Don't Tread On Us

John Perry Barlow

Although I wear several other hats besides my NeXTWORLD-columnist fedora, I've never before been tempted to wear any of them in this space. But this month I'm here as vice-chairman of the Electronic Frontier Foundation (EFF), an organization that Mitch Kapor and I cofounded three years ago.

EFF is about virtual liberty: freedoms of expression, privacy, assembly, community, and opportunity in the human environments that exist inside networked digital media. If you're a NEXTSTEP user, you probably know a lot about these "places." They are the native home of NEXTSTEP, the OS designed for connectivity.

I'm wearing this hat because I think you should know that the virtual terrain where you work is under attack by the U.S. government. It is conducting a campaign that may gravely affect the way your company does business, especially if you are in financial services or any other line that involves electronically transmitting monetary values or sensitive data.

At the urging of the FBI and NSA, the government has created a new Federal Information Processing Standard based on an encryption chip of NSA design called Clipper. These agencies hope that a Clipper will eventually be installed in every telephone and computer system in the United States and that Clipper's secret encryption algorithm will be the standard that replaces DES for all secure transmissions.

Unfortunately, it won't be very secure itself. The government will hold the decoding key to each chip. The keys themselves will be split into two pieces, one of which will be held in escrow by the National Institute of Standards and Technology, the other by the Treasury Department. Under some vaguely defined (and surely mutable) "lawful authority," law-enforcement officials may join these pieces and begin monitoring your communications.

If these communications are international, the NSA may also gain access to them, and its constraints on extracting the key pairs are not public information. If you start using Clipper devices, your overseas customers may become fairly uneasy about the security of their transactions with you. And they should be.

As it stands, Clipper is a voluntary standard, though it may become necessary for communicating with such government bodies as the IRS. But the government hopes to suppress competing algorithms by maintaining its Cold War export embargo on robust encryption software or devices.

The Electronic Frontier Foundation hopes you will fight the general deployment of the Clipper chip, and we believe that the best way to do so is through expanding the sale and use of other digital locks to which the government does not hold the keys.

Because you work in an object-oriented environment, NEXTSTEP developers may have an important role in this fight. Ask your colleagues overseas to develop encryption objects that employ a secure algorithm like RSA. You can import these objects and incorporate them into applications created here.

We also strongly urge you to join our campaign to pass a bill in Congress that would force the government to lift the export embargo. Such a bill, H.R. 3627, has already been introduced by Rep. Maria Cantwell of Washington. E-mail in support of this measure can be sent to We will print out these messages and pass them on to Congress.

Whatever your feelings about the sort of woolly-headed civil-liberties concerns we at EFF have regarding Clipper, preventing its deployment may become critical to the future of your business. After all, when cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.

John Perry Barlow stands guard here each month.