========================================================================= ________________ _______________ _______________ /_______________/\ /_______________\ /\______________\ \\\\\\\\\\\\\\\\\ \ ||||||||||||||||| / //////////////// \\\\\\\\\\\\\\\\\/ ||||||||||||||||| / //////////////// \\\\\\_______/\ ||||||_______\ / //////_____\ \\\\\\\\\\\\\ \ |||||||||||||| / ///////////// \\\\\\\\\\\\\/____ |||||||||||||| / ///////////// \\\\\___________/\ ||||| / //// \\\\\\\\\\\\\\\\ \ ||||| / //// \\\\\\\\\\\\\\\\/ ||||| \//// ========================================================================= EFFector Online Volume 07 No. 03 Feb. 09, 1994 editors@eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 In This Issue: EFF Wants YOU! (to add your voice to the crypto fight) Administration Announces Cold War Attitude on Crypto, Pushes Clipper Statement of Vice President Gore Statement of the White House Press Secretary Attorney General Janet Reno Key Escrow Agents Press Release Statement of Dr. M. Harris, Dep. Asst. Secy. of State for PMA Volunteers/Information Needed for EFF Diskettes What You Can Do ---------------------------------------------------------------------- Subject: EFF Wants YOU! (to add your voice to the crypto fight) --------------------------------------------------------------- * DISTRIBUTE WIDELY * Monday, February 7th, 1994 From: Jerry Berman, Executive Director of EFF jberman@eff.org Dear Friends on the Electronic Frontier, I'm writing a personal letter to you because the time has now come for action. On Friday, February 4, 1994, the Administration announced that it plans to proceed on every front to make the Clipper Chip encryption scheme a national standard, and to discourage the development and sale of alternative powerful encryption technologies. If the government succeeds in this effort, the resulting blow to individual freedom and privacy could be immeasurable. As you know, over the last three years, we at EFF have worked to ensure freedom and privacy on the Net. Now I'm writing to let you know about something *you* can do to support freedom and privacy. *Please take a moment to send e-mail to U.S. Rep. Maria Cantwell (cantwell@eff.org) to show your support of H.R. 3627, her bill to liberalize export controls on encryption software.* I believe this bill is critical to empowering ordinary citizens to use strong encryption, as well as to ensuring that the U.S. software industry remains competitive in world markets. Here are some facts about the bill: Rep. Cantwell introduced H.R. 3627 in the House of Representatives on November 22, 1993. H.R. 3627 would amend the Export Control Act to move authority over the export of nonmilitary software with encryption capabilities from the Secretary of State (where the intelligence community traditionally has stalled such exports) to the Secretary of Commerce. The bill would also invalidate the current license requirements for nonmilitary software containing encryption capabilities, unless there is substantial evidence that the software will be diverted, modified or re-exported to a military or terroristic end-use. If this bill is passed, it will greatly increase the availability of secure software for ordinary citizens. Currently, software developers do not include strong encryption capabilities in their products, because the State Department refuses to license for export any encryption technology that the NSA can't decipher. Developing two products, one with less secure exportable encryption, would lead to costly duplication of effort, so even software developed for sale in this country doesn't offer maximum security. There is also a legitimate concern that software companies will simply set up branches outside of this country to avoid the export restrictions, costing American jobs. The lack of widespread commercial encryption products means that it will be very easy for the federal government to set its own standard--the Clipper Chip standard. As you may know, the government's Clipper Chip initiative is designed to set an encryption standard where the government holds the keys to our private conversations. Together with the Digital Telephony bill, which is aimed at making our telephone and computer networks "wiretap-friendly," the Clipper Chip marks a dramatic new effort on the part of the government to prevent us from being able to engage in truly private conversations. We've been fighting Clipper Chip and Digital Telephony in the policy arena and will continue to do so. But there's another way to fight those initiatives, and that's to make sure that powerful alternative encryption technologies are in the hands of any citizen who wants to use them. The government hopes that, by pushing the Clipper Chip in every way short of explicitly banning alternative technologies, it can limit your choices for secure communications. Here's what you can do: I urge you to write to Rep. Cantwell today at cantwell@eff.org. In the Subject header of your message, type "I support HR 3627." In the body of your message, express your reasons for supporting the bill. EFF will deliver printouts of all letters to Rep. Cantwell. With a strong showing of support from the Net community, Rep. Cantwell can tell her colleagues on Capitol Hill that encryption is not only an industry concern, but also a grassroots issue. *Again: remember to put "I support HR 3627" in your Subject header.