Hacker News new | comments | show | ask | jobs | submit login
Joe Biden tried to ban email encryption back in 1991 (dustinkirkland.wordpress.com)
208 points by dmix 1755 days ago | hide | past | web | 120 comments | favorite

The whole US government tried to ban encryption wholesale in the 1990s; they even attempted to standardize a bespoke algorithm (Skipjack) that provided key escrow for law enforcement. During the same period, they religiously enforced export controls that classified any encryption code, including simple hash functions, as munitions. I remember buying a "this t-shirt is a munition" shirt in '95 by giving a website the numbers off the bottom of a check(!).

The government lost (although export controls still create annoyances today). Nobody in government seriously thinks industry is ever going to adopt a government-controlled encryption algorithm. Also, this isn't part of some secret history of the Internet; the entire cipherpunk movement was a reaction to the attempt to ban crypto.

If you want to keep perspective, it's important to remember that the world of 1993 looked very different from that of 2012. Very few people believed that every teenager in America would be using the Internet as their first line of communication, or that the Internet would steadily consume retail, finance, media, and even industrial controls. Commercial cryptography itself was merely nascent; "cryptography 2.0", a trend of the late 90s, introduced authenticated cryptography to the mainstream (prior to that people just encrypted and added checksums) --- look at SSHv1 and PGP for representative designs. Nobody understood anything in 1993.


Sense of Congress resolutions don't create law. They're literally just statements of opinion. So the idea that this amendment would have "outlawed SSH" is directly mistaken.

And, the targeting of cryptography in this language is incidental. It was not only the "sense of Congress" but actual law that telco providers create facilities to enable (warranted) wiretaps --- that's CALEA, which passed in 1994. Biden's sense-of-Congress resolution is essentially just a capsule summary of CALEA made to sound slightly smarter with the word "plaintext".

"Sense of Congress resolutions don't create law. They're literally just statements of opinion. So the idea that this amendment would have "outlawed SSH" is directly mistaken."

This is not correct, or if correct, is so in a manner meaningless for any layman. "Sense of the Senate" language is often important in judicial and / or executive interpretation. It may not be "law" but can often matter a great deal in the implementation, enforcement and interpretation of law.

In a discussion among legal experts "resolutions don't create law" might be one thing. In a discussion of non-lawyers of Congressional efforts to make policy it is simply, and at best, wrong.

You don't have to read tea leaves to figure out what Biden actually believed. His name is on CALEA, which passed less than a year later. CALEA explicitly does not criminalize encryption.

So my comment is right, and a crucial statement of your argument is wrong, but we can ignore all that because if look at some other piece of legislation we'll see the real Joe Biden.

I spent 8 years in Washington trying to make public policy that actually made sense. I discovered that this was not possible, in part because the idiocy of policy that does _not_ make sense is masked by rhetorical tricks and argumentation such as we're seeing here. I've seen it called "squid ink", the idea is to defuse a true statement by making assessment of that truth so complicated that most readers won't bother.

90% of this board can distinguish technical ability in about five minutes. Sadly they haven't this same facility with policy discussion.

And with that, I'm done.

What part of your comment is right? That sense of the Senate resolutions make law? No, they don't. That sense of the Senate resolutions can matter in later court cases? Maybe, but I'm guessing a failed resolution on a failed bill matters a lot less in court than the successfully passed bill by the same author that became public law less than a year later that says the opposite.

Beyond that, it's hard to even imagine what you think I'm trying to create a smokescreen for. Cryptography was never banned. Every restriction on cryptography that existed in 1993 has been substantially relaxed. As a professional software security person, my career would be hamstrung by the ban you seem to perceive me as advocating for. Maybe you just think I really, really like Joe Biden?

I know very little about you. I've been talking about the signature shape of your arguments.

And I don't know anything of your motivations. Have you read Orwell's "Politics and the English Language"? If so you'll understand that it is possible, indeed sometimes common, for people to take rhetorical stances without actually understanding the position they are taking, out of a reflexive support for their party / faction / coalition of preference. And that those preferences can shape arguments simply to political purposes without actually considering the substance of the question at hand. Indeed people can find themselves in this position without even really realizing it.

Which is why Orwell thought clear language and proper argument so important that he dedicated his life to demonstrating their necessity. Bad arguments an important signal of the possibility of a person so committed to some political purpose in a manner indifferent to the means of achieving that purpose. You could be a political zombie without ever knowing it.

My comment was _right_. "Sense of the Senate" language can, for a layman's usage, constitute law. Your insistence on a point that is wrong, while at the same time eliding that error to some other argument, signals an interest in winning an apparent point rather than in helping people actually understand. This is rhetoric, and at its worst it is very dangerous thing.

I know nothing of your purposes or motives. You may very well be in a state deserving pity more than anything else. But the way you argue is dangerous -- to your country, your community, and to your soul.

I won't speak for Thomas, but I used to teach "Politics and the English Language" in rhetoric and argumentation courses. There are two important things worth pointing out here:

1. Your understanding of the problem domain of language and politics, at least in this post, is incredibly naive. For a rigorous analysis of the subject, try something like Chaïm Perelman's Treatise on Argumentation or one of Ronald Dworkin's books.

2. Your comment being right and Thomas' comment being right aren't mutually exclusive. What he said is correct. What you said is also correct. Your attempt to make your point invalidate his is what's popularly called shifting the goalposts. It's what people do when they want to, as you put it, win points.

