Advertisement
Motherboard

20 Years Ago, A Senator Became the First US Lawmaker to Use Encryption

How Sen. Patrick Leahy became an early adopter of encryption.

by Lorenzo Franceschi-Bicchierai
May 2 2016, 1:00pm

Image: Douglas Graham/Congressional Quarterly/Getty Images

In 2016 some senators are trying to limit encryption, the technology that keeps your messages and personal data safe from prying eyes, with a bill that's so bad, one expert called it the most "ludicrous, dangerous, technically illiterate tech policy proposal of the 21st century."

Two decades ago, some senators were fighting to make encryption more widespread. As part of that fight, which some call the first Crypto War, Sen. Patrick Leahy (D-VT) decided to make a statement about the importance of crypto by using it himself.

"I am proud to be the first member of Congress to utilize encryption and digital signatures to post a message to the internet."

"In an effort to demonstrate one of the more practical uses of encryption technology (and so that you all know this message actually came from me), I have signed this message using a digital signature generated by the popular encryption program PGP," Leahy wrote in an open letter dated May 2, 1996—exactly 20 years ago today.

"I am proud to be the first member of Congress to utilize encryption and digital signatures to post a message to the internet."

Leahy signed the letter with his public PGP key. PGP, or Pretty Good Privacy, one of the most well-known programs used to scramble data using cryptography so that only the sender and recipient of a message can read it.

Sen. Patrick Leahy's PGP public key.

This was a strong stand, given that just a few months before, the US Justice Department had been on the brink of prosecuting Philip Zimmermann, the creator of PGP. Zimmermann had been under investigation for three years, accused of "munitions export without a license" for posting the software source code online.

Until 1992, cryptography was considered military equipment, and as such, it was listed on the US Munitions List, which includes any weapons or technologies that require an export license. Even after it was taken off that list, encryption remained heavily regulated. At the time, Leahy was leading a group of policymakers who were in favor of deregulating encryption. In 1996, Leahy introduced two bills that would have rolled back restrictions on exporting strong cryptography outside the US and prohibit government-mandated backdoors.

This was the time when the US government, along with the NSA, was pushing for mandatory key escrow, a backdooring system where encryption keys would be held in escrow in case authorities needed to access encrypted communications. That was the concept underlying the controversial Clipper chip, a device designed to give government agents access to encrypted communications.

"It meant that there was one person in Washington who had a clue about [encryption]."

As part of his pro-crypto push, Leahy took the initiative to use encryption himself.

"Leahy wasn't advised to issue a public key, it was entirely his idea," an activist who was part of the pro-encryption Cypherpunks group wrote in an email at the time, after visiting Leahy's office in D.C. "No staff suggestion there."

A Leahy spokesperson declined a request for an interview for this article.

The senator's use of PGP by itself didn't sway the Crypto Wars, but it was a symbolic win for pro-encryption activists.

"It meant that there was one person in Washington who had a clue about [encryption], which previously it looked like there were zero people in Washington who had a clue about this," John Gilmore, the founder of the Electronic Frontier Foundation and one of the leaders of the Cypherpunks group, told Motherboard.

Twenty years later, it's unclear if Leahy, who's also known to be a huge Batman geek, still uses PGP. But given that his key had only 1024 bits—a length that is now considered too weak to be secure—and he never issued a new one, it's safe to assume he doesn't use it anymore. That's OK, considering that even the inventor of PGP doesn't use it anymore because it's so inconvenient—although he'd probably like to have the right to do so if he chose.