Skip to main content

EFFector - Volume 5, Issue 6 - Initial EFF Analysis Of Clinton Privacy and Security Proposal

EFFECTOR

EFFector - Volume 5, Issue 6 - Initial EFF Analysis Of Clinton Privacy and Security Proposal

******************************************************************
           //////////////     //////////////     //////////////
         ///                ///                ///
       ///////            ///////            ///////
     ///                ///                ///
   //////////////     ///                ///
******************************************************************
EFFector Online Volume 5 No. 6       4/16/1993       editors@eff.org
A Publication of the Electronic Frontier Foundation   ISSN 1062-9424
454 lines

                  -==--==--==-<>-==--==--==- 
                        In this issue:
   Initial EFF Analysis of Clinton Privacy and Security Proposal
      Society for Electronic Access:  A New York City-based
                grassroots online activist group.
     Updated Contact List for Regional Online Activist Groups
                  -==--==--==-<>-==--==--==- 

                       April 16, 1993

      INITIAL EFF ANALYSIS OF CLINTON PRIVACY AND SECURITY  
                           PROPOSAL

       The Clinton Administration today made a major announcement 
on cryptography policy which will effect the privacy and security of 
millions of Americans.  The first part of the plan is to begin a 
comprehensive inquiry into major communications privacy issues 
such as export controls which have effectively denied most people 
easy access to robust encryption as well as law enforcement issues 
posed by new technology.

       However, EFF is very concerned that the Administration has 
already reached a conclusion on one critical part of the inquiry, before 
any public comment or discussion has been allowed.  Apparently, the 
Administration is going to use its leverage to get all telephone 
equipment vendors to adopt a voice encryption standard developed 
by the National Security Agency. The so-called "Clipper Chip" is an 
80-bit, split key escrowed encryption scheme which will be built into 
chips manufactured by a military contractor.  Two separate escrow 
agents would store users' keys, and be required to turn them over 
law enforcement upon presentation of a valid warrant.  The 
encryption scheme used is to be classified, but they chips will be 
available to any manufacturer for incorporation into their 
communications products.

       This proposal raises a number of serious concerns .

       First, the Administration appears to be adopting a solution 
before conducting an inquiry.  The NSA-developed Clipper chip may 
not be the most secure product. Other vendors or developers may 
have better schemes. Furthermore, we should not rely on the 
government as the sole source for Clipper or any other chips.  Rather,
independent chip manufacturers should be able to produce chipsets 
based on open standards.

       Second, an algorithm can not be trusted unless it can be tested. 
Yet the Administration proposes to keep the chip algorithm 
classified.  EFF believes that any standard adopted ought to be public 
and open.  The public will only have confidence in the security of a 
standard that is open to independent, expert scrutiny.  

       Third, while the use of the split-key, dual-escrowed 
system may prove to be a reasonable balance between privacy and 
law enforcement needs, the details of this scheme must be explored 
publicly before it is adopted.  What will give people confidence in the 
safety of their keys?  Does disclosure of keys to a third party waive 
individual's fifth amendment rights in subsequent criminal 
inquiries?  

       In sum, the Administration has shown great sensitivity to the 
importance of these issues by planning a comprehensive inquiry into 
digital privacy and security.  However, the "Clipper chip" solution 
ought to be considered as part of the inquiry, not be adopted before 
the discussion even begins.

DETAILS OF THE PROPOSAL:

ESCROW

The 80-bit key will be divided between two escrow agents, each of 
whom hold 40 bits of each key.  Upon presentation of a valid 
warrant, the two escrow agents would have to turn the key parts 
over to law enforcement agents.  Most likely the Attorney General 
will be asked to identify appropriate escrow agents.  Some in the 
Administration have suggested one non-law enforcement federal 
agency, perhaps the Federal Reserve, and one non-governmental 
organization.  But, there is no agreement on the identity of the agents 
yet.

Key registration would be done by the manufacturer of the 
communications device.  A key is tied to the device, not to the person 
using it.

CLASSIFIED ALGORITHM AND THE POSSIBILITY OF BACK DOORS

The Administration claims that there are no back door means by 
which the government or others could break the code without 
securing keys from the escrow agents and that the President will 
be told there are no back doors to this classified algorithm.  In order 
to prove this, Administration sources are interested in arranging for 
an all-star crypto cracker team to come in, under a security 
arrangement, and examine the algorithm for trap doors.  The results 
of the investigation would then be made public.

