========================================================================= ________________ _______________ _______________ /_______________/\ /_______________\ /\______________\ \\\\\\\\\\\\\\\\\ \ ||||||||||||||||| / //////////////// \\\\\\\\\\\\\\\\\/ ||||||||||||||||| / //////////////// \\\\\\_______/\ ||||||_______\ / //////_____\ \\\\\\\\\\\\\ \ |||||||||||||| / ///////////// \\\\\\\\\\\\\/____ |||||||||||||| / ///////////// \\\\\___________/\ ||||| / //// \\\\\\\\\\\\\\\\ \ ||||| / //// \\\\\\\\\\\\\\\\/ ||||| \//// ========================================================================= EFFector Online Volume 07 No. 12 July 22, 1994 editors@eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 In This Issue: EFF Analysis of Vice-President Gore's Letter on Cryptography Policy EFF Reactions to Encryption Standards & Procedures Act (07/12/94 Draft) NSA Letter to Sen. Hollings Re: Clipper Appropriation Draft Bill Interoperability Demo - ISDN and Internet PPP EFF Congratulates Rep Markey on Passage of Open Platform Bill HR3636 US ACM Calls for Clipper Withdrawal, Releases Crypto Policy Report IITF Intellectual Property Draft Report - Request for Comments New Faces at EFF - Robin Abner (Membership), Darby Costello (Finance) What YOU Can Do ---------------------------------------------------------------------- Subject: EFF Analysis of Vice-President Gore's Letter on Cryptography Policy ---------------------------------------------------------------------------- July 22, 1994 Two days ago, Vice-President Al Gore signaled a major setback in the Administration's Clipper program, and a willingness to engage in serious negotiations leading to a comprehensive new policy on digital privacy and security. Many questions remain about the future, but one thing is certain: Clipper is a dead end, and those of us who are concerned about digital privacy have won a new opportunity to shape a better policy. The Vice-President's letter to Rep. Maria Cantwell (D-WA) made it clear that while Clipper might have a small place in the telephone security market, it has no future in the digital world. "...[T]he Clipper Chip is an approved federal standard for telephone communications and not for computer networks and video networks. For that reason, we are working with industry to investigate other technologies for those applications.... We welcome the opportunity to work with industry to design a more versatile, less expensive system. Such a key escrow system would be implementable in software, firmware, hardware, or any combination thereof, would not rely upon a classified algorithm, would be voluntary, and would be exportable." Clipper does not meet most of these criteria, so, according to the Vice- President, it is a dead end. END OF THE LINE FOR CLIPPER -- LONG-RUN EFFORT TO DRIVE MARKET WILL FAIL The premise of the Clipper program was that the government could drive the market toward use of encryption products which incorporated government-based key escrow agents. A series of subtle and not so subtle government actions would encourage private citizens to use this technology, thus preserving law enforcement access to encrypted communications. Clipper was originally announced as the first element of a family of hardware-based, government key escrow encryption devices that would meet security needs for both voice and data communications on into the future. Clipper itself was purely a voice and low-speed data product, but other members of the Skipjack family, including Tessera and Capstone, were to be compatible with Clipper and were intended to lead the way from escrowed encryption in voice to escrowed encryption for data. Plans are already announced, in fact, to use Tessera and Capstone in large government email networks. At the time, the hope was that government use of this technology would push private sector users toward key escrow systems as well. Now, the announcement that the Administration is re-thinking plans for data encryption standards leaves Clipper a stranded technology. No one wants to buy, or worse yet, standardize on, technology which has no upgrade path. As a long-run effort to force the market toward government-escrowed encryption standards, Clipper is a failure. WE STILL MUST WORK FOR VOLUNTARY, OPEN, EXPORTABLE STANDARDS The fight for privacy and security in digital media is by no means over. Though the Administration has backed away from Clipper, and expressed willingness to talk about other solutions, we are pursuing serious progress on the following issues: * Improved telephone encryption standards For the reasons listed by the Vice-President, in addition to the inherent problems of making copies of all your keys available, Clipper is a poor choice for telephone encryption. Industry should develop a standard for truly secure and private telephones, make them available from multiple manufacturers worldwide, and make them interoperate securely with audio conferencing software on multimedia PC's. * Truly voluntary standards Any cryptographic standard adopted by the government for private sector use must be truly voluntary. Voluntary means, to us, that there are statutory guarantees that no citizen will be required or pressured into using the standard for communications with the government, or with others. No government benefits, services, or programs should be conditioned on use of a particular standard, especially if it involves government or private key escrow. * Open standards Standards chosen must be developed in an open, public process, free from classified algorithms. The worldwide independent technical community must be able to create and evaluate draft standards, without restriction or government