* This is the first step in a larger campaign to counter the efforts of those who would restrict our ability to speak freely and with privacy. Please stay tuned--we'll continue to inform you of things you can do to promote the removal of restrictions on encryption. In the meantime, you can make your voice heard--it's as easy as e-mail. Write to cantwell@eff.org today. Sincerely, Jerry Berman Executive Director, EFF jberman@eff.org P.S. If you want additional information about the Cantwell bill, send e-mail to cantwell-info@eff.org. To join EFF, write membership@eff.org. The text of the Cantwell bill can be found with the any of the following URLs (Universal Resource Locators): ftp://ftp.eff.org/pub/EFF/Policy/Legislation/cantwell.bill http://www.eff.org/ftp/EFF/Policy/Legislation/cantwell.bill gopher://gopher.eff.org/00/EFF/legislation/cantwell.bill A summary of the bill and statement from Cantwell can be found at: ftp://ftp.eff.org/pub/EFF/Policy/Legislation/cantwell.summary http://www.eff.org/ftp/EFF/Policy/Legislation/cantwell.summary gopher://gopher.eff.org/00/EFF/legislation/cantwell.summary (cantwell.summary is the same file you get by mailing to cantwell-info@eff.org) --------------------------------- Subject: Administration Announces Cold War Attitude on Crypto, Pushes Clipper ----------------------------------------------------------------------------- At two briefings, Feb. 4, 1994, the Clinton Administration and various agencies gave statements before a Congressional committee, and later representatives of civil liberties organizations, industry spokespersons and privacy advocates. The Electronic Frontier Foundation's position, based on what we have seen and heard from the Administration today, is that the White House is set on a course that pursues Cold War national security and law enforcement interests to the detriment of individual privacy and civil liberties. The news is grim. The Administration is: * not backing down on Clipper * not backing down on key escrow * not backing down on selection of escrow agents * already adamant on escrowed key access procedures * not willing to elminate ITAR restrictions * hiding behind exaggerated threats of "drug dealers" and "terrorists" The material released to the industry and advocacy version of the briefing have been placed online at ftp.eff.org (long before their online availability from goverment access sites, one might add). See below for specific details. No information regarding the Congressional committee version of the briefing has been announced. EFF Director Jerry Berman, who attended the private sector meeting, reported the following: "The White House and other officials briefed industry on its Clipper chip and encryption review. While the review is not yet complete, they have reached several policy conclusions. First, Clipper will be proposed as a new Federal Information Processing Standard (FIPS) next Wednesday. [Feb. 9] It will be "vountary" for government agencies and the private sector to use. They are actively asking other vendors to jump in to make the market a Clipper market. Export licensing processes will be speeded up but export restrictions will not be lifted in the interests of national security. The reason was stated bluntly at the briefing: to frustrate competition with Clipper from other powerful encryption schemes by making them difficult to market, and to "prevent" strong encryption from leaving the country, thus supposedly making the job of law enforcement and intelligence more difficult. Again, in the interest of "national security". Of course, Clipper will be exportable but they would not comment on how other governments will view this. Treasury and NIST will be the escrow agents and Justice asserted that there was no necessity for legislation to implement the escrow procedures. "I asked if there would be a report to explain the rationale for choosing these results - we have no explanation of the Administration's thinking, or any brief in support of the results. They replied that there would be no report because they have been unable to write one, due to the complexity of the issue. "One Administation spokesperson said this was the Bosnia of Telecommunications. I asked, if this was so, how, in the absense of some policy explanation, could we know if our policy here will be as successful as our policy in Bosnia?" The announcements, authorization procedures for release of escrowed keys, and q-and-a documents from the private sector briefing are online at EFF. They are: "Statement of the [White House] Press Secretary" [White House] file://ftp.eff.org/pub/EFF/Policy/Crypto/wh_press_secy.statement "Statement of the Vice President" [very short - WH] file://ftp.eff.org/pub/EFF/Policy/Crypto/gore_crypto.statement "Attorney General Makes Key Escrow Encryption Announcements" [Dept. of Just.] file://ftp.eff.org/pub/EFF/Policy/Crypto/reno_key_escrow.statement "Authorization Procedures for Release pf Emcryption Key Components in Conjunction with Intercepts Pursuant to Title III/State Statutes/FISA" [3 docs. in one file - DoJ] file://ftp.eff.org/pub/EFF/Policy/Crypto/doj_escrow_intercept.rules "Working Group on Data Security" [WH] file://ftp.eff.org/pub/EFF/Policy/Crypto/interagency_workgroup.announce "Statement of Dr. Martha Harris Dep. Asst. Secy. of State for Polit.