STATEMENT OF ASSOCIATION OF AMERICAN PUBLISHERS Presented by Heather G. Florence The Association of American Publishers (AAP), the major trade association of U.S. book publishers, represents a diverse group of companies comprising both commercial and not-for-profit publishers (such as university presses). AAP members' works are published for the consumer, education (from elementary to secondary to post-graduate schools), and professional, scholarly and international markets. 1. How will AAP's members use the NII? The National Information Infrastructure will impact on the businesses of the publishing industry in numerous ways. Already, many book publishers are creating electronic products to accompany and supplement their books and journals. Other publishers are creating custom educational materials, publishing on and to demand; many are communicating with authors, receiving delivery of manuscripts, editing, typesetting, and designing books electronically. Some publishers are transmitting finished products electronically to licensed end-user customers; many are working electronically with wholesale and retail accounts; some are using online services to promote authors and market titles to distributors and readers; some are providing online services directly into school buildings and classrooms; and some publishers are even participating in group writing experiments online. The creation of the NII will foster still greater -- indeed, many as yet undeveloped or uncontemplated -- uses of new technologies in connection with the researching, writing, editing, marketing, and distribution of published materials. 2. Concerns of AAP members in relation to security and privacy. AAP members share with other prospective users of the NII concerns over the integrity and security of the transactions and information to be conveyed over this powerful communications medium. The need to protect the literary property rights of publishers and their authors is fundamental. AAP's concerns in this regard are reflected in the statement submitted by the Creative Incentive Coalition, in which AAP participates. Also important to the publishing industry will be assurance that the advent of the NII respects the speech and press guarantees of the First Amendment. In fulfilling its assigned role of providing the American public with maximal information about our political, social, artistic, and religious affairs, the publishing industry has to date operated in an environment that assures that works of public interest -- whatever form they may take -- can be researched, written and published and disseminated without fear of either prior restraint or subsequent punishment. To be sure, many such works are controversial, and often are claimed to cause embarrassment or intrude on individual privacy interests. our courts, however, have placed a transcendent value on the right of the press to publish freely about matters of public interest. While written more than 200 years ago, the First Amendment has endured major technological change. The 18th century's "marketplace of ideas" -- characterized by town meetings, pamphleteering, and print publications of limited circulation -- scarcely resembles today's instantaneous, global, "mass media" communications environment. Yet, the free expression principles embodied in the First Amendment have proven hardy and adaptable to such changes -- as they must continue to be as new technologies such as those reflected in the NII develop and take hold. Just as with the advent of broadcast and cable television, our society will face the challenge of determining how the mandates of the First Amendment are to be fulfilled consistent with the characteristics of this new communications medium. Without doubt, numerous issues relating to content regulation that the publishing industry has confronted in the print setting will arise, and need to be addressed and resolved, in conjunction with the dissemination of the works of authors and publishers on the NII. We suspect that the answers in many, if not most, cases will be: "If it ain't broke, don't fix it" -- in other words, that First Amendment doctrine heretofore developed in conjunction with existing communications media will provide adequate guidance. In any event, the proper manner of resolution of such issues is, in our estimation, no different than that which has shaped First Amendment doctrine to date: an evolutionary process grounded in actual experience a part of which will entail our courts weighing the sometimes competing interests at stake and determining where the constitutional lines are to be drawn. The system has worked well for two centuries. There is no reason to believe it cannot continue to work well with the advent of the NII. A few of the areas of long-standing concern to publishers that will present new issues in the NII setting are: o Defamation and Obscenity - There are governing constitutional limitations on punishing speech that injures personal reputation or that contains sexual content. The dissemination of works to a potentially vast and diverse audience via the NII will undoubtedly test the efficacy of these standards in this context. Among the issues certain to be raised is that concerning which entities in the chain of dissemination are to be responsible for statements outside constitutional protection. Solely the originators of such speech? Those who facilitate access to the NII? o School and Library Selection - Publishers and librarians often find themselves caught up in the midst of difficult community and school board determinations as to what constitute "appropriate" reading materials for the classroom and school (as well as public) libraries. In an environment in which teaching and reading materials will be supplied to students not merely in print form but online, the issues of selection of, and access to, school and library reading materials are also sure to arise. o Privacy - The draft "Principles For Providing and Using Personal Information" reflects commendable and necessary concerns about protecting privacy in an era when personal information, whether medical, financial or otherwise, is transmitted through wires linking the world. But the draft fails to address the First Amendment interests that come into play when authors and publishers make use of information made available on the NII. As is true in other media, a balance must be struck between the privacy interests presented and the needs of authors, publishers and others to ferret out information from the widest range of sources, and to edit and publish such of that information as, in their judgment, is newsworthy. 3. Approaches To Address These Concerns. As the Task Force approaches the important issue of devising adequate security in the NII, it should not lose sight of important First Amendment interests that also are at stake. The AAP is itself grappling with the implications of the new technologies for First Amendment concerns. We would welcome the opportunity to participate in further discussions with the sponsors of the July 15 meeting on this important subject. In addition to the Association of American Publishers (AAP), the general First Amendment principles embodied in this statement are endorsed by the Association of American University Presses (AAUP), the Magazine Publishers of America (MPA), the Newspaper Association of America (NAA), and the American Society of Newspaper Editors (ASNE). STATEMENT OF LAW AND POLICY OF CERTIFICATE-BASED PUBLIC KEY AND DIGITAL SIGNATURES Presented by Michael Baum Preface Purpose of Report This Federal Certification Authority Liability and Policy Report (the "Report") identifies diverse technical, legal, and policy issues affecting a certificate-based public key cryptographic infrastructure. It is intended primarily as a reference source for information resource managers, policy and law makers in the public and private sectors, and lawyers and information security professionals who must understand and contribute to the planning, development, and use of a secure information infrastructure. The Report assumes that it is in the interest of the federal government to identify, contemplate and develop programs and an infrastructure that not only satisfy its immediate internal needs but also fosters private sector development, cooperation and inter-operability. Therefore, the Report transcends purely public-sector issues and concerns to provide a viable resource for the public and private sectors, domestically and globally. The Report first examines potential legal implications of certificate-based public key technology as they arise in terms of the various functions and roles that technology may be expected to perform. It then surveys existing legal paradigms, the structures and roles of relevant governmental agencies and other entities and various institutional approaches to controlling liability. As a whole, the Report presents the underpinnings of a legal and policy framework which can serve as the basis for security policies and their implementation. It contemplates aggressive and robust information security methods that exploit technologies, procedures and practices on the basis of their effectiveness and ultimate desirability. The Report concludes with a series of recommendations, both general and specific. Constructing information security requirements from a secure baseline is necessary to facilitate a cost-benefit analysis for relaxing certain requirements of that secure baseline. Recognizing that there is a significant learning curve for all players and that major infrastructural change is indeed a multi-year undertaking, this Report considers both short-term and longer term (three to five years and beyond) issues and requirements. Fundamental architectural assumptions are constantly challenged and changing as we climb the learning curve of this relatively nascent technology. Consequently, it becomes increasingly difficult to predict the future. The explosion of Internet growth and demand for its commercialization , as well as the expanding scope of a proposed National Information Infrastructure (NII) have exceeded the pundits' most optimistic predictions. In response, this Report provides a level of detail that is intended to provide for the uncertainties of future opportunities. Diverse Requirements Demand Flexibility A federal public key infrastructure must accommodate diverse requirements such that security is commensurate with the contemplated risks. Security requirements need not require the equivalent of Fort Knox to protect information of no greater value than a shoelace. Informal, personal transactions (which demand neither confidentiality nor nonrepudiation) generally require minimal security, whereas commercial transactions generally require more security, but frequently less than official government communications. Government communications are strictly official and require commensurate higher levels of security. Certain classes of information may require even stronger security. Open systems threats have induced some proponents of Internet-based electronic commerce to demand "industrial strength" transactional security. Although the wisdom of providing such "industrial strength" security to all users, regardless of cost or their needs, is open to debate, the Internet is clearly unsuitable at present for official government messaging without enhanced security. Indeed, the government would need something of materially higher quality than the password access-based unencrypted security currently available on the Internet. A shift to open systems without appropriate security is unrealistic. Role of the Federal Government Interagency messaging within the federal government, being essentially a private management domain, can demand, provide and justify higher quality security. However, such security measures can and should demonstrate the viability of enhanced services for the private sector were government increasingly to promote a secure government-private communication standard consistent with government communications needs and policies. Indeed, a federal public key infrastructure might well serve to open new public and private opportunities and markets for computer-based commerce, ultimately expanding to serve millions of users. From technology life-cycle and development perspectives, public key may appear overly complex and not yet adequately commercialized to provide viable products, but this status should compel, rather than impede, the government to move aggressively toward solutions. There is presently a window of opportunity for government to influence public key infrastructure development that demands vision and demonstrable commitment. In principle, government systems should not compete with private-sector initiatives. However, government does (or should) play an indispensable role in influencing the direction of private infrastructure when it determines that the current direction is flawed, that there is a lack of direction, or that the private sector has failed (for example, because of excessive risk aversion or the "free-rider" problem) to undertake beneficial initiatives of national importance. In this regard, federal government messaging systems should be implemented to demonstrate future possibilities for the more risk-averse parts of the private sector. A public key infrastructure can also contribute and catalyze the migration from traditional bilateral, pre-arranged trade agreements (such as electronic commerce "trading partner agreements") to more flexible, multilateral, potentially automated "systems-rules" arrangements that will better accommodate unfettered open communications and trade relationships. This migration in electronic commerce trade relationships requires a close partnership between the legal and security computer-based commerce communities of both the public and private sectors. Consideration of Privacy Enhanced Mail This report uses Internet Privacy Enhanced Mail ("PEM") to exemplify certain properties and legal implications of certificate-based public key cryptography. PEM provides for a multi-level hierarchy of certification authorities, policy certification authorities and higher-level registration authorities that is both extensible (a potential benefit) and complex (a potential detriment). These qualities make PEM a useful model for comparative analysis. Similarly to PEM, for example, a central element of most federal public key infrastructure proposals is an administrative function or entity called a certification authority. A certification authority is a "trusted entity" responsible for creating the "binding" between an entity and its public key in the form of a public key certificate. PEM is also considered and emphasized because of its comparatively advanced stage of development and the availability of extensive documentation and commentary (via e-mail and RFCs) concerning its architecture, implementations, inter-operability, policies and risks. Moreover, PEM was initially federally funded and continues to evolve with significant social and economic benefit. Nevertheless, the Report's focus on PEM is not necessarily an endorsement of PEM to the exclusion of other approaches, architectures and implications. Architectural-Legal Interface The relationship and more practical considerations among architecture and the law is both intriguing and complex. Certain public key advocates have proposed a rather flat and more centralized architecture, urging that shorter paths are "easier," more viable and practical for accommodating the diverse requirements of the personal, commercial and governmental transactions noted above. Other advocates have urged that all major employers and certifying bodies will inevitably become CAs. The trade-off is between longer paths (implicating a multi-level hierarchy) and more CAs (implicating a "shallow" hierarchy; and "peers"). Therefore, complexity will invariably be introduced. With architectural complexity, however, comes legal complexity (and uncertainty). One of the foremost challenges of the Report has been to set forth actual and potential legal norms that are capable of application to varying levels of architectural complexity. Standards and Cryptographic Policy This Report reflects sensitivity to the government's relative acceptance, adoption, promotion, or rejection of certain standards and its evolving relationship with regional and international security and information technology policy developments. The state and direction of federal involvement in such relationships will certainly influence the future. Finally, the developing infrastructure should not, and cannot, be considered in isolation from the current debates concerning cryptographic export policy, intellectual property rights and escrow-based encryption technologies (escrow technology may affect system designs as profound as has public-key technology -- and its full ramifications are unknown). Indeed, these issues have had a destabilizing impact on certain public key developments (as well as, in some cases, stimulating creative thought and proposals to move forward). The many issues raised in the Report demonstrate both a lack of, and need for, intensive coordination, research, development and implementation. The Report is intended to provide a framework to promote the coordination necessary to solve these complex and elusive problems. I. Introduction This Report surveys potential liabilities as well as liability and policy issues, that might arise in the operation of a Federal Certification Authority; ("FCA") infrastructure. The FCA, if established, is contemplated to perform various certificate-based public key; cryptographic services to provide trustworthiness and reliability to the communications of diverse FCA users. This Report also considers the procedures, processes and technologies associated with certificate issuance, maintenance and revocation, and explores the extent to which those functions may affect user expectations and FCA liability. In general, the FCA's structure and the scope of its activities raise issues and potential legal consequences based in contract, tort, constitutional, and criminal law that will need to be resolved as the FCA develops. Recognizing that liability will be a function of the actual service offerings, as well as other currently undecided issues, this Report is necessarily somewhat speculative and will consider potential liabilities for a broad range of possible implementations. To the extent that implementation of the FCA is a pioneering effort undertaken without the benefit of a comprehensive legal framework, considerable effort is made here to identify and evaluate existing entities which enjoy a rich legal infrastructure and which provide useful legal paradigms. This effort identifies particularly those entities which have seriously grappled with information in electronic form. Extrapolation from such existing institutions and their legal infrastructures is unavoidable and often quite useful, but it must also be acknowledged that this usefulness may be limited in certain cases. Most importantly, this document is intended as an "issues-and-think piece" to foster debate over the nature and extent (actual and optimal) of FCA liability. Many key issues surrounding FCA liability have yet to be resolved or even comprehensively articulated. But while definitive analysis and solutions remain out of reach for the time being, it is hoped that this Report will advance the discussion and facilitate additional intensive analysis and research. Significant work lies ahead. II. Scope An attempt to survey the liabilities associated with an infrastructure that is still largely undefined would effectively require the review of a nearly infinite number of issues. This Report attempts to narrow the range of issues by curtailing the analysis of end-user-to-end-user liabilities and focusing instead on the potential liabilities of the FCA vis vis the various users of FCA services. Because the FCA's organizational structure is as yet indeterminate, this Report also considers liability issues from both private and public perspectives. Making analogies with legal structures in the private sector is a necessity by default and enriches the analysis, particularly since there is little or no directly relevant legal precedent addressing FCA activities. The planning and development of an FCA infrastructure will benefit from consideration of diverse technical, procedural and administrative approaches and solutions. Accordingly, diverse and extensive background materials are provided to give perspective to, and lay a foundation for, future work. This Report touches upon a multitude of materials to provide useful resources and education to the diverse players (both legal and nonlegal) who must grapple with these issues and who will contribute to the development of the FCA infrastructure. This Report begins with some critical definitions that pertain to relevant legal standards. Second, it presents a series of guiding assumptions that incorporate the few fixed points of reference of legal import in this exceedingly unfixed field. Third, it surveys the universe of potential FCA activities that create liability exposure, particularly with respect of the FCA's provision of authentication and integrity assurance services. Although constitutional privacy issues associated with certificate-based public key; cryptography are real and substantial, this Report concentrates only on those privacy issues surrounding the certificate application process and related support services. Fourth, relevant theories of liability are identified and their potential as a basis for FCA liability considered. Fifth, the role of the federal government as such in the FCA is considered, both in terms of exploring the existing authority of potential candidates to undertake such activities and of the unique liability considerations implicated thereby. Sixth, liability apportionment schemes for various public and private institutions which provide *trusted entity functionality* are examined and, where appropriate, evaluated for their potential relevance and desirability for the FCA. Seventh, the role of certification activities generally and various mechanisms to limit or manage liability are examined. The Report concludes with a series of preliminary recommendations. A number of supplemental documents and sample materials are attached as Appendices. III. Conclusions and Recommendations The following recommendations are accordingly general in nature and are subject to revision as planning proceeds. [Only the captions to the recommendations appear below. The book explains each of these recommendations]. A. Forge Ahead with an FCA Implementation B. Include Legal Goals in Criteria for FCA Pilots C. Promote the Study and Development of Legislative Proposals D. Develop FCA Agreements and Policies E. Aggressively Promote a Rationalization of the Global Certificate Infrastructure F. Organizational Structure G. Develop an Appropriate Interface Between the FCA, Other Federal Organizations and Private Third Party Service Providers, Including Non-FCA Certification Hierarchies H. Develop Special Presumptions for FCA-Enhanced Communications I. Develop an FCA Infrastructure that Limits, Rather than Excludes, Liability J. Develop an FCA Infrastructure that Provides Flexible Liability Limits K. Utilize Card Technologies in Early Pilots L. Identify and Implement Requisite and Appropriate Disclosure, Notification and Warning Mechanisms M. Evaluate Insurance Paradigms N. Evaluate and Reform Computer Crime Laws O. Assure the Accountability of Employees in Positions of Trust P. Integrate Legal Risk Analysis into FCA Risk Analysis Q. Promote and Integrate Audit, Legal and Security Education Extensively R. Research the Implications for Consumer Use of the FCA S. Develop (or Bolster) a Multidisciplinary FCA Development Group T. Promote and participate in Attribute Certificate Methodologies U. Recommendations for Further Work STATEMENT OF INFORMATION INDUSTRY ASSOCIATION Presented by Cynthia Braddon I am Cynthia Braddon, Vice President for Washington Affairs of McGraw-Hill, Inc. I appear this morning on behalf of the Information Industry Association (IIA), in my role as chair of the IIA Public Policy and Government Relations Council. I appreciate the opportunity to be here this morning, and commend you for convening this public meeting on a topic that is crucial to the success of the National Information Infrastructure initiative. The issues you are hearing about today have been the subject of lively debate within IIA for several years. My personal interest in this subject has been stimulated by my service over the past year as a member of a panel convened by the National Research Council to examine future directions for the National Research and Education Network. Our report, "Realizing the Information Future," was recently released. IIA is the trade association of leading companies that develop and distribute information products and services to meet the information needs of businesses, professionals, researchers and consumers worldwide. Our more than 500 corporate members include the pioneers in commercial on-line services and other forms of digital information distribution. We eagerly anticipate the opportunity to reach more and more customers through the advanced National Information Infrastructure. But if the advanced NII offers opportunities, it also presents serious risks. Reducing these risks is a major concern for IIA member companies. After all, we spend millions of dollars each year to create, collect, organize, enhance, and distribute information. We can continue to make these massive investments only if we are confident that we can effectively protect and manage access to the intellectual property that results. If these risks cannot be effectively countered, then the "information superhighway" will fall far short of its exciting potential. The recipe for success will lack its most crucial ingredient: information. If we allow that to happen, not only will information companies be hurt. So will every potential user of the NII: businesses, government agencies, libraries, academic institutions, and individual consumers. IIA's position statement outlines the main information security risks that are inherent in the impressive technological capabilities of the advanced NII. Let me emphasize three of them this morning: o First, every NII user is, potentially, empowered to commit copyright infringement on a massive scale, and at a trivial cost. o Second, these users could also tamper with information to change its content, lie about its origins, and deceive other users about ownership rights. o Finally, NII users can invade the privacy of other users by monitoring how they use the information superhighway, and spying on the content of messages and network transactions. Some of these security violations are easy to commit; others are much more difficult for the average network user; but every one of them is not only conceivable, but has actually occurred, on Internet or on other information networks. No wonder information companies approach the information superhighway with some trepidation. The private sector is already doing a lot to tackle these problems. Research and development projects are looking into new ways to protect information through encryption, use of software "envelopes," and standardized "headers" to identify ownership. Testbeds are being planned for automated copyright management systems, so that users can easily identify and obtain licenses to access the information they need, without running up exorbitant transaction costs. HA has summarized some of this activity in a book we have recently published: "Protecting Intellectual Property Rights on the Information