interference, and without any limits on full participation by the international cryptographic community. * No government escrow systems Any civilian encryption standard which involves government getting copies of all the keys poses grave threats to privacy and civil liberties, and is not acceptable in a free society. * Liberalization of export controls Lifting export controls on cryptography will make the benefits of strong cryptography widely available to our own citizens. U.S. hardware, software and consumer electronics manufacturers will build encryption into affordable products once they are given access to a global marketplace. Today's widespread availability of "raw" cryptographic technology both inside and outside the United States shows that the technology will always be available to "bad guys". The real question is whether our policies will allow encryption to be built into the fabric of our national and international infrastructure, to provide significantly increased individual privacy, improved financial privacy, increased financial security, enhanced freedom of association, increased individual control over identity, improved security and integrity of documents, contracts, and licenses, reduced fraud and counterfeiting, the creation of significant new markets for buying and selling of intellectual property, and a lessened ability to detect and prosecute victimless crimes. These benefits are not free, however. EFF does recognize that new communications technologies pose real challenges to the work of law enforcement. Just as the automobile, the airplane, and even the telephone created new opportunities for criminal activity, and new difficulties for law enforcement, encryption technology will certainly require changes in traditional investigative techniques. We also recognize that encryption will prevent many of the online crimes that will likely occur without it. We further believe that these technologies will create new investigative tools for law enforcement, even as they obsolete old ones. Entering this new environment, private industry, law enforcement, and private citizens must work together to balance the requirements of both liberty and security. Finally, the export controls used today to attempt to control this technology are probably not Constitutional under the First Amendment; if the problems of uncontrolled export are too great, a means of control must be found which does not restrict free expression. CONGRESSIONAL LEADERSHIP TOWARD COMPREHENSIVE POLICY FRAMEWORK IS CRITICAL The efforts of Congresswoman Maria Cantwell, Senator Patrick Leahy, and other members of Congress, show that comprehensive policies on privacy, security and competitiveness in digital communication technologies can only be achieved with the active involvement of Congress. Unilateral policy efforts by the Executive branch, such as Clipper and misguided export control policies, will not serve the broad interests of American citizens and businesses. So, we are pleased to see that the Vice-President has pledged to work with the Congress and the private sector in shaping a forward-looking policy. We see the Vice-President's letter to Congresswoman Cantwell as an important opening for dialogue on these issues. The principles of voluntariness and open standards announced in the Vice- President's letter, as well as those mentioned here, must be incorporated into legislation. We believe that under the leadership of Senator Leahy, Reps. Cantwell, Valentine, Brooks and others, this will be possible in the next congress. EFF is eager to work with the Congress, the Administration, along with other private sector organizations to help formulate a new policy. EFF is also pleased to be part of the team of grass roots activism, industry lobbying, and public interest advocacy which has yielded real progress on these issues. FOR MORE INFORMATION CONTACT: Jerry Berman, Executive DirectorDaniel J. Weitzner, Deputy Policy Director For the full text of the Gore/Cantwell letter, see: ftp.eff.org, /pub/Alerts/gore_clipper_retreat_cantwell_072094.letter gopher.eff.org, 1/Alerts, gore_clipper_retreat_cantwell_072094.letter http://www.eff.org/pub/Alerts/gore_clipper_retreat_cantwell_072094.letter ------------------------------ Subject: EFF Reactions to Encryption Standards & Procedures Act (Draft) ----------------------------------------------------------------------- The staff of the House Science, Space, and Technology Committee has just released a draft bill which would create a somewhat more public process for establishment of Clipper-like escrowed encryption systems. Entry of the Congress into this policy debate is a welcome change after 18 months of one-sided Executive Branch edicts. However, considerable changes would be required before the legislation would meet EFF's goals for a truly open federal encryption policy which preserves the right of private individuals to use any form of encryption, without restriction or penalty. Despite its promise of an open process, this bill is by no means a repudiation of the Clipper program, In fact, it enshrines in legislation several key aspects of the Clipper policy. However, inasmuch as the bill seeks to establish NIST authority to develop escrow encryption systems, it raises real questions about whether NIST or other agencies have any authority now to spend federal funds on escrow encryption systems. Overview of the bill: The bill directs the Department of Commerce, through the National Institute of Standards and Technology, to issue escrowed encryption standards. The standards issued would be subject to public comment and afford the opportunity for judicial review under the terms of the Administrative Procedures Act. Similar procedures created for the designation of government key escrow agents. Several aspects of the Clinton Administration's approach to cryptography policy are accepted by this bill: 1. Absolute preservation of law enforcement and national security access By this bill, any encryption standards adopted must "preserve the functional ability of the government to interpret, in a timely manner, electronic information that has been obtained pursuant to an electronic surveillance permitted by law." Sec 31(b)(2)(E). 