FX Home
 
Claims
All Accounts
Ticker
Summary
Mailing Lists

Your Account
Your Profile

Help

Contact Us
Tip

Claim CERT - U.S.-Certified Encryption Only

Category: Science & Technology:Encryption, Factoring JUDGED at 25
Owner:20
Judge:74, niobium
created:1995/05/16
due date:1998/05/13

The Claim

A requirement is established in the United States which requires that all non-government encryption be `certified' by the U.S. government. Non-certified encryption is banned. [Paraprhasing Brock Meeks], the claim is YES if the following three-point plan is put into effect: 1. The government would "certifiy" one or more so-called "Commercial Key-Escrow" programs. These are similar in design to the government's Clipper Chip, but industry would hold the keys and some of these systems might not be classified, as is the software underlying Clipper. However, the companies producing such "certified" programs could claim trade secrets, not allowing the public access the underlying programs. 2. The government lifts export controls on all "certified" encryption programs. Currently, it's against the law to export encryption programs, as they are controlled by the State Department under the same classification as munitions. 3. The use of government certified encryption is made a federal mandate. By virtue of being a federal mandate, it becomes illegal to use private encryption schemes which have not passed the "certification" test. The claim pays $0.25 for each of the three subclaims with a $0.25 premium paid for all three. To be said to occur a law, regulation or rule (any of which carry the force of law but differ in their proposal and ratification procedures) must be established that matches the conditions (1), (2) or (3). Background: Encrypt At Your Own Risk, dated May 12, 1995 Cyberwire Dispatch

Judge's Statement

Introduction

This claim presents some judging and interpretation difficulties, largely due to its origin as a paraphrase of a journalist's speculations, which contain certain ambiguiities and technical inaccuracies. It also poses some technical problems because of the partial interdependency of the sub-claims, and some limitations on how partial payouts can be made.

The judge will judge this claim in a manner that best preserves the overall intent of the claim (and each sub-claim), as analyzed below, and will resolve ambiguities so as to best carry out the principles of FX and the reasonable expectations of participants in the FX market.

Meta-issues

  1. Sub-claim 2 depends on sub-claim 1; it cannot be true unless sub-claim 1 is true.
  2. Sub-claim 3 depends on sub-claim 1; it cannot be true unless sub-claim 1 is true.
  3. Sub-claim 3 does not depend on sub-claim 2, nor does sub-claim 2 depend on sub-claim 3.
  4. This claim will only be judged TRUE in its entirely ($1.00 payout) at such time as all three sub-claims are held to be TRUE and the government actions specified in them are in force and are not judically enjoined. The judge may reserve judgment during the pendency of litigation involving statutes or regulations affecting the claim, including a reasonable time for appeal. A judgment of TRUE ($1.00 payout) may be made at any time during the life of the claim, but in no case later than the due date, 13 May 1998.
  5. This claim will only be judged FALSE in its entirely ($0.00 payout) if, on 13 May 1998, none of the three sub-claims are held to be true.
  6. If one or two, but not all three, of the sub-claims are true on 13 May 1998, the appropriate partial payout will be made according to the terms of the claim. Note that this produces a somewhat asymmetrical situation: because FX is incapable of making a partial payout without closing a claim, partial payouts may only be made on the due date; thus not only must sub-claims become true at some time before the due date, they must remain true until the due date. On the other hand, if the claim becomes true in its entirety at any time, it will be judged TRUE and closed.