Superhighways," by Joseph L. Ebersole. We have already sent copies to every member of the U.S. Advisory Council, and would be glad to furnish more copies. We believe you will find it a valuable resource. What can the federal government do to make the information superhighway a safer route on which to travel? We have suggestions in three areas: technology, law and education. IIA's position statement lists some of the technological problems that must be solved: establishing secure identification systems; means for assuring integrity and authenticity of information; rights management mechanisms; and network-based billing and collection services that are reliable and confidential. We believe these technological challenges can and will be solved, mostly through research and development undertaken by the private sector. Government's crucial role is to support generic R&D in these fields and provide a forum for information sharing. In that regard, we are pleased that the information infrastructure bills passed by both Houses of Congress authorize funding for research and development on network security issues, including specifically copyright protection and management. We hope this focus will be maintained in whatever bill is finally enacted. Many of the legal issues are addressed in the preliminary report issued last week by the Working Group on Intellectual Property Rights of the IITF Information Policy Committee. That report makes an excellent start in identifying how the Copyright Act should be fine-tuned in order to clarify its application to the new networked environment. We believe that the legal instrument most commonly used to govern the rights and responsibilities of network users with regard to copyrighted information will continue to be a license - in other words, a contract. Therefore, it is important that the law clearly acknowledge the validity of contracts formed by network participants, even if no formal written agreement is ever executed. Finally, we face an educational challenge. The level of public understanding of the need to respect intellectual property is distressingly low. Neither technology nor law, alone or in combination, will succeed in reducing the security risks of the NII to a tolerable level. For that to occur, public attitudes must change. Fortunately, this is an area in which the federal government can make an important difference. One reason IIA is so heartened by the report issued last week is that it begins to use the "bully pulpit" of the federal government to preach the gospel of respect for intellectual property. Today's hearing could have some of the same effect. There is something else the federal government can do. The Administration has called for a big increase in spending to hook public institutions up to the Internet and to encourage schools, libraries, hospitals and other institutions to use these exciting new networks. These federal dollars should not just be used to teach people how to sign on the networks, navigate, and sign off. They should be used to encourage, not just use, but responsible use, of advanced information networks. The schools, libraries, and hospitals that receive this funding should be required to teach their students, patrons and staff about respect for the intellectual property and privacy of others. Training in responsible use is an investment that will pay off, in a National Information Infrastructure that is safer and more hospitable to information, and that therefore features richer information resources for all users. Thank you for your attention. I would be pleased to answer any questions. The Information Industry Association (IIA) is the trade association of leading companies that develop and distribute innovative and authoritative information products and services to meet the information needs of American businesses, professionals, researchers and consumers. Our 500 member companies range from large global corporations to entrepreneurial start-ups, and include traditional and electronic publishers, database producers and providers, interactive electronic services, computer manufacturers, software developers, financial information services, and telecommunications providers. I. How will IIA member companies use the NII? The common theme among IIA's diverse membership is the value of information, delivered to the customer in many forms and through a variety of media. Just as we use today's information infrastructure to obtain and distribute this information, we will use the advanced National Information Infrastructure in the future to reach broader markets with more information. IIA member companies have a crucial stake in the resolution of security issues in the advanced NII. Having invested millions of dollars in research and development to find better ways to create, collect, organize, enhance, and distribute information, our primary security concern is to manage and protect this intellectual property in order to facilitate broad access to it. IIA has undertaken extensive efforts to examine existing and developing means for protecting intellectual property in an advanced network environment. These are exemplified by IIA's recent publication, "Protecting Intellectual Property Rights on the Information Superhighways", by Joseph L. Ebersole. The book sketches the legal and technological challenges facing publishers and other copyright proprietors in the new networked environment, and outlines the requirements that must be met in order to encourage the continued development and distribution ofinformation content. II. What security exposures or risks are of concern to IIA member companies? While advanced network environments offer exciting prospects for reaching new customers with information products and services, they also present considerable security risks. For instance: o Technology empowers every NII user to reproduce and distribute massive quantities of intellectual property without authorization, undetected, cheaply, easily, and instantaneously; o The authenticity and integrity of information in the NII is jeopardized by the ability to falsify its provenance and corrupt its content quickly and easily, without obvious evidence of alteration; o Use of contracts to manage access to and use of intellectual property could be hampered by legal questions concerning the validity of on-line contracting and by shortcomings in billing and collection mechanisms; o Use of information services could be discouraged by the risk that unauthorized access to transactional information would compromise customer confidentiality and privacy; o Cultural and behavioral factors could facilitate irresponsible use of advanced information networks, including disrespect for intellectual property and privacy. III. What approaches should be taken to address these security concerns IIA has identified basic technical, legal and educational objectives that would ameliorate the security risks listed above. The following list summarizes some of these and assesses the optimal government role: A. Technical issues (1) Identification systems for digital information, whether originally created in digital form or imported into a digital network, that reflect copyright ownership and status, resist tampering, and accompany protected works when they are displayed, downloaded, or redistributed. (2) Means for assuring integrity and authenticity of digital information (including but not limited to encryption). (3) Rights management mechanisms that facilitate authorized transactions in intellectual property. (4) Network features to facilitate billing and collection for information services rendered pursuant to contract, while maintaining customer privacy and confidentiality. Government role: A multitude of techniques for protecting intellectual property in the NII environment are being explored. The government has an important role to play in supporting generic research and development in such areas as labeling and encoding, and in providing a forum for information sharing so that manufacturers and designers can stay current with technical developments. The burgeoning of alternative strategies in this field reflects innovation and competition. The government should not stifle this creativity by mandating one form of protection. B. Legal issues (5) A regime for creating binding and enforceable electronic contracts between NII users, including intelligent agents. (6) Clear and vigorously enforced copyright and other intellectual property laws. Government role: IIA does not believe that any fundamental changes are needed in existing copyright law for it to continue to achieve these outcomes. Any proposal for a fundamental rewrite of copyright law must demonstrate its clear superiority to an enormously successful status quo. However, there may be areas where current law can usefully be clarified, particularly in the area of licensing of intellectual property in electronic form. In an increasingly global information marketplace, the international impact of proposed copyright law changes must be carefully considered. C. Educational/cultural issues (7) Education in responsible network use and respect for intellectual property. Government role: Education and training in the use of the NII must reach beyond operational issues to developing an appreciation for the role of security and respect for intellectual property in assuring an abundant supply of information for users. The government cannot and should not be solely responsible for this educational effort, but can help provide crucial elements of an educational campaign such as curriculum development, teacher training and a public forum for raising the profile of these issues. STATEMENT OF POSITION ON NATIONAL INFORMATION INFRASTRUCTURE SECURITY Presented by Cheinan Marks The delivery of information and information-related products to consumers and businesses is rapidly changing with the evolution and development of new technologies such as CD-ROM and computer networking. One industry that has and will be changing with technological innovation is the photography industry. Where once huge boxes of slides organized with index cards existed, today, images can be stored and indexed electronically for easy retrieval. Photography end users also manipulate images electronically with page layout software and prepress production. While the images are stored and used electronically at both the supplier and the user, the image itself must still be transmitted by sending electronic storage media such as a disk or CD-ROM through the mail or by overnight delivery services. The National Information Infrastructure (NII), by providing a high-speed digital connection between suppliers and customers, would facilitate the delivery of photography to customers, reduce the need for maintaining an inventory of digital media, and eliminate the risks of loss and delay in current physical delivery systems. The NII would thus reduce the cost of photography to users and free the photographers from administrative tasks involved in delivering their work to their clients, freeing them to create new work. While potentially providing many benefits to users and suppliers of photography and other information-based products, use of the NII for the transmission of a commodity is potentially risky due to the possibility of loss, diversion or unauthorized copying. At the minimum, the NII should provide privacy and insurance that the intended recipient is indeed the receiver, but since the information has monetary value, protection against monitoring and copying should be provided too. This security should primarily be provided by private means, and be backed up with supporting legislation. The government should provide legislation to prevent theft and wiretapping, as currently exists for mail and telephone services, while allowing individual users of the NII to choose from security features provided by the private sector. This situation is analogous to the current use of the mail system. The government provides a means for transmitting information cheaply and universally and provides laws to prevent theft and unauthorized use. The private sector provides postcards, envelopes, security envelopes, and more secure packaging options, depending on the level of security and privacy required by the user. To truly provide a secure network for commerce and communication, the government should set STRONG encryption, authentication and digital signature standards and allow their free distribution and export. The market for photography and other information commodities is international. Digital communication in other countries is not as secure as the U.S., and foreign customers often require strong encryption and authentication services. By setting standards that are open and strong, the government can assure the public that the security of the NII is trusted, and lay the foundation for purely electronic commerce and other higher risk future users. With the dual protection of laws preventing wiretapping and diversion from the government, and strong security from private sources, a safe environment can be created for commerce and communication in the United States and abroad. The role of the government in securing the NII should be to protect the physical connections of the network from intrusion and allow users the maximum flexibility in selecting security software and hardware suited for their privacy requirements. By doing this, government will reduce the overhead costs for both suppliers and users who will have a secure channel for product distribution, enhance the exposure of suppliers to potential customers, improve the competitiveness of U.S. businesses abroad, and most importantly, allow photographers and clients to take advantage of the rapid developments in technology that are revolutionizing the profession. STATEMENT OF INTERNET ARCHITECTURE BOARDS INTERNET SOCIETY Presented by Stephen D. Crocker The National Information Infrastructure (NII) offers the promise of high quality connections to a wide range of information sources and services. It promises to transform our daily lives in business, education, and entertainment, perhaps not in that order. It also contains the potential threat of being intrusive in our personal and business lives beyond George Orwell's wildest imagination. In this note, I want to suggest a point of view with respect to protecting the privacy of individuals and institutions, and with respect to using the technology we're creating to aid in that protection. We're all familiar with the existing data banks which hold personal information, with credit data and medical leading the list. We're all equally familiar with the horror stories of people who have suffered greatly because of mistaken identity, incorrect information and similar difficulties. Unless we focus attention on these matters, there is no reason to expect things to be different with NII in place. However, the NII offers the opportunity to use the technology itself to change the ground rules and operating procedures for maintaining data bases, and thereby materially increase the confidence all users will have in the privacy and accuracy of data bases. In the Internet environment, which serves as the crucible for NII, we have watched the development of directories which aid in locating people. The earliest directories were simple in nature. Everybody who was involved in the early network development was listed, and everybody had access to the directory. It was an enormously useful service and helped foster a sense of community among the early networkers. As the network grew, we watched the directory fall apart partly because of scaling issues, and partly because the ethic did not keep up with the technology. Some of the data was stale, in some cases ten years old. No regular scheme was developed for testing or documenting the accuracy of the data. Reports of inaccuracies often were ignored because they came from the users, i.e., the people affected, and not the owners of tho directory. And with respect to privacy, there was no clear way for a person to remove himself or limit distribution of information. All of these problems exist in today's commercial and government data bases, and without specific attention they will carry forward into the NII. However, with a, modest level of attention we can set a new standard for accuracy and privacy which will forestall many of the worst fears of the forthcoming brave new world. Here is a set of principles which should be adopted as part of enabling legislation for the NII. These apply to any service provider which maintains or provides information about individuals or corporations. 1. Accuracy Anyone who maintains a database with personal or corporate information has an obligation to provide accurate information. Information providers have an affirmative obligation to assure the accuracy of the data they provide, and they have an affirmative obligation to correct any errors they are made aware of. 2. Standing Inaccurate information is a disservice to users as well as to the party incorrectly listed. If my phone number is listed incorrectly in the phone book, the people most directly affected are the ones trying to call me. Information providers must accept notification of errors from users as well as listees. 3. Notification Except for special circumstances to be specified in law, all data base providers must provide each person a copy of the information in the data base which pertains to that person on a regular and timely basis. 4. Privacy Except where provided by law, each person has the option to remove him or herself from any database. STATEMENT OF NATIONAL SECURITY TELECOMMUNICATIONS ADVISORY COMMITTEE (NSTAC) Presented by Dr. John Edwards Since it was established in 1982, the NSTAC has explored numerous issues related to emergency telecommunications and made significant recommendations to the President, many of which the Government has implemented. One issue NSTAC has explored, particularly relevant as the NII evolves, is how to protect the Public Switched Network (PSN) from the "intruder" threat. Our society has become increasingly dependent on telecommunications for day-today communications as well as for response to emergencies and disasters. The NII will accelerate that dependence. It will provide greater access to data than ever before, and more powerful analytical tools. Intruders can use these capabilities to derive information that simply was not accessible in the past. It is therefore essential to identify, examine, and resolve NII security issues in the early stages of its design. Government and industry are now addressing the significant threat to the PSN from computer intruders. Intruders are no longer simply curious adolescents; they now include highly knowledgeable, skillful adults, working towards specific purposes, frequently for financial gain. Malicious computer intruders have destroyed data in several computers, among them an educational and instructional information database used by hundreds of schools and teachers in three states, and have even disrupted E-911 services. Government and NSTAC Network Security Information Exchanges (NSIEs), formed to deal with the problem, share information and views on threats and incidents affecting the software elements of the PSN, its vulnerabilities and their remedies, and the consequent risks to telecommunications. The NSIEs have developed products, such as documents and symposia on network security, to share lessons learned about threats, vulnerabilities, and remedies with a broader audience. They also explored the deficiencies of Federal laws on computer crime and proposed legislative changes to correct these deficiencies. The NSTAC's Network Security Standards Oversight Group (NSSOG) is composed of individuals with design and operations expertise and standards awareness. Members work through the standards community to foster the development and adoption of a consistent set of network security standards that will embrace architecture, design, operations, interfaces, and assurance. Comprehensive standards for network security are particularly important as the NII evolves, with new technologies rapidly emerging. While these new technologies provide extraordinary capabilities, they also bring with them potential security concerns. It is important to address the security and new technologies of the NII in the early stages, and to include security as an essential element in designing the architecture. Since standards provide the foundation for the architecture, it is critical to establish security standards at the onset of the design effort. As the NII grows, users will take advantage of new technologies to conduct their business, and they will require commensurate security features. To meet the full range of requirements, security in the NII should be scalable. This can be achieved more equitably and cost-effectively, and can accommodate more users, if it is accomplished at the user end. Service providers may then respond to the market demand and adapt their network interfaces to accommodate these additional features. The proliferation of users, applications, technologies, and connectivity will make security in the NII environment much more complex than it has been in the past. Increased interconnection, through regulations requiring service providers to grant nondiscriminatory access to any entity seeking to provide telecommunications or information services, will also make security more critical. In addition to security becoming more complex, the risks associated with breaches of security (e.g., denial of service, loss of confidentiality) will increase as the public's dependence on the NII grows, making security a higher priority. Therefore, as we define the NII, we must generate policies balancing legitimate security and privacy concerns with the goals of fostering competition and universal access. STATEMENT OF STANDARDS FOR ACCREDITED STANDARDS COMMITTEE - X9 - FINANCIAL SERVICES Presented by Cynthia Fuller How will you use the NII? The financial services industry is just beginning to examine its role in and on the information superhighway. The Financial Industry Standards community within the Accredited Standards Committee - X9 (accredited by the American National Standards Institute) includes a multi-industry membership representing credit/debit card companies, vendors of products and services including banking networks, banks, other financial institutions and government agencies. This constituency membership will travel the information highway and as the developer of industry standards X9 stands ready to enable all developments through the use of standards. The financial services industry is today highly automated and through the development of technical standards is able to communicate bank-to-bank, bank-to-customer, bank-to-government and in many other environments. It is conceivable that the industry will use the superhighway to serve its customers in many payment services. What security exposures or risks are of concern to you? Today, trillion of dollars in funds and securities are transferred nationally and globally by telephone, wire services, and other communications media. The high average value size of such transactions expose the financial community to severe risks both from accidental and deliberate alteration of messages. The ASC-X9 wrote the security standards widely used by the financial industry for protection of information. Some of the standards that are in development or already in wide use deal with the authentication of messages between parties to financial transactions, the encryption of the data whether the environment is card based or message based. The X9 committee is developing a banking application specific standard for "remote access" which will provide security for various environments. What kinds of approaches should be taken to address these security concerns? Consumers have been cautioned against providing unsolicited financial information over the telephone. Consumers need to be made aware of risks of what data could cause fraud to be perpetrated over the information highway. The government must look to industry standards for security. The government could be a provider of public service information related to use of the NII. Payment transactions to support electronic commerce will be transacted on the information highway. ASC-X9 can support and design the message formats and provide the standards for security, the government must support these efforts from a policy direction. STATEMENT OF WASHINGTON SCHOOL INFORMATION PROCESSING COOPERATIVE Presented by Jill Hanson The NII offers many benefits to public education because itenables the ubiquitous sharing of information at all levels. One such application is the use of Electronic Data interchange (EDI) as a mechanism of passing critical information between agencies. EDI has the potential of improving educational services and reducing administrative costs at all levels. The successful deployment of EDI in education is dependent on the network environment it runs within which must demonstrate a high level of security, integrity, and reliability. The U.S. Department of Education,through the National Center for Education Statistics,has sponsored the development of standardized data formats for engaging in this activity as it relates to educational information. The first products enabling the electronic exchange of student information, under a project known as SPEEDE/ExPRESS (Standardization of Postsecondary Education Electronic Data Exchange/Exchange of Permanent Records Electronically for Students and Schools), have received preliminary approval as draft standards by the American National Standards Institute's Accredited Standards Committee X12 for Electronic Data Interchange. it is envisioned that both elementary/secondary and post/secondary institutions will use this technology to better serve students who are transisting between their institutions. From the federal perspective, a by-product of this automation and standardization will be more timely, uniform, accurate, and comparable educational statistics at the local, regional, state, and federal levels which should result in better decision-making. Elementary/secondary school populations are becoming increasingly mobile and the need to expeditiously send information to the receiving institution has become critical. Traditional means of records exchange have resulted in serious disruption of educational services due to slow speed of delivery and inaccurate portrayal of information. Costs for manual processing of this information are considerable due to the inefficiencies of paper handling and non-standardized data formats. The opportunity for security breaches utilizing paper transport systems is much higher than a properly implemented electronic system of records transfer. Post/Secondary schools have a strong desire to process the incoming transcripts for their students in order to serve them better. Each year these institutions receive thousands of transcripts in a very short time frame and are faced with the time consuming job of analyzing course work to determine admissions decisions. There is also a need to sand transcripts back to the elementary/secondary community in order to provide feedback on student performance as well as for teacher certification purposes. Confidentiality Because many of these educational institutions are linking via the internet, demand for using this utility to exchange this information is high. This immediately raises the issue of security and confidentiality as it pertains to student records. The confidentiality of student records is protected through the Family Education Rights and Privacy Act of 1974. It dictates the content, use of and access to student information which includes