2. Weak privacy protection The bill specifies that standards adopted should advance the development of the NII, but offers only qualified support for privacy. Standards should are only required to go so far as to not "diminish existing privacy rights...." Sec 31(b)(2)(D). 3. Increased role for National Security Agency in civilian privacy and security matters The bill establishes a permanent role for the National Security Agency in the creation of privacy and security standards for use by the private sector. Currently, under the Computer Security Act, NIST is encouraged to consult with the NSA on matters of federal systems security and to draw "computer system technical security guidelines developed by the National Security Agency to the extent that the National Bureau of Standards determines that such guidelines are consistent with the requirements for protecting sensitive information in Federal computer systems." This would explicitly extend the NSA role from federal systems to systems intended for public, civilian use. As such, this is a major change in the Computer Security Act. Issues to be addressed in draft: To create a truly open policy process, to protect privacy, and to ensure the development of the best privacy-protecting technology possible, the bill should be augmented with the following provisions: 1. Voluntary standards Any legislation on encryption standards must guarantee that no one will be required to use such standards, nor will use of other encryption standards be curtailed by law. Furthermore, federal encryption policy should guarantee that access to government programs, opportunities, or even the ability to communicate with the government, should never be conditioned on the use of any escrowed encryption standard. From the first announcement of the Clipper program, the Clinton Administration has assured the public that escrowed encryption would remain voluntary. This promise must be included in legislation. 2. Open design process The draft bill does call for an open process for formation of encryption standards. Legislation should make explicit that an open process means that no classified algorithms or technologies may be included. Though there was public comment on the Escrowed Encryption FIPS (the Clipper Federal Information Processing Standard), public process in that case was meaningless because the core technology remained behind a veil of secrecy. 3. Remedies for negligence or abuse by escrow agents As drafted, the proposal drastically limits the liability of federal escrow agents for all but "willful" abuse by federal employees. The escrow agents must also be responsible for unauthorized release of keys because of the actions of private individuals or because of negligent practices by government agents. 4. Exploration of voluntary, private sector escrow agents Finally, if the government is going to adopt a government-based escrow system, it should also be required to explore the possibility of private party escrow systems based on open standards. The full text of the draft bill is available from EFF's archives: ftp.eff.org, /pub/EFF/Policy/Crypto/encryp_stds_procedures_94_bill.draft gopher.eff.org, 1/EFF/Policy/Crypto/encryp_stds_procedures_94_bill.draft http://www.eff.org/pub/EFF/Policy/Crypto/encryp_stds_procedures_94_bill.draft ------------------------------ Subject: NSA Letter to Sen. Hollings Re: Clipper Appropriations Draft Bill -------------------------------------------------------------------------- NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE Fort George G. Meade, Maryland 20755 8 July 1994 Honorable Ernest P. Hollings Chairman, Subcommittee on Commerce, Justice, State and Judiciary Committee on Appropriations United States Senate Washington, DC 20510-6027 Dear Senator Hollings: We recently received a copy of a draft amendment that Senator Leahy proposed to you that would condition expenditure of appropriated funds for key escrow encryption (including the CLIPPER Chip) on satisfaction of several requirements. This language will have a major impact on the Administration's overall key escrow strategy. We are very concerned about several aspects of the proposal. Most importantly, this language would cause significant delays (perhaps two years or more) in the introduction and use of escrowed key encryption products. With such a delay, alternative, non-escrow cryptographic products likely would become the norm in the United States and perhaps abroad as well. Widespread use of non-escrowed encryption could irretrievably damage our ability to encourage the use of key escrow encryption, putting at risk law enforcement effectiveness and critical foreign intelligence activities. Another very significant concern is the impact of delays on major Defense Department programs to secure its information systems that process information regarding funds transfers, personnel data, medical files, logistics support, and much more. Since most of that information today is processed, transferred, and stored on unclassified and unprotected computing and telecommunications systems, it is extremely vulnerable. The threat to these systems is real. Already, some of