GOVERNMENT AS MARKET DRIVER

In order to get a market moving, and to show that the government 
believes in the security of this system, the feds will be the first big 
customers for this product.  Users will include the FBI, Secret Service, 
VP Al Gore, and maybe even the President. 

FROM MORE INFORMATION CONTACT:

Jerry Berman, Executive Director
Daniel J. Weitzner, Senior Staff Counsel

                   -==--==--==-<>-==--==--==- 

[EFFector Online will regularly feature a regional grassroots group
of telecommunications activists describing themselves and their
activities.-- C.F.]

               The Society for Electronic Access
                         By Steve Barber

       The Society for Electronic Access ("SEA") is an organization of 
people who are concerned with establishing and preserving civil 
rights in cyberspace and with promoting public access to computer- 
based information systems. The SEA is a regionally-based group, 
centered in New York City, though we have members in other parts 
of New York State and northern New Jersey. We like to think of 
ourselves as covering the "New York City metropolitan area." 

       The SEA first met in August 1992 in borrowed space somewhere 
on the New York University campus. We were a group of folks who 
were vaguely, variously, and intensely interested in the issues posed 
by the cyberspace/real-world interface, with a strong interest in 
becoming the New York chapter of the EFF. Over the course of the 
next six months, the issue of EFF affiliation dominated group 
discussions. Some might say "paralyzed." Some found loose analogies 
to Beckett's "Waiting for Godot." Finally, of course, the EFF announced 
that there would be no chapters. This announcement caused some 
minor disappointment, but on the whole it was liberating for the 
group. In short order, we had projects, results, and even a name.

       The SEA membership has adopted the following statement 
of purpose, which is an excellent description of what we are, what we 
are becoming, and what we want to be:

      The purpose of SEA is to help make our corner of cyberspace a
      civilized place to live, work, and visit. We believe that the world
      of computers and the communications links that bind their users
      together should be open to everyone. Furthermore, if this new 
      medium is to have a chance of fulfilling its great potential, the
      same civil rights that protect our freedom in the physical world
      must prevail in cyberspace. 

       Therefore, SEA will work to educate people about computer 
networks and how to use them to find information and to 
communicate with one another. We will also reach out to computer 
users, government officials, legislators and the media to foster better 
understanding of cyberspace and to ensure that laws are written and 
enforced to enhance individual rights rather than to curtail them. 
Finally, we will do our best to bring into cyberspace those who might 
not otherwise have the opportunity or awareness to make use of it, 
in the belief that doing so will enrich our lives as well as theirs. 

       The SEA operates in two modes: through a set of mailing lists, 
and through approximately monthly face-to-face meetings. While a 
cyberspace activist group ought to be able to meet effectively in 
cyberspace itself, our experience is that no consensus is achieved via 
a mailing list discussion, and no decisions get made this way. I'm not 
sure whether this is because of the asynchronicity of e-mail or 
merely because of the low bandwidth of e-mail, but the face-to-face 
gatherings are vital. This necessity for face-to-face interaction is one 
of the bases for our regional orientation. 

       Even though the SEA just started accepting paid memberships, at 
present all our meetings and electronic mail lists are open to anyone. 
We have had various EFF personages drop by, as well as emissaries 
from other groups with similar interest to ours from around the country. 
The formal meetings are often followed informal ones in convivial 
locations throughout Manhattan.

       As is apparent from our mission statement, the SEA has a 
number of goals. The interest in civil rights has expressed itself 
through our legal interest group. Most recently, in what was perhaps 
SEA's first public action, we submitted a comment to the United 
States Sentencing Commission opposing the proposed sentencing 
guidelines on computer fraud and abuse. Other projects covering the 
legal side of cyberspace include the compilation of data on local 
government officials, and monitoring state and local regulatory 
activities that affect networks and BBSs. 

       SEA's goal of encouraging public access to the computer 
networks and other manifestations of cyberspace is being addressed 
by promoting ourselves as a clearinghouse for cyberspace resources 
in the region. Our purpose is to bring people together who are 
interested in working on access projects. SEA has served as a catalyst 
for hooking up people interested in, for example, producing 
educational videos on Internet access and use, and for finding system 
operators willing to donate resources for an organization called 
Playing To Win that provides computer access to residents of one of 
New York City's more disadvantaged neighborhoods.