Also, as a point of order, your whole shtick of suggesting that someone has taken a position out of blind partisanship without really grasping what's at stake in it yadda yadda -- that's never a constructive way to approach a discussion. Everything you're accusing Thomas of, you're guilty of yourself. Whence Thomas' dismissal, which brings to mind Aristotle:

A man should not enter into discussion with everybody or practice dialectics with the first comer as reasoning always becomes embittered where some people are concerned. Indeed, when an adversary tries by every possible means to to wriggle out of a corner, it is legitimate to strive, by every possible means, to reach the conclusion; but this procedure lacks elegance. -- Topics 8.14.164b

Ooh, wow, arguments from authority.

As you are so learned, and Chaïm and Ronald aren't here, perhaps you'd care to offer their more proper reading of Orwell. And as you're so learned, you'll immediately know my remark as a paraphrase, and of whom. Right? Because when I read a book, I do so in such a fashion as to repeat its argument, rather than assign others reading I couldn't do properly in the first place.

Nor can I understand how my reading of Orwell can be "naive". Wrong, maybe. Unless you mean that Orwell argued that these aspects of rhetoric can be deliberately manipulated to bring about otherwise unjustifiable outcomes? And that his chief purpose was to warn others of this manipulation and suggest danger signals of it? I am completely alert to that purpose, and you can be sure my neglect of that theme in my remarks here reflects a very deliberate desire to avoid suggesting anything so ugly of someone about whom I know nothing.

Now as to "moving the goal posts." What I said, from the very start, was that his construction was wrong _for_a_layman_, that it could be right _for_lawyers_, and that the former was here the important context. So my argument acknowledged the sense in which he could be right and dismissed it.

And so forth. I don't really care what you've taught. Bring an _argument_. Because your pompous _assertions_ don't do much more than piss me off.

You may be correct, but it's obscured by the fact that you're being a dick.

Don't do that.

>You may be correct

Nah. Every claim he made is demonstrably incorrect, with the exception of his initial point that '"Sense of the Senate" language is often important in judicial and / or executive interpretation.' This claim is also incorrect, strictly speaking, but if we're charitable and substitute 'occasionally' for 'often', it at least adds something to the discussion. What it doesn't do is show Thomas to be wrong. "Sense of" resolutions aren't legally binding and rarely, if ever, impact public-facing policy. They do, on occasion, impact government-facing policy, for example SCOTUS recess appointments. The rest of his comments are blather and, while worthy of a good chuckle, are unworthy of response.

"Sense of" clauses often determine the precise allocation of appropriated funds. Indeed _committee_reports_, which lack the dignity of a full vote of either House, or a Presidential signature, are treated by executive departments as determinative of public spending. They are the primary mechanism for designating "pork barrel" spending and thus are treated as the primary targets of lobbying efforts.

I know this because I have worked on those bills.

I do not know the legal or regulatory landscape around telecommunications in nearly such detail. But knowing the importance of such language in a REALLY significant corner, I would be very, very slow to regard any of it as without "impact [on] public facing policy." Not without a very thorough explanation of why exactly it was meaningless, and regarded as such generally throughout the industry.

Again, I don't know the industry. I do know that the making and implementation of law is a very complicated business, where the black and white readings of law do not yield the simple answers one might expect from logical analysis. And I know that in very important corners of government language like this, and still further from law than this, is effectively determinative of federal policy. So blanket claims that "sense of" language are without any real force are "demonstrably incorrect".

I took a nasty tone against someone who was trying to bully me. I'm sorry you don't like it but he had it coming.

Have a q-tip, brother.

Time's up.

"Meno: And did you still not think [Gorgias] knew [what excellence was]? "Socrates: I'm rather forgetful, Meno . . . maybe you know what he used to say. If so, remind me . . . . let's leave him out of it; he's not here after all."

From Plato's "Meno".

Here's another fun quote:

GLENDOWER. I can call spirits from the vasty deep. HOTSPUR. Why, so can I, or so can any man; But will they come when you do call for them?

Thomas is a fairly well known, consistent, and rational individual on HN. As one who has been other side of being corrected (curtailed?) by him, I can say he's the type of individual who, in my experience, just makes sense - particularly if you take a deep breath and step away from. The keyboard for a few minutes. His position here is pretty straightforward "Biden's name was on a document that had no force of law, and then a year later, his name was on a law that did not restrain crypto."

I'm not sure what your argument is, you kind of lost me when you started suggesting Thomas was arguing in a way dangerous to his soul - that kind of hyperbole is usually not helpful - particularly when it's directed to someone as levelheaded, rational and knowledgeable as Thomas.

Oh for fuck's sake. Never mind.

chernevik, speaking as a neutral-but-technically-minded third party: between the two of you, Thomas comes off as as much more sensible and convincing.

Maybe your your argument is too smart for me, though.

I'm arguing first that he's wrong about Biden not proposing "law".

Second, and more obsessively, that his insistence on a point so obviously wrong suggests his purpose is rhetorical rather than clarifying. I.e. he cares more about how things appear than helping people see what they really are.

Subsequently I don't seem to be doing much more than throwing food. Maybe I should unplug my computer until I'm in a better mood.

It's an argument over rhetoric, and those suck. Alas it's one reason people get away with rhetoric -- it's hard to tell who's being rhetorical and who's in earnest.

You know "learn to program or be programmed?" Argument is like that, only far more important. Please learn to recognize good arguments from bad, so you can call people like me on my shit. Because otherwise you're reliant on people like me for that, and, well, we'll abuse your trust.