our systems have been penetrated. While we do not know who penetrated the systems, we believe potential threats include foreign intelligence activities, criminals, terrorists, and hackers. In addition to potential threats from external entities, network/computer attacks could also be initiated by "insiders". Network/computer protection within DoD is a fundamental military readiness issue and the need for security products is immediate. The DoD is implementing a major program to help protect unclassified but sensitive information in the Defense Messaging System (DMS) through the use of key escrow technology. Programming has already begun on the first set of over 22,000 protection devices for this application. Key escrow products will provide privacy, authentication, and data integrity solutions for critical information system [sic]. At the same time, escrowing of keys will preserve a mechanism for law enforcement organizations to access these systems when lawfully authorized, e.g., in connection with investigations of possible fraud. Delays in the process could have sever, negative consequences for DMS. In summary, key escrow encryption technology is vital to the Defense Department's operational readiness and its ability to conduct day-to-day activities, and we cannot afford to delay implementation of these critical security products. I recognize that you may have other questions and we are prepared to meet with you at your convenience on this matter. I have sent a similar letter to Senator Domenici. /s/ J.M. McConnell Vice Admiral, U.S. Navy Director, NSA ------------------------------ Subject: Interoperability Demo - ISDN and Internet PPP ------------------------------------------------------ PRESS RELEASE ISDN PPP INTEROPERABILITY DEMO GAITHERSBURG, MD, JUNE 24, 1994 -- Today at the NIUF, seven ISDN equipment vendors demonstrated interoperable local and wide area network connectivity using Point-to-Point Protocol (PPP) over ISDN. This crucial step opens the way to grand-scale interoperability of ISDN LAN connection equipment. "National ISDN 1 and 2 worked on standardized connectivity at the circuit level, but that wasn't enough. Users need applications to launch connections, and remote LAN access applications are standardizing around PPP. This interoperability demonstration puts these vendors ahead of other ISDN vendors, who better get with it or get left out" (according to Jay Batson, Senior Analyst with Network Strategy Service at Forrester Research). Seven leading US, Canadian and European vendors demonstrated interoperable ISDN remote access to LANs: AccessWorks Communications Inc. Cisco Systems, Inc. DigiBoard, Inc. Gandalf Technologies, Inc. IBM Corp. netCS Informationstechnik GmbH Network Express Vendors and end-users accessed Internet, read their e-mail, and sent files back home as part of the demonstration. "For the first time, telecommuters and branch office users can choose the equipment that they prefer. Everyone can get their equipment from different vendors, but it all works together", said Jake Jacobson, Manager of Advanced Communication Laboratories at JPL. Using Basic Rate ISDN lines and LAN attachments provided by the US National Institute for Standards and Technology (NIST), vendors interconnected their devices and attached to local and remote LANs. As part of the demonstration, vendors and end users accessed Internet, read their e-mail, and sent files back home. End users and vendors alike agreed that this will greatly promote rapid expansion of telecommuting, remote Internet access, branch office connectivity, and other useful applications. "The European ISDN Users Forum has also sanctioned PPP as the official interoperability standard" said Rick Kuhlbars of netCS, Berlin, Germany PPP is a set of protocols recommended by the Internet Engineering Task Force (IETF) that allows LAN connection equipment to negotiate which features and protocols will be supported by both ends of a connection. PPP is rapidly becoming a standard for LAN connections since it allows dissimilar products to quickly negotiate which features will be selected for a particular connection. Some reactions: "Global trade requirements and business relationships compel us to interoperate using these kinds of standards based procedures." - Stan Kluz, Lawrence Livermore National Laboratory. "This allows us to have students, faculty and staff select a wider array of equipment and maintain interoperability with both Ameritech's switches as well as the University's emerging ISDN dial in pools." - Dory Leifer, University of Michigan. "For the first time, users now have ISDN networking plug and play. Vendors' network products which support these specifications assure that they can access networks without concern as to what ISDN networking equipment is in use on the network end." - Jeff Fritz, West Virginia University, Chairman of the Enterprise Network Data Interconnectivity Family (ENDIF), a working group of NIUF. NIUF - the North American ISDN User's Forum is an association of ISDN vendors, users, and service providers working together to promote and improve the use of ISDN in North America. Contacts for additional information: Reggie Best, AccessWorks Communications Inc., (800) 248-8204, rbest@accessworks.com. Kevin Dickson, Cisco Systems, (415) 326-1941, kdickson@cisco.com. Bob Downs, ENDIF liaison to IETF, Combinet, (408) 522-9020, bdowns@combinet.com. Jeff Fritz, ENDIF Chairman, West Virginia Univ., (304) 293-2060, jfritz@wvnvm.wvnet.edu. Douglas Frosst, Gandalf, Ontario, Canada, (613) 723-6500, dfrosst@gandalf.ca. Rick Kuhlbars, netCS, Berlin, Germany, 49.30/856 999-0, rick@netcs.com. Randy Sisto, Network Express, (313) 