       The wonderful thing about the SEA is that so far it is entirely a 
volunteer operation. We exist in borrowed space, both real and 
virtual. Our only real resource is the enthusiasm of our members. 
The greatest advantage to being located in New York City is that the 
available talent here is varied and seemingly limitless. We are 
blessed with a number of people who make their living in 
cyberspace, and to whom the issues the SEA addresses makes a 
difference in their daily lives. Just to highlight a few of our people, 
there is Stacy Horn, who runs the ECHO computer conferencing 
system and has expended great effort into bringing more women into 
cyberspace. Lance Rose is an attorney who specializes in computer 
and BBS law and writes a monthly column on legal matters in 
Boardwatch magazine. Alexis Rosen is co-owner and operator of 
Panix, a commercial public access Internet host (Panix also donates 
lots of resources to the SEA). John McMullen is a journalist who is 
responsible in large part for the NewsBytes electronic computer news 
service. Bruce Fancher and other founders of the Mindvox system 
have been active in SEA projects. Clay Shirky, who drafted our 
sentencing guideline comments, is an experienced activist. Joe King 
co-hosts a weekly computer radio show on WBAI-FM. Paul Wallich 
writes for Scientific American. All of these folks and others I don't 
have room to mention make for an exciting mix of system operators, 
journalists, lawyers and law students, hackers and even an accused 
cracker or two, librarians, activists, and other assorted cyberspace 
denizens that gives the SEA a broad base of experience and expertise. 

       Other current and projected projects include educational 
seminars, a media watch, a local calendar of events, and more 
involvement in the legislative and regulatory process. 

       SEA has an effective presence on the Internet via our mailing 
lists and through the SEA information hierarchy at gopher.panix.com 
that provides public access to our archives. We are trying to reach 
out to the BBS community and the vast number of users of the large 
commercial services.

       For more information on the SEA or to be added to our mailing 
lists, please contact us by sending e-mail to sea@panix.com or U.S. 
Mail to:

Society for Electronic Access
Post Office Box 3131
Church Street Station
New York, NY 10008-3131

                    -==--==--==-<>-==--==--==- 

     Local and Regional Groups Supporting the Online Community
                          *Updated List*

For those readers interested in hooking up with regional groups that 
are organized to work on projects to improve online communications,  
feel free to contact any of the folks listed below with your ideas and 
to learn more about how you can get involved. 

We are constantly looking to update this list, so if you know of other 
groups that we should add, or if you are trying to form a group in 
your local area, please forward the name of the group and contact 
information to Shari Steele at ssteele@eff.org.

        NATIONAL
        Electronic Frontier Foundation
        Shari Steele Ð ssteele@eff.org
        Cliff Figallo Ð fig@eff.org

        ALABAMA
        Huntsville:
        Huntsville Group
        Matt Midboe   mmidboe@nyx.cs.du.edu

        CALIFORNIA
        San Francisco Bay Area:
        This!Group
        Mitch Ratcliffe   coyote@well.sf.ca.us or 
        Mitch_Ratcliffe@macweek.ziff.com 
        Glenn Tenney   tenney@netcom.com
        Judi Clark   judic@netcom.com

        DISTRICT OF COLUMBIA
        Washington, DC, Area:
        "Group 2600" and some public access operators
        Bob Stratton   strat@intercon.com
        Mikki Barry   ooblick@intercon.com

        MASSACHUSSETTS
        Cambridge and Boston area
        EF128 (Electronic Frontier Route 128). 
        Lars Kaufman   lark@ora.com

        MICHIGAN
        Ann Arbor:
        Ann Arbor Computer Society & others
        Ed Vielmetti   emv@msen.com
        msen gopher   gopher.msen.com
        msen mail list   majordomo@mail.msen.com "info aacs" 

        MISSISSIPPI
        Gulf Coast, Mississippi
        SotMESC/GCMS
        PO Box 573
        Long Beach, MS 39560
        Local chapter with chapters in Alaska, Orlando Florida, Atlanta
        Georgia, Mobile Alabama, Montgomery Alabama, Oxford Miss,
        California, Ocean Springs Miss, and other locations. 
        Contact: RJones%USMCP6.BitNet@VM.TCS.Tulane.Edu