all materials maintained by a school district about the student with the intent to aid in the educational process. Natural parents, legal guardians, and students (age 18) have certain rights concerning the contents and release of the student record. The law gives school personnel who have a legitimate educational interest access to educational records upon receipt of an official request from a school district without parent notification or parent authorization. These records can be transferred to another public or private school district in which the student is to be enrolled without parental consent, but the parent is supposed to be notified that the record hall been transferred. Student record information other than basic directory information cannot be disclosed to nonschool agencies and individuals without parental consent. Although it does address school policy on what information can be released, how it's released and to whom, this law does not address issues introduced by the use of EDI or network technology. Doing transactions via EDI may involve legal uncertainties and require special processes be put in place to ensure records are protected both at the source and in transit. Security Administration Once a computer system containing sensitive student information is placed upon a network, it becomes Potentially vulnerable to unauthorized access. As schools begin to install networks and link into larger networks such as the Internet, they must be sensitive to this liability and their responsibilities to protect confidential information. Internal control systems should be reevaluated utilizing the risk assessment process to assure responsibility for data maintenance, audit trails, transaction reconciliation, system security administration, and backup capability are accommodated. Transmission Authentication Parties engaging in electronic exchange need to be assured that they are who they say they are. The process utilized for the exchange must have verification mechanisms or processes built in to authenticate the transaction. Acknowledgment of receipt of.the data, which includes some significant items from the initial transmission, should be sent back to the legitimate source of the data. Absence of this acknowledgement should alert the sending institution that something is not right. It is technically possible for this information to be siphoned by an unauthorized person eavesdropping on the internet. For this reason, use of encryption technology is advisable to reduce that risk. This will require trading partners to agree upon an encryption key. Government standards for encryption are being debated at the current time and clear direction is not apparent. Audit Considerations When information is converted from the paper record to electronic storage medium and beyond it is advisable that an audit take place to ensure accuracy. EDI users need to use tools that verify the data packets are correctly constructed and that the contents haven't been altered during the course of the transactions. Many third party translators and value added networks offer these types of services to their EDI customers. There is opportunity for such services to become available on the Internet. Applicability of EDI in Education utilizing the National Information Infrastructure The exchange of student records is only the tip of the iceberg when it comes to possible applications of EDI within education. As these institutions link up, the opportunity for re-engineering all aspects of education explodes. The demand upon public education to do more with less continues to escalate along with the demand for mora information. EDI provides the opportunity to leverage investment in technology by automating manual processes which will ultimately result in cost efficiencies as well as provide higher quality information about education. The NII will be instrumental in making this vision become a reality. To ensure success, the Nil must guarantee a reliable and secure environment that users can depend upon. Clear federal policy on issues of security and confidentiality will need to be an integral piece in achieving viable solutions for the education community. STATEMENT OF INTEGRATED COMPUTER SYSTEMS, INC. Presented by James Goldston How ICS expects to use the National Information Infrastructure (NII) On September 15, 1993, President Clinton signed an Executive Order authorizing the creation of the United States Advisory Council on the NII. Universal access, health care applications, and electronic commerce are just a few of the services the President has stated the NII must enable. Our country will reap many benefits from this technology. Integrated Communication Systems (ICS), of Oak Ridge, Tennessee, is providing our clients with a secure entry point to the NII, through "Internet Tennessee." We also provide other enabling technologies to ensure the privacy and integrity of their electronic commerce. What security exposures or risks are of concern to ICS ICS Is closely following the President's Internet Engineering Task Force. We are taking steps to implement the services necessary to promote the exchange of commerce on the Internet. That means the creation of an environment in which business transactions can occur in a secure and private manner. Most people feel it is unacceptable for someone to look over their shoulder while making a withdrawal from an automatic teller machine. Nor would they appreciate it if: their buying habits are obtained by a telemarketeer, their bid on a competitive contract is obtained by a competitor, their medical records were freely available to anyone, or their mail could be easily read. This describes the current implementation of the Internet. Most people are unaware of the ease with which industrial espionage and invasion of privacy is facilitated by the Internet's wide-open architecture. Although they may not be techno-literate, most companies limit their activities on the Internet. They do not store sensitive data on the same hardware platform with competing businesses, nor do they send/receive purchase orders on the Internet; rather, they depend on facsimile, telephone, and overnight express. Internet providers have many competing businesses and users on the same server. Some users may not practice proper "netiquette." As part of our secure environment, we will advise our clients on proper and improper behavior. Prescriptive behavior will not be tolerated; however, we are not aware of any legislation that will protect us should be feel it necessary to closely monitor (e.g., keystroke monitoring) an individual. We must provide security isolation for our clients yet allow some data sharing. These operational requirements are sometimes orthogonal to security requirements. We expect our clients to see increased frequency in virus activity. This is due to the ease in which anyone can use the Internet through user-friendly tools like Mosaic. We would also not be surprised to see World Wide Web servers that are fronts for organizations whose sole purpose is industrial espionage. Such a server could have Trojan Horses embedded in downloadable files. Although this may sound like a spy thriller, this technology exists. What kinds of approaches should be taken to address these security concerns Many of the tools necessary to create an environment to foster President Clinton's vision of the NII are available, albeit some are Model A's. Internet Providers can define an environment in which competing businesses may reside on the same hardware platform without fear of industrial espionage from each other. There are tools available that encrypt sensitive data before it ever appears on the Internet, provide an electronic form of registered mail, provide an electronic signature, and show when a message has been modified. Internet Providers should be encouraged to promote the use of these tools. It is difficult to practice safe computing in an unsafe environment. We feel it is necessary to provide our clients with a secure environment as possible. This necessitates a secure operating system that can separate one business from another. The only operating system with the level of security needed for this application are those developed for the U.S. Federal Government. Most Internet Providers use a Unix-based system (a few may use a C2 version of Unix; however, none provide the capability to "firewall" one company from another-a security feature that only enters at the TCSEC B1 level. Internet Providers should be encouraged to take advantage of this technology transfer. On the other hand, because these systems were developed for restricted government environments they do not have a rich tool set to administer commercial applications. Trusted operating system developers must address this need if we were to see commercial use of trusted systems in the NII. Applications must be developed that do not negate the security of the system. The composed system must also be secure--a source of continual debate in the computer security field. The above addresses a few of the many security issues we face while trying to inject security into the NII's wide-open architecture. There are many others. We are looking forward to the public meeting and will make ourselves available should the committee choose to invite us to testify. STATEMENT OF C. EVERETT KOOP INSTITUTE Presented by Mike McDonald Security in the health system is critically important for privacy, confidentiality, and quality assurance. However, any attempts to protect confidentiality, privacy, and quality assurance which ignores present and future health system functionality is actually a detriment to security. Security "solutions" that trade off functionality for protection should be discarded for more thoroughly considered approaches that allow functionality and security to coexist and evolve together in a rapidly changing health information network. There are seven elements of the health information infrastructure: 1) administrative; clinical; professional education; telemedicine; personal health; population knowledge bases; and community networks. The future health network will encompass applications, especially in the areas of personal health, population health, and community approaches that hold great promise for the American health system in terms of improved health status, access and quality of health services in the context of cost containment. Security issues associated with these elements of the network must be most carefully considered to ensure that neither functionality nor security are sacrificed given that they are often not considered to be as important as they are in the health system today. Our health system and our society are now entering a period of significant change. We are experiencing changes in the patterns of health and diseases that have yet to be well addressed by the health information infrastructure. The use of an intelligent network and the emerging methodologies of the sciences of complexity are thought to hold great promise for breakthroughs in improving health over the coming decades. Our reportable disease structure -- which to this day does not consider chronic illnesses -- is perhaps the most obvious, but not necessarily the most profound example of how the lack of sufficient methods for aggregating health information compromises the health of Americans. The conclusions of aggregated disease surveillance information through a paper format, as scant as it is, may take two years to return to the physician community in the form of epidemiologic reporting in newsletters, databases or journals. With encrypted electronic files with scrambled patient identifiers aggregated systematically from computerized patient records, a physician or public health professional could get summary and detailed reporting of disease patterns in their patient or community population the next day. This would not only improve patient care by reducing uncertainty, but also vastly improve the management of epidemics, endemic disease, and yet undiscovered syndromes that go largely undetected and unmanaged today. Encryption will play a critical role in the health information infrastructure. However, security will not be served by encryption alone unless the questions of ownership and licensure of health and medical information are adequately addressed. For example, today, it is all too often the case that a patient asking to see their medical record is denied their rights because of hospital- or clinic-specific rules as to the availability of those records. Whereas, nearly anyone in a white coat and a bakelite name tag would have immediate access to the record. Many of the schema for protecting patient privacy and confidentiality allow for full disclosure of patient records at the physician and health plan level, while removing all personal identifiers when health information from these records are aggregated beyond the plan. These schema do, to some degree, reduce the vulnerability of these records from hackers and government intrusion. However, in a free market health care system with some corporate and insurance-based medical clinics, these schema ineffectively address the incentives for the employer and the insurance industry to dump high risk and chronically ill employees and beneficiaries. In addition, when we can better identify those at high risk of newly discovered syndromes, the schema -- which restrict even scrambled personal identifiers from being passed on in aggregated data beyond the plan level -- will disable the health systems ability to notify these individuals and their doctors in an effective manner. An elaborate mechanism for disseminating disease surveillance databases software embedded within personal health information systems and clinical record systems would be an alternative approach. Yet, in a laissez faire health care economy, a strategy of this kind with no regulatory mandate and a high degree of information overhead would unlikely provide a large percentage of Americans with sufficient notification of their unique health status and health risks considering the insights available through population approaches. STATEMENT OF OMB WATCH Presented by Patrice McDermott OMB Watch, as an advocate for public access to government information and, with the Unison Institute, as a provider of access to government information online through RTK Net, is already an active user of the portion of the NII that is now in existence. Through the Right-To-Know Network (RTK Net), we not only provide the public with access to government information but also provide a means for user communities to share strategies for using the information accessed. We are actively involved in advocating for the public interest on Information policy issues, at both the policy planning and the Implementation ends. The integrity of the information available to the public is an issue of central concern to us. Moreover, the users of RTK Net utilize government information to create better working and living conditions for their communities and the accuracy of the information they present is critical. Thus, while we are concerned with the technical issues surrounding security, integrity and reliability of data, we are also very concerned with the content of the data that is made available. lntegrity and reliability also need to be defined to include comprehensiveness and meaningfulness of the data that the government makes available to the public. To this end, for instance, we believe that changes are need to trade secrecy policy in order for the public to have access to full and meaningful information. We do not, and do not intend to, deal with personally- identifiable information. We support both privacy protections and mechanisms to ensure the security and integrity of communications and of transmitted government information. We are concerned that "security" not become a codeword for "secrecy" and be used as an unexamined reason for denial of access to information or prevention of disclosure of its existence. STATEMENT OF COMPUTER SECURITY GROUP LOS ALAMOS NATIONAL LABORATORY Presented by Mike Neuman Will Security Concerns Stall the NII? For the National Information Infrastructure to truly be a valuable national resource, it must support a diverse set of users and usages. The network will therefore have traffic ranging in sensitivity from public information (such as blank income tax forms) to sensitive medical and financial records. The loss or corruption of either would cause serious (and in some cases irreparable) damage to individuals, companies, and government. Security concerns will stall the development of the NU and indeed they should. It's imperative that time and money be spent to develop the computer security technology needed to make the NII safe. Potential users of the NII need to either be protected from the risks of connectivity or be taught not to trust the network. Clearly the latter will limit the applications of the NII so severely that its value will be questionable. Users of the NII and their data should be protected from the moment they connect otherwise the risk of hackers destroying, modifying, or redistributing data is too great. Imagine medical records and prescriptions tampered with, bank accounts modified, or corporate secrets distributed--these have all happened in the past on many occasions, and these are all reasons many organizations refuse to connect to the Internet today. Many others still connect without knowing what the risks are until data is corrupted. We can protect these users through three programs. The most important program is education. People will have no idea what to expect when they connect to the Internet (or later, the NII). The hype has told them to expect a wonderful global community where they can share ideas and information freely with no problems--this certainly is not currently the case, and probably will continue as such for the foreseeable future. Once the NII is in place, potential users will see how much connecting the NII can aid their company, themselves, or others. They will connect their organization's computer systems, offer services to the outside world, teach their users to use NII resources, and not have a clue how to sufficiently protect their internal computers, data, and services, or even that they are at risk. These are the prime targets for hackers, and once an organization is attacked in any way, they'll learn to distrust the NII. Once the NII is mistrusted, a considerable value is lost. These organizations need to be educated to the risks of connectivity, as well as to the measures that can be taken to prevent loss. Once educated, organizations will need tools to help secure their computers and networks. This includes documentation and guidelines less cryptic than the greater than 20 volume set of rainbow books. advanced intrusion detection systems, reliable fool-proof encryption systems, host and network based automated security scanners, simple user programs with security built in (such as mail, news, and World Wide Web browsers), improved security features in operating systems, a secure networking protocol, implementations of ANSI security standards (such as X9), and others. Computer security research is still in it's infancy, and is beginning to become so important, it can't continue at it's current level of effort. This research needs to be funded at a high priority before the NII is in place and offered to the people. Once provided tools and education, organizations will be a lot better off then they are today. But there's still the problem of legality. Before many organizations are willing to take the risk of offering services or even connecting to the NII,they need to be assured that they have legal recourse if they are attacked. Currently, the laws in place for government interest computers allow government security administrators to at least threaten attackers with criminal action and make them look to easier targets. Companies and individuals have no such rights--at best, if they can prove damages (difficult) and who the attacker was (very difficult), they may be able to get a civil settlement. This is far too risky for hospitals or banks who could potentially lose millions of dollars either through suits or modified bank records. In addition to having legal recourse, a single organization is needed to report security incidents and operating system and program bug reports to. The Department of Defense funded CERT makes an attempt at being this reporting organization, but most security and system administrators agree something better needs to be put in place. The NII offers tremendous opportunities for data sharing and electronic communities, but the political and technical issues of computer security need to be dealt with first, before people learn to mistrust the NII. As it stands today, and until computer security research is significantly advanced, many of the more impressive and valuable applications of the NII are impossible considering the potential risks. STATEMENT OF OPEN SOURCE SOLUTIONS, INC. Presented by Robert D. Steele TALKING POINTS for the Public Interest Summit We are all indebted to the Vice President and his team for their role in supporting the President's program to reinvent government and the American Workplace. The National Information Infrastructure (NII) provides the vital element of connectivity-- including civic networking--without which no program to improve our national competitiveness could succeed. There is a larger vision, a larger program, where Executive leadership must play a vital role: we as a people require a NATIONAL INFORMATION STRATEGY. Our national competitiveness, and indeed our national security in the information age, require a depth and breadth of commitment to information as a commodity; to information as a substitute for time, space, capital, and labor. Information--applied information--is vital to both our defense and our prosperity. Connectivity is but one of the four major elements of what must soon become a NATIONAL INFORMATION STRATEGY. For those counseling the incremental approach, "connectivity today, content tomorrow," I would say: it will be too late. The fragility of our position in the world, in terms of "brain drain", budget deficit, and electronic security, all require that we establish a four point integrated program immediately, outlined below. CONNECTIVITY. Such a strategy should build upon the NII as its technical foundation, hut provide for three additional elements: CONTENT. Existing government programs, under the auspices of a National Information Board within The White House, should provide incentives for all elements of the information continuum (K-12, universities, libraries, businesses, information brokers, media, government, defense, and intelligence) to put content online; only in this way can we establish a robust national "information commons" and give Robert Reich's symbolic analysts something other than a starvation diet. It is vital that we establish means of nurturing distributed centers of excellence throughout our Nation, in all topical areas, providing all sectors with incentives to place encyclopedic information into the "information commons" and thus stimulate productivity, COORDINATION. Using a body similar to those now orchestrating NII technical issues, focus on resource management across government and private sector boundaries in both technical and non-technical (content) arenas. There is no good reason why hundreds of major organizations should be wasting approximately $2 billion a year creating hundreds of variations of a basic multi-media analysis workstations. There is no good reason why hundreds of corporations and other organizations should be wasting enormous sums collecting and processing the same encyclopedic information about foreign countries, companies, and capabilities. Presidential leadership will make a difference and save the Nation billions of dollars annually, not only within government, but across the private sector. COMMUNICATIONS & COMPUTER SECURITY. We have a house built over a sinkhole! The vulnerabilities of our national telecommunications infrastructure to interruption of services as well as destruction, degradation, and theft of data are such that I feel comfortable in predicting that--unless we are able to establish a major Presidential program in this arena--we will see a series of enormously costly electronic attacks on our major financial and industrial organizations, generally undertaken by individuals who stand to benefit financially from degraded or interrupted performance. The current generation of systems engineers was not raised in an environment where security was a necessary element of design. At every level, through every node, we are wide open--and in a networked environment, one open house contaminates the next. Such an integrated program could be established using existing resources. The cost savings from the elimination of redundant and counterproductive investments in information collection and information technology across government departments and into the private sector can also make a substantive difference against the deficit. Presidential and Vice Presidential leadership could serve as the essential catalyst for a bi-partisan Congressional effort to produce the National Information Strategy Act of 1994. I stand ready to support such a program in any capacity. STATEMENT OF INSTITUTE FOR DEFENSE ANALYSES Presented by Rob B.E. Johnston and G.A. Redding Digital Information, Article III Courts and the NII: An Alternative Approach In the past twenty-five years 17,985 wiretapping warrants were issued by district court judges (Article III Courts). Twenty-seven requests for warrants were denied. Only one tenth of one percent of all governmental agency requests for warrants were injected! The last time an Article III court rejected a request for a wiretapping warrant was in 1988, over five and a half years ago. In 1993, 976 wiretapping and bugging warrants were issued by district courts without a single rejection. Over 1,000,000 long distance toll records were subpoenaed in 1992, with little federal regulation to provide guidelines. In addition to government probes, hundreds of millions of other transactional records: shopping, cash withdrawal banking reports etc., are accessed every day without permission from the parties involved constituting further breaches in privacy. With the explosion of digital information, the U.S. government is no longer able to live up to the outdated court imposed rules and regulations for wiretapping. Specifically, the government is no longer able to minimize the level of unrelated information gathered or intercepted by its agents. As analog interception operated and monitored by a human, is replaced by sophisticated high speed digital interception, the courts own stipulations for wiretapping are becoming impossible to fulfill. The volume of data and the inability of the intercepting agency to effectively screen that data in real-time will lead to even greater violations of individual privacy. As the number of criminal cases increase so will the number of civil disputes related to technology, information management, and privacy. Questions involving logistics, consumer protection, acquisitions, product liability, and arbitration will require such a high degree of specialized knowledge in digital communication and technology that the current court administration will become totally ineffective. Issues of access to personal information by governmental agencies for criminal proceedings reflect the same issues that need to be addressed for civil courts and consumer protection...the ease of access to individual information through digital systems. Traditional information gathering procedures for litigation in