________________________________________ ) PHILIP R. KARN, JR. ) ) Plaintiff, ) ) Civ. A No. 95-1812 (CRR) v. ) ) (Judge Charles R. Richey) U.S. DEPARTMENT OF STATE, and ) THOMAS E. MCNAMARA, Assistant ) Secretary of State, Bureau of ) Political-Military Affairs, in ) his official capacity. ) ) Defendants. ) ) ________________________________________)
1. I am the Deputy Director of the National Security Agency ("NSA"). I have held that position since February 2, 1994. As the Deputy Director of NSA I am the highest ranking civilian in the Agency and my responsibility is to oversee the management of NSA. Prior to my current position, I served as the Deputy Director for Operations from October 1991 to February 1994, and prior to that I held numerous other senior positions throughout the Agency. The Operations Directorate is the NSA organization which contains the Encryption Export Control Branch, the Branch which provides, through the Department of Defense, technical advice to the Department of State's Office of Defense Trade Controls ("ODTC") regarding the jurisdiction and licensing of cryptographic products for exportation.
2. This declaration will provide background information on: (1) the National Security Agency; and, (2) NSA's role in the export review process, specifically in evaluating Commodity Jurisdiction Requests that concern cryptography under the International Traffic in Arms Regulations ("ITAR"), 22 C.F.R. Subchapter M, Parts 120 to 130. The statements made herein are based on my personal knowledge obtained in the course of my official duties.
3. The National Security Agency/Central Security Service was established by Presidential Directive in 1952 as a separately organized agency within the Department of Defense under the direction, authority, and control of the Secretary of Defense. NSA has two missions: (1) to conduct the signals intelligence ("SIGINT") activities of the United States Government; and, (2) to carry out the responsibilities of the Secretary of Defense concerning the security of the United States national security information systems.
4. NSA's SIGINT mission is conducted through sophisticated collection technologies that allow NSA to obtain information from foreign electromagnetic signals. Based on information derived from these activities, NSA provides reports on a rapid-response basis to military commanders, national policymakers, and other entities throughout the federal government. This information has proven to be highly reliable and essential to the national defense, national security, and the conduct of the foreign affairs of the United States. Many foreign intelligence targets use encryption in an effort to ensure that their communications remain secret from everyone except the intended recipient. NSA's foreign intelligence collection operations depend heavily upon NSA's ability to exploit encrypted communications. "Encryption" is the process of transforming the original text of a message into a text that is not understandable and, thus, whose content is hidden.[1] Thus, a core NSA activity is "cryptanalysis" -- the science of reading "ciphertext" (i.e., determining the content of coded messages). Because of its unique technical knowledge and skills in this area, NSA is called upon to provide technical analysis and recommendations regarding the export control of cryptographic hardware and software -- items that can be used to perform encryption and/or decryption. Policies concerning the export control of cryptographic products are based principally on the fact that the proliferation of such products will make it easier for foreign intelligence targets to deny the United States Government access to information vital to national security interests.
5. The National Security Agency is the agency with technical expertise for evaluating whether cryptographic devices or software fall within category XIII(b)(1) of the USML. NSA makes recommendations regarding two aspects of the export review process: (1) actual license applications to export a commodity; and, (2) determinations as to which agency of the government has jurisdiction to license the export of a commodity, l.e., commodity jurisdiction determinations. License applications for the permanent or temporary export of cryptographic products are forwarded by the State Department to NSA for an assessment of whether the approval of an export license could have a negative impact on the national security interests of the United States. In making this assessment, NSA considers several factors including the sensitivity of the technology proposed for export, and the declared end-user and end-use of the commodity.
6. In addition, through the commodity jurisdiction process, NSA provides the Department of State with technical advice to determine whether the commodity is a cryptographic system, equipment, assembly, module, integrated circuit, component or software "with the capability of maintaining secrecy or confidentiality of information" covered under Category XIII(b)(1) of the United States Munitions List ("USML"). 22 C.F.R. § 121.1, XIII(b)(1). Data confidentiality occurs when a user's data (for example, a document or electronic mail) is encrypted for security and cannot be read other than by an individual with access to the "key" [2] to decrypt the information.
7. The commodity at issue in this case is a computer diskette which contains cryptographic algorithms expressed in source code. Some background definitions are in order. A "cryptographic algorithm" is a mathematical function or equation that can be applied to transform data into an unintelligible form (i.e., into ciphertext). [3] A cryptographic "source code" is a computer program that expresses a cryptographic algorithm in a precise set of operating instructions that allow a computer to perform cryptographic functions. "Fortran" and "C" are examples of computer programming languages used by computer programmers for writing source code that allow the cryptographic algorithm to be understood by a computer. Source code can, in turn, be converted by another computer program, a compiler, into "object code," which is a series of "ones" and "zeros" that may directly be "read" and executed by a computer. Software compilers to automatically perform this conversion function are commonly available at computer retail outlets.
8. The diskette submitted by Mr. Karn includes source codes for several cryptographic algorithms that are designed to maintain the secrecy of information, i.e. encrypt information. These source codes constitute cryptographic software with the capability to maintain data confidentiality within the scope of category XIII(b)(1) of the USML. The encryption source codes on the diskette can be used on a computer or incorporated into cryptographic equipment to provide confidentiality of information.
9. The diskette is cryptographic software controlled under Category XIII(b) of the USML because such software is itself the commodity that can be used to, and is essential to, encrypting data on a computer system. In its technical evaluation of cryptographic software, NSA distinguishes between software, such as the source codes on the Karn diskette, and explanatory information that merely describes how the software works. The diskette of source codes is not merely "know how" that explains how cryptography works, or a description of scientific ideas or information related to cryptography. Rather, this diskette is the actual device that enables a computer to perform cryptographic functions -- that is to encrypt and decrypt communications. The encryption source codes on the diskette, once converted to object code, constitute the "engine" for a cryptographic device.