Quoting you earlier: "defuse a true statement by making assessment of that truth so complicated that most readers won't bother"

That's how I feel now. I have no idea what you're saying.

I'm largely saying he's arguing more to confuse than explain. And that he might not actually be aware he's doing so.

I think this sort of thing is important. Most people think this sort of thing is annoying. It's true that arguments like this are usually a waste of time, and this seems no different.

What I DO know about you?

You can't argue worth a damn.

I'm curious - is it your belief that Biden would never, under any circumstances, push a law which gets him some (but not all) of what he wants?

Also, if "sense of congress" is an opinion, and Biden sponsored the bill, is it unreasonable to assume that that is Biden's opinion?

No. I'd ask in response: what is the partial goal, and the total long-term goal towards which it moves, that Biden achieved in CALEA?

To your latter point, I'd say only that if Biden's opinion was anti-crypto in 1993, it became pro-crypto very shortly thereafter.

I'll add to my various rantings: This is has been an unexpectedly crummy day for me. I hope that, if given a better mood and better form, I could more clear and less snarky.

Although Biden's amendment by itself wouldn't have outlawed SSH, it was enough to make programmers see the writing on the wall. A bill with domestic restrictions on encryption was approved by a House committee in the 1990s, and Biden's bill was what prompted PRZ to release PGP, as PRZ himself said at the time. See:

http://news.cnet.com/8301-31921_3-20032910-281.html In response to lobbying from the FBI, a House committee in 1997 approved a bill that would have banned the manufacture, distribution, or import of any encryption product that did not include a back door for the federal government. The full House never voted on that measure.

(a) You appear to be referring to a bill that died in a House committee.

(b) It's not in dispute that the DOJ opposed cryptography in the '90s (that's the lede of the comment you're replying to).

(c) The bill you're referring to had nothing to do with Biden.

(d) The one crypto-relevant bill that does bear Biden's name explicitly forbids the government from demanding that ISPs design networks so as to provide plaintext to law enforcement.

Let's keep the goal-posts clear here. The thread we're commenting on says Joe Biden opposed encryption. That's relevant because Joe Biden is a part of the current administration. I wouldn't want to perpetuate that unfounded idea by pointing out that other people were opposed to encryption in the 1990s; it was a common belief back then.

"All right, among us now we that we are all in private just us girls all let our hair down" he didn’t had much hair even then but he let it down "We are not going to prosecute your client Mr Zimmermann he said public key encryption will become available we fought a long loosing battle against it but it was just a delaying tactic" and then he looked around the room and he said "But nobody cares about anonymity do they?"

And a cold chilled went up my spine and I thought alright Stuart and now I know you’re going to spent the next twenty years trying to eliminate anonymity in human society and I am going to try to stop you and let’s see how it goes.

And it’s going badly.

We didn’t built the net with anonymity built in. That was a mistake now we are paying for it.

Our network assumes that you can be tracked everywhere.

And we have taken the Web, and we made facebook out of it.


House bills that propose dumb or futile things and subsequently go nowhere are really common -- that two year term means that you need to show voters and donors that you mean business.

Tilting at some windmill that matters to the folks at home is like a public affirmation that declares a Congressman worthy of endorsement. (ie. police unions probably care about FBI endorsed bills)

> The whole US government tried to ban encryption wholesale in the 1990s

This simply isn't true.

I'm not sure if you're attempting to absolve Biden of his dreadful part in banning encryption, but if the entire government wanted something to happen, it would have happened.

Yes, PGP was out in the open, however, the government obviously could still have required it, still could have mandated the Clipper Chip, etc.

Also several members of the government notably spoke out against it, including Senators John Ashcroft & John Kerry.

Biden never banned encryption; the only statute I can find that bears his name says the opposite.

I'm interested in the Ashcroft and Kerry references you're thinking of. Were they contemporaneous, or from the late '90s? In the late 1990s, there was a sharp shift towards liberalizing crypto, with competing bills introduced in the House and Senate by both parties. The argument shifted from "will we mandate key escrow for the general public" to "is it OK for us to provide a facility to mandate key escrow for systems sold to the federal government should we want to do so in the future".

You're right to call me out on one thing: "the entire government" was imprecise wording. I should have said "the Democratic administration, the preceding Republican administration, and prominent members of both the Senate and the House on both sides of the aisle".

Here's a direct link to the legislation in question:


There were websites where people could transfer a short program from inside the US to outside the US, and then sign a petition to say they had done so.



Remember 40-bit and 56-bit "exportable" encryption?

Vividly. I was part of a team that shipped commercial security products containing crypto in the '90s. From Canada, no less.

Thomas, thanks for injecting sanity into these discussions.

One little-known fact about Biden is that he authored the [Omnibus Counterterrorism Act of 1995][1]. This bill was a precursor to the PATRIOT Act in several ways, such as by ["allowing secret evidence to be used in prosecutions, expanding FISA and wiretap laws, creating a new federal crime of 'terrorism' that could be invoked based on political beliefs, permitting the U.S. military to be used in civilian law enforcement, and allowing permanent detention of non-U.S. citizens without judicial review."][2] See the Center for National Security Studies [analysis][3] (written in 1995) for more detailed info.

In his own words: "I drafted a terrorism bill after the Oklahoma City bombing. And the bill John Ashcroft sent up was my bill" (his bill was actually introduced before the Oklahoma City bombing).

[1]: http://thomas.loc.gov/cgi-bin/bdquery/z?d104:s.00390: [2]: http://news.cnet.com/8301-13578_3-10024163-38.html?tag=newsL... [3]: http://w2.eff.org/Legislation/Bills_by_number/s390_hr896_95_...