both criminal and civil courts are growing into ever more complex technological puzzles. As society increases its dependence on technology and digital communication, these trends will become the rule rather than the exception. The specialized knowledge necessary to make decisions about these technological issues will require a group of specialized practitioners, with the legal and technological background necessary to make informed rulings. The very existence of a National Information Infrastructure (NII) will unleash a variety of new legal issues regarding individual rights and responsibilities. Much like criminal, civil, tax and divorce courts, this new information era will require a specific forum for adjudicating specific cases involving unauthorized data interception. The use of Appointed Special Masters for complex technological issues is already practiced in Patent related trials, and a case could be made for a similar autonomous program for security issues within the NII. The Congressional model of the Court for the Foreign Intelligence Surveillance Act of 1978 (FISA), designed to answer specific information interception issues for the National Security Agency (NSA), is one precedent by which the NII might be governed. A group of judges,. appointed by the Chief Justice to serve for seven years, empowered to answer the legal questions brought about by the creation and growth of the NII, would serve to act as a system of checks and balances between the needs and the rights of a digital society. The NII court, as with all courts, would be required to comply to congressional standards for case reporting and appeals. Its administration would be divided into criminal and civil departments specific to the needs of law enforcement and commerce, respectively. Its appeal process would function not unlike that of existing courts. Although the creation of an NII court is not a panacea for the problems society faces with the growth of the NII, the court would provide some measure of guarantee that security and right to privacy issues would be decided by knowledgeable, technologically competent judges. STATEMENT OF THE COMMITTEE TO DEVELOP GENERALLY ACCEPTED SYSTEM SECURITY PRINCIPLES Presented By Craig A. Schiller Framework Committee Chair Science Applications International Corporation Committee Background The international committee to develop Generally accepted System Security Principles (GSSP) is sponsored by the Information System Security Association (ISSA), a professional association of information security practitioners. As a condition of committee membership, members must have CISSP certification or have been recognized for their contributions to the information security community. The need to develop GSSP was first voiced as a major recommendation from Computer's At Risk, a 1991 National Research Council publication. The committee was established in September of 1992. What are GSSP? Generally accepted System Security Principles incorporate the consensus at a particular time as to the practices, conventions, rules, mechanisms, and procedures that (1) information security professionals should employ, or that (2) information processing products should provide, to achieve, preserve, and restore the properties of integrity, availability, and confidentiality of information and information systems. In essence, the task of the committee is to draft the initial GSSP and to develop a process and management framework for gathering security concepts, identifying candidates for principles, disseminating the candidates to the security professionals, gathering comments about the candidates, determining that consensus has been reached and is demonstrable, and publishing the principles as opinions of the profession. IITF Principal Questions 1. How will you use the NII? Information security professionals are charged with protecting systems, organizations and individuals that are connected to the NII. They develop safeguards, design security systems, select and use products, develop and enforce information security policies and procedures. These professionals will use the NII to exchange ideas, to receive vulnerability alerts and bulletins, to locate and retrieve products and vulnerability solutions, and to stay abreast of new threats and solutions. 2. What security exposures or risks are of concern to you? Information security professionals are, by definition, concerned about all security exposures and risks. However, there are a few that merit special mention because they are overshadowed in committees and in the media by the service and product centered pilot projects. Due to the desired ubiquitous nature of information highway, many individuals will not have a collective voice, nor the knowledge and resources, to protect their own interest. Information security professionals organizations and application users groups have a moral responsibility to look after the security interests of those without direct representation. In many organizations, information security is assigned as a secondary duty, with little or no training for the new security practitioner. The expertise and capabilities of these individuals vary widely. As more and more organizations begin to use the NII as a part of daily business, the absence of standard practices and principles insures that the frequency and potential for damage will escalate. Information security practitioners, management and companies face potential liability for the impact to their organizations and others following security incidents. Today, the discussion of negligence occurs without the benefit of well-defined standards of due care or prudent care. Each court decides whether negligence has occurred on a case by case basis, using the information security experience of the Judge (or jury), the eloquence of the attorney, and the availability of appropriate expert, uncontested testimony. The discussion of negligence is not limited to courts of law. Following a security incident, the information security practitioner can expect the same issues to be debated by both the board of directors and the management team. The average individual has little or no knowledge of information security. How can this individual be assured that the products he is about to buy/use have been developed according to secure principles, incorporating secure features? Integrators of large systems have a difficult task combining a myriad of commercial products, separating claimed features from real, and finding products that address the new system's security issues. Security professionals and organizations do not have a vehicle for identifying needs to industry in a manner that industry can effectively respond. Similar to the concern with government use of computer matching, businesses on the NII will be able to amass a large volume of information about each individual. Some potential uses of this information will be unethical. In much the same way that Certified Public Accountants are forbidden from unethical and unlawful practices, security professionals will likely need a similar vow. John Lienhard (University of Houston and the voice of the NPR program "The Engines of Our Ingenuity") has described the current information revolution as a change of monumental scale, likening it to the change from hunter gatherers to an agrarian society, or to the industrial revolution. Once the change is well under way, the old way of doing things will no longer be acceptable or possible. There will soon come a time when commerce is routinely performed electronically by most businesses, indeed there will be many businesses that exists only electronically. Imagine the impact to our transformation if an election year internet worm or massive electronic credit fraud, causing visible loss of business and profit, were to occur at the critical juncture when major companies are making the decision to concert to using the NII. There are companies today that made a decision to disconnect from the internet following the Morris worm that still today have not recovered the confidence to try again. 3. What kinds of approaches should be taken to address these security concerns? Many tactical solutions are been pursued and funded. These solutions must continue. The development of Secure MOSAIC, for example, is a good and needed task. However, as Robert Courtney, Jr. reminded us in his acceptance speech for the 1993 National Computer System Security Award, desired security can only be achieved by addressing both people and software issues. The introduction of MOSAIC, even a secure version, into a system represents a challenge for which a knowledgeable security professional must develop an environment unique solution. The transactions may be secure but now the rest of the business systems may be at risk. The solutions being funded today are primarily service or product oriented. Each of the pilot projects believes that their work will be model for attempts to follow. To a certain extent that may be true, but owning to a human tendency called the "not invented here" syndrome, project after project will plow the same ground or solve similar problems using different, incompatible methods. There is a need for strategic guidance, a repository of accepted practices and principles, and a voice for the information security profession. This body would address and demonstrate consensus for generally accepted information security principles for security professionals, information systems, and products. By doing so, the average quality and security provided by information security professionals, information systems and products will increase. To benefit from the work of others and to extend the reach of the GSSP, the committee is working with the International Information Systems Security Certification Consortium (ISC2) to tie the GSSP to information security professional certification and hopes to use the profile process being developed as a part of the international Common Criteria project (to replace the Orange Book). It is hoped that the stature of the information security professional will also rise as information becomes a commodity and the currency of the future for much the same reasons as the respect given to CPAs. There is a danger that only exciting, visible, product/service related projects will be funded. When the attention (and funding) has faded away, there will still be a need for an information security infrastructure that can adapt and respond to the dynamic threats to information security. By that time the infrastructure must be self-sustaining and proven. The ISSA committee to develop and Promulgate GSSP needs your financial, technical, and moral support. The committee, to date, has been entirely voluntary, however, the National Information Infrastructure and the National Performance Review initiatives have increased the complexity of staying informed (due to more organizations working on related projects) and created pressure to accelerate our efforts. I recommend that the committee and its objectives be given aggressive support and visibility at the highest levels of government and industry. A meeting to establish a support consortium is being planned by ISSA, NIST, and ARPA for August 15. Material is available for those with further interest. The committee is especially interested in establishing an open dialogue with the NII Security Issues Forum, the U.S. Advisory Council on the NII, and other security organizations to ensure their discoveries and perspectives are reflected in the GSSP. STATEMENT OF MEDICAL RECORDS INSTITUTE Presented by Peter Waegemann 1. It has been suggested that Health Care will be the single biggest user of NII. Estimates of health care usage range from 42-69%. The following EDI functions can be identified within the health care field: a. Financial eligibility, claim transmittals, and related activities are estimated to represent approximately 12 billion transactions per year. b. Medical file sharing: Average information packages of up to 100 megabytes each (incl. x-rays and graphics) will be exchanged between approximately 6,000 hospitals and 300,000 other providers (physicians' offices, laboratories, pharmacies, etc.) when medical records are shared. c. Access to regional and national knowledge bases for decision support. d. Telemedicine: Extensive medical interaction between rural care givers (doctors, nurses, etc.) and experts at medical centers. e. Interaction with regional, national, and international medical databases. f. Management communication between providers, payors, and others. 2. The health care industry has special security concerns: a. Right for privacy - need for strict confidentiality. b. Special computer requirements in regard to confidentiality. c. Information security requirements for health care, including: - minimum requirements for availability - minimum requirements for reliability - minimum requirements for data integrity - minimum requirements for permanence - minimum requirements for auditibility - authentication of health information - minimum requirements for the five electronic signature categories 3. Suggested approaches to address security concerns: a. Survey of existing efforts within - accredited standards development organizations (ASTM, IEEE, ASC X12, HL7, ACR/NEMA, NCPDP, ASC X3, ASC X9, ISO JTC1, ETC.) - other U.S. organizations (such as NIST, Sandia National Lab, ANSI HISPP, CPRI, others) - European and international efforts (CEN TC 251, EWOS, CENELEC, others) b. Creation of a National Center that coordinates voluntary and official efforts (industry, organizations, and government). c. Creation of a Business Plan for the creation of deliverables in response to the issues mentioned in (2) above. d. Appropriate funding to be provided. STATEMENT OF COMPUTER SYSTEMS SECURITY & PRIVACY ADVISORY BOARD Presented by Willis H. Ware INTRODUCTION We all appreciate that as of the moment, NII is a very broadly defined concept with most of the technical details yet to be resolved. Therefore, it is impossible to talk about security in depth and detail but we can evolve a security concept for the NII. It is convenient to introduce the term security-policy architecture to describe the framework of overall security, its component parts and the relations among them, and the assignment of responsibility for implementation and oversight. Such a security policy architecture will guide not only policy actions but also technical decisions. This discussion suggests such a concept and, to do so, draws not only on the national experience of operating a huge and successful telecommunications infrastructure but also on the twenty years of experience in evolving the Internet -- which at last count connects an estimated two million computers together and serves an estimated 5-to-10 times that many users. Connectivity The basic inter-user connectivity for the NII will obviously depend on the telecommunications industry of the country. It will include the public switched network (PSN, the telephone industry), the cable networks, and the satellite networks. For the most part these have all evolved as point-to-point systems, with the telephone network presently having the most extensive switchable connectivity. The style, however, of making a telephone connection is not ideal for computer networks. As responsive as the system is for making connections among subscribers, it is far too slow for the exceptionally fast connect-time demanded by computers. One way or another, there has to be a supralayer of special connection functionality. Today it would be called packet switching; tomorrow perhaps it will be ATM (asynchronous transfer mode) or some other new technology. Subscribers Connected to the packet level of functionality will be subscribers who, in the NII, will exhibit an unusual feature relative to telephone or cable subscribers. Whether an individual or an organization, an NII subscriber might be a consumer of services or a purveyor of such services, or might be both. As a purveyor, a subscriber might charge for services or might not. Cable systems are primarily one-way connections to distribute entertainment for which there is a charge; but there are primitive examples of purveyors already in the telephone network (e.g., the area code-900 providers). There are widespread examples in the Internet. For example, there are subscriber systems that contribute data to public access, and also support special tools for browsing the data - Gopher and Mosaic. There are subscriber systems that contribute functionality to the overall network per se, such as acting as gateway between two different sub-nets, or operating a directory service or a Yellow Pages feature. Boundary Telephony in this country provides a two-way connectivity among users of the system; but as the industry structure has now emerged, its boundary stops at the plug on the wall; or in recent installations, at the entrance of the service drop to a building. The cable industry provides a one-way service with the connectivity generally hard-wired from the distribution center to the consumer. Its boundary can be thought of as the cable box on top of a television set. Satellite communications are sometimes one-way, sometimes two-way and again, provide connectivity among different points on the earth. Where the boundary falls for satellite service depends on whether it is direct broadcast to a residence or building, or connects to other communication facilities, or supports the cable industry with space-based distribution. The NII needs the concept of a boundary also; in fact, there are two of them. The first is where subscribers connect to the component that provides both connectivity and movement of electronic traffic from place to place. If a subscriber is a system providing data and/or services to a community of users, then a second boundary exists between such a subscriber system and its user base. It is convenient to establish these notions of boundary because they will be useful places at which to confine policy obligations, to assign legal responsibility or oversight obligation, or to separate performance stipulations. As a simple current example, consider the telephone subscriber. The local telephone company accepts responsibility for maintenance of the communication plant on its side of the boundary but the subscriber, on his side of the boundary, accepts responsibility for maintenance and repair of the on-premises wiring. AN OVERALL CONCEPTUAL CONSTRUCT Thinking of the NII conceptually as a series of concentric rings, the telecommunications assets of the country will be within the innermost. Surrounding it will be a ring that provides specialized rapid high-speed connectivity. Technically, this ring might include separate value-added purveyors of connectivity built upon leased telephone, cable or satellite circuits; or it might be special services provided by the public switched network. Finally in the outermost ring are the subscribers who require connectivity to one another, consume services from other subscribers, or provide services to others. This image replicates that of the Internet. Indeed, one usage of the word Internet, commonly called The Net, includes the entire ensemble of communications, switching, all subscribers, and the software-based services. The ring construct just outlined is flexible though and can be adapted to cable systems. SECURITY CONSIDERATIONS Security issues will be spread throughout the several conceptual rings of the NII, but what will they be and where? Communications The inter-subscriber connections -- the communications component of the NII -- are likely to be of several kinds and, in principle, will involve both inner rings. Among the types of connections will be wideband semi-permanent links for delivery of video and multi-media; packet-switching services, either built on top of or built into existing telecommunication structures, to handle data flows; satellite links to reach awkward places or for broadcasting; cable networks to distribute entertainment or perhaps to handle other services in the future. Subscribers will expect such functional features as timely delivery of traffic; accurate delivery of traffic to intended recipients; safety of traffic while in the custody of the communications; availability, reliability and dependability of all telecommunications and connectivity; and possibly also protection against eavesdropping on traffic in transit. Each one of these individually and the group collectively imply relevant security safeguards. A simple example is the physical protection of communications and connectivity assets. While many security features are not new to the telecommunications industry, historically security has been focused on physical protection of the installed plant and continuity of service. More recently, as unattended remotely operated switching centers have been installed, the scope of concern has expanded markedly to include malicious software penetrations of the system and fraudulent use of telephone services. Probably two new ones in the NII era will be encryption of the traffic if enroute protection is desired or mandated, and a superior error rate to support high speed data transmissions. Subscriber Systems Within a subscriber system, the security situation is much more complex and difficult. If a subscriber wishes his system to be proof against malicious penetration, to deter access by unauthorized users, to be physically safe and available at all times, to disseminate data on the basis of user privileges and/or payments, then the subscriber -- be it an organization or an individual -- will have to do a thorough job of what has commonly been called computer security. In the NII context, it should be called system security or network security, or some equally encompassing phrase. Even the subscriber who only consumes must consider security issues. For subscribers whose systems communicate with other systems, as opposed to only purveying services and data to all comers, there is an additional inter-subscriber network level of security safeguards that will be necessary. In effect, two systems attempting to establish a connection must be sure of each other's identity, and mutually agree on what kinds of traffic can be exchanged. Tradeoffs For some aspects of security, there are tradeoffs that can be exercised. Encryption is an example; subscribers might demand it from the communications component, but subscribers can also provide it themselves. There are structural tradeoffs that can exercised. In the Arpanet the packet-switched functionality was an add-on to leased communications circuits. Changes in routing that a telephone operating company might choose to make for its own purposes were of no consequence. Its only obligation was to deliver packets among intended packet switches; each of them would determine where individual packets would be directed next. More recently as Arpanet evolved into Internet and became international, multiple and commercial vendors of connection to The Net have appeared and the handling of switching has changed somewhat. Packet switches have come to be known as routers and often reside physically on the premises of the subscriber, if not physically next to the subscriber's own equipment. The last point is of great importance because it illustrates that the overall security of the Internet depends on the security of individual subscriber sites, the larger ones of which are likely to have a router on premises. Thus, while we might consider the boundary of the NII communications component to be the interface at which the subscriber connects, there may be security details that have to be handled and resolved jointly; indeed, the subscriber may have to play a major role in overall NII network security. Overall Security Thus, security of the NII is indeed everybody's concern but as a carefully coordinated ensemble, not each component implementing its own vision of security. Moreover, every participant will have to contribute in one way or another. Purveyors of services and/or data must take proper protective measures in their own behalf. National interests may dictate that all traffic, or specified traffic, be encrypted to protect it against unauthorized eavesdropping; or, indeed, to protect the overall NII against intrusion by malicious penetrators. National interest may also dictate that there be rules about how much traffic any subscriber can originate, lest a rogue site flood the system and deny services to legitimate users -- a genuine security issue. Finally, social policies which may become integral to the NII (e.g., equal access privileges) may have to be implemented by subscribers and security safeguards (e.g., audit trails) may become necessary to demonstrate compliance. GOVERNANCE Internet governance functions via The Internet Society, a membership organization. It is informal and cooperative, primarily because the whole thing emerged from the disciplined academic and research communities. As the Internet commercializes, things may change for the worse; there have already been incidents. Whether the NII needs an overall governance is an open issue. It may, in order to tie things together efficiently and safely and to recognize national interests; but in the early phases, one would expect that it may not be necessary. But, again, some overall oversight and control is perhaps necessary to assure that the overall security obligations are properly implemented and operated, and from the beginning. One approach would be relevant industry groups in the spirit of The Internet Society; they would draft and mutually agree to rules of the road for providing security and other operational details. It is by no mean clear ab initio that government intervention is required. One last comment. Everything I've said has been directed to security whose scope generally speaking is [ 1 ] to protect subscriber systems and communications facilities against anticipated threats, [2] to assure that access to systems and to data is properly limited to authorized users, and [3] to make certain that particular functions operate consistently and safely. On the last point, one that comes to mind is the payments mechanism that is likely to be present in some NII service or data offerings. Subscriber systems will have to implement such functional features of their offerings, and, again, there are likely to be security safeguards that such purveyors have to install for their own well-being and to discharge legal obligations. PRIVACY I have not talked about privacy; it is an entirely other matter for another time. Privacy, as the word is used in United States and international law in the information or data context, refers to how data about people is used and for what purpose. Privacy is not a synonym for security, although it is carelessly used as such. Privacy requires, often by law, that personal information be controlled with regard to dissemination to end-consumers. Thus, proper security controls must be in place before privacy requirements can be met. The communications component of the NII will have a minor privacy problem because it will accumulate data about its subscribers - for example, billing records. The big privacy problem will fall on the purveyors to the NII because it is they who offer the data and services; it is they that may have to operate under existing law or new law; it is they that will have to honor societal views and demonstrate ethical behavior in their handling, protection, dissemination and use of data about people. THE NEXT STEPS There are obvious security technical and policy tradeoffs that have to be resolved, but how do we get there from here? We, the country, have a lot of talking and discussing to get done. A lot of industry groups must decide just what threats they wish to protect