761-5005, rsisto@nei.com. Julie Thomtez, DigiBoard, (612) 943-9020, juliet@digibd.com. IBM, IBM ISDN Information, (919) 254-ISDN. Respectfully Submitted, Gerry Hopkins, ENDIF ViceChair acting for the Secretary ------------------------------ Subject: EFF Congratulates Rep Markey on Passage of Open Platform Bill HR3636 ----------------------------------------------------------------------------- Earlier this month, the House of Representatives has passed both HR 3636 and 3626. HR 3636, the Markey/Fields bill, is based on EFF's Open Platform Proposal. HR 3626 passed on a vote of 423 to 5 (7 not voting). HR 3636 passed on a vote of 423 to 4 (8 not voting). No amendments were offered to either bill on the Floor. After the votes, the bills were ordered to be combined into one bill, which will be sent to the Senate. The Senate is currently considering its own similar legislation. Electronic Frontier Foundation praises passage of House Telecommunications Bill (HR 3636), in combination with the Antitrust Reform Act (HR 3626). Key provisions of the bill will provide affordable access to multimedia network services for the American public ****** The Electronic Frontier Foundation (EFF) is pleased that the US House of Representatives has passed major telecommunications legislation, and commends all who have worked on the bill, especially Chairman Ed Markey (D-MA). Key provisions of the legislation ensure that Open Platform service will be made widely available to all Americans, as the first step in the development of an interactive, multimedia information infrastructure. "Under the Open Platform services sections, the Federal Communications Commission is required to issue regulations which make switched, digital telecommunications service available and affordable for the American public in the near term," explained Daniel J. Weitzner, Deputy Policy Director of EFF. Many of the multimedia services that will help increase educational opportunity in our schools, provide access to library resources, enable distance learning, and support telecommuting, can be delivered over network services that are available today. Yet, telecommunications carriers have been slow in offering these services to the public. While an interactive broadband network should be our long term policy goal, there is no reason to wait for broadband to reap the benefits of digital technologies such as ISDN available in the network today. "Guided by Congress, FCC action to cause deployment and tariffing of Open Platform services will dramatically enhance American's access to multimedia information sources, " said Weitzner. Mitchell Kapor, Chairman of the Board of the Foundation, praised the efforts of Chairman Markey (D-MA) and said that an information infrastructure "built based on Open Platform principles will be a vibrant web of communications and information that enhance free speech and democratic discourse. Open architecture will also enable the NII to be the site of innovation, economic growth, and job creation." HR 3636 recognizes that advanced telecommunications services are becoming more important for individuals and public institutions and that the definition of universal service should evolve over time to ensure affordable access to such advanced services for all Americans. The bill provides that Open Platform service should be considered as the next step in the evolution of universal service. We can hope that in many circumstances a more competitive market will provide high quality access at low prices for many parts of the country. A flexible definition of universal service will help ensure that where the market fails to provide minimum acceptable levels of service, careful tailored regulation will help fill the void. For all of these reasons, the Open Platform sections have been enthusiastically supported by a diverse coalition of public interest groups and key players in the computer and communications industries. "The job of ensuring openness and access to the NII is only just beginning, but the Open Platform services that made possible by the bill take a decisive first step in the right direction," said Weitzner. Contacts: Jerry Berman, Executive Director, Internet: Daniel J. Weitzner, Deputy Policy Director, Internet: Telephone: v: 202-347-5400 f: 202-393-5509 ****** June 28, 1994 Hon. Edward Markey, Chairman House Telecommunications & Finance Subcommittee 316 Ford House Office Building Washington, DC 20150 Dear Chairman Markey, We want to congratulate you and Representative Fields on the passage of HR 3636 and to thank you for efforts and foresight in support of the Open Platform sections of the bill. Built based on Open Platform principles, the NII will be a vibrant web of communications and information that enhance free speech and democratic discourse. Such an open environment will also enable the NII to be the site of innovation, economic growth, and job creation. Under the Open Platform services sections, the Federal Communications Commission is required to issue regulations which make switched, digital telecommunications service available and affordable for the American public in the near term. As you know, many of the multimedia services that will help increase educational opportunity in our schools, provide access to library resources, enable distance learning, and support telecommuting, can be delivered over network services that are available today. Yet, telecommunications carriers have been slow in offering these services to the public. While an interactive broadband network should be our long term policy goal, there is no reason to wait for broadband to reap the benefits of digital technologies such as ISDN available in the network