The anti-terrorism bill to which you refer does not simply criminalize political beliefs, as you imply; rather, it would have allowed prosecutions to raise federal terrorism charges for violent crimes if they met one 9 tests mostly having to do with deliberate attempts to disrupt commerce, target the US government explicitly, or involved people who were not US nationals. It was in that sense like "hate crimes" legislation.

The indefinite detention provision concerned foreign nationals who could not be repatriated (which is a sticky problem everywhere), and provided for judicial review in the US DC Circuit.

It was a stupid bill, but that doesn't mean we should be imprecise about it.

I like your username.

This is the kind of thing one can expect when their leaders are so far removed from the people that they govern. Joe Biden has been in office since 1973. I'd wager that's longer than many of the HN readers have even been alive. When you have politicians who have been running around in the Washington circles that long, some really bad things will come of it.

So, at the time he proposed that, he had been in Washington for nearly 20 years. Shouldn't surprise anyone that he was pushing an agenda for a larger, more powerful federal government.

This statement would make sense if you could provide examples of (at the time) younger Senators who actively opposed crypto regulation so we could compare their track records as well.

Representative Bob Goodlatte was a proponent of relaxation of encryption controls; pushing for a law in 1999, only 6 years after assuming office. http://en.wikipedia.org/wiki/Bob_Goodlatte

Conrad Burns was a sponsor of the PROTECT Act which was an attempt to overhaul encryption regulations, including prohibiting domestic controls of encrypted software. He did this after being in office for about 8 years. http://www.techlawjournal.com/cong106/encrypt/19990414burns....

edit: Goodlatte was a Rep, not a Senator.

John Kerry was anti-export control and pro-encryption rights at that time, and he's been a senator since 1985, so I don't think this is true.

Not sure Rep. Bob Goodlatte was a senator. :)

Term limits would solve most of the lobbying/bribing/corruption problem in Washington. It wouldn't fix for good, but it would make paying for passing new laws a lot more expensive for companies. Also if everyone could only run once, they'd be a lot less worried about begging for donations for the next campaign. According to Larry Lessig representatives spend up to 70% of their time trying to get donations for their next campaigns, instead of doing their job properly, and passing laws for the actual benefit of the people.

I think term limits only make sense if you believe that you don't get better at being a legislator with experience. If you don't, then yes, absolutely, term limits will make buying votes far more expensive, but if you do, then you're constantly running the country with a team of redshirt freshmen, which may well be worse than corporate interests being able to influence policy decisions.

And those redshirt freshmen would be dealing with experienced professors of lobbying. I don't think term limits would do much (if anything) to lessen the influence of corporate interests and could easily make the problem worse.

But it does reminds me of this:


Why didn't any country try this?

We have term limits in California, along with a reputation for one of the most dysfunctional state legislatures in the nation. Term limits are not the panacea people seem to think they are.

Feinstein supported this, too. I wrote her a letter; her response was along the lines of "I don't care, and in any event it's good for you."

Haven't voted for her since.

With recent events, even though I don't live in CA any more, I plan to give her opponents money, for any election she's a candidate in.

I hope she loses in the next election. She was the one that pretty forcefully pushed the FISA reauthorization with as little debate as possible through Senate. It made me angry just hearing her talk about how the Senate shouldn't waste any time with the amendments and just quickly pass FISA before the year is over.

She cosponsored the bill they were renewing back in 2008. What did you expect her to think?

presumably learn from her mistakes?

Feinstein won't lose because this is a solid Democratic state. Unless there is an organized primary campaign against her, elections are an auto-win for the Feinstein campaign.

If only there was some kind of civil libertarian Democratic tea party movement.

Given that the Democrats now control the state with a supermajority, and California's fiscals aren't looking like they will improve; you might see some sort of rebellion in the party. I wouldn't hold my breath though.

She doesn't need your vote.

But her oppponents do. And her opponents could use some cash, too.

The alternative to Feinstein last election was a Republican that merely hadn't said anything on internet freedom issues - as opposed to Feinstein who in on the record as actively bad. My friends who were aware of how bad Feinstein is couldn't bring themselves to vote for someone who might be no better and who was a social conservative to boot. I hope they at least left that section of their ballots blank.

The internet freedom lobby is comically inept. Voters don't even have the choice to do the right thing if they wanted to.

Having received 7.75 million votes in 2012, she can probably afford to burn a few, rather than spend time trying to turn a single voter's opinion. She won by about 3 million votes over her opponent.

I am not stating that the fight isn't a good one, only that her haughty and dismissive attitude is calculable from her election margin of victory.

On this issue, Biden was clearly on the wrong side of history (and some of the fundamental tenets upon which the US was founded). But I don't think anyone, even ardent Obama supporters, would argue that he's the brightest star in the sky anyway. He is perhaps the strongest protection against an Obama assassination, since no one would want him to take office.

Fortunately, the system worked in this case. A dangerous law introduced by a dimwitted person was not allowed to weave its way into our system. As a result, the Internet flourished and we are able to discuss this issue on Hacker News. While we haven't been so lucky on other such laws, in general, we should all be grateful that the US system is as effective as it is in muzzling these types of people and the changes they try to make.

I personally consider myself a Biden fan. I have witnessed him talk sense on a number of issues in ways many politicians do not. (Example: several statements on Iraq, from before it was common in US politics to think that war was a bad idea.) The "Biden is dumb" narrative IMO mainly comes from DC-based press that exaggerates gaffes (real and perceived) and tends to blindly re-state existing DC press narratives.