against, and what protective measures they are willing to fund. Technical choices and inputs from system and security experts will be required. There must be in-government discussion to consider national interest concerns. There will have to be a lot of involved people who understand what the issues are; and there will have to be a lot of industry learning. In regard to the last point, the telephone industry already has a lot of experience with packet technology not only because of Internet and other data operations, but also because the technique is used within its own systems. The cable industry has had little experience with it but packet and data communications are beginning to move onto cable nets as interactive services emerge and other services transition onto cable (e.g., local telephone service, data services). The satellite industry has lots of experience with digital data technology and wide-band video transmission but little with packet approaches, except as it supplies circuits for data networks. Above all and first, however, must come the recognition that there are far reaching and pervasive aspects of both security and privacy throughout the NII. With such awareness must also come the commitment of all organizations -- in and out of government; whether providing communications, connectivity, or services; whether business or individual subscribers -- to take necessary precautions to assure overall security as well as attention to privacy in its contemporary and largest sense. Then, we must collectively decide what policy needs to be established and by whom it shall be implemented, enforced, and overseen. Informal as it is, The Internet Society does establish policy; enforcement equates to the collective will of Internet participants to follow the rules. For the early stages of the NII, a similar approach might work; at least it can point the way for later refinements. Some things though may require government attention; most notably, the preservation of national interests (e.g., encryption of some or all traffic, redundancy to assure continuity of operations), NII-relevant social policy (e.g., equal access, nondiscrimination) and restatement of old but still valid policy (e.g., protection of intellectual property, payment for copyright usage). Indeed there is an enormous amount of tailing, discussion, and problem resolution to be accomplished. A one-day meeting such as today is a start; but we as a country have a lot to get done before the NII is in place and operating safely and securely. An essential chore is identification and creation of relevant and necessary public policies; that is where the government can provide leadership and motivation. STATEMENT OF AMERICAN BANKERS ASSOCIATION Presented by Kawika Daguio The ABA appreciates the opportunity to comment on the security implications of the National Information Infrastructure (NII) for the payment system and bank customers. The American Bankers Association is the only national trade and professional association serving the entire banking community, from small community banks to large bank holding companies. ABA members represent approximately 90 percent of the commercial banking industry's total assets, and about 94 percent of ABA members are community banks with assets less than $500 million. Banks are actively examining the NII as a source of opportunity and risk. How will you use the NII? Banks will use the NII to provide bank customers and interested parties access to information about bank offerings; to allow customers to access information about their deposit accounts and other relationships with their bank; and to facilitate bank customers' participation in electronic commerce, by providing information services such as credit risk management advice and authentication/certification services, as well as final settlement. Electronic commerce has many of the characteristics of international commerce. For example, counter parties may know very little about each other and must rely on trusted third parties such as banks to provide introductions and guarantees. Banks have provided letters of introduction and letters of credit to credit-worthy customers engaged in international commerce and will be providing the electronic equivalent on the network to persons engaged in electronic commerce. Forged or otherwise fraudulent credit documents and payment orders are expected to be as much of a threat in the "virtual world" as they are in the standard world of commerce. NII applications should be easy to access and use, secure, and inexpensive. Banks are establishing research & development programs to provide network services with these required characteristics. What security exposures or risks are of concern to you? Banks have a history of providing security and privacy protection for customers' financial and other personal information, balanced against our responsibility to protect the payment system from fraud and other attacks. The Right to Financial Privacy Act and other statutes and regulations which banks must comply with create a higher standard of privacy protection than that imposed on other participants in the NII, the so-called "Information Superhighway." Banks are also required by regulators to have disaster recovery plans in place for bank internal systems; other federal regulations cover payment systems such as the automated clearing houses, credit card and debit card processing systems, and automated teller machine (ATM) networks. These regulations protect against operational and credit risks which might otherwise spread and negatively affect the government, consumers and businesses. Banks have historically been concerned about the possibility of sabotage, fraud, theft, and misuse of confidential information. The use of an open network increases that concern by several orders of magnitude. Banks designing applications for the NII are concerned about several security issues. These concerns include the security of bank internal systems, including account balance records; the integrity of settlement mechanisms; and the security and privacy interests of customers who may wish to access account information and settlement services remotely over the network. Vast amounts of information will have to be available, yet somehow protected against unauthorized access and misuse. We are also concerned about the credit and operational risks posed by unregulated providers of network financial services. A few failures by network participants to settle or inappropriate disclosures of sensitive information by nonbank financial participants could turn customers against remote access and electronic commerce. Providers of these services should compete on a level playing field governed by the same rules. These types of risks are as grave as those posed by hackers. What kinds of approaches should be taken to address these security concerns? The NII architecture and network providers must provide a basic level of security features including enforcement/response teams to handle hacker attacks of all kinds. That architecture, and government regulation of network carriers, should permit additional levels of security measures to be used at the option of network service providers and/or their customers. Strong encryption and user authentication technology protects the interests of banks and their customers alike. These security mechanisms must be available to banks and their customers world- wide. The NII will certainly fail to become a GII (Global Information Infrastructure) if consumers cannot access the full range of network services away from their homes. The government and the private sector's national defense establishment have vast experience in dealing with information security measures which have valid applications in electronic commerce. These potential dual use technologies are finding applications within the banking industry. The government (Dept. of Energy Laboratories) is working with the banking industry in the Financial Services Technology Consortium on several projects designed to enhance security and efficiency in the payment system. One of the projects that this group is engaged in with both public and private sector applications and benefits is SECURE REMOTE ACCESS. This project is designed to produce remote banking applications which include a secure means of allowing customers to identify themselves and, once authenticated, to access information and payment services. This would allow consumers and business to remotely access banking services, while protecting the security needs of the financial institution. The government should continue to make the results of its research and development efforts available to the private sector. ARA believes that the federal government should not build the NII or attempt to "Pick winners" among the technologies competing to serve consumers. Instead it should continue to lead by participating in standards discussions, raising public policy issues, and when appropriate, regulating the network carriers and service providers while punishing network criminals. ABA appreciates your solicitation of our views on this matter, and looks forward to a cooperative working relationship. For further information and input please contact Mr. Kawika Daguio, Federal Representative for Operations and Retain Banking, at kdaguio@aba.com or (202) 663-5434. STATEMENT OF BELLCORE Presented by John Kimmins The NII will likely evolve from some combination of the following: the Public Switched Network (PSN); the Internet; video dial tone (once that exists); cable; wireless; and satellite. In what follows, we use the term Public Network to represent any combination of the aforementioned components. How will you use the NII? The following are some examples of Bellcore's uses of the NII: 1. To support Telecommuting and other applications requiring remote access services to various kinds of information over the Public Network. (Network performance as well as security are key issues.) 2. To support Video applications, e.g., Public/Private/desktop Videoconferencing in support of distance learning and health care. 3. To secure access to a wide-range of telecommunications services by means of wireless communications (e.g., Personal Communications Services (PCS)). 4. To secure access to global electronic mail, Electronic Data Interchange, as well as many other network-based information services (e.g., the World Wide Web services). 5. To provide support services for electronic commerce (e.g., an infrastructure for a certificate/key management service; and a secure global Directory Service). What security exposures and risks are of concern to you? The well known security exposures and risks associated with the PSN, the Internet, and other components from which the NII may evolve are of concern to us as users, and to our Bell Client Companies as users and service providers. We are especially concerned with: - The fraudulent use of network services. - The impact of emerging technologies (e.g., Broadband/ATM, SONET) on NII security. - The impact of emerging applications (e.g., PCS, AIN services, as well as those associated with telecommuting) on NII security. These concerns include, for example, the need for seamless security services across networks and technology boundaries in PCS; and the need for strong security measures to control remote accesses to databases and other resources connected to the Public Network, in association with telecommuting. - The infrastructure should allow the secure communication (confidentiality and integrity) of information (e.g., financial and other EDI transactions), as well as provide access controls to sensitive information stored anywhere on the network (e.g., billing information, or patient records in Health Care applications). - The infrastructure should provide features to support National Security/Emergency Preparedness activities. - Network integrity, availability, and survivability are, of course, of paramount concern. What kinds of approaches should be taken to address these security concerns? - Develop industry-wide security requirements and criteria for major NII components and interfaces to provide guidance to the telecom industry in building secure products and networks, and providing secure services to the end users of the NII. - Encourage/Drive industry to play an important role in International Standards on Open Systems Security to enable the use of interoperable security solutions. - Develop economic framework to encourage security policies that promote a risk management approach instead of a risk avoidance approach. - Develop an infrastructure for key/certificate management service to support a variety of security technologies. - Develop security services that are seamless at least within the context of a single telecommunication service (e.g., PCS). - Develop security services that can protect information when it moves towards less protected or unprotected parts of the infrastructure. - Develop proper access control models/mechanisms to protect critical resources and information resulting from the widespread use of new network-based information services. - Develop appropriate tools and communication paradigms to support security administration and management within protected and less protected parts of the infrastructure. STATEMENT OF COUNCIL FOR ELECTRONIC REVENUE COMMUNICATION ADVANCEMENT Presented by Dave Stone BACKGROUND The Council for Electronic Revenue Communication Advancement (CERCA) is a non-profit association composed of public and private organizations that have joined together to aggressively and responsibly advance the secure and private use of electronic communications with government revenue departments. CERCA is developing an infrastructure that the taxpaying public can use to electronically file different types of tax actions with the Internal Revenue Service and state revenue agencies. CERCA is particularly concerned about security issues because of the inherent sensitivity of taxpayer information and the absolute necessity for protecting the privacy and confidentiality of that data. Privacy is a personal and fundamental right of all taxpayers. All revenue organizations have an obligation to protect taxpayers' privacy by controlling the amount and kinds of information collected and used, as well as controlling the public and private access to the collected information. Security involves providing technical, physical, and administrative methods of protecting taxpayer information and the information systems that are used to process, store, and transport that information, from unauthorized intrusion, manipulation, and dissemination. 1. How Will Revenue Organizations Use the NII? Revenue organizations and their trading partners will use the NII to collect, transfer, and process revenue information. Specific activities are: o Transferring revenue information among trading partners, o Conducting queries about taxpayer information that is maintained in revenue organization databases, o Conducting associated financial transactions such as electronic payments of refunds or automatic transfers of payments due to revenue organizations, and o Distributing information and materials such as tax forms, correspondence and notices, and advertising or promotional information. 2. What Security Exposures or Risks are of Concern to Revenue Organizations? Revenue organizations and their trading partners are particularly aware of the necessity for providing security for information systems that process taxpayer and revenue information. This is an especially important consideration for the Information Superhighway. The Information Superhighway should be designed to provide the following security capabilities to protect revenue information: o Authentication - Trading partners must have assurance that the information they receive is being submitted by, or released to, an authorized correspondent, o Privacy - Revenue organizations and their trading partners must protect the confidentiality of the taxpayer information they collect and process, o Non-repudiation - Revenue organizations must be assured that the information they receive cannot be disavowed later by the submitter, o Data integrity/validation - Revenue organizations and their trading partners need a system that provides confirmation of the data's integrity throughout the transfer process and validation that the data submitted is the data received, o Fraud/compliance - Revenue organizations and their trading partners need a system that reduces the incidence of fraudulent transactions and provides compliance with fraud prevention programs, o Unauthorized access - Revenue organizations and their trading partners need a system that protects taxpayer and revenue information from access by parties that are not legally entitled to view or process it, and o Account management/usage charges - Revenue organizations and their trading partners must be able to access taxpayer account information that is current and correct and be provided accurate, current information about any usage fees that they or their clients may incur. 3. What kind of Approaches Should be Taken to Address These Unique Security Concerns? CERCA recommends that the Information Superhighway provide security measures that provide specific security measures to protect taxpayer and revenue information: o Privacy - The superhighway must provide security measures that protect the privacy of taxpayer information and the integrity of financial information, o Verification - The superhighway must provide the mechanisms to verify the date and time that revenue information was delivered and the identity of the senders, and provide the sender an acknowledgement of receipt, and o Acknowledgement - The superhighway should provide the sender a notice after processing, that the return was correctly filed. STATEMENT OF COUNCIL OF CHIEF STATE SCHOOL OFFICERS Presented by Barbara Clements State and local education agencies responsible for providing instruction to students in prekindergarten programs through high school graduation foresee many educational uses of the National Information Infrastructure (N-H). These uses fall primarily into two categories: administrative and instructional. While some states are developing their own statewide networks for these uses, others anticipate using the NII, and all expect to use the NII to send and receive information across state lines. This statement briefly summarizes security issues concerned with the two types of educational uses and what types of approaches should be taken to address these concerns. Administrative Administrative uses of the Internet, state networks and private networks already exist. It is widely believed, however, that the NII will become a major means of communicating in the future because of the expectation that all schools will be connected to the NII. Three administrative uses are described which require high levels of security. 1. Data Exchanges. Local, state and federal agency administrators anticipate using the NII for exchanges of essential information used to run the education enterprise. For instance, data on revenues, expenditures, school enrollments, program participation, staff and other topics are regularly sent to state departments of education by school districts. Many of these data are compiled and sent to the federal department of education. Although these data exchanges occur primarily on paper forms at present, plans are under development in the U.S. Department of Education and in numerous states to standardize and automate this process. Sending this information electronically over the NII from site to site would make the process more timely and efficient. In addition, there would be fewer errors in the data since there would be no need to rekey the data from a paper form into a computer file. A major outcome of such an electronic data system would be for data to be placed in a computer database and made available to others within and outside of the education community through the NII. Data such as those described are used for a variety of purposes. In addition to program evaluation and improvement, data are that services are not being received by non-paying customers, Distance Teaming providers currently use a range of telecommunications technologies to deliver programming. The NII will allow distance learning service providers to reach larger audiences because there will be a defacto standardized means for schools to receive distance learning programming. Currently, schools must either select a single telecommunications technology, thereby limiting their choice of programming, or invest in multiple technologies and confront the challenges of compatibility and interoperability. The NII has the potential to significantly reduce costs for distance learning providers and users. 2. Transmitting Copyrighted Materials. The NII will likely be a major conduit for providing just-in-time publishing to schools directly from information providers. "Textbooks" or even portions of textbooks will be downloaded at school districts or schools and then copied locally for distribution when they are needed. The distinct advantage to this is that only the information needed is obtained, and it is done so on demand. If the NII is used to distribute copyrighted materials, there must be secure procedures for billing and/or accepting electronic means of payment. 3. Database Usage. Databases may be accessed or developed by members of the education community. Database developers should be able to track the uses of their databases as input for improving the system. Some databases may be inappropriate for students to access. It would be helpful to have procedures that would allow school personnel to place restrictions on which gophers, databases, or other entities could be accessed by students such as can be done by cable television users. 4. Student Accounts. The NII will be used by students who will likely receive their accounts through the school they attend. Many school administrators are wary of issuing these accounts due to the fact that they fear the school or school district will be held liable for any intentional (or unintentional) damage the students may cause to a network (i.e., viruses, altering databases). The NU must develop liability codes which clearly delineate the responsibilities of institutions and organizations issuing accounts and the responsibilities of individual users. Instructional Security Issues. The NII offers the possibility of more widespread access to learning materials and classroom experiences for faculty and students. One of the major security issues regarding instructional uses of the NII is related to who has access to materials and how they can be required to pay for participation. Value-added networks have the means for restricting access and billing for services. It is essential for the NII to provide these same types of services. In addition, there must be guidelines or codes for ensuring appropriate usage by students of the NII. Summary In summary, those of us who are involved in education at the national, federal, state, and local levels are very excited about the many possible uses of the National Information Infrastructure and the possibility of providing access to the NII for all schools, educators, and students. It is essential, however, that security issues related to the various administrative and instructional uses of the NII be addressed at both the network level and the local level. We look forward to working with persons and organizations developing the NII to ensure efficient and appropriate use of the network by everyone in education. STATEMENT OF U.S. COUNCIL FOR INTERNATIONAL BUSINESS* Presented by Nanette DiTosto Thank you for the opportunity to speak about business views on the security aspects of the NII. My comments today are drawn from a more elaborate U.S. Council position paper entitled "Private Sector Leadership: Policy Foundations for a National Information Infrastructure (NII)." The U.S. Council for International Business is a New York-based private sector organization with a membership of some 300 multinational corporations, law firms, and business associations. The U.S. Council is dedicated to promoting an open system of world trade, finance, and investment. The U.S. Council is the U.S. affiliate of the International Chamber of Commerce (ICC), the Business and Industry Advisory Committee (BIAC), and the International Organization of Employers (IOE). It uses these unique affiliations to advocate American business views to such key intergovernmental bodies influencing international business as the United Nations (U.N.), General Agreement on Tariffs and Trade (GATT), Organization for Economic Cooperation and Development (OECD), International Labor Organization (IOE), and the European Union (E.U.). NII and GII The U.S. Council fully supports the continuing development of national and international information infrastructures which bring the benefits of information technology to society. The Administration's concept for a National Information Infrastructure (NII) will, if properly implemented, serve as an engine for economic growth and a catalyst for continuing improvements in U.S. competitiveness. The NII will form an integral part of a Global Information Infrastructure (GII) that is already rapidly emerging and permits users today to conduct business an a truly global scale. This infrastructure enables business to deliver products and services to markets throughout the world far more efficiently and of higher quality than ever before possible. Private Sector Leadership The U.S. Council believes that the ongoing development of the NII should be driven by the private sector to ensure its commercial viability and sustainability over time. U.S. industry has acted aggressively over the years to apply information technology to commercial activities and has spurred the development of the most advanced telecommunications networks in the world. The NII is thus well into development through private sector efforts and already offers considerable capability. Government's Supporting Role The U.S. Government's September 15, 1993 statement, entitled "The National Information Infrastructure: Agenda for Action," has provided a vision and direction for the future. The U.S. Council recognizes that the U.S. Government is seeking to play a strong role in furthering the development of the NII. We see value in the Government's efforts to spark debate and discussion on the NII and we look forward to being fully and productively engaged in the public discourse underway. We are gratified at hearing the repeated view from government officials that the private sector will remain the major driving force behind the evolution of the NII, relying on its keen understanding of the strategic use and value of emerging technologies. In our view, the single most important role for government is to craft a legal and regulatory environment conducive to competition. This in turn will enable private industry to develop the NII, and thus the GII, more rapidly and efficiently. Security and the NII The success of any communications network as a business tool depends upon users' confidence that they can conduct business and exchange information without fear that sensitive or proprietary information will be disclosed or modified by unauthorized parties. Secure communications is critical to intra- and inter-corporate communications as hackers, criminals, and other unauthorized parties find increasingly sophisticated tools to violate the privacy and security of communications systems. The fundamental components of security which are generally accepted are confidentiality, integrity, and availability. Confidentiality means that information is not made available or disclosed to unauthorized