Skip to main content

EFFector - Volume 7, Issue 12 - EFF Analysis of Vice-President Gore's Letter on Cryptography Policy

EFFECTOR

EFFector - Volume 7, Issue 12 - EFF Analysis of Vice-President Gore's Letter on Cryptography Policy

=========================================================================
  ________________             _______________          _______________
 /_______________/\           /_______________\        /\______________\
 \\\\\\\\\\\\\\\\\ \          |||||||||||||||||       / ////////////////  
  \\\\\\\\\\\\\\\\\/          |||||||||||||||||      / ////////////////
   \\\\\\_______/\            ||||||_______\        / //////_____\  
    \\\\\\\\\\\\\ \           ||||||||||||||       / /////////////
     \\\\\\\\\\\\\/____       ||||||||||||||      / ///////////// 
      \\\\\___________/\      |||||              / ////   
       \\\\\\\\\\\\\\\\ \     |||||             / ////  
        \\\\\\\\\\\\\\\\/     |||||             \////

=========================================================================
EFFector Online Volume 07 No. 12      July 22, 1994       editors@eff.org
A Publication of the Electronic Frontier Foundation        ISSN 1062-9424

In This Issue:

EFF Analysis of Vice-President Gore's Letter on Cryptography Policy
EFF Reactions to Encryption Standards & Procedures Act (07/12/94 Draft)
NSA Letter to Sen. Hollings Re: Clipper Appropriation Draft Bill
Interoperability Demo - ISDN and Internet PPP
EFF Congratulates Rep Markey on Passage of Open Platform Bill HR3636
US ACM Calls for Clipper Withdrawal, Releases Crypto Policy Report
IITF Intellectual Property Draft Report - Request for Comments
New Faces at EFF - Robin Abner (Membership), Darby Costello (Finance)
What YOU Can Do

----------------------------------------------------------------------


Subject: EFF Analysis of Vice-President Gore's Letter on Cryptography Policy
----------------------------------------------------------------------------


July 22, 1994

Two days ago, Vice-President Al Gore signaled a major setback in the
Administration's Clipper program, and a willingness to engage in serious
negotiations leading to a comprehensive new policy on digital privacy and
security.  Many questions remain about the future, but one thing is
certain: Clipper is a dead end, and those of us who are concerned about
digital privacy have won a new opportunity to shape a better policy.

The Vice-President's letter to Rep. Maria Cantwell (D-WA) made it clear
that while Clipper might have a small place in the telephone security
market, it has no future in the digital world.  "...[T]he Clipper Chip is
an approved federal standard for telephone communications and not for
computer networks and video networks.  For that reason, we are working with
industry to investigate other technologies for those applications....  We
welcome the opportunity to work with industry to design a more versatile,
less expensive system.  Such a key escrow system would be implementable in
software, firmware, hardware, or any combination thereof, would not rely
upon a classified algorithm, would be voluntary, and would be exportable." 
Clipper does not meet most of these criteria, so, according to the Vice-
President, it is a dead end.

END OF THE LINE FOR CLIPPER -- LONG-RUN EFFORT TO DRIVE MARKET WILL FAIL

The premise of the Clipper program was that the government could drive the
market toward use of encryption products which incorporated
government-based key escrow agents.  A series of subtle and not so subtle
government actions would encourage private citizens to use this technology,
thus preserving law enforcement access to encrypted communications. 
Clipper was originally announced as the first element of a family of
hardware-based, government key escrow encryption devices that would meet
security needs for both voice and data communications on into the future. 
Clipper itself was purely a voice and low-speed data product, but other
members of the Skipjack family, including Tessera and Capstone, were to be
compatible with Clipper and were intended to lead the way from escrowed
encryption in voice to escrowed encryption for data.  Plans are already
announced, in fact, to use Tessera and Capstone in large government email
networks.  At the time, the hope was that government use of this technology
would push private sector users toward key escrow systems as well.

Now, the announcement that the Administration is re-thinking plans for data
encryption standards leaves Clipper a stranded technology.  No one wants to
buy, or worse yet, standardize on, technology which has no upgrade path. 
As a long-run effort to force the market toward government-escrowed
encryption standards, Clipper is a failure.

WE STILL MUST WORK FOR VOLUNTARY, OPEN, EXPORTABLE STANDARDS

The fight for privacy and security in digital media is by no means over. 
Though the Administration has backed away from Clipper, and expressed
willingness to talk about other solutions, we are pursuing serious progress
on the following issues:

        * Improved telephone encryption standards

For the reasons listed by the Vice-President, in addition to the inherent
problems of making copies of all your keys available, Clipper is a poor
choice for telephone encryption.  Industry should develop a standard for
truly secure and private telephones, make them available from multiple
manufacturers worldwide, and make them interoperate securely with audio
conferencing software on multimedia PC's.