I think the real story here is that US senator is not a good qualification for understanding crypto or technology as a whole. I don't believe that Biden inserted this language out of maliciousness. So our task then becomes to educate our representatives, or if it gets to that point on a single issue vote them out, though my impression is that Biden's opponents are also unlikely to understand crypto or do anything different about what is honestly something of a fringe issue - my vote this year was certainly not about sound crypto policy, and I doubt yours was either.

> I think the real story here is that US senator is not a good qualification for understanding crypto or technology as a whole.

I think the issue the tendency of the government to constantly chip away at privacy. Terrorism, communism, illegal porn and drugs are all used as reasons.

Trying to find the reason Biden did what he did is not effective. We may never know the reason. We can look at actions -- what bills were supported, by whom and how far they have gotten in the pipeline. Biden's name or track record might not be relevant. This could have also been someone else.

For example the top half of the whole discussion is between chernevik and tptachek whether Biden is in general pro or against encryption. It doesn't really matter what Biden personally believes. But it matters how many and how far and how often such bills make it. Some are passed (like the warrant-less wiretapping), some die quickly.

Also there are countries that make use of encryption illegal. In this country, other laws have passed that chipped away at privacy, so it is understandable why a lot of people feel a little jittery about this topic -- because they can see this kind of bills passing with not too much opposition.

> On this issue, Biden was clearly on the wrong side of history (and some of the fundamental tenets upon which the US was founded).

Probably on the wrong side of history, but it's pure historical revisionism to say it opposed any principle the U.S. was founded upon. Common law courts in England had broad subpoena powers (just like modern U.S. courts). Moreover, investigators had unlimited access to private documents pursuant to a validly executed warrant. The founders never contemplated a "document the government could never get at." What they contemplated was a series of protections against the government's ability to get documents.

My thinking on the subject of Biden's failed attempt to require that the government be able to recover encrypted information is more akin to attempting to require that everyone leave a copy of their house keys with the local police station just in case they decide to get a warrant to search your house. That is conceptually identical to what Biden proposed, yet such an idea would be decidedly un-American and any politician that raised such an idea would be publicly skewered.

It's not "conceptually identical" at all. With some legal due process, the police force can violently breach the front door of your house if you refuse to let them in, and similarly open locked safes. Though this process may be expensive for them, it is not impossible. Cheap, widely available systems to provide provably impenetrable security against government intrusion is a relatively new phenomenon.

It's more like a ban on unbreakable doors.

>>He is perhaps the strongest protection against an Obama assassination, since no one would want him to take office.

I would argue that the Secret Service is by far the strongest protection.

The pen, or in this case the mere thought that Biden might wind up holding the pen, is mightier than the sword. I think that would make for a scary world that no one wants to see.

You're projecting your own political views on everyone else and HN is not the place for that.

It's less about his politics and more about his intelligence. This post - that he tried to to introduce such a sweeping and dangerous law without a single thought about the consequences - is a perfect example of that.

I think you need to read the top comment on this thread to understand why the stuff you are saying here is nonsensical.

If you want to keep perspective, it's important to remember that the world of 1993 looked very different from that of 2012. Very few people believed that every teenager in America would be using the Internet as their first line of communication, or that the Internet would steadily consume retail, finance, media, and even industrial controls. Commercial cryptography itself was merely nascent; "cryptography 2.0", a trend of the late 90s, introduced authenticated cryptography to the mainstream (prior to that people just encrypted and added checksums) --- look at SSHv1 and PGP for representative designs. Nobody understood anything in 1993.

In a representative democracy, we look to our leaders to evaluate conditions and legislate (or not legislate) based on what we hope is the same or better information than we have at the time. The Internet was new to most, but being explored commercially, in 1993. At the time, security was a major consideration that people were still trying to figure out, but encryption was a part of that conversation.

I am saying that in this case Biden either failed to collect information about what was going on at the time, or did collect that information and purposely wanted to stifle the innovation that was occurring. Either way, regardless of politics, these are not displays of the intelligence I expect from an elected leader.

It has nothing to do with intelligence. Rather, it's about ability. You have to understand that none of these elected leaders make their decisions in a vacuum. They instead rely on experts to give them the correct information with a clear explanation of the consequences of each choice. With encryption this wasn't very possible at the time, since back in 1993 not many people understood encryption especially in terms of how critical it would turn out to be for innovation.

Speak for yourself.

As I recall, the 1991 version of me thought a lot of things that the 2012 version of me doesn't. I presume this is true for most humans, including Vice President Biden.

What's interesting was that it was a last minute addition to an omnibus crime bill.

The same thing is still happening today where amendments attacking internet freedom get tagged onto existing bills under the guise of targeting "terrorists, drug dealers, pedophiles, and organized crime" aka "The Four Horsemen of the Infocalypse".


It was the official, overt policy of the Clinton administration through the 1990s.

I'm curious as to which amendments you refer to that "attack Internet freedom" in the guise of catching Internet predators.

I'm from Canada, last year we had an omnibus crime bill that included an amendment for government to warrantlessly track online activity which they defended as a way to track pedophiles.


In the USA, this wasn't an amendment but would have affected far more than just predators: "Protecting Children from Internet Pornographers Act of 2011".


In the UK, there is the snoopers bill for monitoring online communication, choice quote [3]:

> "Criminals, terrorists and pedophiles will want MPs to vote against this bill. Victims of crime, police and the public will want them to vote for it. It’s a question of whose side you’re on,” said Home Secretary Theresa May.