-Mil. Affairs: Encryption - Export Control Reform" [Dept. of State] file://ftp.eff.org/pub/EFF/Policy/Crypto/harris_export.statement "Questions and Answers about the Clinton Administration's Encryption Policy" [WH] file://ftp.eff.org/pub/EFF/Policy/Crypto/wh_crypto.q-a These files are available for anonymous ftp, or via gopher and the Web: Gopher access: gopher://gopher.eff.org/00/EFF/papers/Crypto/[same filenames] WWW/Mosiac access: http://www.eff.org/ftp/EFF/Policy/Crypto/[same filenames] http://www.eff.org/alerts.html All 7 of these documents will be posted widely on the net. [They will also be posted to CIS and AOL, and many are reproduced in this issue of EFFector.] --------------------------------- Subject: Statement of Vice President Gore ----------------------------------------- Today's announcements on encryption represent important steps in the implementation of the Administration's policy on this critical issue. Our policy is designed to provide better encryption to individuals and businesses while ensuring that the needs of law enforcement and national security are met. Encryption is a law and order issue since it can be used by criminals to thwart wiretaps and avoid detection and prosecution. It also has huge strategic value. Encryption technology and cryptoanalysis turned the tide in the Pacific and elsewhere during World War II. --------------------------------- Subject: Statement of the White House Press Secretary ----------------------------------------------------- Last April, the Administration announced a comprehensive interagency review of encryption technology, to be overseen by the National Security Council. Today, the Administration is taking a number of steps to implement the recommendations resulting from that review. Advanced encryption technology offers individuals and businesses an inexpensive and easy way to encode data and telephone conversations. Unfortunately, the same encryption technology that can help Americans protect business secrets and personal privacy can also be used by terrorists, drug dealers, and other criminals. In the past, Federal policies on encryption have reflected primarily the needs of law enforcement and national security. The Clinton Administration has sought to balance these needs with the needs of businesses and individuals for security and privacy. That is why, today the National Institute of Standards ant Technology (NIST) is committing to ensure a royalty-free, public-domain Digital Signature Standard. Over many years, NIST has been developing digital signature technology that would provide a way to verify the author and sender of an electronic message. Such technology will be critical for a wide range of business applications for the National Information Infrastructure. A digital signature standard will enable individuals to transact business electronically rather than having to exchange signed paper contracts. The Administration has determined that such technology should not be subject to private royalty payments, and it will be taking steps to ensure that royalties are not required for use of a digital signature. Had digital signatures been in widespread use, the recent security problems with the Internet would have been avoided. Last April, the Administration released the Key Escrow chip (also known as the "Clipper Chip") that would provide Americans with secure telecommunications without compromising the ability of law enforcement agencies to carry out legally authorized wiretaps. Today, the Department of Commerce and the Department of Justice are taking steps to enable the use of such technology both in the U.S. and overseas. At the same time, the Administration is announcing its intent to work with industry to develop other key escrow products that might better meet the needs of individuals and industry, particularly the American computer and telecommunications industry. Specific steps being announced today include: - Approval by the Commerce Secretary of the Escrowed Encryption Standard (EES) as a voluntary Federal Information Processing Standard, which will enable government agencies to purchase the Key Escrow chip for use with telephones and modems. The department's National Institute of Standards and Technology (NIST) will publish the standard. - Publication by the Department of Justice of procedures for the release of escrowed keys and the announcement of NIST and the Automated Services Division of the Treasury Department as the escrow agents that will store the keys needed for decryption of communications using the Key Escrow chip. Nothing in these procedures will diminish the existing legal and procedural requirements that protect Americans from unauthorized wiretaps. - New procedures to allow export of products containing the Key Escrow chip to most countries. In addition, the Department of State will streamline export licensing procedures for encryption products that can be exported under current export regulations in order to help American companies sell their products overseas. In the past, it could take weeks for a company to obtain an export license for encryption products, and each shipment might require a separate license. The new procedures announced today will substantially reduce administrative delays and paperwork for encryption exports. To implement the Administration's encryption policy, an interagency Working Group on Encryption and Telecommunications has been established. It will be chaired by the White House Office of Science and Technology