated comments
would probably provide more qualitative contributions than something like
this.

~~~
derleth
> When I read these kind of comments, I am not sure if these commentators are
> compensated better than China's 50 cent party. Some mturk generated comments
> would probably provide more qualitative contributions than something like
> this.

I doubt anyone bothers to pay people to post this stuff to Hacker News. The
battle over crypto is essentially over at this point.

As an aside, 'qualitative' is not a synonym for 'quality'; it means 'involving
distinctions based on qualities' and contrasts with 'quantitative', which
refers to distinctions based on numerical measurements.

~~~
1337biz
I have seen repeatedly comments appearing on subjects like these, written by
relatively new accounts and supporting some form of surveillance measures.
What they have in common is, that they just make a 1-sentence statement "we
should be thankful that someone is protecting us", and provide no further
arguments for their case. But them being troll baits might be more realistic.
After all we are still arguing about it.

If you are trying to nit-pick about word definitions, kindly include the
second part of the definition, that clearly supports my use of the word for
comparing good/bad quality: "2. qualitative - relating to or involving
comparisons based on qualities".

