John Gilmore didn't think he'd have to go to jail just for checking a book out of the library. After all, his library card was up to date and he didn't owe any overdue-book fines. Still, with the cloud of ten years in the slammer looming over his head and the U.S. Department of Justice breathing down his neck, Gilmore was understandably uneasy, especially when the Feds dusted off a 1950s espionage law to threaten him with. It seems that the National Security Agency had classified as "secret" a couple of the books he'd checked out, and because Gilmore wouldn't turn them over to the Feds (they weren't his to give) or tell which public library lent them, he saw a prison library, not a public one, in his future.
There's no question that the books Gilmore borrowed (written in 1939 and 1941 by NSA founder William Friedman) were once classified. In 1975, however, they were declassified and put on public library shelves. Then Reagan's 1982 Executive Order 12356 reclassified reams of information which, if disclosed, "reasonably could be expected to cause damage to the national security," including Friedman's encryption studies, which are still used as standard texts in military classes.
But no one told the librarians.
The NSA believed that if Gilmore went public with the information in the 50-year old books (he was planning on making 20 to 30 copies of the material for distribution to other libraries), our national security would be in jeopardy because foreign countries would know that we know how they implemented their encryption schemes. (Some countries, it seems, still use encryption schemes based on Friedman's work, leading to the question of how they gained access to our classified information in the first place.) Presumably, these countries would then change their codes, requiring the NSA to come up with new cracking techniques.
That the secret documents existed was no secret. In fact, Gilmore had previously used the Freedom of Information Act to request from the NSA copies of the books--and was denied. He subsequently sued the agency for the release of three documents, including the two he later found in the library.
Just before last Thanksgiving, the NSA abruptly declassified the two books Gilmore had in hand, and the Justice Department dropped its threat. No reasons were given, but the NSA must have discovered that legal precedence exists whereby once secret documents have been made public, they can't be taken back into the secret sector. Or the agency might have decided it couldn't retrieve all public copies, or maybe that the information was harmless. Since no mention was made of the third book Gilmore had requested, he's still pursuing his lawsuit for access to that one.
This isn't the first time that, under the guise of security, the Feds have tried to stifle information. I've referred before to the American Library Association's Less Access to Less Information by and about the U.S. Government: A 1988-1991 Chronology, a 230-page litany of attempts by all branches of government to stem information exchange. It makes for interesting, if bewildering, reading.
Nor is Gilmore's saga the first instance of the government's focusing its attention on nonmilitary encryption applications. Back in 1991, if you remember, the FBI was among the backers of the failed Senate Bill 266, an onerous proposal that would have required voice-mail and network vendors to allow government agencies a back door into encryption engines.
Even though SB 266 didn't make it into law, the government hasn't given up. One of the more hotly debated topics on Capital Hill this past year has been the FBI's "Digital Telephony Proposal," which would require that all communications and computer systems be designed to enable Justice Department interception of private messages on a concurrent and remote basis before they can come to market. Putting Constitutional issues aside, the proposal would greatly increase design and manufacturing costs for system vendors, putting them at a disadvantage with foreign competitors. The penalty for not complying would be a fine of $10,000 a day.
With data and voice wireless communication becoming the norm at an astronomical rate, privacy is at the forefront of user concern, and encryption is the obvious solution. For the first time in history, there's a huge nonmilitary mass market for encryption technology, and Gilmore's intent was to jump-start software and hardware products for these emerging markets, not to simply divulge secrets for the sake of doing so. If publicly funded, relevant information is already available, it only makes good sense to use it.
To entrepreneurs, this spells opportunity, but to the government, it means loss of control.
Copyright © 1993, Dr. Dobb's Journal