        * Truly voluntary standards

Any cryptographic standard adopted by the government for private sector use
must be truly voluntary.  Voluntary means, to us, that there are statutory
guarantees that no citizen will be required or pressured into using the
standard for communications with the government, or with others.  No
government benefits, services, or programs should be conditioned on use of
a particular standard, especially if it involves government or private key
escrow.

        * Open standards

Standards chosen must be developed in an open, public process, free from
classified algorithms.  The worldwide independent technical community must
be able to create and evaluate draft standards, without restriction or
government interference, and without any limits on full participation by
the international cryptographic community.

        * No government escrow systems

Any civilian encryption standard which involves government getting copies
of all the keys poses grave threats to privacy and civil liberties, and is
not acceptable in a free society.

        * Liberalization of export controls

Lifting export controls on cryptography will make the benefits of strong
cryptography widely available to our own citizens. U.S. hardware, software
and consumer electronics manufacturers will build encryption into
affordable products once they are given access to a global marketplace. 
Today's widespread availability of "raw" cryptographic technology both
inside and outside the United States shows that the technology will always
be available to "bad guys".

The real question is whether our policies will allow encryption to be built
into the fabric of our national and international infrastructure, to
provide significantly increased individual privacy, improved financial
privacy, increased financial security, enhanced freedom of association,
increased individual control over identity, improved security and integrity
of documents, contracts, and licenses, reduced fraud and counterfeiting,
the creation of significant new markets for buying and selling of
intellectual property, and a lessened ability to detect and prosecute
victimless crimes.

These benefits are not free, however.  EFF does recognize that new
communications technologies pose real challenges to the work of law
enforcement.  Just as the automobile, the airplane, and even the telephone
created new opportunities for criminal activity, and new difficulties for
law enforcement, encryption technology will certainly require changes in
traditional investigative techniques.  We also recognize that encryption
will prevent many of the online crimes that will likely occur without it. 
We further believe that these technologies will create new investigative
tools for law enforcement, even as they obsolete old ones.  Entering this
new environment, private industry, law enforcement, and private citizens
must work together to balance the requirements of both liberty and
security.  

Finally, the export controls used today to attempt to control this
technology are probably not Constitutional under the First Amendment; if
the problems of uncontrolled export are too great, a means of control must
be found which does not restrict free expression.

CONGRESSIONAL LEADERSHIP TOWARD COMPREHENSIVE POLICY FRAMEWORK IS CRITICAL

The efforts of Congresswoman Maria Cantwell, Senator Patrick Leahy, and
other members of Congress, show that comprehensive policies on privacy,
security and competitiveness in digital communication technologies can only
be achieved with the active involvement of Congress.  Unilateral policy
efforts by the Executive branch, such as Clipper and misguided export
control policies, will not serve the broad interests of American citizens
and businesses.  So, we are pleased to see that the Vice-President has
pledged to work with the Congress and the private sector in shaping a
forward-looking policy.  We see the Vice-President's letter to
Congresswoman Cantwell as an important opening for dialogue on these
issues.

The principles of voluntariness and open standards announced in the Vice-
President's letter, as well as those mentioned here, must be incorporated
into legislation.  We believe that under the leadership of Senator Leahy,
Reps. Cantwell, Valentine, Brooks and others, this will be possible in the
next congress.  EFF is eager to work with the Congress, the Administration,
along with other private sector organizations to help formulate a new
policy.  EFF is also pleased to be part of the team of grass roots
activism, industry lobbying, and public interest advocacy which has yielded
real progress on these issues.

FOR MORE INFORMATION CONTACT:

Jerry Berman, Executive Director 
Daniel J. Weitzner, Deputy Policy Director 

For the full text of the Gore/Cantwell letter, see:

ftp.eff.org, /pub/Alerts/gore_clipper_retreat_cantwell_072094.letter
gopher.eff.org, 1/Alerts, gore_clipper_retreat_cantwell_072094.letter
http://www.eff.org/pub/Alerts/gore_clipper_retreat_cantwell_072094.letter

------------------------------


Subject: EFF Reactions to Encryption Standards & Procedures Act (Draft)
-----------------------------------------------------------------------

The staff of the House Science, Space, and Technology Committee has just
released a draft bill which would create a somewhat more public process for
establishment of Clipper-like escrowed encryption systems.  Entry of the
Congress into this policy debate is a welcome change after 18 months of
one-sided Executive Branch edicts.  However, considerable changes would be
required before the legislation would meet EFF's goals for a truly open
federal encryption policy which preserves the right of private individuals
to use any form of encryption, without restriction or penalty.  

Despite its promise of an open process, this bill is by no means a
repudiation of the Clipper program,  In fact, it enshrines in legislation
several key aspects of the Clipper policy.  However, inasmuch as the bill
seeks to establish NIST authority to develop escrow encryption systems, it
raises real questions about whether NIST or other agencies have any
authority now to spend federal funds on escrow encryption systems.