parties; integrity means that data have not been altered or destroyed in an unauthorized manner, and; availability means that the network is accessible and useable upon demand by the user. One of the major security policy decisions is who will provide what security service. The emphasis and practice to date has been for the end user to provide the confidentiality and integrity protection while relying on the network services provider to ensure availability of public networks. This is a practical, workable, and desirable method which does not place any unnecessary burden on the network services provider and promotes the interoperability and availability of public networks. Business needs internationally accepted means for ensuring the privacy, integrity, confidentiality, authenticity and non-repudiation of communications and information transfer, while permitting the necessary compatibility which can only be achieved by de facto or agreed upon standards. An internationally accepted and comprehensive information security policy is essential for business to operate in a global marketplace. There is considerable international support for the development of international policies. Three international organizations have developed and promulgated positions which addressed this need and they are as follows: (1) Organization for Economic Cooperation and Development (OECD) published Guidelines on the Security of Information Systems in 1992, (2) the Commission of the European Union (E.U.) developed a draft Green Book on the Security of Information Systems in 1993, and (3) the International Chamber of Commerce (ICC) published a statement on Communications Network Security: An International Business View in 1990. These three publications stressed the need for an international policy which minimizes unnecessary barriers between countries and creates a broader awareness of the sensitive nature of information. Encryption Encryption is currently the most appropriate means to support security. To ensure security, many enterprises want to use encryption methods, techniques, and products (collectively referred to as Encryption Methods) for protection and authentication of their information transfer over telecommunications networks. The NII must provide the ability for users to implement appropriate security techniques. Otherwise, the NII risks being marginalized as a business tool and deprived of potential markets for the services it could offer. The U.S. Council believes that the NII and GII should embrace certain, important principles which I would like to describe. These principles are based on a set of principles which were developed by the international business community through the ICC in its Position Paper on International Encryption Policy. Global Standardization - The NII should embrace the use of international standards, including those for encryption. It is anticipated that various types of encryption and degrees of security will be employed, depending on the needs of users. In all cases, however, the employment of such techniques should permit interchange and interoperability with networks worldwide. For this purpose the business community and the U.S. Government should seek broad international agreement on encryption standards. Framework standards should be developed that allow for innovation and a variety of criteria for different environments and marketplace influences. Furthermore, cryptographic algorithms and key management systems must be left open for public scrutiny to achieve the necessary confidence by the commercial sector. Commercial users, vendors, and governments should work together in an open international forum in the preparation and approval of these global standards. A globally recognized standards body (currently ISO/IEC JTC1) should set the standards for this set of internationally accepted Encryption Methods. Free Choice for Users - Users should be able to use generally available and accepted Encryption Methods and to use key management schemes without any restrictions. Flexible Implementation - The agreed-upon Encryption Methods should be implementable in both hardware and software. Vendors and users should be free to make technical and economic choices about modes of implementation and operation. Accountability - Owners, providers and users of Encryption Methods should agree on the responsibility, accountability, and liability for such methods. Trade Controls - With the exception of Encryption Methods specifically developed for military or diplomatic uses, Encryption Methods should not be subject to export or import controls, usage restrictions, restrictive licensing arrangements or other restrictions. U.S. Security Initiatives** Although the U.S. Council welcomes the U.S. Government's efforts to develop a comprehensive security policy, the initiatives adopted to date -- the Escrowed Encryption Standard (EES) which is known as the Clipper Chip, Capstone, Tessera, and the Digital Signature Standard (DSS) -- threaten to restrict legitimate commercial interests in information security and to hinder the competitiveness of U.S.-based multinational corporations. Additionally, these initiatives are unlikely to be accepted by the international community. The impact of these initiatives on the NII remains to be seen. Were they to become standards for the NII, however, they could well create a number of serious obstacles for the development of the NII as part of the GII. Conclusion Information security is essential to the successful operation and use of the NII and encryption is one of the fundamental techniques to ensure security. The encryption policy for the NII should be flexible. Encryption algorithms should be unclassified, implementable in hardware and software, and usable in interconnected global networks. The preferred approach is to use algorithms that are standards (i.e., DES and RSA) and which can be used for digital signature, message authentication, encryption, and key management where the key management system is controlled by its user. Moreover, encryption systems should neither be subject to export or import control restrictions or other restrictive practices nor incompatible with existing encryption systems used worldwide. The U.S. Government should work together with other governments, as well as industry around the world, in an open forum to develop an encryption policy that is workable on a global basis. * This paper was drawn from the following documents: (1) U.S. Council for International Business's position paper on "Private Sector Leadership: Policy Foundations for a National Information Infrastructure" (July 1994), and (2) International Chamber of Commerce (ICC) position paper on "International Encryption Policy" (May 1994). ** The U.S. Council position papers and letters detailing its views on the U.S. Administration's encryption initiatives are available from the speaker upon request. For more information please call Nanette Di Tosto, Manager-Telecommunications/Economic & Financial Policy, U.S. Council for International Business, phone no: 212-354-4855. STATEMENT OF GENERAL INSTRUMENT CORPORATION Presented by Richard Friedland Good afternoon, ladies and gentlemen. I am pleased to join you for these important hearings -- and I thank you for the opportunity to address the issue of security. The United States is experiencing significant breakthroughs in the technologies associated with computing and communications. And yet we are still only on the verge of realizing the vast benefits that can result from the deployment of advanced broadband networks. At General Instrument ("Gl"), we are proud of our contribution to the digital revolution. But we are concerned that the full potential of the NII, and of commerce over the NII, may be thwarted if policymakers do not vigilantly protect the technological and economic forces that have brought us to this great opportunity. Our progress to date has been driven by two strong and dynamic forces: o A robustly competitive market for digitally-based products and services, with strong economic benefits to those that develop the intellectual property that manifests itself in such products; and o Constant innovations in technology that facilitate this competition -- innovations which are fueled by similar market forces. These are the forces that drive a system of dynamic competition in this rapidly evolving digital world. These forces need to be encouraged and protected. This can only occur if there is 1) a recognition that security for protecting intellectual property is a critical element; and 2) a recognition that security systems must be renewed, or evolve, through continued technological innovation if they are to keep pace with those who would seek to violate property rights. There have been initiatives and proposals in recent months that suggest that these needs may not be fully appreciated. Proposals to "eliminate scrambling" or to "create a single, national security standard" are superficially appealing. But our experience is that they are flawed and potentially destructive to the market forces that have brought us to this point. In that vein, I think the actual experience of General instrument and of the satellite home video industry can provide some valuable lessons. In its 1984 amendments to the Communications Act, Congress recognized the intellectual property rights of distributors of programming to cable television systems, and encouraged scrambling of those signals as a means to protect those rights. Over the next few years, virtually all programmers scrambled their signals using technology developed by General Instrument Corporation. Our scrambling system made it possible for programmers to receive compensation from home satellite television viewers, thus providing incentives for the creation of programming for these and other consumers. The result has been the development of a home satellite television industry consisting not only of programmers but of manufacturers of satellite equipment, including receivers, and a large and active home satellite dish ("HSD") dealer network throughout the United States. However, the path to this result has been neither straightforward nor costless. From the beginning, the HSD industry was plagued by satellite signal theft. At its height, we estimate that as much as 70% of descrambling equipment had been modified by or for home satellite dish users. An underground industry of "hackers" provided the computer chips and modifications which permitted such signal theft to occur. Some styled themselves as "satellite pirates," no doubt to convey a romantic, swashbuckling image. Unfortunately, some flavor of this perspective can be found in an article in the August, 1994 issue of Wired Magazine, which treats these "hackers" as celebrities. In fact, what was occurring was theft. It was theft of service and theft of property and it was and still is illegal. In the end, some went to jail. This theft injured programmers, who were deprived of compensation for the use of their intellectual property. It injured the creative community that provided programming. It injured legitimate satellite dealers who found themselves unable to compete with other dealers who offered "free" programming through modifications of descramblers. It injured honest consumers, those who paid for programming while others were stealing it. And it even injured those viewing unauthorized programming when they found themselves defrauded by those dealers who had promised no-fee access, a promise that was undercut as the industry took increasingly effective countermeasures. Among those injured was GI, which had to invest tens of millions of dollars and valuable research and development resources in those countermeasures. Agencies of the United States Government deserve recognition for their role in countering this plague of satellite signal theft. In particular, the Federal Communications Commission, the Department of Justice, the FBI, and the Customs service, among others, were active in law enforcement against signal theft. Significant assistance and co-operation was provided by the Royal Canadian Mounted Police, as Canada became a locus of much underground activity. An investigative team was organized by GI and also by the Satellite Broadcasting & Communications Associations Anti-Piracy Task Force. The Motion Picture Association of America also provided significant investigative resources from its antipiracy unit. Over 150 criminal and legal proceedings were begun. Electronic countermeasures were developed and refined over a period of several years. Multiple generations of new equipment were introduced in an attempt to increase the costs to pirates and to reduce their profits from fostering signal theft. In 1992, we introduced a new scrambling system and provided free equipment upgrades to almost a quarter of a million legitimate consumers before turning off the authorization stream for the original system and rendering useless illegally modified descrambling equipment. Today, the system is secure. More important, it has builtinto it mechanisms for renewal in case of future compromise. I recount this experience because I think it important that you understand some of the dynamics behind the need for security of video programming and other information as it is distributed over the advanced broadband networks of the NII. Indeed, the problem is not limited either to those future systems or to the satellite industry. Today, cable television systems suffer, by reliable estimates, a known average theft rate of over 11%, at a cost of $4.7 billion. The record is clear and indisputable. Where there are significant profits to be obtained by illegal interception of programming or other electronic information, it will be attempted on a widespread basis by sophisticated attackers. One result of our experience was a newfound humility within GI about what is needed to maintain security. From this experience, I think we have learned some things about security, and believe that there are certain principles upon which policy, including government policy, should be based. o No matter how good the security system is, it will eventually be broken if the value of the material being protected is great enough. For this reason, security must be renewable. The fact that security is renewable security is itself a disincentive to attempts at signal theft. o For security to be renewable, government policy must not hamper innovation in the development of new responses to security breaches and in the development of new forms and methods of security. o A single, national, uniform security standard, which is frequently advocated under one guise or another, is a dangerous idea. Not only does it provide attackers with a single target with enormous return, but it would stifle the innovation necessary for security to stay ahead of attackers. A single, national, uniform security standard should not be advocated, advanced or supported by the government. o Published ("open") standards for security systems tend to weaken rather than strengthen security. Thus, unbundling and open interface requirements, where they are employed, should be limited to functions that pose no threat to the intellectual property of programmers. o Security functions should be placed in the hands of those who have an incentive to protect intellectual property. Proposals either to permit or to mandate their placement elsewhere should be resisted. o While software-based security may be adequate for some applications, hardware-based security may be needed for others. Our experience with satellite signal theft also suggests that security for electronic commerce will be tailored to fit the needs of users. The level of security will reflect a cost/benefit analysis based in large part on the type of data that is being secured and an analysis of the threats. For instance, the vast majority of today's users of cellular telephones apparently feel that the degree of protection afforded by statutes that make listening to their conversations illegal is adequate even though such listening is easily accomplished. Those who need additional security, whether for wireless or wireline telephone service, obtain it. Similarly, security for on-line services today consists primarily of centralized systems that depend on passwords. There have been recent reports of computer hackers using "sniffer" programs to intercept passwords and break into computer network services. In spite of these attacks, data on computer network services is not normally encrypted when delivered to individual users, even though there may be economic value in the data. On the other hand, transactions in electronic commerce, such as banking, will probably require a high degree of security. Most users will insist that their privacy be maintained and that their funds be protected. There is already considerable experience with the need for security of video products, as I have said. In these instances, one widely accepted principle is that security must be placed as close as possible to the ultimate user to make signal theft more difficult. Finally, I would like to dispel what I believe to be a false conflict in the debate over the Nil. Some fear that the NII will become nothing more than a vehicle for selling PPV movies or distributing old television sitcoms. It would, indeed, be a tragedy if that were the only use to which the new technologies will be put. Based on our experience, however, I think these technologies will offer much more than entertainment services. The technologies that can provide 500 channel cable television systems are also the technologies that can bring users an explosive growth of communications capacity through a dramatic increase in bandwidth. These technologies are about making video an integral part of all communications and this has exciting ramifications for education, health, and business efficiency. Among our current projects is one that can provide high-speed data access to the Internet at data rates supported by broadband networks but beyond the capability of wireline telephone carriers. It also gives new meaning to the term if "access" opening up new vistas of communication and electronic entrepreneurial activity. Nonetheless, we should not forget the crucial role that entertainment video will play in generating the investment that will put broadband capacity and digital video compression into homes and businesses all over America. Entertainment television is an engine that drive this deployment. But this can happen only if entertainment television's need for renewable security receives widespread and continuing government support. Thank you for the opportunity to appear before you today. I would be happy to answer your questions. STATEMENT OF BUSINESS SOFTWARE ALLIANCE Rebecca M.J. Gould Director of Policy I. Introduction Good afternoon. I am Rebecca Gould, Director of Policy for the Business Software Alliance ("BSA") and I appreciate the opportunity to present this statement to the NII Security issues Forum and the U.S. Advisory Council on this most critical issue-- security needs and the National Information Infrastructure. The Alliance represents the leading U.S. publishers of software including -- Aldus, Apple, Autodesk, Intergraph, Lotus Development, Microsoft, Novell, and Wordperfect. BSA promotes the continued growth of the software industry through its international public policy, education and enforcement programs in the U.S. and more than 55 other countries throughout North America, Asia, Europe and South America. II. The Software Industry's Contribution to the U.S. Economy In the last five years, every governmental, academic and industry study of technologies that are key to America's future has identified the vital role to be played by the software industry. Software is characterized by both rapid technological innovation and widespread use in down stream markets. Software innovation improves the competitiveness of other industries which utilize software products to make themselves more innovative. The benefits of continuous software innovation permeate much of the American economy. Last year, the BSA released a study prepared by Economists, Inc. entitled The U.S. Software Industry: Economic Contribution in the U.S. and World Markets (Stephen E. Siwek, Harold W. Furchtgott-Roth, Economists Inc. (March 1993)). Based on government and industry information, the study reviewed the economic contribution made to the American economy by the U.S. "core" software industry; prepackage software; Custom computer programming services; and computer integrated design. The Economist, Inc. study found that the "core" software industry: (1) Is the fastest growing industry in the U.S. -- for the ten year period from 1982 to 1992, the software industry grew by 269% in real terms, while the remainder of the economy grew by about 30%; (2) Is now larger than all but five manufacturing industries; (3) Is contributing to the economy of virtually every state in the nation; and (4) Is achieving tremendous success in the international marketplace. Notwithstanding this impressive record, the software industry's role in the growth of the nation's economy will be even more critical in the future as new and more advanced technologies such as the NII continue to evolve. III. The Demand for Information Security The experience of our companies in the marketplace, and the results of a recent study, confirm that one of the strongest demands of software users is for data security and encryption capabilities. This demand of NII users is so strong, that it is not an understatement to say that without proper security, the NII is destined for failure. BSA commissioned a market research report by Frost & Sullivan to determine the demand for data security and encryption in Fortune 500 companies in the U.S. Approximately 200 companies were contacted with regard to consumer demand for data security and encryption capabilities of software. (A copy of the study is being provided with this submission.) The companies interviewed were about evenly divided between those with and without extensive overseas operations and covered a broad spectrum of industries including manufacturing, health care and financial services. The results are compelling. More than 90 percent said that information security was important to their operations, and 78 percent said that this covered electronic communications with vendors and customers as well. Almost one-half specifically stated that data encryption was important to protect the security of their information in addition to password or access control. Indeed, over one-third said they look for encryption capabilities when buying software and that they would consider purchasing foreign software with otherwise less desirable features if that software offered data security not available in a U.S. program. If computer users -- both domestic and foreign - do not have faith in the security of their electronic information, the information highway could become a lonely road indeed. Yet today, continued unilateral U.S. government "munitions" export controls prevent American companies from meeting worldwide user demand for software that includes encryption capabilities to protect computer data against unauthorized disclosure, theft, or alteration. Our companies strive to market a single program worldwide it is time consuming, expensive, and counter productive to develop and market both a domestic and foreign version of a software program. Thus export controls either slow the use of encryption domestically or impose additional costs and burdens on American industry competing in world markets. As the Frost & Sullivan survey shows, many computer users will turn to foreign suppliers of software with encryption capabilities if American companies cannot meet this demand. U.S. software publishers could lose an estimated $6 to $9 billion each year to foreign competitors who offer encrypted products. In short, as Professor Martin Hellman, one of the inventors of "public key" cryptography, states in his report, Implications of Encryption Policy on the National Information Infrastructure (which is also attached), a national policy that discourages the use of encryption will lead to an insecure NII and three possible embarrassments: 1. A White Elephant: Just as people do not use post cards for most of their mail, prudent users will refuse to trust most information to an insecure NII. 2. A Disaster: Careless or ignorant users who trust confidential or valuable information to an insecure NII will be easy prey to hackers, thieves, spies, or others who violate the system. 3. Foreign Dominance: Foreign companies, operating from countries which do not discourage encryption, could offer a competing, secure service and put the NII out of business. Effective security is the only way to ensure a reliable National Information Infrastructure. BSA commends the Chair for convening this informative hearing on this vitally importance issue. We hope that the Forum finds both the Frost & Sullivan survey and the report by Professor Hellman useful in its analysis. Thank you. STATEMENT OF HOME BOX OFFICE Presented by Robert M. Zitter Madam Chairman and Members of the Security Issues Forum. I am Robert Zitter, Senior Vice President of Home Box Office where I am responsible for technology and operations. HBO is a division of Time Warner, a world leader in the creation, ownership, and distribution of copyrighted material including motion pictures, television programs, music, magazines, books and electronic networks. Time Warner is a member of the Creative Incentive Coalition, whose comments were presented earlier today. HBO, and Time Warner, fully support the position of the CIC. The reason HBO is here today is to add a dimension to the more general statements on copyright security that reflects our experience as a pioneer in the area being considered today. HBO created pay television in 1972. Ours was the first program service created to electronically offer entertainment protected by copyright to television viewers for a fee. From the very beginning, the control of access to our service was and remains critical to the economic life of our business. As the pioneer in satellite television as a means of distribution, HBO was the first television network to encrypt its programming to maintain the security of our services and assure that the material we create, or license and distribute is received only by our subscribers. Following several years of attempts and unfortunately some success by pirates to defeat our encryption, we learned quite painfully that security must be replaceable. By this we mean, that only the key encryption circuitry or algorithms should be replaced rather than replacing the entire hardware assembly. This can be done at minimal cost while maintaining effectiveness. Two years ago we implemented replaceable encryption on all our satellite networks, worldwide. In 1992, HBO became the first network in the world to utilize full time digital transmission. Today four of our U.S. networks and our three Latin American networks provide digital programming to more than 4 million subscribers. When implementing this digital technology we considered it essential to not only provide for replaceable security, but also to plan for segmentation of encryption between our national distribution links and local community distributors which I will discuss in a moment. Today HBO's pay television programming services are offered in the form of scheduled networks and are distributed to consumers through cable television systems, MMDS microwave systems, satellite master antenna systems, Direct Broadcast Satellite systems and on some of the video dialtone test telephone systems. HBO agrees with the administration, that if we and other copyright owners are to serve subscribers through the NII, appropriate security -- as with intellectual property protection -- is of the utmost importance. In fact, HBO is developing products today that we expect will be offered interactively on Full Service local networks and eventually on the NII. Since the security of the NII could pose financial risks to our business, and others like us, HBO believes the following policies must be adopted: 1. Selection of security technology should remain with private industry. The security compromise of HBO's first satellite encryption system cost our company more than $25 million a year until it was replaced. The system, though, was one that was selected by HBO and we lived with the consequences. If government were to determine the security technology used on the NII, would government be responsible for the economic losses suffered by copyright owners when that system is compromised? .... We doubt it, given ever present budgetary constraints. If private industry must bear the risk of security failures, then it retains the incentive and must retain the ability to determine how best to protect program offerings. 