There is certainly a pattern of using the "4 horsemen" to pass bills attacking internet freedom that affect all citizens not just the criminals.

Me too. But this wasn't some joker on a bar stool spouting opinions. This was a United States Senator, proposing law. I would hope that if I was _legislating_ I would take care to do _nothing_ until I was quite sure that my proposals didn't diminish the liberties of free people.

Biden might today protest ignorance. Okay, then what the hell was he doing proposing legislation in the first place?

He was not "proposing law". He added a meaningless sense of Congress resolution in 1993 that presaged CALEA, which he cosponsored, and which passed in 1994, and which expressly exempted providers from being required to decrypt encrypted communications.

It is not possible to comment meaningfully on the language discussed without more context, including a description of the bill to which it was to be attached. "Sense of the Senate" type language can be harmless fluff, or it can be potentially important in the legislative history consulted by the courts as they interpret law.

You can no more tell me the significance of that language without that context than you could tell me, without context, the implications of "int i; i = 0;" for a program's execution.

If you want to refute the OP assertion that Biden's proposal actually mattered, you will have to be considerably more thorough than you have been.

You can feel free to go verify that the bill to which Biden's language was attached did not itself attempt to criminalize encryption.

It is also very easy to discover what the public law Biden cosponsored less than a year later said about lawful intercept and cryptography.

I'd tell you, but I'd be repeating several comments I've already written on this thread.

Your reliance on your readers to construct your argument for you strongly suggests to me that there isn't much argument there. Because its an exceptional reader who has time for such research -- if the point where there to be made, you'd be more convincing simply making it yourself.

I know zero about Joe Biden's position on crypto. But the style of this argument looks to me very much like FUD.

Just read the rest of my comments. They directly address your point. Not wanting to repeat things I've already written in this thread does not constitute avoidance of argument.

It is true that sense of congress resolutions are not law, and just an 'opinion of congress'.

Just for context of what Biden's opinion was at the time, here is the 'meaningless sense' that appears to have originated in his bill, S-226, from 1991.


It is the sense of Congress that providers of electronic communications services and manufacturers of electronic communications service equipment shall ensure that communications systems permit the government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law.


Again, worth noting that Biden cosponsored a bill less than a year later that (a) provided for lawful intercept of telecommunications while (b) explicitly exempting providers from a requirement to provide plaintext.

The history of that law, CALEA, is a bit more complicated than that. See:

http://news.cnet.com/8301-13578_3-10024163-38.html CALEA represented one step in the FBI and NSA's attempts to restrict encryption without backdoors. In a top-secret memo to members of President George H.W. Bush's administration including Defense Secretary Dick Cheney and CIA director Robert Gates, one White House official wrote: "Justice should go ahead now to seek a legislative fix to the digital telephony problem, and all parties should prepare to follow through on the encryption problem in about a year. Success with digital telephony will lock in one major objective; we will have a beachhead we can exploit for the encryption fix; and the encryption access options can be developed more thoroughly in the meantime."

CALEA was not passed under the Bush administration; it was passed by a Democratic Senate during the Clinton administration. What does a top-secret memo to George Bush tell us about Joe Biden or CALEA?

Again, I know this sounds pedantic, but it's not an academic distinction. There was definitely a pervasive sentiment that technology was moving faster than law enforcement could keep up with, and that some fix was required. We're talking about a point in time where many phone exchanges still weren't digitally switched! At issue wasn't simply that criminals could evade wiretaps, but that some exchanges might transition to equipment that would preclude wiretapping altogether.

It's intellectually risky to take that sentiment and focus it on cryptography, as if any one player in 1993 had established themselves as an opponent of general-purpose cryptography. This whole thread discusses one word ("plaintext") in a meaningless sense-of-the-Senate resolution that had much more to do with digital switching than it did with cryptography.

We have a similar problem here too (Australia). Other Politicians from the opposing party spend time nitpicking things that were done in the distant past.

It becomes a big deal when anyone does a 'backflip'. I don't have proof, but I would wager that certain politicians stick to supporting things they no longer believe in, just to avoid this kind of thing.

I wrote about this four years ago when Obama chose Biden as his running mate: http://news.cnet.com/8301-13578_3-10024163-38.html

Note one House committee did vote in the 1990s to ban the "manufacture, distribution, or import of any encryption product that did not include a back door for the federal government," but that bill failed to become law: http://news.cnet.com/8301-31921_3-20032910-281.html

Excerpts: Biden's bill -- and the threat of encryption being outlawed -- is what spurred Phil Zimmermann to write PGP, thereby kicking off a historic debate about export controls, national security, and privacy. Zimmermann, who's now busy developing Zfone, says it was Biden's legislation "that led me to publish PGP electronically for free that year, shortly before the measure was defeated after vigorous protest by civil libertarians and industry groups." ... After taking over the Foreign Relations committee, Biden became a staunch ally of Hollywood and the recording industry in their efforts to expand copyright law. He sponsored a bill in 2002 that would have make it a federal felony to trick certain types of devices into playing unauthorized music or executing unapproved computer programs. Biden's bill was backed by content companies including News Corp. but eventually died after Verizon, Microsoft, Apple, eBay, and Yahoo lobbied against it. A few months later, Biden signed a letter that urged the Justice Department "to prosecute individuals who intentionally allow mass copying from their computer over peer-to-peer networks." Critics of this approach said that the Motion Picture Association of America and the Recording Industry Association of America, and not taxpayers, should pay for their own lawsuits. ... The ACLU also had been at odds with Biden over his efforts to censor bomb-making information on the Internet. One day after a bomb in Saudi Arabia killed several U.S. servicemen and virtually flattened a military base, Biden pushed to make posting bomb-making information on the Internet a felony, punishable by up to 20 years in jail, the Wall Street Journal reported at the time. ...