Overview of the bill:

The bill directs the Department of Commerce, through the National Institute
of Standards and Technology, to issue escrowed encryption standards.  The
standards issued would be subject to public comment and afford the
opportunity for judicial review under the terms of the Administrative
Procedures Act.  Similar procedures created for the designation of
government key escrow agents.

Several aspects of the Clinton Administration's approach to cryptography
policy are accepted by this bill:

1.      Absolute preservation of law enforcement and national security access

By this bill, any encryption standards adopted must "preserve the
functional ability of the government to interpret, in a timely manner,
electronic information that has been obtained pursuant to an electronic
surveillance permitted by law."  Sec 31(b)(2)(E).

2.      Weak privacy protection

The bill specifies that standards adopted should advance the development of
the NII, but offers only qualified support for privacy.  Standards should
are only required to go so far as to not "diminish existing privacy
rights...." Sec 31(b)(2)(D).

3.      Increased role for National Security Agency in civilian privacy and
security matters

The bill establishes a permanent role for the National Security Agency in
the creation of privacy and security standards for use by the private
sector.  Currently, under the Computer Security Act, NIST is encouraged to
consult with the NSA on matters of federal systems security and to draw
"computer system technical security guidelines developed by the National
Security Agency to the extent that the National Bureau of Standards
determines that such guidelines are consistent with the requirements for
protecting sensitive information in Federal computer systems."  This would
explicitly extend the NSA role from federal systems to systems intended for
public, civilian use.  As such, this is a major change in the Computer
Security Act.


Issues to be addressed in draft:

To create a truly open policy process, to protect privacy, and to ensure
the development of the best privacy-protecting technology possible, the
bill should be augmented with the following provisions:

1.      Voluntary standards

Any legislation on encryption standards must guarantee that no one will be
required to use such standards, nor will use of other encryption standards
be curtailed by law.  Furthermore, federal encryption policy should
guarantee that access to government programs, opportunities, or even the
ability to communicate with the government, should never be conditioned on
the use of any escrowed encryption standard.  From the first announcement
of the Clipper program, the Clinton Administration has assured the public
that escrowed encryption would remain voluntary.  This promise must be
included in legislation.

2.      Open design process

The draft bill does call for an open process for formation of encryption
standards.  Legislation should make explicit that an open process means
that no classified algorithms or technologies may be included.  Though
there was public comment on the Escrowed Encryption FIPS (the Clipper
Federal Information Processing Standard), public process in that case was
meaningless because the core technology remained behind a veil of secrecy.

3.      Remedies for negligence or abuse by escrow agents

As drafted, the proposal drastically limits the liability of federal escrow
agents for all but "willful" abuse by federal employees.  The escrow
agents must also be responsible for unauthorized release of keys because of
the actions of private individuals or because of negligent practices by
government agents.

4.      Exploration of voluntary, private sector escrow agents

Finally, if the government is going to adopt a government-based escrow
system, it should also be required to explore the possibility of private
party escrow systems based on open standards.


The full text of the draft bill is available from EFF's archives:

ftp.eff.org, /pub/EFF/Policy/Crypto/encryp_stds_procedures_94_bill.draft
gopher.eff.org, 1/EFF/Policy/Crypto/encryp_stds_procedures_94_bill.draft
http://www.eff.org/pub/EFF/Policy/Crypto/encryp_stds_procedures_94_bill.draft

------------------------------


Subject: NSA Letter to Sen. Hollings Re: Clipper Appropriations Draft Bill
--------------------------------------------------------------------------

NATIONAL SECURITY AGENCY
CENTRAL SECURITY SERVICE
Fort George G. Meade, Maryland 20755

8 July 1994


Honorable Ernest P. Hollings
Chairman, Subcommittee on Commerce,
        Justice, State and Judiciary
Committee on Appropriations
United States Senate
Washington, DC  20510-6027

Dear Senator Hollings:

        We recently received a copy of a draft amendment that Senator Leahy
proposed to you that would condition expenditure of appropriated funds for
key escrow encryption (including the CLIPPER Chip) on satisfaction of
several requirements.  This language will have a major impact on the
Administration's overall key escrow strategy.

        We are very concerned about several aspects of the proposal.  Most
importantly, this language would cause significant delays (perhaps two
years or more) in the introduction and use of escrowed key encryption
products.  With such a delay, alternative, non-escrow cryptographic
products likely would become the norm in the United States and perhaps
abroad as well.  Widespread use of non-escrowed encryption could
irretrievably damage our ability to encourage the use of key escrow
encryption, putting at risk law enforcement effectiveness and critical
foreign intelligence activities.

        Another very significant concern is the impact of delays on major
Defense Department programs to secure its information systems that process
information regarding funds transfers, personnel data, medical files,
logistics support, and much more.  Since most of that information today is
processed, transferred, and stored on unclassified and unprotected
computing and telecommunications systems, it is extremely vulnerable.