2. There should not be one single security system. When multiple security systems are employed with segmentation between national and local distribution, the damage of inevitable security breaches and the costs to cure them may be contained. Clearly, a single system offers a larger, more valuable target for piracy. It's important, I believe, to focus on segmentation for a moment. The reason it is mandatory to copyright distributors like HBO is simple. First, security systems will be compromised and will require replacement. Second, national or regional providers and local programmers or networks may have differing financial interests and incentives about curing security breaches. Local operations may have considerably less at stake, and much higher proportional cost to fix, security problems. They, therefore would not feel the need to move as fast as broader scale providers, exposing those providers to much greater financial risk. 3. The levels of security within the NII should be in hierarchical form so that users may determine the level of security required. Individual content and program suppliers must be able to select that level of security which they believe is commensurate with the value of their services. High value providers should not be subjected to the risks of less secure technology and lower value providers should not be burdened by the costs of what they believe to be excessive security. For example, when a high value world championship boxing event with a limited shelf life is offered live to PPV consumers, copyright owners require significantly more signal security than for the delivery of a twenty year old magazine article or television program. As a matter of fact, boxing copyright owners have held back distribution of their high value events from C-band home satellite viewers due to the level of security employed in that arena. 4. Security should be transparent to a properly authorized end user, without compromising the total security of the network. HBO believes that the NII and local Full Service Networks will greatly enhance the lives of Americans. Those who expect to use the NII, like HBO, will only be able to do so, however, if the NII represents a secure and useful method to reach consumers. Thank you, and we look forward to working with you to appropriately address the critical issue of security. STATEMENT OF THE AMERICAN ASSOCIATION OF ADVERTISING AGENCIES Presented by John F. Kamp We appreciate the opportunity to comment on the security needs facing the advertising industry on the National Information Infrastructure (NII), or "Information Superhighway." As one of the country's most important information providers, our industry will play an integral role in the development of the "superhighway." The new technology offers new and exciting opportunities for communication, interaction, and enhanced data transmission that will have an enormous impact on virtually every individual and component of our society. We commend the Administration for its vision and leadership in encouraging the implementation of such a "highway." As information providers, the various agencies at both the federal and state levels have enormous responsibilities in ensuring that the public's broad interests will be maximized, and we recognize the task will be difficult. As requested, we will briefly address two principal questions pertaining to the security needs and concerns of the advertising industry. They are as follows: 1. How Will You Use The NII? Although it is impossible today to define how the advertising community will use the NII, we do know that to the extent it creates a new electronic medium, it will provide opportunity to convey information about products and services available to the public. Like other broadcast media, advertising on the NII will benefit individual consumers and the economy as a whole by effectively serving the competitive market's need for information. It will stimulate innovation and efficiency in American enterprise as it strives to satisfy consumer needs. It will also serve to alert consumers about new products or performance attributes and help differentiate between competing brands. The advertising community is constantly pursuing new opportunities to more effectively communicate with consumers. The "superhighway" will create such a new media form, but it is impossible to predict how the vehicles traveling on the "highway" will be designed. Editorial and programming content will drive the development of the information superhighway, and its availability will provide American manufacturers and service providers with entirely new dimensions for communicating more creatively and more effectively. It will also help the advertising industry do a better job in responding to a consumer need for information and, as a result, will assist consumers in making better purchasing decisions. Just think what "interactive advertising" will mean to consumers. It will help them manage their day-to-day lives on a more informed basis (e.g., matters involving health, nutrition, etc.). It will make it easier for them to "shop around" for better quality and value. It will allow them to acquire specific "tailor-made" information when they plan a major purchase, such as buying a new car. The possibilities are endless. In the past, the advertising industry has been instrumental in creating and developing the mass media. The emerging new "highway" technology will be no exception. It is inevitable that advertising will play a significant role in supporting the technological advances which will allow, at minimum, consumers to: o browse through stores and shop from their homes; o receive interactive CD ROMs that contain multiple catalogs; obtain increasingly customized information about products and services; and o invest in long distance learning with full video and two-way capabilities In addition, advertising will support broad-based programming to ensure open access to information for individuals at all social and economic levels. Nearly all of today's television and radio programming has been provided free to the listener or viewer through sponsor-supported broadcasting. 2. What Security Exposures Or Risks Are Of Concern To You and What Kind Of Approaches Should Be Taken To Address These Security Concerns? Copyright and Trademarks: All advertising incorporates valuable intellectual property. The integrity of trademarks, copyrights, artwork, slogans, and advertising claims all must be maintained. The protection of advertising copy and illustrations, as well as the protection of all aspects of a brand, are essential for advertising agencies and their clients. The use of the NII will require that existing laws for copyrights and trademarks be reviewed and evaluated to ensure that the law will protect all intellectual property "published" on this new medium. For example, product brand names and identifiable images must not be used on the NII without expressed permission of the owners of that property. The opportunity for consumer confusion to result is very real were intellectual property to be misappropriated without authorization. We are pleased with the recent announcement from the U.S. Patent Trademark Office calling for the same copyright and trademark standards that exist today for broadcast media to be applied to the digital environment. We need to address the needs of the American business community as it uses this new electronic tool. Privacy: We primarily respect the need to maintain the privacy of information secured during transactions and must address consumer and advertiser needs while respecting privacy concerns. The unique interactive nature of the "superhighway" should allow for marketers to open a dialogue with willing consumers, but at the same time the system should enable individuals to safeguard personal information. Financial Transactions: Advertising and other marketing professionals must be able to complete financial transactions safe from NII "burglars and bank robbers." Marketers will likely use the "superhighway" to sell products and services through electronic catalogues using credit cards or other financial transfers. Some products, such as consumer software, entertainment, and technical information, may be delivered immediately. Marketers must be certain that products and services will not be intercepted without payment and consumers must be certain that their financial information will only be accessed by those to whom they have given authorization. Conclusion America's enormously diverse and comprehensive system of mass media has evolved through the productive working relationships that exist among advertising agencies, advertisers, the broadcasting industry (including the networks), the entertainment industry, the telecommunications industry, consumers, and government. While new emerging technologies will require new relationships, advertising will continue to play its crucial role in helping to deliver quality and value in programming to American consumers. It will be equally important in stimulating consumer awareness and interest in other services that may become available over the "superhighway." The security, integrity, and reliability of information on the emerging National Information Infrastructure will be critical to the marketing community. Marketers and advertisers will not want to associate their products or services with a new technology or system which consumers do not trust. It is imperative to design a system which will ensure the privacy of personal information, protection of intellectual property, and the integrity of financial transactions. The advertising community has the technical, financial, and communication skills to meet the challenges of the "superhighway" and as a stakeholder we are an eager participant in the development of this new technology. We are at your disposal to answer any questions. STATEMENT OF MICROELECTRONICS AND COMPUTER TECHNOLOGY CORPORATION Presented by Tom Patterson Over two years ago, in April 1992, MCC began to address the privacy and integrity concerns of large businesses, facilitating their ability to effectively conduct electronic commerce on the Internet. Through public and private funds (ARPA funding and MCC member company contributions), MCC's EINet provided secure WAIS and FTP services as well as a key distribution center for large corporate customers. Back in 1992, electronic commerce over the network was envisioned as a secure link between customers and suppliers (or a virtual private network.) Providing directory services was essential, but electronic remittance was viewed as an important, yet long-term need. While some suppliers were positioned to take advantage of these capabilities, small vendors had several hurdles to overcome, principally justifying costs in addition to locating applications and vendors that could support unsophisticated users. There were three primary reasons many businesses kept off the Internet: Businesses were not aware that they could use the Internet for commercial purposes; the benefits of conducting business over the network did not outweigh the tremendous security risks; and the Internet lacked of a coherent set of directory services. As a result of the growing needs of the business community, MCC developed middleware services collectively known as EINet. EINet tackled these three concerns vis-a-vis the development of application level services of electronic commerce. EINet provides the privacy & integrity that business users previously had only on their internal networks: EINet has: o Integrated the Data Encryption Standard from NIST into the FTP, WAIS & now WWW clients and servers. o Established key distribution centers & access control servers in the Internet that are available to all registered users. Through EINet more than one and a half million public transactions over the Internet have been facilitated. But we're not done yet. Development of integrated security services including DES, RSA, and DSS are being done. The next hurdle to overcome is the interoperability of these divergent systems. MCC views interoperability and scalability as the key factors to the success of electronic commerce on the NII. STATEMENT OF THE CREATIVE INCENTIVE COALITION Presented by Mark Morril The National Information Infrastructure (NII) will give people access to information and entertainment resources unthinkable only a few years ago. Our ability to exploit the full potential of the NII depends on our ability to effectively protect the rights of copyright owners whose works will flow through it. -- Ronald H. Brown, U.S. Secretary of Commerce, on the release of "Intellectual Property and the National Information Infrastructure," A Preliminary Draft of the Report of the IITF Working Group on Intellectual Property Rights (July 7, 1994) Chairman Katzen, members of the Security Issues Forum: My name is Mark Moril, and I am general counsel of Simon & Schuster. I am testifying today on behalf of the Creative Incentive Coalition (CIC), which is broadly representative of America's copyright owners, proprietors and users. The members of CIC believe that the value of the National Information Infrastructure (NII) as a tool of economic growth and social progress depends upon the success of law and technology in preserving strong copyright protection. Before turning to the specific issues you have identified for today's discussion, I want to congratulate the Clinton Administration, Secretary of Commerce Ron Brown, and PTO Commissioner Bruce Lehman on the preliminary report released last week by the Intellectual Property Rights Working Group. Madame Chairman, I understand that you head the Information Policy Committee of the Administration's Information Infrastructure Task Force, and that Commissioner Lehman's Working Group reports through your Committee. On behalf of the Creative Incentive Coalition, I want to applaud the Administration's recognition of the central role of copyright protection in the development of the NII, as reflected in that report. This report, in combination with today's public meeting, marks a major step forward toward ensuring that the NII will achieve its full potential. Copyright-Based Industries' Use of the NII The Creative Incentive Coalition's members are poised to provide the NII with the extraordinary variety of content -- the text, video, audio and other works -- that will be a driving force in the development of applications for the NII. Information and entertainment applications will run the gamut from text, data, news and business information services, to journals and educational material; from movies, music, sound recordings, and videogames to new and innovative forms of interactive entertainment and education. Simon & Schuster and the other members of the Creative Incentive Coalition will have a leading role in providing the content that will make the NII valuable to users all over America. As a result, our copyright-based industries will be a major source of the economic and job growth that we all count on the NII to deliver. Copyright-based industries already make a large and growing contribution to America's economic welfare and to our balance of payments in foreign trade. Today, these industries account for nearly five percent of the nation's Gross Domestic Product, and employ over 5.5 million workers -- nearly four percent of the total workforce in the U.S. According to the International Intellectual Property Alliance, copyright industries already make a greater contribution to our economy in terms of value added than any single manufacturing sector including aircraft, metals, electronic equipment, food, and industrial machinery. This economic and job growth will be enhanced by the NII... if the law protects the property rights of those who create and distribute copyrighted works. Generating the content that will fuel the information pipeline will require billions and billions of dollars of investment. That investment risk will only be taken on if copyright is secure. Copyright Challenges Presented by the NII The NII promises a new age of high-speed, high-capacity computers and communications where access to information and entertainment content will be faster, easier and more widely available than anything we know today. Unprecedented access to content of every type is the defining characteristic of the NII. The Intellectual Property Working Group, in its recent report, acknowledged that the NII has the potential to deliver "information and entertainment resources ... quickly and economically anywhere in the country in the blink of an eye." This is the image which energizes today's public meeting and excites each of us who are participating. With this promise of unprecedented access to content, however, come serious challenges to the preservation of intellectual property rights. Consider just two likely threats to copyright owners. First, there is the capacity for instantaneous and widespread reproduction and distribution of, and unauthorized changes to, copyrighted works in a digital world. Under the right circumstances, this core function of the NII is a welcome development, but there is obvious potential for abuse. Certain proponents of the NII champion unlimited and uninhibited access to information at the expense of copyright. We must persuade them that such a policy would not achieve the presumed goal of pervasive information for all NII users, but rather would undermine the NII, leaving it without the copyrighted information and entertainment services that will bring value to the new network. As a matter of simple business judgment, copyright owners would be reluctant, and responsibly so, to place their works at such pervasive risk on the NII. As copyright owners and information providers, the members of the Creative Incentive Coalition recognize a responsibility to bring the NII to life. We are ready and eager to do so. But the value we can bring to the NII by creating and providing new forms of information will only be realized if the new network develops in tandem with a secure copyright environment. Technology allows copyrighted material that is accessible through the NII -- whether or not it is placed there with the permission of the copyright owner -- to be copied and distributed without authorization, cheaply, easily, and without limits. Let me illustrate this point. Simon & Schuster published a book by Michael and Denise Okuda called "The Star Trek Chronology," based on the popular Paramount television series and motion pictures. The Okudas' book sells in bookstores for $14. Presumably as a service to fellow "Trekkies," an individual optically scanned the complete text of the Okudas' book and made the text available to all comers on the Internet. This binder contains a hard copy of the book's text downloaded from the Internet -- distributed without the permission of the publisher, and with no compensation paid to anyone. Internet users who are enjoying a free Internet version of the "Star Trek Chronology" feel a strong sense of entitlement. Some of them view copyright with disdain. Others seem to revel in what they see as an act of civil disobedience. After one Internet user raised the possibility that this act constituted a copyright violation, an electronic-mail dialogue ensued. The following is representative of the opinion of a sizable number of commentators: Computers are to save time and money. [The person putting "The Star Trek Chronology" on the Internet] has just saved computer resources all over the world, so that others don't have to type it in over and over again.... This highlights a fundamental issue: Too many Americans do not understand the value of copyrights. This tells us that there is a need for better public education on this important subject. And this reminds us that if there is widespread public disregard for the sanctity of intellectual property rights, the harm to the creative incentive -- and to the health and growth of the NII -- will be incalculable. We anticipate that books in CD-ROM and other digital formats will become increasingly common. Other information and entertainment industries are experiencing similar transformations. Newspapers and magazines are becoming available through on-line services. Recorded music already is widely available in digital form. And video -- whether motion pictures or videogames -- is quickly headed in the same direction. When this happens, legal and technical safeguards must be in place to prevent instantaneous infringements of copyright -- whether through wholesale piracy or through incremental means. And steps must be taken to improve public attitudes toward copyright protection. Second, the existence of a National Information Infrastructure allows for the possibility that the authenticity and reliability of copyrighted works will be compromised. In addition to significant concerns about copyright infringement, tampering with copyrighted information could harm everyone who relies on the integrity and authenticity of the information they contain. Let me offer one compelling example: in educational texts used by pharmacists or physicians in training, accurate prescription and treatment instructions are of the utmost importance. If someone were to negligently or intentionally alter an on-line text to change a prescribed dosage of a medication from 3 cc to 30 cc, the results could be catastrophic, and the liability issues could be overwhelming. As the NII develops, it may become harder to detect unauthorized alterations, and easier to distribute altered information throughout the network. This is an area deserving special attention. Recommended Approaches to Protecting Copyright on the NII To ensure that the NII will achieve its full potential, government policy must have three important purposes: it must provide incentives for deployment of the NII, it must provide incentives for use of the NII, and -- of equal importance -- it must provide incentives to create and distribute products and services that are protected by copyright. The report of the Working Group on Intellectual Property Rights makes a valuable contribution toward achieving this goal. The Creative Incentive Coalition supports the general approach of the preliminary report and many of its particular recommendations. Most importantly, CIC agrees with the Working Group's conclusion to refrain from recommending a comprehensive rewrite of existing copyright law. Limited, modest clarifications will be helpful, in some areas, but the existing copyright. regime, and the fundamental protections it offers, must remain intact. The Creative Incentive Coalition Agrees in principle with the limited clarifications of the Copyright Act recommended by the Working Group. The CIC supports the Working Group's approach of clarifying longstanding, fundamental principles of copyright protection so that they clearly apply in the context of the NII. CIC also supports the Working Group's conclusion that the establishment of broadbased compulsory licensing of intellectual property is no solution to the challenges posed by the NII. As a general matter, we believe that advances in technology already under development will allow private parties to overcome transaction costs and reach voluntary licensing agreements that will ensure widespread availability of copyrighted products. In the publishing field, for example, there are already many pilot versions of what we call "copyright management systems," or CMS, that are aimed at achieving maximum flexibility in distribution and compensation arrangements. There is every reason to expect progress on CMS and other voluntary approaches because it is in everyone's interest to develop them. The Creative Incentive Coalition strongly urges the Administration to support and encourage the private sector to develop encryption techniques, systems for encoding and identifying works, and other technologies that permit or enhance the ability of copyright owners and proprietors to control the distribution of, and receive compensation for the use of, their works. The goal of such policies should be to ensure that new technologies and new programming are not inhibited. Encryption technologies should be replaceable or changeable as needed to maintain security. They should also be hierarchical so that content providers may utilize a level of security commensurate with the value of the content. It is not advisable at this time for the government to set standards or, certainly, to adopt a single standard in this area. As Bob Zitter of HBO will address later today, many experts consider the use of a single national encryption standard to be unwise. The government should actively discourage -- through various sanctions, and criminal penalties where appropriate -- any efforts to circumvent these technologies. In one difficult and important area -- the "fair use" doctrine -- the Working Group report recognizes that further study and consultations are necessary. The fair use doctrine is a defense to copyright infringement based on the privilege to use copyrighted material in certain ways without the consent of the copyright owner. The Copyright Act specifies "criticism, comment, news reporting, teaching.... scholarship, or research" as uses of copyrighted material which may qualify as fair uses, provided other factors are satisfied. The Working Group suggests that the fair use doctrine may be inadequate for preserving public access to copyrighted works carried on the NII. We believe this conclusion is premature. The Working Group's analogy between on-line and off-line "browsing" of copyrighted works is appealing, but of questionable value. In the networked environment, it may be far more difficult to draw a workable distinction between "browsing" and other uses that involve access to the full value of copyrighted work. We welcome the Working Group's decision to sponsor a conference to develop guidelines for fair uses of copyrighted works by public libraries and schools, and we hope that a clearer understanding of this issue will begin to emerge at that time. Finally, we believe that, as with all laws, public awareness and understanding are essential to ensuring compliance. Too many of our citizens are indifferent, or even cavalier, toward high- tech piracy and other innovative forms of copyright infringement. As just one recent example, I urge you to look at the glorified story on satellite television pirates in the latest issue of Wired, a magazine that caters to the mindset of the so-called "cyberpunk" generation. We must work together to change that mindset. Madame Chairman, I want to urge the Clinton Administration, and your NII Advisory