You wrote about this incorrectly; you cited Biden's language, which begins "It is the sense of Congress that", and then wrote "Translated, that means turn over your encryption keys", which it plainly does not mean, because sense-of-the-Senate language doesn't create law.

Then, you wrote "Joe Biden made his second attempt to introduce such legislation in the form of the Communications Assistance for Law Enforcement Act (CALEA)", although Leahy sponsored CALEA. You also failed to note that the only mention of encryption in the bill exempts providers from responsibility for providing plaintext, instead casting CALEA as attempt to ban encryption, which it was not.

I would at this point like to ask you, as a journalist who claims to have covered this topic in detail, what evidence you can present that Joe Biden is "staunchly anti-cryptography".

There are two separate points here: first, whether PRZ released PGP because of what Biden's bill symbolized, and second, whether Biden was anti-crypto.

For the first, see PRZ's contemporaneous statement: http://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html It was this bill that led me to publish PGP electronically for free that year, shortly before the measure was defeated after vigorous protest by civil libertarians and industry groups.

For the second, I'd say Biden was more pro-law enforcement (and law enforcement wanted domestic controls on encryption) rather than anti-crypto. This played out not just in crypto but also Biden's support for CALEA, FISA expansion in the 1990s, the Patriot Act, etc: http://news.cnet.com/8301-13578_3-10024163-38.html

Sorry, I was needlessly hostile in my preceding comment.

You wrote about the bill as was part of an actual effort to restrict cryptography. But it wasn't. In fact, the bill preceded CALEA, which was a very important bill that established statutory authority for lawful intercept; lawful intercept is the most important concept captured in Biden's (practically meaningless) amendment, and cryptography is only ancillary.

Further, the record over the rest of the '90s supports that interpretation. Most importantly CALEA, which Biden cosponsored, and which forbids the federal government from requiring telcos to adopt any specific equipment (ie, the government could not mandate that MCI use switches with specific lawful intercept features) and which all but demands that telcos stay out of the business of encrypting and decrypting altogether, which is exactly what the cipherpunks wanted.

I'd like to see actual evidence supporting the idea that Biden opposed general-purpose cryptography. It may well exist, but I haven't found it on the record. Phil Zimmerman is many things, but "legal expert" is not one of them; we need to do better than "Phil Zimmerman felt like he was under attack" (all commercial cryptographers felt that way even after CALEA passed) and "Biden thought the director of NSA was competent" (hey, he probably was.)

Not this again. We already have a thread with this line of bs, go polute that.

It's worth noting that Silicon Valley's lobbying organization is inchoate and ineffective compared to more established causes. I'd love to change this. Why can't we use our strengths in crowd-funding and crowd-activism to flex our muscle a bit in some primaries?

California isn't going to be anything but solid blue anytime soon, but we could easily primary anti-privacy Democrats and replace them with pro-privacy Democrats. This is what the Tea Party has done to get rid of fiscal moderates in the Republican House caucus. There's no need to accept whatever creeps the major parties deign to give us.

Read Crypto by Steven Levy. An amazing account of how cryptography was finally opened up for the Internet. Because before the Net, the wording of the law was very, very restrictive in a way that made no sense with how the Internet operated. It really is eye opening to see the role the NSA played and the tactics they used to try to keep things smothered. Not very different than what is still happening right now with the NSA, apparently.

What law are you referring to here?


I was thinking of when the limit of crypto for export was 40 bits SSL, which would have made all e-commerce impossible due to the uselessness of 40 bit crypto. Luckily that was changed.

Export controls were a pain in the ass, but strong cryptography (or what we considered to be strong crypto at the time) was prevalent during the worst of it. Cryptography itself was never outlawed.

Useless semantics. Just because that strong crypto was somewhat de facto while the gears in washinton turned, doesn't negate the fact that the US has and still has a Orwellian slant to technology law, predicated on the desire for control and power over everyday interactions.

Why does it surprise anyone that the US government tried to ban encryption early on? That's the general direction the US government has taken for a long time. The Supreme Court has shaved the "unreasonable search and seizure" protection so thin, that it almost doesn't ever apply. The COINTELPRO (http://en.wikipedia.org/wiki/COINTELPRO) efforts in the 60s shows that the US government hasn't really respected any kind of privacy for a very long time. Banning encryption is the end point of a couple of trends, copy protection (a.k.a. "Digitial Rights Management") and "The War on Terrorism"/"The War on Drugs". The US government just can't make certain that nobody's "Intellectual Property" isn't being "stolen" if any encrypted information flows. Similarly, encryption only helps "terrorists" and "drug dealers" trying to "launder money" or recruit other terrorists to sell crack or something, I get all confused.

But seriously folks, read the writing on the wall: banning encryption is the end point of some trends with a lot of power behind them.

I wonder if Biden is whispering similar ideas into Obama's ears, and if it's why Obama is so keen on trampling on the 4th amendment these days.

This statement is profoundly ignorant on many levels, including the relationship between Obama and Biden, Biden's relationship to '90s crypto regulation, and Obama's take on the 4th amendment.

Let's try to catalog the misconceptions here:

* Biden is not a key Obama influencer. The VP rarely is, but this one in particular.