today. Guided by Congress, FCC action to cause deployment and tariffing of Open Platform services will dramatically enhance American's access to multimedia information sources. Widely available Open Platform services will also help jump start that multimedia information and communications market place. HR 3636 recognizes that advanced telecommunications services are becoming more important for individuals and public institutions and that the definition of universal service should evolve over time to ensure affordable access to such advanced services for all Americans. The bill, thus, provides that Open Platform service should be considered as the next step in the evolution of universal service. We can hope that in many circumstances a more competitive market will provide high quality access at low prices for many parts of the country. Your work in creating a flexible definition of universal service will help ensure that where the market fails to provide minimum acceptable levels of service, careful tailored regulation will help fill the void. For all of these reasons, the Open Platform sections have been enthusiastically supported by a diverse coalition of public interest groups and key players in the computer and communications industries. The job of ensuring openness and access to the NII is only just beginning, but the Open Platform services that you have made possible take a decisive first step in the right direction. Again, we commend you and your colleagues for supporting the Open Platform services sections and promise to continue to work with you to ensure enactment of comprehensive telecommunications legislation with strong Open Platform provisions this year. Sincerely, Jerry Berman Executive Director ------------------------------ Subject: US ACM Calls for Clipper Withdrawal, Releases Crypto Policy Report --------------------------------------------------------------------------- From: US ACM, DC Office U S A C M Association for Computing Machinery, U.S. Public Policy Committee * PRESS RELEASE * Thursday, June 30, 1994 Contact: Barbara Simons (408) 463-5661, simons@acm.org (e-mail) Jim Horning (415) 853-2216, horning@src.dec.com (e-mail) Rob Kling (714) 856-5955, kling@ics.uci.edu (e-mail) COMPUTER POLICY COMMITTEE CALLS FOR WITHDRAWAL OF CLIPPER COMMUNICATIONS PRIVACY "TOO IMPORTANT" FOR SECRET DECISION-MAKING WASHINGTON, DC The public policy arm of the oldest and largest international computing society today urged the White House to withdraw the controversial "Clipper Chip" encryption proposal. Noting that the "security and privacy of electronic communications are vital to the development of national and international information infrastructures," the Association for Computing Machinery's U.S. Public Policy Committee (USACM) added its voice to the growing debate over encryption and privacy policy. In a position statement released at a press conference on Capitol Hill, the USACM said that "communications security is too important to be left to secret processes and classified algorithms." The Clipper technology was developed by the National Security Agency, which classified the cryptographic algorithm that underlies the encryption device. The USACM believes that Clipper "will put U.S. manufacturers at a disadvantage in the global market and will adversely affect technological development within the United States." The technology has been championed by the Federal Bureau of Investigation and the NSA, which claim that "non-escrowed" encryption technology threatens law enforcement and national security. "As a body concerned with the development of government technology policy, USACM is troubled by the process that gave rise to the Clipper initiative," said Dr. Barbara Simons, a computer scientist with IBM who chairs the USACM. "It is vitally important that privacy protections for our communications networks be developed openly and with full public participation." The USACM position statement was issued after completion of a comprehensive study of cryptography policy sponsored by the ACM (see companion release). The study, "Codes, Keys and Conflicts: Issues in U.S Crypto Policy," was prepared by a panel of experts representing various constituencies involved in the debate over encryption. The ACM, founded in 1947, is a 85,000 member non-profit educational and scientific society dedicated to the development and use of information technology, and to addressing the impact of that technology on the world's major social challenges. USACM was created by ACM to provide a means for presenting and discussing technological issues to and with U.S. policymakers and the general public. For further information on USACM, please call (202) 298-0842. USACM Position on the Escrowed Encryption Standard The ACM study "Codes, Keys and Conflicts: Issues in U.S Crypto Policy" sets forth the complex technical and social issues underlying the current debate over widespread use of encryption. The importance of encryption, and the need for appropriate policies, will increase as networked communication grows. Security and privacy of electronic communications are vital to the development of national and international information infrastructures. The Clipper Chip, or "Escrowed Encryption Standard" (EES) Initiative, raises fundamental policy issues that must be fully addressed and publicly debated. After reviewing the ACM study, which provides a balanced discussion of the issues, the U.S. Public Policy Committee of ACM (USACM) makes the following recommendations. 