Council, to do all you can to help the public understand that when intellectual property rights are lost, everyone loses. We believe the Working Group's plans to convene a forum to develop and disseminate an educational curriculum to reinforce respect for copyright are right on the mark, and members of CIC look forward to making a major contribution to this effort. * * * We urge the Administration, in its public pronouncements on the NII and in any legislative proposals it submits to the next Congress, to give the need for strong copyright protection the prominence it deserves. We support Commissioner Lehman's notion that it will be important to get the copyright and security rules of the digital road in place before business practices are set. That is why it is especially important for the Administration's policy-making process to stay on track, according to the schedule that Mr. Lehman has proposed. We urge the Administration to understand that the way this nation handles these issues wi *11 set an example for the world. If America does not ensure that intellectual property is well- protected here, other nations will surely not feel compelled to offer stronger protections. And our country, as a major net exporter of works protected by copyright, will be the biggest loser. America has a 200-year tradition of maintaining strong copyright protection -- rooted in our Constitution (Art. 1, Sec. 8) -- even as the means of technological distribution undergo revolutionary changes. Federal policy on copyright law and communications law will determine whether the creative incentive will be preserved. In the national interest, it must be preserved. Thank you. STATEMENT OF NOVELL INCORPORATED Presented by Roger Schell Novell, Incorporated is pleased to have the opportunity to submit these comments on the needs for security in the National Information Infrastructure (NII). Novell not only makes extensive use of computer and network services in operating its worldwide business, but is also the leading supplier of software products that implement distributed networked services. Thus, we bring a unique perspective on both the security needs and challenges facing the NII. Readers of the popular press may imagine that the threat to the security of NII will come from antisocial high school students armed with personal computers, patience, and talent. In fact, the experience of Novell and companies and government agencies that have explored security issues in depth or used computer systems and networks to process data of real value is that, if the security of such information is at issue, experienced professionals are likely to do far more harm than casual hackers. The key issue is when the time comes that the financial or other value of information will motivate such professionals to attack the security of the NII. There are a great many specific threat and security measures that will be of concern in the context of the NII. Novell believes that a factor of overwhelming importance will be that, in any modern computer system users operate on their data through a rich set of software whose origin and integrity are often unknown. As the value of data in the NII grows, it will be in the interest of malicious parties to manifest their intent with malicious software that intervenes between user and data. Such software, operating in most of today's computer system, can subvert a user's intent and invalidate the effectiveness of security measures such as encryption and digital signature, for example, by making the user sign the wrong data, or sending an unencrypted copy of a message as well as an encrypted one. Software that operates for a user while subverting his or her intent is referred to as a "Trojan Horse." Computer viruses and network "worms," two types of Trojan Horses, have demonstrated the vulnerability of today's computers to attack by malicious software. The development of software to implement attacks of this sort is not especially costly or difficult. There are no cheap or easy countermeasures to these threats, but the development of practical security measures must be a high priority if individuals and institutions are to have confidence that they can conduct their business over the NII. Companies, citizens, and agencies, will use the NII to transmit and process data that is sensitive to modification, disclosure, or destruction. Novell is concerned that the users of the NII be provided with accurate information about the threats to the security of their data, and the sorts of countermeasures that are appropriate to various classes of data. This sort of guidance may be envisioned as a mapping among "sensitivity labels" for classes of data, levels of exposure based on network connectivity and system function, and appropriate protective measures. While government should be actively involved in developing this sort of guidance, the experience and insights of the private sector as to information value, threats, and protective measures should be an integral part of its development. We will come back to the issue of sensitivity levels below. NIST has recently standardized a digital signature cryptographic algorithm that allows users to exchange information with confidence that it has not been modified. An associated NIST study examines the needs of Government for an infrastructure that can certify that the cryptographic public keys used for verifying digital signatures belong to specific users. Novell, like other private sector organizations, has committed itself to another cryptographic algorithm that can perform more security functions than NIST's standard, and that can be used without fear of dispute as to intellectual property rights. Thus, the United States seems to be on a path toward two separate and disconnected families of digital signature systems. If NIST continues to support its digital signature algorithm for Government, it should also ensure that certified identities and public keys can be communicated reliably between Government and the private sector. The use of digital signature systems can lead to a major enhancement of data integrity and authenticity, and of users' confidence. However. software that implements the signature system is as vulnerable as any other software to abuse by malicious software. Furthermore, users and organizations must be able to have confidence that the certification that binds user identity to cryptographic key can not be subverted by malicious software, resulting in the equivalent of credit card fraud on a grand scale. The existing U.S. and European trusted product evaluation processes and the evolving International Common Criteria for trusted product evaluation can provide users with objective third-party assessment of the abilities of computer and network security products to resist the threat posed by malicious software artifacts such as Trojan Horses. Novell is committed to providing users with the confidence that derives from such evaluations of its mainstream products. We encourage the Government in setting standards and requirements for the NII, to build on the foundation offered by trusted product evaluation in providing users with guidance on choices of products that are capable of protecting their most sensitive information. Underlying much of the search for security in the NII are issues of the availability and standardization of cryptography. Recent Government initiatives such as the digital signature standard and key escrow are focused on the needs of Government and have little relevance to private sector users of the NII. The restrictions on export of software products that incorporate the U.S. standard encryption algorithm (the Data Encryption Standard or DES) are well known and present challenges to vendors (such as Novell) that sell much of their output abroad, and to users who have distributors or business partners abroad. Novell urges the Government to recognize that the ability to export products that incorporate encryption acceptable to U.S. users will prove critical to the wide availability of those products in the United States. Novell expects that the products and services that it offers will play a major role in implementing the NII. Clear network-wide ways to designate the sensitivity of the information that flows in the NII and the protection that information requires will be critical to the successful implementation of the NII. Standards for labeling unclassified information as to sensitivity and protection requirements have been discussed for almost twenty years. The NII should provide the incentive for Government and the private sector to agree to such standards so that users can have the benefit of products and services that recognize and implement them. In summary, Novell believes that there are significant policy and technical challenges to the provision of cost- effective and appropriate security for information on the NII. These challenges include recognizing the threat posed by hostile software and similar attacks; providing effective security measures that suppliers can implement and that users can use; communicating to users the level of confidence that they can have in the security measures that are protecting their information; and providing global mechanisms that can allow users and service providers to communicate reliably about the sensitivity of information. Novell is pressing ahead with the measures that we can take to provide ourselves and our customers with the security that we all need. But there are issues such as the ones we have discussed of policy, of standardization, and of technology, where Government, users, and suppliers should cooperate to ensure the United States the benefits of a secure National Information Infrastructure. Comments regarding Novell's position are appreciated and may be directed to the following individuals. Carl Allen, Manager, Security Components Business Team (email: Callen@Novell.Com) David Bradford, Snr Vice President, General Counsel (email: Dbradford@Novell.Com) Mona Peglow, Director, Export Services (email: Mpeglow@Novell.Com) STATEMENT OF FAIRFAX COUNTY (VA) PUBLIC LIBRARY Presented by Lydia Patrick 1. How will you use the NII? The mission of Fairfax County Public Library is to meet the evolving informational, educational, and recreational needs of the citizens of Fairfax County and Fairfax City. Currently, there are 850,000 citizens in our service area. Our patrons range from infants to senior citizens and have a wide range of information needs. Fairfax County Public Library's policy for information services is to deliver consistent and high quality public service by providing accurate information to patrons. Our goal is to offer information services in an efficient, timely, courteous, and impartial manner. We strive to provide information to all users regardless of their age or circumstances; all requests are legitimate; users receive information, not opinions; and all questions are answered or redirected. Librarians assist users with their questions related to school or coursework, work, personal interests, and "lifelong learning." Our patrons are individuals representing themselves and individuals representing businesses and organizations. Clients needs determine the services we provide. Currently, we use traditional print as well as electronic tools to in order to provide answers to patrons questions. Online services are available through staff-mediation due to service costs and equipment shortages. With the development of the NII and internet, we hope to offer services where patrons can access the online services directly themselves as soon as equipment and communications can be funded. 2. What security exposures or risks are of concern to you? For a public library whose goal is to provide information to everyone, there are four main security issues: A. Integrity of the data on the network. Citing the source of information is fundamental to librarians in providing quality reference work. By knowing who is responsible for the information, patrons can make their own assessments of the utility/validity of the content. B. The protection of intellectual properties or copyright. C. Reliability of access to the network whenever needed. D. Reliability of the network in providing information in a timely fashion. 3. What kinds of approaches should be taken to address these security concerns? A. The source and date should be included for all information available on the networks, perhaps as part of the standards. B. Some equitable resolution to the copyright issues between producers and users needs to be reached. C. and D. The network infrastructure needs to be strengthened through improved communications links and wiring at the local library level. Also, funding for equipment and service subscriptions is needed so that local libraries can serve as sites to bring the wealth of information to those who cannot afford it as well as to those who can. STATEMENT OF ENTERPRISE INTEGRATION TECHNOLOGIES CORPORATION Presented by Allan M. Schiffman My organization is an R&D and consulting company specializing in software and services that help companies do business on the Internet. We have been in business about 3-1/2 years and have a staff of thirty. Over the past year we have been organizing CommerceNet, which was launched in mid-April. I am CommerceNet's principal architect, but given that my remarks have not been officially reviewed by the consortium, I can claim only to be speaking for my company and myself. CommerceNet is a Silicon Valley-based non-profit consortium of organizations, funded in part by the Technology Investment Program, whose goal is to create an electronic marketplace where companies transact business spontaneously over the Internet. The CommerceNet marketplace is to support all business services that normally depend on paperbased transactions. Buyers will browse multimedia catalogs, solicit bids, and place orders. Sellers will respond to bids, schedule production, and coordinate deliveries. An example of the type of technology CommerceNet is deploying are secure versions of World-Wide-Web clients and servers which use software developed by EIT and RSA. CommerceNet is a market trial of business-to-business open network electronic commerce, and as such represents a significant application for the NII. We believe, as many others do, that the future NII will share many of the salient characteristics of today's Internet: common protocols, distributed administration and control, heterogeneity of equipment and facilities, emphasis on interconnection and interoperability, variety of purpose and ownership and a culture of continuous change. CommerceNet participants are universally concerned about the special challenges that open networks present to electronic commerce. Initial concern often focuses on the increased accessibility of corporate networks when attached to the public network. But the more fundamental challenge is the question of providing the network equivalents of the familiar and intuitive trust mechanisms that have evolved to support traditional commerce. There may be a technical fix, say, to supply the network equivalent of a signed paper contract, but supplying confidence to users of the NII will require a variety of mechanisms that support each other and that are convincing and visible. This is all the more challenging given that the economics of electronic commerce encourages even more levels of intermediation and degrees of multi-party interaction than is practical in the world of paper. In this radically different environment, security support must be everywhere. The foundation for almost all security mechanisms on open networks is necessarily based on cryptography. We believe that cryptographic mechanisms will eventually need to be employed at every level of the NII. Routers will authenticate each other, as will users, as will programs to users, as will users to services, and programs to hardware, and so on. Data links will be encrypted from hand-held to desktop, and from host to network, and from router to router; files on a local disk will be routinely encrypted, as will the upperlayer applications encrypt from end-to-end. This sort of universally suspicious action between interfaces at every layer of abstraction is the appropriate policy when the means to secure communications is so inexpensive, the price of compromise so potentially high, and the path between endpoints crosses so many boundaries of trust. Given this future of ubiquitous need for cryptography (both for confidentiality and for authentication) in the NII, serving so many different purposes, securing such a variety of interfaces and spanning such a range of scales, it should be clear that no single set of mechanisms, algorithms, policies or implementations is conceivably adequate to meet potential engineering needs. Any given mix of hardware versus software, long keys versus short keys, slow and cheap versus fast and expensive, etc., might be appropriate to address a particular requirement. The need for this variety of approach is not confined to end points, but applies to infrastructure as well: no single policy or implementation for, say, public key certificates could conceivably span the security requirements of both, interbank clearing and consumer "shopping agents". For the sake of robust security mechanisms in an evolving and open NII, we hope that the government continue its traditional policy of encouraging experimentation and variety in the context of market mechanisms, and avoid the temptation of attempting to regulate-away uncertainty, or prematurely create standards for technologies we have barely begun to exploit. This does not mean that the interests of law enforcement and national security cannot be served; commercial infrastructures for cryptographic key escrow, for example, would be very useful in electronic commerce and may very well evolve in a way that would be adequate for law enforcement purposes without the heavy-handedness of a government-mandated program which has as its only purpose a prospective violation of confidentiality. Given an NII as central to economic life as I believe it will be, and given the necessity for a robust market for security products (based, as I argue, on a wide variety of cryptographic mechanisms), the future of the NII may depend on the relaxation of export controls on cryptographic technology. This is required both to insure the interoperation of the U.S. NII with the national information infrastructures of our global trading partners, and to sustain U.S. commercial success in the export of computers and software. STATEMENT OF J. G. VAN DYKE & ASSOCIATES Presented by Gary Van Dyke J. G. Van Dyke and Associates (VDA) is a systems integration, networking, and research company that specializes in the development, deployment, and testing of secure network system. Our position on NII security issues is formed from being both an extensive user of public networks for the conduct of our business and a provider of networking and security technology. Our research and development activities demand the sharing of work among technologists and our business requires the timely exchange of information among our offices and Governmental and industrial clients and colleagues, nationally and globally. VDA is working with several Department of Defense (DoD) agencies to provide secure communication services over unprotected public networks. These security services will become an integral component of the National Information Infrastructure (NII). Based on VDA's experience with the Internet, VDA understands many of the current and potential uses of the NII. VDA makes extensive use of the Internet to exchange unclassified technical data globally between Government and commercial organizations. From the Internet, VDA retrieves tools and specifications necessary for software development. The growth of the NII will expand VDA's use of networking services. With Electronic Data Interchange (EDI), we envision increased dissemination of procurement and technical documents between Government and Industry. Our electronic mail community will expand and the requirement for multi-media exchanges will increase. We hope, and expect, that the number of information repositories available for access will increase. While the benefits are easily articulated, so are the security problems. We retain concerns over unauthorized access to proprietary and sensitive data and the modification of data in storage and transit. Sender and receiver should be properly authenticated. If the NII is to promote U.S. competitive advantage, non-U.S. access must be distinguishable. Global disposition of U.S. industry will require the National Infrastructure to be a properly controlled International Infrastructure. VDA has practical experience developing and implementing data security protocols and products. VDA has developed software that provides writer-to-reader security services for messaging systems. It uses a public/private cryptography scheme to protect unclassified-but-sensitive messages transmitted across unsecured networks. This software is widely used by Government organizations and commercial vendors that are building secure messaging products. Through this and other projects, VDA has gained a broad understanding of network security issues. The comprehensive services of the NII will attract a continually expanding user base so the need for security mechanisms will increase proportionally. The design of these security services must be flexible to accommodate this growth. They must be comprehensive, efficient, transparent, and scalable. These mechanisms should support strong authentication to verify the communicating parties' identities, and encryption to protect the data in transit. The security mechanisms should not impede the network resources or their user's productivity. Finally, they should be implemented in manner that is not dependent upon lower layer network topologies or topographies. One approach that meets all of these criteria is the use of digital signatures and public/private key cryptography schemes to safeguard data exchange. This approach will ensure writer-to- reader security across an unsecured network. The approach mitigates the risk of masquerading originators, eavesdroppers, and interception. It is adaptive enough to accommodate large numbers of users in heterogeneous network environments. It may be incorporated as an upper-layer entity that is modular and independent of the lower-layer network composition. Additionally, the approach may be implemented for interactive environments. These qualities make the public/private cryptography scheme an appealing solution to securing a public network. VDA has gained significant experience with public/private key cryptography and its integration into existing networking environments. VDA will continue its research in public/private key cryptography schemes and other technologies so that it may better understand the needs and capabilities of securing data. VDA believes that its experience could be helpful in defining the future security concerns and solutions for the NII. STATEMENT OF TRUSTED INFORMATION SYSTEMS, INC. Presented by Stephen T. Walker Trusted Information Systems, Inc. (TIS), is a small business involved in research, development, and consulting in all aspects of information security. TIS is a major user of the Internet and a significant contributor to the development and use of network security products and services for the Internet and the emerging National Information Infrastructure (NII). TIS strongly supports Ms. Katzen's statement that "Americans will ot use the NII ... unless they trust that information will go where and when they want it and nowhere else." These trust concerns include the entire spectrum of mechanisms that support basic integrity, confidentiality, and availability. While there will always be a desire for new and improved technology developments, we have available today all the basic technologies needed to build an NII that users can trust. The single greatest impediment to effective use of the NII is the government policies that control which technologies can be applied to implementing a trusted NII or any other information system that users can believe in. Our most difficult task in meeting Ms. Katzen's challenge is to ensure that there is an effective balance in government policy between our national security and national economic interests. Until now the balance in every recent Administration and in the Congress has been heavily in favor of national security interests. The impact of this imbalance is that you and I do not have effective means to protect our sensitive information on our personal computers and American business must conduct its affairs in the "clear," subject to all forms of foreign and domestic industrial espionage. If the basic technologies are available, why are we in this dilemma? o U.S. Government export policy, driven by our perceived national security interests, forces U.S. information system manufacturers, which sell to an international marketplace, to forgo using good cryptography in their mass market software products. As a direct result, you and I and American business do not have reasonable access to basic information systems that we can trust. o In spite of the availability of good digital signature technology since the early 1980s, U.S. Government policy, again driven by national security interests, has been on a decade long quest for a digital signature standard that can not be used to provide confidentiality. In May, a digital signature standard was approved, but it is hamstrung with serious patent infringement defects. As a direct result, a decade after digital signature technologies became readily available, the U.S. electronic commerce industry continues to operate without a government-recognized integrity assurance capability. o And now, U.S. Government policy, once again driven by national security and law enforcement interests, has proposed a key escrow system that will allow law enforcement, when legally authorized, to decrypt communications of US citizens and a digital telephony proposal that threatens progress in our rapidly evolving telecommunications industry. How can we build an NII that users can trust? We do not need new technologies. We need a shift in government policy so that national economic interests are considered equally in the balance with national security interests. I am not advocating that we abandon our national security concerns but, rather, that we seek a common ground that can better serve both sides. Two examples of positive measures we can take: (1) If we had mass market software products that call on cryptography while allowing the end user to choose which cryptographic algorithms he or she decides to use, our software industry could imbed cryptographic calls in their mass market products without fear of export control restrictions. This single accomplishment would go further toward building a user- acceptable NII than any other policy or technology that we could devise. TIS is proposing an International Cryptography Experiment (ICE) that will explore all technological and government policy aspects of this concept. (2) If we as a nation decide through legislation that key escrow is essential to our law enforcement effectiveness (as we have for wiretaps), there are software key escrow techniques emerging that appear to satisfy law enforcement's requirements as effectively as the hardware-only mechanisms of the Government's Clipper and Capstone chips. I strongly urge the IITF to support these and related proposals that attempt to strike a reasonable balance between our national economic and security interests. If we can not find such a balance soon, we will never have an NII that the American people will trust!