        The threat to these systems is real.  Already, some of our systems
have been penetrated.  While we do not know who penetrated the systems, we
believe potential threats include foreign intelligence activities,
criminals, terrorists, and hackers.  In addition to potential threats from
external entities, network/computer attacks could also be initiated by
"insiders".  Network/computer protection within DoD is a fundamental
military readiness issue and the need for security products is immediate.

        The DoD is implementing a major program to help protect
unclassified but sensitive information in the Defense Messaging System
(DMS) through the use of key escrow technology.  Programming has already
begun on the first set of over 22,000 protection devices for this
application.  Key escrow products will provide privacy, authentication, and
data integrity solutions for critical information system [sic].  At the
same time, escrowing of keys will preserve a mechanism for law enforcement
organizations to access these systems when lawfully authorized, e.g., in
connection with investigations of possible fraud.  Delays in the process
could have sever, negative consequences for DMS.

        In summary, key escrow encryption technology is vital to the
Defense Department's operational readiness and its ability to conduct
day-to-day activities, and we cannot afford to delay implementation of
these critical security products.

        I recognize that you may have other questions and we are prepared
to meet with you at your convenience on this matter.  I have sent a similar
letter to Senator Domenici.

/s/  J.M. McConnell
Vice Admiral, U.S. Navy
Director, NSA

------------------------------


Subject: Interoperability Demo - ISDN and Internet PPP
------------------------------------------------------

                    PRESS RELEASE
           ISDN PPP INTEROPERABILITY DEMO

GAITHERSBURG, MD, JUNE 24, 1994 -- Today at the NIUF, seven
ISDN equipment vendors demonstrated interoperable local and wide area
network connectivity using Point-to-Point Protocol (PPP) over ISDN.

This crucial step opens the way to grand-scale interoperability of ISDN
LAN connection equipment.  "National ISDN 1 and 2 worked on
standardized connectivity at the circuit level, but that wasn't enough.
Users need applications to launch connections, and remote LAN access
applications are standardizing around PPP.  This interoperability
demonstration puts these vendors ahead of other ISDN vendors, who
better get with it or get left out" (according to Jay Batson, Senior Analyst
with Network Strategy Service at Forrester Research).

Seven leading US, Canadian and European vendors demonstrated
interoperable ISDN remote access to LANs:

AccessWorks Communications Inc.
Cisco Systems, Inc.
DigiBoard, Inc.
Gandalf Technologies, Inc.
IBM Corp.
netCS Informationstechnik GmbH
Network Express

Vendors and end-users accessed Internet, read their e-mail, and sent files
back home as part of the demonstration.

"For the first time, telecommuters and branch office users can choose the
equipment that they prefer.  Everyone can get their equipment from
different vendors, but it all works together", said Jake Jacobson, Manager
of Advanced Communication Laboratories at JPL.

Using Basic Rate ISDN lines and LAN attachments provided by the US
National Institute for Standards and Technology (NIST), vendors
interconnected their devices and attached to local and remote LANs. As
part of the demonstration, vendors and end users accessed Internet, read
their e-mail, and sent files back home. End users and vendors alike agreed
that this will greatly promote rapid expansion of telecommuting, remote
Internet access, branch office connectivity, and other useful applications.

"The European ISDN Users Forum has also sanctioned PPP as the official
interoperability standard" said Rick Kuhlbars of netCS, Berlin, Germany

PPP is a set of protocols recommended by the Internet Engineering Task
Force (IETF) that allows LAN connection equipment to negotiate which
features and protocols will be supported by both ends of a connection.
PPP is rapidly becoming a standard for LAN connections since it allows
dissimilar products to quickly negotiate which features will be selected
for a particular connection.

Some reactions:

"Global trade requirements and business relationships compel us to
interoperate using these kinds of standards based procedures." - Stan
Kluz, Lawrence Livermore National Laboratory.

"This allows us to have students, faculty and staff select a wider array of
equipment and maintain interoperability with both Ameritech's switches
as well as the University's emerging ISDN dial in pools." - Dory Leifer,
University of Michigan.

"For the first time, users now have ISDN networking plug and play.
Vendors' network products which support these specifications assure that
they can access networks without concern as to what ISDN networking
equipment is in use on the network end." - Jeff Fritz, West Virginia
University, Chairman of the Enterprise Network Data Interconnectivity
Family (ENDIF), a working group of NIUF.

NIUF - the North American ISDN User's Forum is an association of
ISDN vendors, users, and service providers working together to promote
and improve the use of ISDN in North America.

Contacts for additional information:

Reggie Best, AccessWorks Communications Inc., (800) 248-8204,
rbest@accessworks.com.

Kevin Dickson, Cisco Systems, (415) 326-1941, kdickson@cisco.com.

Bob Downs, ENDIF liaison to IETF, Combinet, (408) 522-9020,
bdowns@combinet.com.

Jeff Fritz, ENDIF Chairman, West Virginia Univ., (304) 293-2060,
jfritz@wvnvm.wvnet.edu.

Douglas Frosst, Gandalf, Ontario, Canada, (613) 723-6500,
dfrosst@gandalf.ca.