Policy and the National Security Council and will include representatives of the Departments of Commerce, Justice, State, and Treasury as well as the FBI, the National Security Agency, the Office of Management and Budget, and the National Economic Council. This group will work with industry and public-interest groups to develop new encryption technologies and to review and refine Administration policies regarding encryption, as needed. The Administration is expanding its efforts to work with industry to improve on the Key Escrow chip, to develop key-escrow software, and to examine alternatives to the Key Escrow chip. NIST will lead these efforts and will request additional staff and resources for this purpose. We understand that many in industry would like to see all encryption products exportable. However, if encryption technology is made freely available worldwide, it would no doubt be used extensively by terrorists, drug dealers, and other criminals to harm Americans both in the U.S. and abroad. For this reason, the Administration will continue to restrict export of the most sophisticated encryption devices, both to preserve our own foreign intelligence gathering capability and because of the concerns of our allies who fear that strong encryption technology would inhibit their law enforcement capabilities. At the same time, the Administration understands the benefits that encryption and related technologies can provide to users of computers and telecommunications networks. Indeed, many of the applications of the evolving National Information Infrastructure will require some form of encryption. That is why the Administration plans to work more closely with the private sector to develop new forms of encryption that can protect privacy and corporate secrets without undermining the ability of law-enforcement agencies to conduct legally authorized wiretaps. That is also why the Administration is committed to make available free of charge a Digital Signature Standard. The Administration believes that the steps being announced today will help provide Americans with the telecommunications security they need without compromising the capability of law enforcement agencies and national intelligence agencies. Today, any American can purchase and use any type of encryption product. The Administration does not intend to change that policy. Nor do we have any intention of restricting domestic encryption or mandating the use of a particular technology. --------------------------------- Subject: Attorney General Janet Reno Key Escrow Agents Press Release -------------------------------------------------------------------- Attorney General Janet Reno today announced selection of the two U.S. Government entities that will hold the escrowed key components for encryption using the key escrow encryption method. At the same time, the Attorney General made public procedures under which encryption key components will be released to government agencies for decrypting communications subject to lawful wiretaps. Key Escrow Encryption (formerly referred to as Clipper Chip ) strikes an excellent balance between protection of communications privacy and protection of society. It permits the use in commercial telecommunications products of chips that provide extremely strong encryption, but can be decrypted, when necessary, by government agencies conducting legally authorized wiretaps. Decryption is accomplished by use of keys--80-bit binary numbers-- that are unique to each individual encryption chip. Each unique key is in turn split into two components, which must be recombined in order to decrypt communications. Knowing one component does not make decryption any more feasible than not knowing either one. The two escrow agents are the National Institute of Standards and Technology (NIST), a part of the Department of Commerce, and the Automated Systems Division of the Department of the Treasury. The two escrow agents were chosen because of their abilities to safeguard sensitive information, while at the same time being able to respond in a timely fashion when wiretaps encounter encrypted communications. In addition, NIST is responsible for establishing standards for protection of sensitive, unclassified information in Federal computer systems. The escrow agents will act under strict procedures, which are being made public today, that will ensure the security of the key components and govern their release for use in conjunction with lawful wiretaps. They will be responsible for holding the key components: for each chip, one agent will hold one of the key components, and the second agent will hold the other. Neither will release a key component, except to a government agency with a requirement to obtain it in connection with a lawfully authorized wiretap. The system does not change the rules under which government agencies are authorized to conduct wiretaps. When an authorized government agency encounters suspected key- escrow encryption, a written request will have to be submitted to the two escrow agents. The request will, among other things, have to identify the responsible agency and the individuals involved; certify that the agency is involved in a lawfully authorized wiretap; specify the wiretap's source of authorization and its duration; and specify the serial number of the key-escrow encryption chip being used. In every case, an attorney involved