1. The USACM supports the development of public policies and technical standards for communications security in open forums in which all stakeholders -- government, industry, and the public -- participate. Because we are moving rapidly to open networks, a prerequisite for the success of those networks must be standards for which there is widespread consensus, including international acceptance. The USACM believes that communications security is too important to be left to secret processes and classified algorithms. We support the principles underlying the Computer Security Act of 1987, in which Congress expressed its preference for the development of open and unclassified security standards. 2. The USACM recommends that any encryption standard adopted by the U.S. government not place U.S. manufacturers at a disadvantage in the global market or adversely affect technological development within the United States. Few other nations are likely to adopt a standard that includes a classified algorithm and keys escrowed with the U.S. government. 3. The USACM supports changes in the process of developing Federal Information Processing Standards (FIPS) employed by the National Institute of Standards and Technology. This process is currently predicated on the use of such standards solely to support Federal procurement. Increasingly, the standards set through the FIPS process directly affect non-federal organizations and the public at large. In the case of the EES, the vast majority of comments solicited by NIST opposed the standard, but were openly ignored. The USACM recommends that the standards process be placed under the Administrative Procedures Act so that citizens may have the same opportunity to challenge government actions in the area of information processing standards as they do in other important aspects of Federal agency policy making. 4. The USACM urges the Administration at this point to withdraw the Clipper Chip proposal and to begin an open and public review of encryption policy. The escrowed encryption initiative raises vital issues of privacy, law enforcement, competitiveness and scientific innovation that must be openly discussed. 5. The USACM reaffirms its support for privacy protection and urges the administration to encourage the development of technologies and institutional practices that will provide real privacy for future users of the National Information Infrastructure. ****** Association for Computing Machinery PRESS RELEASE Thursday, June 30, 1994 Contact: Joseph DeBlasi, ACM Executive Director (212) 869-7440 Dr. Stephen Kent, Panel Chair (617) 873-3988 Dr. Susan Landau, Panel Staff (413) 545-0263 COMPUTING SOCIETY RELEASES REPORT ON ENCRYPTION POLICY "CLIPPER CHIP" CONTROVERSY EXPLORED BY EXPERT PANEL WASHINGTON, DC A panel of experts convened by the nation's foremost computing society today released a comprehensive report on U.S. cryptography policy. The report, "Codes, Keys and Conflicts: Issues in U.S Crypto Policy," is the culmination of a ten-month review conducted by the panel of representatives of the computer industry and academia, government officials, and attorneys. The 50-page document explores the complex technical and social issues underlying the current debate over the Clipper Chip and the export control of information security technology. "With the development of the information superhighway, cryptography has become a hotly debated policy issue," according to Joseph DeBlasi, Executive Director of the Association for Computing Machinery (ACM), which convened the expert panel. "The ACM believes that this report is a significant contribution to the ongoing debate on the Clipper Chip and encryption policy. It cuts through the rhetoric and lays out the facts." Dr. Stephen Kent, Chief Scientist for Security Technology with the firm of Bolt Beranek and Newman, said that he was pleased with the final report. "It provides a very balanced discussion of many of the issues that surround the debate on crypto policy, and we hope that it will serve as a foundation for further public debate on this topic." The ACM report addresses the competing interests of the various stakeholders in the encryption debate -- law enforcement agencies, the intelligence community, industry and users of communications services. It reviews the recent history of U.S. cryptography policy and identifies key questions that policymakers must resolve as they grapple with this controversial issue. The ACM cryptography panel was chaired by Dr. Stephen Kent. Dr. Susan Landau, Research Associate Professor in Computer Science at the University of Massachusetts, co-ordinated the work of the panel and did most of the writing. Other panel members were Dr. Clinton Brooks, Advisor to the Director, National Security Agency; Scott Charney, Chief of the Computer Crime Unit, Criminal Division, U.S. Department of Justice; Dr. Dorothy Denning, Computer Science Chair, Georgetown University; Dr. Whitfield Diffie, Distinguished Engineer, Sun Microsystems; Dr. Anthony Lauck, Corporate Consulting Engineer, Digital Equipment Corporation; Douglas Miller, Government Affairs Manager, Software Publishers Association; Dr. Peter Neumann, Principal Scientist, SRI International; and David Sobel, Legal Counsel, Electronic Privacy Information Center. Funding for the cryptography study was provided in part by the National Science Foundation. The ACM, founded in 1947, is a 85,000 member non-profit educational and scientific society dedicated to the development and use of information technology, and to addressing the impact of that technology on the world's major social challenges. For general information, contact ACM, 1515 Broadway, New York, NY 10036. (212) 869-7440 (tel), (212) 869-0481 (fax). Information on accessing the report electronically will be posted soon on Usenet. ------------------------------ Subject: IITF