Rick Kuhlbars, netCS, Berlin, Germany, 49.30/856 999-0,
rick@netcs.com.

Randy Sisto, Network Express, (313) 761-5005, rsisto@nei.com.

Julie Thomtez, DigiBoard, (612) 943-9020, juliet@digibd.com.

IBM, IBM ISDN Information, (919) 254-ISDN.


Respectfully Submitted,

Gerry Hopkins, ENDIF ViceChair acting for the Secretary

------------------------------


Subject: EFF Congratulates Rep Markey on Passage of Open Platform Bill HR3636
-----------------------------------------------------------------------------

Earlier this month, the House of Representatives has passed both HR 3636
and 3626.  HR 3636, the Markey/Fields bill, is based on EFF's Open
Platform Proposal. HR 3626 passed on a vote of 423 to 5 (7 not voting). 
HR 3636 passed on a vote of 423 to 4 (8 not voting).  No amendments were
offered to either bill on the Floor.

After the votes, the bills were ordered to be combined into one bill, which
will be sent to the Senate.  The Senate is currently considering its own
similar legislation.

Electronic Frontier Foundation praises passage of House Telecommunications
Bill (HR 3636), in combination with the Antitrust Reform Act (HR 3626).

Key provisions of the bill will provide affordable access to multimedia
network services for the American public

******

        The Electronic Frontier Foundation (EFF) is pleased that the US
House of Representatives has passed major telecommunications legislation,
and commends all who have worked on the bill, especially Chairman Ed Markey
(D-MA).  Key provisions of the legislation ensure that Open Platform
service will be made widely available to all Americans, as the first step
in the development of an interactive, multimedia information
infrastructure.

        "Under the Open Platform services sections, the Federal
Communications Commission is required to issue regulations which make
switched, digital telecommunications service available and affordable for
the American public in the near term," explained Daniel J. Weitzner, Deputy
Policy Director of EFF.  Many of the multimedia services that will help
increase educational opportunity in our schools, provide access to library
resources, enable distance learning, and support telecommuting, can be
delivered over network services that are available today.  Yet,
telecommunications carriers have been slow in offering these services to
the public.  While an interactive broadband network should be our long term
policy goal, there is no reason to wait for broadband to reap the benefits
of digital technologies such as ISDN available in the network today.  

        "Guided by Congress, FCC action to cause deployment and tariffing
of Open Platform services will dramatically enhance American's access to
multimedia information sources, " said Weitzner.

        Mitchell Kapor, Chairman of the Board of the Foundation, praised
the efforts of Chairman Markey (D-MA) and said that an information
infrastructure "built based on Open Platform principles will be a vibrant
web of communications and information that enhance free speech and
democratic discourse.  Open architecture will also enable the NII to be the
site of innovation, economic growth, and job creation."

        HR 3636 recognizes that advanced telecommunications services are
becoming more important for individuals and public institutions and that
the definition of universal service should evolve over time to ensure
affordable access to such advanced services for all Americans.  The bill
provides that Open Platform service should be considered as the next step
in the evolution of universal service.  We can hope that in many
circumstances a more competitive market will provide high quality access at
low prices for many parts of the country.  A flexible definition of
universal service will help ensure that where the market fails to provide
minimum acceptable levels of service, careful tailored regulation will help
fill the void.

        For all of these reasons, the Open Platform sections have been
enthusiastically supported by a diverse coalition of public interest groups
and key players in the computer and communications industries.  "The job of
ensuring openness and access to the NII is only just beginning, but the
Open Platform services that made possible by the bill take a decisive first
step in the right direction," said Weitzner.

Contacts: 

Jerry Berman, Executive Director,  Internet:
Daniel J. Weitzner, Deputy Policy Director,  Internet:
Telephone: v: 202-347-5400      f: 202-393-5509 

******

June 28, 1994

Hon. Edward Markey, Chairman
House Telecommunications & Finance Subcommittee
316 Ford House Office Building
Washington, DC  20150


Dear Chairman Markey,

        We want to congratulate you and Representative Fields on the
passage of HR 3636 and to thank you for efforts and foresight in support of
the Open Platform sections of the bill.  Built based on Open Platform
principles, the NII will be a vibrant web of communications and information
that enhance free speech and democratic discourse.  Such an open
environment will also enable the NII to be the site of innovation, economic
growth, and job creation.

        Under the Open Platform services sections, the Federal
Communications Commission is required to issue regulations which make
switched, digital telecommunications service available and affordable for
the American public in the near term.  As you know, many of the multimedia
services that will help increase educational opportunity in our schools,
provide access to library resources, enable distance learning, and support
telecommuting, can be delivered over network services that are available
today.  Yet, telecommunications carriers have been slow in offering these
services to the public.  While an interactive broadband network should be
our long term policy goal, there is no reason to wait for broadband to reap
the benefits of digital technologies such as ISDN available in the network
today.  Guided by Congress, FCC action to cause deployment and tariffing of
Open Platform services will dramatically enhance American's access to
multimedia information sources. Widely available Open Platform services
will also help jump start that multimedia information and communications
market place.