10. There is an important distinction between the source codes printed in Appendix V of the book, Applied Cryptography and the Karn diskette. The diskette does not contain merely "text" that can be read on a computer screen, like the page of a book can be read. Rather, the diskette itself is designed to be directly used on a computer to perform encryption and decryption. Described below is a demonstration of how the Karn diskette can be used to encrypt information. This shows the execution of one of the source codes on the disk -- called Triple DES -- to produce an enciphered text and then to "unscramble" or decrypt the enciphered text to restore it to its original, understandable form. This encryption and decryption is accomplished through the following few steps.
11. First, the Karn diskette may be inserted into the floppy disk drive of a computer and the directory of its contents called to the screen, displaying the list of source codes on the disk. They are named after the cryptographic algorithm that they implement. See Tab A. One of the encryption source codes may be selected from the directory and used to encrypt information. The source code chosen, Triple DES, consists of 844 lines of "C" programming language instructions to the computer.
12. The next step in the process of using Triple DES to encrypt information is to add some simple, additional source code instructions to the computer.[4] In plain terms, these additional lines of instructions allow for the original, understandable text of a document (i.e., the "plaintext") to be "input" or passed through the Triple DES source code, resulting in the "output" of a scrambled, or enciphered text and, the reverse, the input of the enciphered text and the output of the plaintext. Composing these additional lines of source code is not a significant task. This step could be easily undertaken by anyone with an ability to program in the "C" language. The demonstration uses a rudimentary set of instructions and were written by an NSA analyst in less than one hour. 13. The next step in the process is to "compile" the source code into the object code -- which is the same source code transformed into a series of "ones" and "zeros" executable by the computer. Compiling is another simple process accomplished in a matter of seconds through the use of commercially available software. 14. At this point the computer is ready to encrypt a document. For example, the text, "we are planning an all-out attack against the enemy in the vicinity of Aitape about 10 July," may be encrypted. One need only type a single line of commands to the computer to instantly convert this text into ciphertext gibberish. See Tab B. This final line of instructions includes the "key," chosen by the user. The "key" is the information known only by the parties sending and receiving the text -- the "password" -- so that the text can be encrypted and decrypted. To decrypt the ciphertext, the process is simply reversed. The person decrypting the text must input the same key, and the gibberish is transformed back to the original text, understandable to the human eye. The same process could be undertaken for other source codes on the Karn diskette. This demonstration shows that the diskette includes source codes that, with a few simple steps, allows a user to encrypt information on a computer. 15. In his CJ appeal, Mr. Karn states that optical scanners can "easily render the Book every bit as systems-ready and systems-friendly as the Diskette." (Karn Appeal letter, Dec. 5, 1994 p.9) Mr. Karn is referring to a device which can be passed over a printed text and which "reads" the text into a computer. Computer software using technology called Optical Character Recognition ("OCR") then converts the picture of the printed text scanned into the computer, into an electronic format which can be edited.
16. While printed text can be scanned into a computer, the difference between the text of the source codes in the book and on the diskette remains important. A user simply inserts the Karn diskette into the floppy drive of a computer, writes minimal additional instructions, applies compiling software, and has executable object code that scrambles data. The process of scanning source codes onto a computer is quite different. OCR technology, while improving, may not produce error-free reproductions of the scanned material. Any errors of character recognition that occur in the scanning process must be detected and corrected, before compiling may begin and information encrypted. The Triple DES source code used in the demonstration described above would have to be checked in order to insure the scanned code matches precisely the lines of code presented on paper.
17. Further, if there is any doubt whether the paper source code is error or "bug" free, verifying the accuracy of the source code once scanned requires the expertise of someone familiar with the particular source code language and with the fundamentals of cryptography. This is so because the user not only must insure that the material scanned is a precise match with the printed form, but must check to insure that the original printed source code is written correctly so it can be properly compiled and will properly function to encrypt.
18. In contrast, the diskette already provides the user with "debugged" and error free source code for the encryption algorithms. Indeed, the value of the "debugged" disk is illustrated by the FEAL-8 source code on the disk. Merely scanning the FEAL-8 source code as printed in the book would create a malfunctioning code because the printed code contains an error. However, on the diskette, this error has been corrected so the FEAL-8 source code would function properly.
19. Ultimately the technical impediments of scanning may be overcome to produce executable source code. However, compared to the task of scanning, using a ready-made, error free diskette is much simpler. Unlike the option of scanning the book, the diskette provides users with the most valuable component of computer software: encryption source code on a diskette. As shown above, the diskette containing the source codes permits the direct use of the source codes to encrypt data on a computer with minimum effort.
I swear under penalty of perjury that the foregoing is true and correct.
DATE: 14/11/95 [sic] [signed] WILLIAM P. CROWELL DEPUTY DIRECTOR
1. This is referred to as transforming "plaintext" to "ciphertext." "Decryption" is the process of transforming ciphertext back to plaintext (original text).
2. Most modern cryptographic systems utilize what is referred to as a "key," which is the specific information that is necessary to decrypt a message.
3. A rudimentary example of an algorithm to transform plaintext into ciphertext would be a formula that replaces each letter in a word with the next letter in the alphabet, i.e., A+1=B, B+1=C... z+l=A. Thus, the sentence "Proceed at dawn" becomes "Qspdffe bu ebxo". The ease or difficulty with which the ciphertext can be broken (i.e., read without the "key") is generally referred to in terms of the "strength" of the algorithm.
4. Each of the source codes on the diskette, including Triple DES, is set forth in a separate text file which may be edited for computer programming purposes.