Dorothy Denning (b. 1945) is a computer scientist and cryptographer who became the most prominent technical voice supporting the US government's position during the crypto-wars-export-controls debates of the 1990s. As a professor first at Georgetown and later at the Naval Postgraduate School, she argued that law enforcement's need for wiretapping access to encrypted communications was a legitimate and serious national security concern, and that some form of key escrow or lawful access mechanism was appropriate. This position put her in direct intellectual conflict with Bruce Schneier and made her the most important interlocutor in the defining security policy debate of the decade.
Early Contributions to Computer Security
Before the Crypto Wars, Denning made significant contributions to computer security theory. Her 1982 book Cryptography and Data Security was an important early academic treatment of the field. Her work on intrusion detection — particularly her 1987 paper "An Intrusion-Detection Model" — was foundational for the field; the anomaly-based and signature-based detection paradigms she described remain the basis for intrusion detection systems today. She contributed to information flow security models and covert channels research.
This technical credential — a genuine expert in cryptography and security — is what made her position on key escrow so significant and so contested. The government's Clipper Chip critics could easily dismiss officials or politicians who did not understand cryptography; dismissing Denning was harder. When Schneier and others argued that the clipper-chip-announcement was technically flawed and security-damaging, they were arguing not just against the NSA but against a credentialed academic peer.
The Clipper Chip Debate
Denning became the most visible technical advocate for the clipper-chip-announcement and the key escrow approach it embodied. She argued that law enforcement's need for access to communications was real and serious, that the increasing prevalence of strong encryption would genuinely harm criminal investigations, and that a properly designed key escrow system could provide lawful access without unacceptably compromising security.
Her position required her to engage seriously with the technical objections raised by Schneier, matt-blaze, whitfield-diffie, and others. She acknowledged some of the implementation weaknesses that Blaze found in the Clipper Chip but argued they were fixable engineering problems rather than fundamental objections to key escrow. She engaged in extended public debates with the cypherpunk community and with academic cryptographers, defending a position that most of her peers found untenable.
The Schneier-Denning dynamic was not a debate between technical expertise and political naivety; it was a genuine disagreement between technical experts about how to weigh competing security considerations. Schneier and the anti-escrow camp argued that the security costs of mandated backdoors were high, certain, and structural — backdoors could not be limited to authorized use. Denning argued that the security benefits to law enforcement were also real and that a sufficiently careful design could be secure. She lost the technical debate — Blaze's clipper-chip-announcement analysis, Schneier's systems arguments, and later evidence from compromised CALEA infrastructure supported the anti-escrow position — but she was not making foolish arguments.
Ongoing Engagement with Crypto Policy
Denning did not withdraw from the crypto policy debates after the Clipper Chip failed. She continued to argue that the "going dark" problem — law enforcement losing access to communications as encryption became ubiquitous — was real and serious, and that the security community needed to engage with it rather than simply asserting that backdoors were impossible or unacceptable. She also engaged with cyberterrorism and information warfare before those became standard policy topics.
Her position has been remarkably consistent across decades: that law enforcement and national security interests must be weighed seriously in cryptography policy, and that the civil liberties framing that Schneier and the EFF advance, while legitimate, is not the only consideration. The post-snowden-revelations period did not change her fundamental position, though it did change the terms of the debate.
Relationship to Schneier
Denning is Schneier's most significant intellectual opponent. Not an enemy, not a dismissed figure, but the person who forced Schneier and his allies to make their best arguments rather than their easiest ones. The quality of Schneier's technical critique of key escrow — in applied-cryptography, in his congressional testimony, in the crypto-gram-newsletter — was partly determined by the fact that Denning was on the other side. She could not be defeated with rhetorical dismissal; she had to be defeated with better technical and policy arguments.
The Schneier-Denning opposition maps onto a fundamental tension in security policy that remains unresolved: how to weigh surveillance capability against surveillance risk. Schneier's security-economics framework argues that backdoors create attack surfaces that adversaries will exploit, making everyone less safe in exchange for capabilities that surveillance states (including adversarial ones) will use in ways not limited to lawful purposes. Denning's counter is that uninvestigable encryption is also a security cost, one paid by crime victims rather than by cryptographers. The debate between them is one of the most important in the history of security policy.