        HR 3636 recognizes that advanced telecommunications services are
becoming more important for individuals and public institutions and that
the definition of universal service should evolve over time to ensure
affordable access to such advanced services for all Americans.  The bill,
thus, provides that Open Platform service should be considered as the next
step in the evolution of universal service.  We can hope that in many
circumstances a more competitive market will provide high quality access at
low prices for many parts of the country.  Your work in creating a flexible
definition of universal service will help ensure that where the market
fails to provide minimum acceptable levels of service, careful tailored
regulation will help fill the void.

        For all of these reasons, the Open Platform sections have been
enthusiastically supported by a diverse coalition of public interest groups
and key players in the computer and communications industries.  The job of
ensuring openness and access to the NII is only just beginning, but the
Open Platform services that you have made possible take a decisive first
step in the right direction.  Again, we commend you and your colleagues for
supporting the Open Platform services sections and promise to continue to
work with you to ensure enactment of comprehensive telecommunications
legislation with strong Open Platform provisions this year.



Sincerely,

Jerry Berman
Executive Director

------------------------------


Subject: US ACM Calls for Clipper Withdrawal, Releases Crypto Policy Report
---------------------------------------------------------------------------

From: US ACM, DC Office 


                              U S A C M

 Association for Computing Machinery, U.S. Public Policy Committee

                          * PRESS  RELEASE *
Thursday, June 30, 1994

Contact:
Barbara Simons (408) 463-5661, simons@acm.org (e-mail)
Jim Horning  (415) 853-2216, horning@src.dec.com (e-mail)
Rob Kling (714) 856-5955, kling@ics.uci.edu (e-mail)


     COMPUTER POLICY COMMITTEE CALLS FOR WITHDRAWAL OF CLIPPER

            COMMUNICATIONS PRIVACY "TOO IMPORTANT" FOR
                     SECRET DECISION-MAKING

     WASHINGTON, DC   The public policy arm of the oldest and
largest international computing society today urged the White
House to withdraw the controversial "Clipper Chip" encryption
proposal.  Noting that the "security and privacy of electronic
communications are vital to the development of national and
international information infrastructures," the Association for
Computing Machinery's U.S. Public Policy Committee (USACM) added
its voice to the growing debate over encryption and privacy
policy.

     In a position statement released at a press conference on
Capitol Hill, the USACM said that "communications security is too
important to be left to secret processes and classified
algorithms."  The Clipper technology was developed by the National
Security Agency, which classified the cryptographic algorithm that
underlies the encryption device.  The USACM believes that Clipper
"will put U.S. manufacturers at a disadvantage in the global
market and will adversely affect technological development within
the United States."   The technology has been championed by the
Federal Bureau of Investigation and the NSA, which claim that
"non-escrowed" encryption technology threatens law enforcement and
national security.

     "As a body concerned with the development of government
technology policy, USACM is troubled by the process that gave rise
to the Clipper initiative," said Dr. Barbara Simons, a computer
scientist with IBM who chairs the USACM.  "It is vitally important
that privacy protections for our communications networks be
developed openly and with full public participation."

     The USACM position statement was issued after completion of a
comprehensive study of cryptography policy sponsored by the ACM
(see companion release).  The study, "Codes, Keys and Conflicts:
Issues in U.S Crypto Policy," was prepared by a panel of experts
representing various constituencies involved in the debate over
encryption.

     The ACM, founded in 1947, is a 85,000 member non-profit
educational and scientific society dedicated to the development
and use of information technology, and to addressing the impact of
that technology on the world's major social challenges.  USACM was
created by ACM to provide a means for presenting and discussing
technological issues to and with U.S. policymakers and the general
public.  For further information on USACM, please call (202) 298-0842.



       USACM Position on the Escrowed Encryption Standard


The ACM study "Codes, Keys and Conflicts: Issues in U.S Crypto
Policy" sets forth the complex technical and social issues
underlying the current debate over widespread use of encryption.
The importance of encryption, and the need for appropriate
policies, will increase as networked communication grows.
Security and privacy of electronic communications are vital to
the development of national and international information
infrastructures.

The Clipper Chip, or "Escrowed Encryption Standard" (EES)
Initiative, raises fundamental policy issues that must be fully
addressed and publicly debated.  After reviewing the ACM study,
which provides a balanced discussion of the issues, the U.S.
Public Policy Committee of ACM (USACM) makes the following
recommendations.

  1.  The USACM supports the development of public policies and
technical standards for communications security in open forums in
which all stakeholders -- government, industry, and the public --
participate.  Because we are moving rapidly to open networks, a
prerequisite for the success of those networks must be standards
for which there is widespread consensus, including international
acceptance.  The USACM believes that communications security is
too important to be left to secret processes and classified
algorithms.  We support the principles underlying the Computer
Security Act of 1987, in which Congress expressed its preference
for the development of open and unclassified security standards.