Substantive issues

Sub-claim 1

  1. The intent of this sub-claim is understood to mean that an agency of the U.S. government will "certify" a vendor's, certificate authority's, or government agency's "program", for encryption of digital data, with the assum ption that the "certified" "program" is to be offered for widespread public business or individual use. (Whether it in fact is ever actually offered for public use is not of the essence of the claim.)
  2. The purpose of this "certification" is understood to mean that the "program" provides for government access to keys (GAK) via some sort of legal process. The precise manner of government access to keys is irrelevant: it could include, for example:
    • "Commercial Key Escrow", that is, third-party key deposit in which a non-governmental entity holds keys or parts of keys, subject to production via legal process;
    • "Self Escrow", that is, a requirement that encryption users maintain keys or partial keys in a manner that facilitates government recovery via legal process.
    • Other methods of key recovery that may be proposed, including hybrids of third-party and self escrow, or hybrids of government and commercial escrow, etc.
  3. "Certify" is understood to mean that an agency of the U.S. government will, by its own regulation, or as directed by Congress, give approval to a particular "program" (as defined below) for the purpose of assuring government access to keys, as discussed above. This certification may take the form of statutes defining a class of certified "programs", department or agency regulations defining the same, or a case-by-case administrative certification procedure based on application.
  4. "Program" will be broadly construed, and is understood to mean a particular scheme, method, implementation, product, system, etc., but not necessarily a specific encryption algorithm. (For example, a "program" that specified use of an existing encryption system, such as PGP, but provided for third-party escrow of PGP secret keys, could, if submitted for certification, meet the requirements of this sub-claim.)
  5. Other language in sub-claim 1 making reference to the Clipper chip and trade secret protection for certain encryption algorithms is not of the essence of this claim and will not be considered in judgment.

Sub-claim 2

  1. Sub-claim 2 will be held TRUE if, and only if, all "programs" that have been "certified" as specified in sub-claim 1 may be freely exported from the U.S., that is, without any formalities, requests, licenses, notice, applications, etc. -- in other words, they would not be considered in any manner different than other software (assuming a software-only "program") or similar electronics (assuming a hardware-based system). (Other export controls unrelated to encryption may apply, such as those having to do with supercomputers, or specific military equipment or weapons; that is, barring the export of a military communications and control system that incidentally included a "certified" encryption system would not keep sub-claim 2 from being TRUE.) This lifting of export controls must apply to all such certified programs.
  2. Other language in sub-claim 2 inaccurately describing the state of export controls on encryption are not of the essence of this claim and will not be considered in judgment.

Sub-claim 3

  1. Sub-claim 3 will be held TRUE if, and only if, it becomes against Federal law in the U.S. to use encryption systems other than the "certified" "programs" specified in sub-claim 1. The intent of this sub-clai m is understood to mean that the government would have access (via legal process) to all keys used for all lawful encryption used in the U.S.
  2. "Illegal" is understood specifically to mean "in violation of a Federal criminal statute". Requirements for using "certified" encryption for particular limited purposes, such as doing business with the government, or banking, etc., or statutes or judicial decisions declaring use of non-certified encryption to be a tort or breach of contract, or administrative infraction, etc., are not sufficient to satisfy this sub-claim.
  3. No actual criminal charges need be filed, nor a conviction procured, in order to satisfy this sub-claim; however, the judge may reserve judgment pending the outcome of relevant litigation. If a criminal statute as discussed above has been enacted and made effective before the due date, this sub-claim will be judged TRUE unless, on the due date, enforcement is enjoined; a partial injunction (that is, one affecting only a single Federal judicial district or a small number of districts) will be evaluated according to its relative effect. (In practice, if a Federal criminal statute is held unconstitutional by a U.S. District Court, the Justice Department typically does not bring new prosecutions under the statute until the matter is determined on appeal, even though the ruling technically only affects the district in which the court sits.)
  4. In order to satisfy this sub-claim, the statute must also make illegal (or be interpreted to make illegal) the use of non-certified pre-encryption or super-encryption, that is, the use of both certified and non-certified encryption in conjunction, so as to effectively nullify government access to the decrypted data under a GAK process.

Caveat

As of the writing of this judge's statement, a number of proposals have been made in the 105th Congress that would materially affect the result of this claim. Three such proposals known to the judge are:

The judge will monitor these and any other relevant legislative proposals through use of the Thomas Congressional information system, as well as the popular press and Web pages of concerned organizations, such as the Encryption Policy Resource Page.

The Market

Your Buy YES Orders Players Buying YES Coupons
EraseQuantityPrice
     
Price Plot for life of CERT
Last trade price: 0
Current ask price: 100
Current bid price: 0
Pairs outstanding: 3777
Players participating: 30
View the ticker for this Claim.

Your cash balance: 12765.11
Your holdings in this Claim: 0
Your UID:
Your password:
Your Sell YES Orders Players Selling YES Coupons
EraseQuantityPrice
     

Back to my account page.