Intellectual Property Draft Report - Request for Comments ----------------------------------------------------------------------- The Information Infrastructure Task Force (IITF) working group on Intellectual Property Rights has released their preliminary draft report for public review and comment. The paper, "Intellectual Property and the National Information Infrastructure," is available from the Patent & Trademark Office via anonymous FTP from ftp.uspto.gov in /pub/nii-ip or on the Web at URL http://www.uspto.gov/ Comments may be sent electronically to nii-ip@uspto.gov; the deadline for comments is September 7, 1994. ------------------------------ Subject: New Faces at EFF: Robin Abner (Membership), Darby Costello (Finance) ----------------------------------------------------------------------------- Robin Abner - Director of Membership Robin Abner is the Director of Membership for the Electronic Frontier Foundation. Robin works with EFF's Board and staff to plan membership strategy and oversee marketing, administration and member services. Prior to joining EFF, Robin was Director of Membership and Marketing at Non-Profit Management Associates, Inc. in Washington, DC, where she developed and administered membership programs for several non-profit organizations. In addition, she served as Deputy Director of the Friends of the National Library of Medicine. Robin majored in Computer Science at George Washington University and is currently studying Technology and Management at the University of Maryland in College Park. Robin is a member of the American Society of Association Executives (ASAE) and is co-chair of ASAE's Roundtable Steering Committee. In 1993, she was appointed to the Membership Council of ASAE's Board and was awarded their Diversity Career Development Scholarship. ****** Darby Costello - Director of Finance & Administration Darby Costello, EFF's new Director of Finance and Administration, handles oversight of all financial activities/transactions, human resources and office management. Darby is a long-time Washingtonian, has worked in the non-profit world for over 10 years, and earned a BSBA in Accounting from George Washington University. She is partial to cats and has two Burmese, Juan and Flor, who share their Kalorama apartment with Darby. She is devoted to the arts (opera in particular) and actively involved with a newly-formed local opera company. Ms. Costello is a rabid, nearly indiscriminate, reader. ------------------------------ Subject: What YOU Can Do ------------------------ "The net poses a fundamental threat not only to the authority of the government, but to all authority, because it permits people to organize, think, and influence one another without any institutional supervision whatsoever. The government is responding to this threat with the Clipper Chip." - John Seabrook, "My First Flame", _New_Yorker_ 06/06/94 Who will decide how much privacy is "enough"? The Electronic Frontier Foundation believes that individuals should be able to ensure the privacy of their personal communications through any technological means they choose. However, the government's current restrictions on the export of encrytion software have stifled the development and commercial availability of strong encryption in the U.S. Now, more than ever, EFF is working to make sure that you are the one that makes these decisions for yourself. Our members are making themselves heard on the whole range of issues. EFF collected over 5000 letters of support for Rep. Maria Cantwell's bill to liberalize restrictions on cryptography. We also gathered over 1400 letters supporting Sen. Leahy's open hearings on the proposed Clipper encryption scheme, which were held in May 1994. And EFF collected over 90% of the public comments that were submitted to NIST regarding whether or not Clipper should be made a federal standard. You KNOW privacy is important. You have probably participated in our online campaigns. Have you become a member of EFF yet? The best way to protect your online rights is to be fully informed and to make your opinions heard. EFF members are informed and are making a difference. Join EFF today! For EFF membership info, send queries to membership@eff.org, or send any message to info@eff.org for basic EFF info, and a membership form. ------------------------------ Administrivia ============= EFFector Online is published by: The Electronic Frontier Foundation 1001 G Street NW, Suite 950 E Washington DC 20001 USA +1 202 347 5400 (voice) +1 202 393 5509 (fax) +1 202 638 6119 (BBS - 16.8k ZyXEL) +1 202 638 6120 (BBS - 14.4k V.32bis) Internet: ask@eff.org Internet fax gate: remote-printer.EFF@9.0.5.5.3.9.3.2.0.2.1.tpc.int Coordination, production and shipping by: Stanton McCandlish, Online Activist/SysOp/Archivist Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the views of EFF. To reproduce signed articles individually, please contact the authors for their express permission. To subscribe to EFFector via email, send message body of "subscribe effector-online" (no quotes) to listserve@eff.org, which will add you a subscription to the EFFector mailing list. To get the latest issue, send any message to er@eff.org, and it will be mailed to you automagically. You can also get ftp.eff.org, /pub/EFF/Newsletters/EFFector/current. ------------------------------ Internet Contact Addresses -------------------------- Membership & donations: membership@eff.org Legal services: ssteele@eff.org Hardcopy publications: pubs@eff.org Technical questions/problems, access to mailing lists: eff@eff.org General EFF, legal, policy or online resources queries: ask@eff.org End of EFFector Online v07 #12 ****************************** $$