in the investigation will have to provide the escrow agents assurance that a validly authorized wiretap is being conducted. Upon receipt of a proper request, the escrow agents will transmit their respective key components to the appropriate agency. The components will be combined within a decrypt device, which only then will be able to decrypt communications protected by key- escrow encryption. When the wiretap authorization ends, the device s ability to decrypt communications using that particular chip will also be ended. The Department of Justice will, at the various stages of the process, take steps to monitor compliance with the procedures. --------------------------------- Subject: Statement of Dr. M. Harris, Dep. Asst. Secy. of State for PMA ---------------------------------------------------------------------- The Secretary of State is announcing today measures arising from the Administration's decision to reform export control procedures applicable to products incorporating encryption technology. These reforms are part of the Administration's effort to eliminate unnecessary controls and ensure efficient implementation. The reforms will simplify encryption product export licensing and speed the review of encryption product exports, thus helping U.S. manufacturers to compete more effectively in the global market. While there will be no changes in the types of equipment controlled by the Munitions List, we are announcing measures to expedite licensing. Last year the President announced an initiative to encourage U.S. manufacturers and users of encryption to take advantage of a government technology (the key-escrow chip) that provides excellent security while ensuring that the Government has a means to decode the encryption when lawfully authorized, such as when executing a court-authorized warrant in connection with a criminal investigation. At the time he announced this initiative, the President directed a comprehensive review of U.S. policy regarding domestic use and export of encryption technology. The reforms we are announcing today result from that review. The President has determined that vital U.S. national security and law enforcement interests compel maintaining appropriate control of encryption. Still, there is much that can be done to reform existing controls to ensure that they are efficiently implemented and to maintain U.S. leadership in the world market for encryption technology. Accordingly, the President has asked the Secretary of State to take immediate action to implement a number of procedural reforms. The reforms are: * License Reform: Under new licensing arrangements, encryption manufacturers will be able to ship their products from the United States directly to customers within approved regions without obtaining individual licenses for each end user. This will improve the ability of our manufacturers to provide expedited delivery of products, and to reduce shipping and tracking costs. It should also reduce the number of individual license requests, especially for small businesses that cannot afford international distributors. * Rapid review of export license applications: A significant number of encryption export license applications can be reviewed more quickly. For such exports, we have set a license turnaround goal of two working days. * Personal use exemption: We will no longer require that U.S. citizens obtain an export license prior to taking encryption products out of the U.S. temporarily for their own personal use. In the past, this requirement caused delays and inconvenience for business travelers. * Allow exports of key-escrow encryption: After initial review, key-escrow encryption products may now be exported to most end users. Additionally, key-escrow products will qualify for special licensing arrangements. These reforms should have the effect of minimizing the impact of export controls on U.S. industry. The Department of State will take all appropriate actions to ensure that these reforms are implemented as quickly as possible. The Secretary of State asks that encryption product manufacturers evaluate the impact of these reforms over the next year and provide feedback both on how the reforms have worked out and on recommendations for additional procedural reforms. The contact point for further information on these reforms is Rose Biancaniello, Office of Defense Trade Controls, Bureau of Political-Military Affairs, Department of State, (703) 875-6644. --------------------------------- Subject: Volunteers/Discounts Needed for EFF Diskettes ------------------------------------------------------ EFF is updating it's "Frontier Files" disk and needs to make 500 hundred DOS and 100 Macintosh duplicates this month. We are looking for volunteers who can do the duplication onto 3 1/2" DD disks or pointers to free and/or reduced rate mass duplication services. EFF is also seeking a volunteer to format and produce an Amiga version of the Files in a quantity of about 50. EFF will of course pay for or provide the diskettes. The Frontier Files will include EFF newsletters and papers, legal information, net documents like the "Big Dummy's Guide to the Internet" and more. A notice will be posted in EFFector as soon as the disks are available for distribution. E-mail info to Sarah Simpson, Membership Coordinatorwith subject of "Frontier Files". ------------------------------ Subject: What You Can Do ------------------------ "Relying on the government to protect your privacy is like asking a peeping tom to install your window blinds." - John Perry Barlow, EFF co-founder, "Decrypting the Puzzle Palace" The Electronic Frontier Foundation believes that individuals should be able to ensure the privacy of their personal communications through any technological means they choose. However, the government's current restrictions on the export of encrytion software have stifled the development and commercial availability of strong encryption in the U.S. Rep. Maria Cantwell has introduced a bill (H.R. 3627) in the House that would liberalize export controls on software that contains encryption, but needs vocal support if the bill is to make it out of the committee stage. If you believe that privacy is a right and not a privledge, send e-mail in support of the bill to Rep. Cantwell in care of EFF at cantwell@eff.org. Background and analysis of the bill are available from an automailer by sending any email to cantwell-info@eff. org. The decisions that are made today will affect our futures indefinitely. EFF is a respected voice for the rights of users of online technologies and EFF members receive regular online updates on the issues that affect our online communications and particpate in shaping the future. We feel that the best way to protect your online rights is to be fully informed and to make your opinions heard. EFF members are informed, and are making a difference. Join EFF today! ------------------------------ MEMBERSHIP IN THE ELECTRONIC FRONTIER FOUNDATION ================================================ Print out in monospaced (non-proportional) font and mail to: Attn: Membership Coordinator Electronic Frontier Foundation 1001 G St. NW, Suite 950 East Washington DC 20001 USA SIGN ME UP! ----------- I wish to become a member of the Electronic Frontier Foundation. I enclose: ___ Regular membership -- $40 ___ Student membership -- $20 Special Contribution I wish to make an additional tax-deductible donation in the amount of $__________ to further support the activities of EFF and to broaden participation in the organization. PAYMENT METHOD: --------------- ___ Enclosed is a check or money order payable to the Electronic Frontier Foundation. ___ Please charge my: ___ MasterCard ___ Visa ___ American Express Card Number: _____________________________________________ Expiration Date: _________________________________________ Signature: _______________________________________________ NOTE: We do not recommend sending credit card information via email! YOUR CONTACT INFORMATION: ------------------------- Name: __________________________________________________________ Organization: __________________________________________________ Address: _______________________________________________________ _______________________________________________________ Phone: _____________________ FAX: _____________________ BBS: _____________________ BBS Name: ____________________ E-mail addresses: ______________________________________________ ______________________________________________ PREFERRED CONTACT ___ Electronic: Please contact me via the Internet address listed above. I would like to receive the following at that address: ___ EFFector Online - EFF's biweekly electronic newsletter (back issues available from ftp.eff.org, pub/EFF/Newsletters/EFFector). ___ Online Bulletins - bulletins on key developments affecting online communications. NOTE: Traffic may be high. You may wish to browse these publications in the Usenet newsgroup comp.org.eff.news (also available in FidoNet, as EFF-NEWS). ___ Paper: Please contact me through the US Mail at the street address listed above. NOTE: Paper documents available upon request. "Networks & Policy" Newsletter automatically sent via US Mail. PRIVACY POLICY -------------- EFF occasionally shares our mailing list with other organizations promoting similar goals. However, we respect an individual's right to privacy and will not distribute your name without explicit permission. ___ I grant permission for the EFF to distribute my name and contact information to organizations sharing similar goals. This form came from EFFector Online (please leave this line on the form!) The Electronic Frontier Foundation is a nonprofit, 501(c)(3) organization supported by contributions from individual members, corporations and private foundations. Donations are tax-deductible. ------------------------------ Administrivia ============= EFFector Online is published biweekly by: Electronic Frontier Foundation 1001 G St. NW, Suite 950 E Washington DC 20001 USA Phone: +1 202 347 5400, FAX: +1 202 393 5509 Internet Address: eff@eff.org or ask@eff.org Coordination, production and shipping by: Stanton McCandlish, Online Activist/SysOp Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the views of EFF. To reproduce signed articles individually, please contact the authors for their express permission. ------------------------------ Internet Contact Addresses -------------------------- Membership & donations: membership@eff.org Legal services: ssteele@eff.org Hardcopy publications: pubs@eff.org Online publications, conferences, & other resources: mech@eff.org Technical questions/problems, access to mailing lists: eff@eff.org General EFF, legal, or policy questions: ask@eff.org End of EFFector Online v07 #03 ****************************** $$