        NEW MEXICO
        Albuquerque:
        IndraNet (formerly FreeNet!, a FTN network) and NitV Data
        Center. 
        contact: Stanton McCandlish
                Internet: anton@hydra.unm.edu
                Bitnet: anton@unmb.bitnet
                FidoNet: 1:301/2
                IndraNet: 369:1/1
                BBS (1200-14400, v32/v32b/v42/v42b, N-1-8, 24hr)
                +1-505-246-8515 Voice +1-505-247-3402
                Snail: 8020 Central SE #405, Albuquerque, NM 87108 USA
                Interests: positive networking, pro-BBS and pro-computer-
                freedom activism; FFFREE BBS serves as a site to obtain EFF
                and other such material for those without access to 
                Internet, and supports a rapidly expanding library of 
                electronic publications. Live free, compute free!

        MISSOURI
        Kansas City:
        Greater Kansas City Sysop Association
        Scott Lent   slent@vax1.umkc.edu
        GKCSA
        P.O. Box 14480
        Parkville, MO 64152
        Phone: (816)734-2949 (voice)
        (816)734-4732 (data)

        NEW YORK
        New York City:
        Society for Electronic Access (SEA)
        Post Office Box 3131
        Church Street Station
        New York, NY, 10008-3131
        general   sea-mgmt@panix.com
        Simona Nass   simona@panix.com
        Alexis Rosen   alexis@panix.com

        Western New York State
        Thomas J. Klotzbach
        Genesee Community College
        Batavia, NY 14020
        MCI Mail: 375 1365
        Internet: 3751365@mcimail.com
                  klotzbtj@snybufva.cs.snybuf.edu
        Work: (716) 343-0055 x358

        TEXAS
        Austin:
        EFFÐAustin
        general   eff-austin@tic.com
        directors   eff-austinÐdirectors@tic.com
        Jon Lebkowsky   jonl@tic.com

=============================================================

     EFFector Online is published by
     The Electronic Frontier Foundation
     666 Pennsylvania Ave., Washington, DC 20003
     Phone: +1 202 544-9237 FAX: +1 202 547 5481
     Internet Address: eff@eff.org
     Coordination, production and shipping by Cliff Figallo, EFF 
     Online Communications Coordinator (fig@eff.org)
 Reproduction of this publication in electronic media is encouraged.
 Signed articles do not necessarily represent the view of the EFF.
 To reproduce signed articles individually, please contact the authors
 for their express permission.

      *This newsletter is printed on 100% recycled electrons*
=============================================================

        MEMBERSHIP IN THE ELECTRONIC FRONTIER FOUNDATION

In order to continue the work already begun and to expand our 
efforts and activities into other realms of the electronic frontier, we 
need the financial support of individuals and organizations.

If you support our goals and our work, you can show that support by
becoming a member now. Members receive our bi-weekly electronic 
newsletter, EFFector Online (if you have an electronic address that 
can be reached through the Net), and special releases and other 
notices on our activities.  But because we believe that support should 
be freely given, you can receive these things even if you do not elect 
to become a member.

Your membership/donation is fully tax deductible.

Our memberships are $20.00 per year for students and $40.00 per 
year for regular members.  You may, of course, donate more if you 
wish.

Our privacy policy: The Electronic Frontier Foundation will never, 
under any circumstances, sell any part of its membership list.  We 
will,  from time to time, share this list with other non-profit 
organizations  whose work we determine to be in line with our goals.  
But with us,  member privacy is the default. This means that you 
must actively grant us permission to share your name with other 
groups. If you do not  grant explicit permission, we assume that you 
do not wish your  membership disclosed to any group for any reason.

=============================================================
Mail to: The Electronic Frontier Foundation, Inc.
         238 Main St.
         Cambridge, MA 02142

I wish to become a member of the EFF.  I enclose: $_______
            $20.00 (student or low income membership)
            $40.00 (regular membership)

    [  ] I enclose an additional donation of $_______

Name:

Organization:

Address:

City or Town:

State:       Zip:      Phone: (    )             (optional)

FAX: (    )              (optional)

Email address:

I enclose a check [  ].
Please charge my membership in the amount of $
to my Mastercard [  ]  Visa [  ]  American Express [  ]

Number:

Expiration date:

Signature: ________________________________________________

Date:

I hereby grant permission to the EFF to share my name with
other non-profit groups from time to time as it deems
appropriate   [ ].
                       Initials:___________________________

Back to top

JavaScript license information