  2.  The USACM recommends that any encryption standard adopted by
the U.S. government not place U.S. manufacturers at a disadvantage
in the global market or adversely affect technological development
within the United States.  Few other nations are likely to adopt a
standard that includes a classified algorithm and keys escrowed
with the U.S. government.

  3.  The USACM supports changes in the process of developing
Federal Information Processing Standards (FIPS) employed by the
National Institute of Standards and Technology.  This process is
currently predicated on the use of such standards solely to
support Federal procurement.  Increasingly, the standards set
through the FIPS process directly affect non-federal organizations
and the public at large.  In the case of the EES, the vast
majority of comments solicited by NIST opposed the standard, but
were openly ignored.  The USACM recommends that the standards
process be placed under the Administrative Procedures Act so that
citizens may have the same opportunity to challenge government
actions in the area of information processing standards as they do
in other important aspects of Federal agency policy making.

  4.  The USACM urges the Administration at this point to withdraw
the Clipper Chip proposal and to begin an open and public review
of encryption policy.  The escrowed encryption initiative raises
vital issues of privacy, law enforcement, competitiveness and
scientific innovation that must be openly discussed.

  5.  The USACM reaffirms its support for privacy protection and
urges the administration to encourage the development of
technologies and institutional practices that will provide real
privacy for future users of the National Information
Infrastructure.

******

                Association for Computing Machinery

                           PRESS RELEASE

Thursday, June 30, 1994

Contact:

Joseph DeBlasi, ACM Executive Director (212) 869-7440
Dr. Stephen Kent, Panel Chair (617) 873-3988
Dr. Susan Landau, Panel Staff (413) 545-0263


    COMPUTING SOCIETY RELEASES REPORT ON ENCRYPTION POLICY

      "CLIPPER CHIP" CONTROVERSY EXPLORED BY EXPERT PANEL

     WASHINGTON, DC   A panel of experts convened by the nation's
foremost computing society today released a comprehensive report
on U.S. cryptography policy.  The report, "Codes, Keys and
Conflicts: Issues in U.S Crypto Policy," is the culmination of a
ten-month review conducted by the panel of representatives of the
computer industry and academia, government officials, and
attorneys.  The 50-page document explores the complex technical
and social issues underlying the current debate over the Clipper
Chip and the export control of information security technology.

     "With the development of the information superhighway,
cryptography has become a hotly debated policy issue," according
to Joseph DeBlasi, Executive Director of the Association for
Computing Machinery (ACM), which convened the expert panel.  "The
ACM believes that this report is a significant contribution to the
ongoing debate on the Clipper Chip and encryption policy.  It cuts
through the rhetoric and lays out the facts."

     Dr. Stephen Kent, Chief Scientist for Security Technology
with the firm of Bolt  Beranek and Newman, said that he was
pleased with the final report.  "It provides a very balanced
discussion of many of the issues that surround the debate on
crypto policy, and we hope that it will serve as a foundation for
further public debate on this topic." 

     The ACM report addresses the competing interests of the
various stakeholders  in  the  encryption debate  --  law
enforcement agencies,  the intelligence community, industry and
users of communications services.  It reviews the recent history
of U.S. cryptography policy and identifies key questions that
policymakers must resolve as they grapple with this controversial
issue.

     The ACM cryptography panel was chaired by Dr. Stephen Kent. 
Dr. Susan Landau, Research Associate Professor in Computer Science
at the University of Massachusetts, co-ordinated the work of the
panel and did most of the writing. Other panel members were Dr.
Clinton Brooks, Advisor to the Director, National Security Agency;
Scott Charney, Chief of the Computer Crime Unit, Criminal
Division, U.S. Department of Justice; Dr. Dorothy Denning,
Computer Science Chair, Georgetown University; Dr. Whitfield
Diffie, Distinguished Engineer, Sun Microsystems; Dr. Anthony
Lauck, Corporate Consulting Engineer, Digital Equipment
Corporation; Douglas Miller, Government Affairs Manager, Software
Publishers Association; Dr. Peter Neumann, Principal Scientist,
SRI International; and David Sobel, Legal Counsel, Electronic
Privacy Information Center.  Funding for the cryptography study
was provided in part by the National Science Foundation.

     The ACM, founded in 1947, is a 85,000 member non-profit
educational and scientific society dedicated to the development
and use of information technology, and to addressing the impact of
that technology on the world's major social challenges.  For
general information, contact ACM, 1515 Broadway, New York, NY 
10036. (212) 869-7440 (tel), (212) 869-0481 (fax).

     Information on accessing the report electronically will be
posted soon on Usenet.

------------------------------


Subject: IITF Intellectual Property Draft Report - Request for Comments
-----------------------------------------------------------------------

The Information Infrastructure Task Force (IITF) working group on Intellectual
Property Rights has released their preliminary draft report for public
review and comment.  The paper, "Intellectual Property and the National
Information Infrastructure," is available from the Patent & Trademark
Office via anonymous FTP from ftp.uspto.gov in /pub/nii-ip or on the Web
at URL http://www.uspto.gov/  

Comments may be sent electronically to nii-ip@uspto.gov; the deadline for
comments is September 7, 1994.

------------------------------

Subject: New Faces at EFF: Robin Abner (Membership), Darby Costello (Finance)
-----------------------------------------------------------------------------

Robin Abner  - Director of Membership

Robin Abner is the Director of Membership for the Electronic Frontier
Foundation.  Robin works with EFF's Board and staff to plan membership
strategy and oversee marketing, administration and member services.  Prior
to joining EFF, Robin was Director of Membership and Marketing at
Non-Profit Management Associates, Inc. in Washington, DC, where she
developed and administered membership programs for several non-profit
organizations.  In addition, she served as Deputy Director of the Friends
of the National Library of Medicine.  Robin majored in Computer Science at
George Washington University and is currently studying Technology and
Management at the University of Maryland in College Park. Robin is a member
of the American Society of Association Executives (ASAE) and is co-chair of
ASAE's Roundtable Steering Committee.  In 1993, she was appointed to the
Membership Council of ASAE's Board and was awarded their Diversity Career
Development Scholarship. 

******

Darby Costello  - Director of Finance & Administration

Darby Costello, EFF's new Director of Finance and Administration,
handles oversight of all financial activities/transactions, human resources
and office management.  Darby is a long-time Washingtonian, has worked in the
non-profit world  for over 10 years, and earned a BSBA in Accounting from
George Washington University.  

She is partial to cats and has two Burmese, Juan and Flor, who share their
Kalorama apartment with Darby.  She is devoted to the arts (opera in
particular) and actively involved with a newly-formed local opera company. 
Ms. Costello is a rabid, nearly indiscriminate, reader.  

------------------------------


Subject: What YOU Can Do
------------------------

"The net poses a fundamental threat not only to the authority of the
government, but to all authority, because it permits people to organize,
think, and influence one another without any institutional supervision
whatsoever.  The government is responding to this threat with the Clipper
Chip."
  - John Seabrook, "My First Flame", _New_Yorker_ 06/06/94

Who will decide how much privacy is "enough"?

The Electronic Frontier Foundation believes that individuals should be
able to ensure the privacy of their personal communications through any
technological means they choose.  However, the government's current
restrictions on the export of encrytion software have stifled the
development and commercial availability of strong encryption in the U.S. 
Now, more than ever, EFF is working to make sure that you are the one that
makes these decisions for yourself.  Our members are making themselves heard
on the whole range of issues.  EFF collected over 5000 letters
of support for Rep. Maria Cantwell's bill to liberalize restrictions on
cryptography.  We also gathered over 1400 letters supporting Sen. Leahy's
open hearings on the proposed Clipper encryption scheme, which were held in
May 1994.  And EFF collected over 90% of the public comments that were
submitted to NIST regarding whether or not Clipper should be made a
federal standard.

You KNOW privacy is important. You have probably participated in our online
campaigns.  Have you become a member of EFF yet?  The best way to protect
your online rights is to be fully informed and to make your opinions heard.
EFF members are informed and are making a difference.  Join EFF today!

For EFF membership info, send queries to membership@eff.org, or send any
message to info@eff.org for basic EFF info, and a membership form.

------------------------------


Administrivia
=============

EFFector Online is published by:

The Electronic Frontier Foundation
1001 G Street NW, Suite 950 E
Washington DC 20001 USA
+1 202 347 5400 (voice)
+1 202 393 5509 (fax)
+1 202 638 6119 (BBS - 16.8k ZyXEL)
+1 202 638 6120 (BBS - 14.4k V.32bis)
Internet: ask@eff.org
Internet fax gate: remote-printer.EFF@9.0.5.5.3.9.3.2.0.2.1.tpc.int

     Coordination, production and shipping by:
     Stanton McCandlish, Online Activist/SysOp/Archivist 

Reproduction of this publication in electronic media is encouraged.  Signed
articles do not necessarily represent the views of EFF.  To reproduce
signed articles individually, please contact the authors for their express
permission.

To subscribe to EFFector via email, send message body of "subscribe
effector-online" (no quotes) to listserve@eff.org, which will add you a
subscription to the EFFector mailing list.

To get the latest issue, send any message to er@eff.org, and it will be
mailed to you automagically.  You can also get ftp.eff.org,
/pub/EFF/Newsletters/EFFector/current.

------------------------------


Internet Contact Addresses
--------------------------

Membership & donations: membership@eff.org
Legal services: ssteele@eff.org
Hardcopy publications: pubs@eff.org
Technical questions/problems, access to mailing lists: eff@eff.org
General EFF, legal, policy or online resources queries: ask@eff.org





End of EFFector Online v07 #12
******************************

$$

Back to top

JavaScript license information