* Obama's tensions with the 4th Amendment stem from counterterrorism and a desire to continue joint NSA/FBI programmatic surveillance systems that they believe are catching terrorists. At the time Biden proposed this language, we were still subsidizing those same terrorists.

* Biden was not the point person for '90s anti-crypto legislation.

* Biden was a cosponsor of CALEA, which actually explicitly exempts providers from decrypting encrypted content.

I'd add a friendly amendment: CALEA was intended to be a first step, a "beachhead," toward domestic controls on encryption. The fact that the second step was not successful came despite efforts by Biden, the FBI, the NSA, etc. -- not because of them. See below.

http://news.cnet.com/8301-13578_3-10024163-38.html "Joe Biden made his second attempt to introduce such legislation" in the form of the Communications Assistance for Law Enforcement Act (CALEA), which was also known as the Digital Telephony law, according to an account in Wired magazine. Biden at the time was chairman of the relevant committee; he co-sponsored the Senate version and dutifully secured a successful floor vote on it less than two months after it was introduced. CALEA became law in October 1994, and is still bedeviling privacy advocates: the FBI recently managed to extend its requirements to Internet service providers. CALEA represented one step in the FBI and NSA's attempts to restrict encryption without backdoors. In a top-secret memo to members of President George H.W. Bush's administration including Defense Secretary Dick Cheney and CIA director Robert Gates, one White House official wrote: "Justice should go ahead now to seek a legislative fix to the digital telephony problem, and all parties should prepare to follow through on the encryption problem in about a year. Success with digital telephony will lock in one major objective; we will have a beachhead we can exploit for the encryption fix; and the encryption access options can be developed more thoroughly in the meantime."

I'd ask here how a bill can be a "beachhead" against encryption when it forbids the government from even requiring that telcos adopt equipment for which wiretaps are feasible, and when it specifically exempts telcos from being required to facilitate decryption.

For clarity, you're talking about 103(b)(3)?


That doesn't look like a ward against anything, to me. It looks like a compromise stuck into the bill because of push-back from "cypherpunks". If the political winds had changed, or change in the future, that part of CALEA would be removed by a new law.

I think most politicians have no problem banning strong encryption and mandating ISP decryption of it all. Even most citizens have no problem banning strong encryption.

That "we were still subsidizing those same terrorists" bit causes me to reflexively facepalm every time I think about it.

Political alliances are constantly shifting. The US was allied with the Soviet Union in WWII. Then the USSR became the US's arch-enemy in the Cold War. The Osama bin Laden that the US was subsidizing in the 1980s was at that time fighting against the Soviet army in Afghanistan.

Another example of shifting alliances: During the Iran vs. Iraq war, the US and other Western countries were subsidizing Saddam Hussein, since Iraq was considered the lesser of two evils (they had not taken US diplomats hostage as the Iranians had). Everyone looked the other way when the Iraqis used chemical weapons on the Iranians. When Iraq invaded Kuwait, they became an enemy of the US because they were threatening US oil suppliers. At the present time, the Iraqi government is again a friend of the US. In a few years, things could change again.

To the OP: thanks for the post, but the font is nearly unreadable for older guys like me on smaller devices.

Fortunately, Biden stayed up all night last night trying to solve the fiscal cliff. Or maybe unfortunately.

Joe biden, the titular head of freedom in the Senate.

Only the government should have access to encryption and guns. Why would ordinary citizens need these things?

I wish he had succeed. Digital, not just email, encryption is a threat to national security.

I'm sure all criminals will stop using encryption as soon as it is banned.

Because criminals won't find a way.

When I read these kind of comments, I am not sure if these commentators are compensated better than China's 50 cent party. Some mturk generated comments would probably provide more qualitative contributions than something like this.

> When I read these kind of comments, I am not sure if these commentators are compensated better than China's 50 cent party. Some mturk generated comments would probably provide more qualitative contributions than something like this.

I doubt anyone bothers to pay people to post this stuff to Hacker News. The battle over crypto is essentially over at this point.

As an aside, 'qualitative' is not a synonym for 'quality'; it means 'involving distinctions based on qualities' and contrasts with 'quantitative', which refers to distinctions based on numerical measurements.

I have seen repeatedly comments appearing on subjects like these, written by relatively new accounts and supporting some form of surveillance measures. What they have in common is, that they just make a 1-sentence statement "we should be thankful that someone is protecting us", and provide no further arguments for their case. But them being troll baits might be more realistic. After all we are still arguing about it.

If you are trying to nit-pick about word definitions, kindly include the second part of the definition, that clearly supports my use of the word for comparing good/bad quality: "2. qualitative - relating to or involving comparisons based on qualities".

> I wish he had succeed. Digital, not just email, encryption is a threat to national security.

Since this comment is on its way to being killed, I quoted the entirety so my response would not be deprived of context.

Twenty years ago, this would have engendered actual debate. Fifteen years ago, it would have been harder to defend, but it would have found defenders. Now, of course, it's seen as utterly absurd and impossible to consider seriously.

Our culture has come to depend on encryption to do even the most basic business; trying to shove the genie into the bottle even partway, by mandating weaker encryption, would simply open our businesses' bank vaults and warehouses to criminals from around the world.

The nail in the coffin for crypto bans seemed (to me) to be the rise of crypto competency overseas. In the mid to late 1990s there was a lot of progress outside the US.

Also, when VISA comes politely knocking, saying "We'd really like our stuff to be secure, and available to anyone," congre$$ tend$ to li$ten.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact