EFFector Online Volume 07 12


July 22, 1994
A Publication of the Electronic Frontier Foundation
editors@eff.org
ISSN 1062-9424


[*] Top level of EFF WWW Server
Download a plain ASCII text copy of this issue.
EFF Alerts


In This Issue:


Subject: EFF Analysis of Vice-President Gore's Letter on Cryptography Policy

July 22, 1994

Two days ago, Vice-President Al Gore signaled a major setback in the Administration's Clipper program, and a willingness to engage in serious negotiations leading to a comprehensive new policy on digital privacy and security. Many questions remain about the future, but one thing is certain: Clipper is a dead end, and those of us who are concerned about digital privacy have won a new opportunity to shape a better policy.

The Vice-President's letter to Rep. Maria Cantwell (D-WA) made it clear that while Clipper might have a small place in the telephone security market, it has no future in the digital world. "...[T]he Clipper Chip is an approved federal standard for telephone communications and not for computer networks and video networks. For that reason, we are working with industry to investigate other technologies for those applications.... We welcome the opportunity to work with industry to design a more versatile, less expensive system. Such a key escrow system would be implementable in software, firmware, hardware, or any combination thereof, would not rely upon a classified algorithm, would be voluntary, and would be exportable." Clipper does not meet most of these criteria, so, according to the Vice- President, it is a dead end.

END OF THE LINE FOR CLIPPER -- LONG-RUN EFFORT TO DRIVE MARKET WILL FAIL

The premise of the Clipper program was that the government could drive the market toward use of encryption products which incorporated government-based key escrow agents. A series of subtle and not so subtle government actions would encourage private citizens to use this technology, thus preserving law enforcement access to encrypted communications. Clipper was originally announced as the first element of a family of hardware-based, government key escrow encryption devices that would meet security needs for both voice and data communications on into the future. Clipper itself was purely a voice and low-speed data product, but other members of the Skipjack family, including Tessera and Capstone, were to be compatible with Clipper and were intended to lead the way from escrowed encryption in voice to escrowed encryption for data. Plans are already announced, in fact, to use Tessera and Capstone in large government email networks. At the time, the hope was that government use of this technology would push private sector users toward key escrow systems as well.

Now, the announcement that the Administration is re-thinking plans for data encryption standards leaves Clipper a stranded technology. No one wants to buy, or worse yet, standardize on, technology which has no upgrade path. As a long-run effort to force the market toward government-escrowed encryption standards, Clipper is a failure.

WE STILL MUST WORK FOR VOLUNTARY, OPEN, EXPORTABLE STANDARDS

The fight for privacy and security in digital media is by no means over. Though the Administration has backed away from Clipper, and expressed willingness to talk about other solutions, we are pursuing serious progress on the following issues:

1. Improved telephone encryption standards

For the reasons listed by the Vice-President, in addition to the inherent problems of making copies of all your keys available, Clipper is a poor choice for telephone encryption. Industry should develop a standard for truly secure and private telephones, make them available from multiple manufacturers worldwide, and make them interoperate securely with audio conferencing software on multimedia PC's.

2. Truly voluntary standards

Any cryptographic standard adopted by the government for private sector use must be truly voluntary. Voluntary means, to us, that there are statutory guarantees that no citizen will be required or pressured into using the standard for communications with the government, or with others. No government benefits, services, or programs should be conditioned on use of a particular standard, especially if it involves government or private key escrow.

3. Open standards

Standards chosen must be developed in an open, public process, free from classified algorithms. The worldwide independent technical community must be able to create and evaluate draft standards, without restriction or government interference, and without any limits on full participation by the international cryptographic community.

4. No government escrow systems

Any civilian encryption standard which involves government getting copies of all the keys poses grave threats to privacy and civil liberties, and is not acceptable in a free society.

5. Liberalization of export controls

Lifting export controls on cryptography will make the benefits of strong cryptography widely available to our own citizens. U.S. hardware, software and consumer electronics manufacturers will build encryption into affordable products once they are given access to a global marketplace. Today's widespread availability of "raw" cryptographic technology both inside and outside the United States shows that the technology will always be available to "bad guys".

The real question is whether our policies will allow encryption to be built into the fabric of our national and international infrastructure, to provide significantly increased individual privacy, improved financial privacy, increased financial security, enhanced freedom of association, increased individual control over identity, improved security and integrity of documents, contracts, and licenses, reduced fraud and counterfeiting, the creation of significant new markets for buying and selling of intellectual property, and a lessened ability to detect and prosecute victimless crimes.

These benefits are not free, however. EFF does recognize that new communications technologies pose real challenges to the work of law enforcement. Just as the automobile, the airplane, and even the telephone created new opportunities for criminal activity, and new difficulties for law enforcement, encryption technology will certainly require changes in traditional investigative techniques. We also recognize that encryption will prevent many of the online crimes that will likely occur without it. We further believe that these technologies will create new investigative tools for law enforcement, even as they obsolete old ones. Entering this new environment, private industry, law enforcement, and private citizens must work together to balance the requirements of both liberty and security.

Finally, the export controls used today to attempt to control this technology are probably not Constitutional under the First Amendment; if the problems of uncontrolled export are too great, a means of control must be found which does not restrict free expression.

CONGRESSIONAL LEADERSHIP TOWARD COMPREHENSIVE POLICY FRAMEWORK IS CRITICAL

The efforts of Congresswoman Maria Cantwell, Senator Patrick Leahy, and other members of Congress, show that comprehensive policies on privacy, security and competitiveness in digital communication technologies can only be achieved with the active involvement of Congress. Unilateral policy efforts by the Executive branch, such as Clipper and misguided export control policies, will not serve the broad interests of American citizens and businesses. So, we are pleased to see that the Vice-President has pledged to work with the Congress and the private sector in shaping a forward-looking policy. We see the Vice-President's letter to Congresswoman Cantwell as an important opening for dialogue on these issues.

The principles of voluntariness and open standards announced in the Vice- President's letter, as well as those mentioned here, must be incorporated into legislation. We believe that under the leadership of Senator Leahy, Reps. Cantwell, Valentine, Brooks and others, this will be possible in the next congress. EFF is eager to work with the Congress, the Administration, along with other private sector organizations to help formulate a new policy. EFF is also pleased to be part of the team of grass roots activism, industry lobbying, and public interest advocacy which has yielded real progress on these issues.

FOR MORE INFORMATION CONTACT:
Jerry Berman, Executive Director jberman@eff.org
Daniel J. Weitzner, Deputy Policy Director djw@eff.org

For the full text of the Gore/Cantwell letter, see:

  • ftp.eff.org/pub/Alerts/gore_clipper_retreat_cantwell_072094.letter
  • gopher.eff.org/1/Alerts, gore_clipper_retreat_cantwell_072094.letter
    
  • http://www.eff.org/pub/Alerts/gore_clipper_retreat_cantwell_072094.letter

    Return to the Table of Contents



    Subject: EFF Reactions to Encryption Standards & Procedures Act (Draft)

    The staff of the House Science, Space, and Technology Committee has just released a draft bill which would create a somewhat more public process for establishment of Clipper-like escrowed encryption systems. Entry of the Congress into this policy debate is a welcome change after 18 months of one-sided Executive Branch edicts. However, considerable changes would be required before the legislation would meet EFF's goals for a truly open federal encryption policy which preserves the right of private individuals to use any form of encryption, without restriction or penalty.

    Despite its promise of an open process, this bill is by no means a repudiation of the Clipper program, In fact, it enshrines in legislation several key aspects of the Clipper policy. However, inasmuch as the bill seeks to establish NIST authority to develop escrow encryption systems, it raises real questions about whether NIST or other agencies have any authority now to spend federal funds on escrow encryption systems.

    Overview of the bill:

    The bill directs the Department of Commerce, through the National Institute of Standards and Technology, to issue escrowed encryption standards. The standards issued would be subject to public comment and afford the opportunity for judicial review under the terms of the Administrative Procedures Act. Similar procedures created for the designation of government key escrow agents.

    Several aspects of the Clinton Administration's approach to cryptography policy are accepted by this bill:

    1. Absolute preservation of law enforcement and national security access

    By this bill, any encryption standards adopted must "preserve the functional ability of the government to interpret, in a timely manner, electronic information that has been obtained pursuant to an electronic surveillance permitted by law." Sec 31(b)(2)(E).

     2. Weak privacy protection

    The bill specifies that standards adopted should advance the development of the NII, but offers only qualified support for privacy. Standards should are only required to go so far as to not "diminish existing privacy rights...." Sec 31(b)(2)(D).

    3. Increased role for National Security Agency in civilian privacy and security matters

    The bill establishes a permanent role for the National Security Agency in the creation of privacy and security standards for use by the private sector. Currently, under the Computer Security Act, NIST is encouraged to consult with the NSA on matters of federal systems security and to draw "computer system technical security guidelines developed by the National Security Agency to the extent that the National Bureau of Standards determines that such guidelines are consistent with the requirements for protecting sensitive information in Federal computer systems." This would explicitly extend the NSA role from federal systems to systems intended for public, civilian use. As such, this is a major change in the Computer Security Act.

    Issues to be addressed in draft:

    To create a truly open policy process, to protect privacy, and to ensure the development of the best privacy-protecting technology possible, the bill should be augmented with the following provisions:

    1. Voluntary standards

    Any legislation on encryption standards must guarantee that no one will be required to use such standards, nor will use of other encryption standards be curtailed by law. Furthermore, federal encryption policy should guarantee that access to government programs, opportunities, or even the ability to communicate with the government, should never be conditioned on the use of any escrowed encryption standard. From the first announcement of the Clipper program, the Clinton Administration has assured the public that escrowed encryption would remain voluntary. This promise must be included in legislation.

    2. Open design process

    The draft bill does call for an open process for formation of encryption standards. Legislation should make explicit that an open process means that no classified algorithms or technologies may be included. Though there was public comment on the Escrowed Encryption FIPS (the Clipper Federal Information Processing Standard), public process in that case was meaningless because the core technology remained behind a veil of secrecy.

    3. Remedies for negligence or abuse by escrow agents

    As drafted, the proposal drastically limits the liability of federal escrow agents for all but "willful" abuse by federal employees. The escrow agents must also be responsible for unauthorized release of keys because of the actions of private individuals or because of negligent practices by government agents.

    4. Exploration of voluntary, private sector escrow agents

    Finally, if the government is going to adopt a government-based escrow system, it should also be required to explore the possibility of private party escrow systems based on open standards.

    The full text of the draft bill is available from EFF's archives:

  • ftp.eff.org/pub/EFF/Policy/Crypto/encryp_stds_procedures_94_bill.draft
  • gopher.eff.org, 1/EFF/Policy/Crypto/encryp_stds_procedures_94_bill.draft
  • http://www.eff.org/pub/EFF/Policy/Crypto/encryp_stds_procedures_94_bill.draft

    Return to the Table of Contents



    Subject: NSA Letter to Sen. Hollings Re: Clipper Appropriations Draft Bill

    NATIONAL SECURITY AGENCY
    CENTRAL SECURITY SERVICE

    Fort George G. Meade, Maryland 20755

    8 July 1994

    Honorable Ernest P. Hollings
    Chairman, Subcommittee on Commerce,Justice, State and Judiciary
    Committee on Appropriations
    United States Senate
    Washington, DC 20510-6027

    Dear Senator Hollings:

    We recently received a copy of a draft amendment that Senator Leahy proposed to you that would condition expenditure of appropriated funds for key escrow encryption (including the CLIPPER Chip) on satisfaction of several requirements. This language will have a major impact on the Administration's overall key escrow strategy.

    We are very concerned about several aspects of the proposal. Most importantly, this language would cause significant delays (perhaps two years or more) in the introduction and use of escrowed key encryption products. With such a delay, alternative, non-escrow cryptographic products likely would become the norm in the United States and perhaps abroad as well. Widespread use of non-escrowed encryption could irretrievably damage our ability to encourage the use of key escrow encryption, putting at risk law enforcement effectiveness and critical foreign intelligence activities.

    Another very significant concern is the impact of delays on major Defense Department programs to secure its information systems that process information regarding funds transfers, personnel data, medical files, logistics support, and much more. Since most of that information today is processed, transferred, and stored on unclassified and unprotected computing and telecommunications systems, it is extremely vulnerable.

    The threat to these systems is real. Already, some of our systems have been penetrated. While we do not know who penetrated the systems, we believe potential threats include foreign intelligence activities, criminals, terrorists, and hackers. In addition to potential threats from external entities, network/computer attacks could also be initiated by "insiders". Network/computer protection within DoD is a fundamental military readiness issue and the need for security products is immediate.

    The DoD is implementing a major program to help protect unclassified but sensitive information in the Defense Messaging System (DMS) through the use of key escrow technology. Programming has already begun on the first set of over 22,000 protection devices for this application. Key escrow products will provide privacy, authentication, and data integrity solutions for critical information system [sic]. At the same time, escrowing of keys will preserve a mechanism for law enforcement organizations to access these systems when lawfully authorized, e.g., in connection with investigations of possible fraud. Delays in the process could have sever, negative consequences for DMS.

    In summary, key escrow encryption technology is vital to the Defense Department's operational readiness and its ability to conduct day-to-day activities, and we cannot afford to delay implementation of these critical security products.

    I recognize that you may have other questions and we are prepared to meet with you at your convenience on this matter. I have sent a similar letter to Senator Domenici.

    /s/ J.M. McConnell
    Vice Admiral, U.S. Navy
    Director, NSA

    Return to the Table of Contents



    Subject: Interoperability Demo - ISDN and Internet PPP

    PRESS RELEASE - ISDN PPP INTEROPERABILITY DEMO

    GAITHERSBURG, MD, JUNE 24, 1994 -- Today at the NIUF, seven ISDN equipment vendors demonstrated interoperable local and wide area network connectivity using Point-to-Point Protocol (PPP) over ISDN.

    This crucial step opens the way to grand-scale interoperability of ISDN LAN connection equipment. "National ISDN 1 and 2 worked on standardized connectivity at the circuit level, but that wasn't enough. Users need applications to launch connections, and remote LAN access applications are standardizing around PPP. This interoperability demonstration puts these vendors ahead of other ISDN vendors, who better get with it or get left out" (according to Jay Batson, Senior Analyst with Network Strategy Service at Forrester Research).

    Seven leading US, Canadian and European vendors demonstrated interoperable ISDN remote access to LANs:

  • AccessWorks Communications Inc.
  • Cisco Systems, Inc.
  • DigiBoard, Inc.
  • Gandalf Technologies, Inc.
  • IBM Corp.
  • netCS Informationstechnik GmbH
  • Network Express

    Vendors and end-users accessed Internet, read their e-mail, and sent files back home as part of the demonstration.

    "For the first time, telecommuters and branch office users can choose the equipment that they prefer. Everyone can get their equipment from different vendors, but it all works together", said Jake Jacobson, Manager of Advanced Communication Laboratories at JPL.

    Using Basic Rate ISDN lines and LAN attachments provided by the US National Institute for Standards and Technology (NIST), vendors interconnected their devices and attached to local and remote LANs. As part of the demonstration, vendors and end users accessed Internet, read their e-mail, and sent files back home. End users and vendors alike agreed that this will greatly promote rapid expansion of telecommuting, remote Internet access, branch office connectivity, and other useful applications.

    "The European ISDN Users Forum has also sanctioned PPP as the official interoperability standard" said Rick Kuhlbars of netCS, Berlin, Germany

    PPP is a set of protocols recommended by the Internet Engineering Task Force (IETF) that allows LAN connection equipment to negotiate which features and protocols will be supported by both ends of a connection. PPP is rapidly becoming a standard for LAN connections since it allows dissimilar products to quickly negotiate which features will be selected for a particular connection.

    Some reactions:

    "Global trade requirements and business relationships compel us to interoperate using these kinds of standards based procedures."
    - Stan Kluz, Lawrence Livermore National Laboratory

    "This allows us to have students, faculty and staff select a wider array of equipment and maintain interoperability with both Ameritech's switches as well as the University's emerging ISDN dial in pools."
    - Dory Leifer, University of Michigan.

    "For the first time, users now have ISDN networking plug and play. Vendors' network products which support these specifications assure that they can access networks without concern as to what ISDN networking equipment is in use on the network end."
    - Jeff Fritz, West Virginia University, Chairman of the Enterprise Network Data Interconnectivity Family (ENDIF), a working group of NIUF.

    NIUF - the North American ISDN User's Forum is an association of ISDN vendors, users, and service providers working together to promote and improve the use of ISDN in North America.

    Contacts for additional information:

    Reggie Best, AccessWorks Communications Inc., (800) 248-8204, rbest@accessworks.com
    Kevin Dickson, Cisco Systems, (415) 326- 1941kdickson@cisco.com
    Bob Downs, ENDIF liaison to IETF, Combinet, (408) 522-9020 bdowns@combinet.com
    Jeff Fritz, ENDIF Chairman, West Virginia Univ., (304) 293-2060 jfritz@wvnvm.wvnet.edu
    Douglas Frosst, Gandalf, Ontario, Canada, (613) 723-6500 dfrosst@gandalf.ca
    Rick Kuhlbars, netCS, Berlin, Germany, 49.30/856 999-0 rick@netcs.com.
    Randy Sisto, Network Express, (313) 761-5005, rsisto@nei.com
    Julie Thomtez, DigiBoard, (612) 943-9020 juliet@digibd.com
    IBM, IBM ISDN Information, (919) 254-ISDN.

    Respectfully Submitted,
    Gerry Hopkins, ENDIF ViceChair acting for the Secretary

    Return to the Table of Contents



    Subject : EFF Congratulates Rep Markey on Passage of Open Platform Bill HR3636

    Earlier this month, the House of Representatives has passed both HR 3636 and 3626. HR 3636, the Markey/Fields bill, is based on EFF's Open Platform Proposal. HR 3626 passed on a vote of 423 to 5 (7 not voting). HR 3636 passed on a vote of 423 to 4 (8 not voting). No amendments were offered to either bill on the Floor.

    After the votes, the bills were ordered to be combined into one bill, which will be sent to the Senate. The Senate is currently considering its own similar legislation.

    Electronic Frontier Foundation praises passage of House Telecommunications Bill (HR 3636), in combination with the Antitrust Reform Act (HR 3626).

    Key provisions of the bill will provide affordable access to multimedia network services for the American public

    The Electronic Frontier Foundation (EFF) is pleased that the US House of Representatives has passed major telecommunications legislation, and commends all who have worked on the bill, especially Chairman Ed Markey (D-MA). Key provisions of the legislation ensure that Open Platform service will be made widely available to all Americans, as the first step in the development of an interactive, multimedia information infrastructure.

    "Under the Open Platform services sections, the Federal Communications Commission is required to issue regulations which make switched, digital telecommunications service available and affordable for the American public in the near term," explained Daniel J. Weitzner, Deputy Policy Director of EFF. Many of the multimedia services that will help increase educational opportunity in our schools, provide access to library resources, enable distance learning, and support telecommuting, can be delivered over network services that are available today. Yet, telecommunications carriers have been slow in offering these services to the public. While an interactive broadband network should be our long term policy goal, there is no reason to wait for broadband to reap the benefits of digital technologies such as ISDN available in the network today.

    "Guided by Congress, FCC action to cause deployment and tariffing of Open Platform services will dramatically enhance American's access to multimedia information sources, " said Weitzner.

    Mitchell Kapor, Chairman of the Board of the Foundation, praised the efforts of Chairman Markey (D-MA) and said that an information infrastructure "built based on Open Platform principles will be a vibrant web of communications and information that enhance free speech and democratic discourse. Open architecture will also enable the NII to be the site of innovation, economic growth, and job creation."

    HR 3636 recognizes that advanced telecommunications services are becoming more important for individuals and public institutions and that the definition of universal service should evolve over time to ensure affordable access to such advanced services for all Americans. The bill provides that Open Platform service should be considered as the next step in the evolution of universal service. We can hope that in many circumstances a more competitive market will provide high quality access at low prices for many parts of the country. A flexible definition of universal service will help ensure that where the market fails to provide minimum acceptable levels of service, careful tailored regulation will help fill the void.

    For all of these reasons, the Open Platform sections have been enthusiastically supported by a diverse coalition of public interest groups and key players in the computer and communications industries. "The job of ensuring openness and access to the NII is only just beginning, but the Open Platform services that made possible by the bill take a decisive first step in the right direction," said Weitzner.

    Contacts:

    Jerry Berman, Executive Director,
    jberman@eff.org

    Daniel J. Weitzner, Deputy Policy Director,
    djw@eff.org
    Telephone: v: 202-347-5400 f: 202-393-5509

    June 28, 1994

    Hon. Edward Markey, Chairman
    House Telecommunications & Finance Subcommittee
    316 Ford House Office Building
    Washington, DC 20150

    Dear Chairman Markey,

    We want to congratulate you and Representative Fields on the passage of HR 3636 and to thank you for efforts and foresight in support of the Open Platform sections of the bill. Built based on Open Platform principles, the NII will be a vibrant web of communications and information that enhance free speech and democratic discourse. Such an open environment will also enable the NII to be the site of innovation, economic growth, and job creation.

    Under the Open Platform services sections, the Federal Communications Commission is required to issue regulations which make switched, digital telecommunications service available and affordable for the American public in the near term. As you know, many of the multimedia services that will help increase educational opportunity in our schools, provide access to library resources, enable distance learning, and support telecommuting, can be delivered over network services that are available today. Yet, telecommunications carriers have been slow in offering these services to the public. While an interactive broadband network should be our long term policy goal, there is no reason to wait for broadband to reap the benefits of digital technologies such as ISDN available in the network today. Guided by Congress, FCC action to cause deployment and tariffing of Open Platform services will dramatically enhance American's access to multimedia information sources. Widely available Open Platform services will also help jump start that multimedia information and communications market place.

    HR 3636 recognizes that advanced telecommunications services are becoming more important for individuals and public institutions and that the definition of universal service should evolve over time to ensure affordable access to such advanced services for all Americans. The bill, thus, provides that Open Platform service should be considered as the next step in the evolution of universal service. We can hope that in many circumstances a more competitive market will provide high quality access at low prices for many parts of the country. Your work in creating a flexible definition of universal service will help ensure that where the market fails to provide minimum acceptable levels of service, careful tailored regulation will help fill the void.

    For all of these reasons, the Open Platform sections have been enthusiastically supported by a diverse coalition of public interest groups and key players in the computer and communications industries. The job of ensuring openness and access to the NII is only just beginning, but the Open Platform services that you have made possible take a decisive first step in the right direction. Again, we commend you and your colleagues for supporting the Open Platform services sections and promise to continue to work with you to ensure enactment of comprehensive telecommunications legislation with strong Open Platform provisions this year.

    Sincerely,

    Jerry Berman
    Executive Director

    Return to the Table of Contents



    Subject: US ACM Calls for Clipper Withdrawal, Releases Crypto Policy Report

    From: US ACM, DC Office
    usacm_dc@acm.org

    U S A C M
    Association for Computing Machinery, U.S. Public Policy Committee PRESS RELEASE

    Thursday, June 30, 1994

    Contact:
    Barbara Simons(408) 463-5661, simons@acm.org
    Jim Horning (415) 853-2216, horning@src.dec.com
    Rob Kling(714) 856-5955, kling@ics.uci.edu

    COMPUTER POLICY COMMITTEE CALLS FOR WITHDRAWAL OF CLIPPER

    COMMUNICATIONS PRIVACY "TOO IMPORTANT" FOR SECRET DECISION- MAKING

    WASHINGTON, DC The public policy arm of the oldest and largest international computing society today urged the White House to withdraw the controversial "Clipper Chip" encryption proposal. Noting that the "security and privacy of electronic communications are vital to the development of national and international information infrastructures," the Association for Computing Machinery's U.S. Public Policy Committee (USACM) added its voice to the growing debate over encryption and privacy policy.

    In a position statement released at a press conference on Capitol Hill, the USACM said that "communications security is too important to be left to secret processes and classified algorithms." The Clipper technology was developed by the National Security Agency, which classified the cryptographic algorithm that underlies the encryption device. The USACM believes that Clipper "will put U.S. manufacturers at a disadvantage in the global market and will adversely affect technological development within the United States." The technology has been championed by the Federal Bureau of Investigation and the NSA, which claim that "non-escrowed" encryption technology threatens law enforcement and national security.

    "As a body concerned with the development of government technology policy, USACM is troubled by the process that gave rise to the Clipper initiative," said Dr. Barbara Simons, a computer scientist with IBM who chairs the USACM. "It is vitally important that privacy protections for our communications networks be developed openly and with full public participation."

    The USACM position statement was issued after completion of a comprehensive study of cryptography policy sponsored by the ACM (see companion release). The study, "Codes, Keys and Conflicts: Issues in U.S Crypto Policy," was prepared by a panel of experts representing various constituencies involved in the debate over encryption.

    The ACM, founded in 1947, is a 85,000 member non-profit educational and scientific society dedicated to the development and use of information technology, and to addressing the impact of that technology on the world's major social challenges. USACM was created by ACM to provide a means for presenting and discussing technological issues to and with U.S. policymakers and the general public.

    For further information on USACM, please call (202) 298-0842.

    USACM Position on the Escrowed Encryption Standard

    The ACM study "Codes, Keys and Conflicts: Issues in U.S Crypto Policy" sets forth the complex technical and social issues underlying the current debate over widespread use of encryption. The importance of encryption, and the need for appropriate policies, will increase as networked communication grows. Security and privacy of electronic communications are vital to the development of national and international information infrastructures.

    The Clipper Chip, or "Escrowed Encryption Standard" (EES) Initiative, raises fundamental policy issues that must be fully addressed and publicly debated. After reviewing the ACM study, which provides a balanced discussion of the issues, the U.S. Public Policy Committee of ACM (USACM) makes the following recommendations.

    1. The USACM supports the development of public policies and technical standards for communications security in open forums in which all stakeholders -- government, industry, and the public -- participate. Because we are moving rapidly to open networks, a prerequisite for the success of those networks must be standards for which there is widespread consensus, including international acceptance. The USACM believes that communications security is too important to be left to secret processes and classified algorithms. We support the principles underlying the Computer Security Act of 1987, in which Congress expressed its preference for the development of open and unclassified security standards.

    2. The USACM recommends that any encryption standard adopted by the U.S. government not place U.S. manufacturers at a disadvantage in the global market or adversely affect technological development within the United States. Few other nations are likely to adopt a standard that includes a classified algorithm and keys escrowed with the U.S. government.

    3. The USACM supports changes in the process of developing Federal Information Processing Standards (FIPS) employed by the National Institute of Standards and Technology. This process is currently predicated on the use of such standards solely to support Federal procurement. Increasingly, the standards set through the FIPS process directly affect non-federal organizations and the public at large. In the case of the EES, the vast majority of comments solicited by NIST opposed the standard, but were openly ignored. The USACM recommends that the standards process be placed under the Administrative Procedures Act so that citizens may have the same opportunity to challenge government actions in the area of information processing standards as they do in other important aspects of Federal agency policy making.

    4. The USACM urges the Administration at this point to withdraw the Clipper Chip proposal and to begin an open and public review of encryption policy. The escrowed encryption initiative raises vital issues of privacy, law enforcement, competitiveness and scientific innovation that must be openly discussed.

    5. The USACM reaffirms its support for privacy protection and urges the administration to encourage the development of technologies and institutional practices that will provide real privacy for future users of the National Information Infrastructure.

    Association for Computing Machinery
    PRESS RELEASE

    Thursday, June 30, 1994

    Contact:
    Joseph DeBlasi, ACM Executive Director (212) 869-7440
    Dr. Stephen Kent, Panel Chair (617) 873-3988
    Dr. Susan Landau, Panel Staff (413) 545-0263

    COMPUTING SOCIETY RELEASES REPORT ON ENCRYPTION POLICY

    CLIPPER CHIP" CONTROVERSY EXPLORED BY EXPERT PANEL

    WASHINGTON, DC A panel of experts convened by the nation's foremost computing society today released a comprehensive report on U.S. cryptography policy. The report, "Codes, Keys and Conflicts: Issues in U.S Crypto Policy," is the culmination of a ten-month review conducted by the panel of representatives of the computer industry and academia, government officials, and attorneys. The 50-page document explores the complex technical and social issues underlying the current debate over the Clipper Chip and the export control of information security technology.

    "With the development of the information superhighway, cryptography has become a hotly debated policy issue," according to Joseph DeBlasi, Executive Director of the Association for Computing Machinery (ACM), which convened the expert panel. "The ACM believes that this report is a significant contribution to the ongoing debate on the Clipper Chip and encryption policy. It cuts through the rhetoric and lays out the facts."

    Dr. Stephen Kent, Chief Scientist for Security Technology with the firm of Bolt Beranek and Newman, said that he was pleased with the final report. "It provides a very balanced discussion of many of the issues that surround the debate on crypto policy, and we hope that it will serve as a foundation for further public debate on this topic."

    The ACM report addresses the competing interests of the various stakeholders in the encryption debate -- law enforcement agencies, the intelligence community, industry and users of communications services. It reviews the recent history of U.S. cryptography policy and identifies key questions that policymakers must resolve as they grapple with this controversial issue.

    The ACM cryptography panel was chaired by Dr. Stephen Kent. Dr. Susan Landau, Research Associate Professor in Computer Science at the University of Massachusetts, co-ordinated the work of the panel and did most of the writing. Other panel members were Dr. Clinton Brooks, Advisor to the Director, National Security Agency; Scott Charney, Chief of the Computer Crime Unit, Criminal Division, U.S. Department of Justice; Dr. Dorothy Denning, Computer Science Chair, Georgetown University; Dr. Whitfield Diffie, Distinguished Engineer, Sun Microsystems; Dr. Anthony Lauck, Corporate Consulting Engineer, Digital Equipment Corporation; Douglas Miller, Government Affairs Manager, Software Publishers Association; Dr. Peter Neumann, Principal Scientist, SRI International; and David Sobel, Legal Counsel, Electronic Privacy Information Center. Funding for the cryptography study was provided in part by the National Science Foundation.

    The ACM, founded in 1947, is a 85,000 member non-profit educational and scientific society dedicated to the development and use of information technology, and to addressing the impact of that technology on the world's major social challenges. For general information, contact ACM, 1515 Broadway, New York, NY 10036. (212) 869-7440 (tel), (212) 869-0481 (fax).

    Information on accessing the report electronically will be posted soon on Usenet.

    Return to the Table of Contents



    Subject: IITF Intellectual Property Draft Report - Request for Comments

    The Information Infrastructure Task Force (IITF) working group on Intellectual Property Rights has released their preliminary draft report for public review and comment. The paper, "Intellectual Property and the National Information Infrastructure," is available from the Patent & Trademark Office via anonymous FTP here or from ftp.uspto.gov/pub/nii-ip or on the Web here or at URL http://www.uspto.gov/

    Comments may be sent electronically to nii-ip@uspto.gov; the deadline for comments is September 7, 1994

    .

    Return to the Table of Contents



    Subject: New Faces at EFF: Robin Abner (Membership), Darby Costello (Finance)

  • Robin Abner- Director of Membership, rabner@eff.org
    Robin Abner is the Director of Membership for the Electronic Frontier Foundation. Robin works with EFF's Board and staff to plan membership strategy and oversee marketing, administration and member services. Prior to joining EFF, Robin was Director of Membership and Marketing at Non-Profit Management Associates, Inc. in Washington, DC, where she developed and administered membership programs for several non-profit organizations. In addition, she served as Deputy Director of the Friends of the National Library of Medicine. Robin majored in Computer Science at George Washington University and is currently studying Technology and Management at the University of Maryland in College Park. Robin is a member of the American Society of Association Executives (ASAE) and is co-chair of ASAE's Roundtable Steering Committee. In 1993, she was appointed to the Membership Council of ASAE's Board and was awarded their Diversity Career Development Scholarship.

  • Darby Costello- Director of Finance & Administration gemini@eff.org
    Darby Costello, EFF's new Director of Finance and Administration, handles oversight of all financial activities/transactions, human resources and office management. Darby is a long-time Washingtonian, has worked in the non-profit world for over 10 years, and earned a BSBA in Accounting from George Washington University.

    She is partial to cats and has two Burmese, Juan and Flor, who share their Kalorama apartment with Darby. She is devoted to the arts (opera in particular) and actively involved with a newly-formed local opera company. Ms. Costello is a rabid, nearly indiscriminate, reader.

    Return to the Table of Contents



    Subject: What YOU Can Do

    "The net poses a fundamental threat not only to the authority of the government, but to all authority, because it permits people to organize, think, and influence one another without any institutional supervision whatsoever. The government is responding to this threat with the Clipper Chip."
    - John Seabrook, "My First Flame", New Yorker 06/06/94

    Who will decide how much privacy is "enough"?

    The Electronic Frontier Foundation believes that individuals should be able to ensure the privacy of their personal communications through any technological means they choose. However, the government's current restrictions on the export of encrytion software have stifled the development and commercial availability of strong encryption in the U.S. Now, more than ever, EFF is working to make sure that you are the one that makes these decisions for yourself. Our members are making themselves heard on the whole range of issues. EFF collected over 5000 letters of support for Rep. Maria Cantwell's bill to liberalize restrictions on cryptography. We also gathered over 1400 letters supporting Sen. Leahy's open hearings on the proposed Clipper encryption scheme, which were held in May 1994. And EFF collected over 90% of the public comments that were submitted to NIST regarding whether or not Clipper should be made a federal standard.

    You KNOW privacy is important. You have probably participated in our online campaigns. Have you become a member of EFF yet? The best way to protect your online rights is to be fully informed and to make your opinions heard. EFF members are informed and are making a difference. Join EFF today!

    -------- 8< ------- cut here ------- 8< --------

    ================================================

    MEMBERSHIP IN THE ELECTRONIC FRONTIER FOUNDATION

    ================================================

    Print out and mail to:
    Membership Coordinator
    Electronic Frontier Foundation
    1001 G Street, NW, Suite 950 East, Washington, DC 20001

    I wish to become a member of the Electronic Frontier Foundation. I enclose:
    $__________ Regular membership -- $40
    $__________ Student membership -- $20

    Special Contribution

    I wish to make an additional tax-deductible donation in the amount of $__________ to further support the activities of EFF and to broaden participation in the organization.

    PAYMENT METHOD:

    ___ Enclosed is a check payable to the Electronic Frontier Foundation.

    ___ Please charge my:
    ___ MasterCard ___ Visa ___ American Express

    Card Number: ___________________________________________

    Expiration Date: _________________________________________

    Signature: ______________________________________________

    NOTE: We do not recommend sending credit card information via the Internet!

    YOUR CONTACT INFORMATION:

    Name: _________________________________________________

    Organization: ____________________________________________

    Address: ________________________________________________

    ___________________________________________________

    Phone: (____) _______________ FAX: (____) _______________ (optional)

    E-mail address: __________________________________________

    PREFERRED CONTACT

    ___ Electronic: Please contact me via the Internet address listed above.
    I would like to receive the following at that address:

    ___ EFFector Online - EFF's biweekly electronic newsletter (back issues available from ftp.eff.org/ pub/EFF/Newsletters/EFFector).

    ___ Online Bulletins - bulletins on key developments affecting online communications.

    NOTE: Traffic may be high. You may wish to browse these publications in the Usenet newsgroup comp.org.eff.news (also available in FidoNet, as EFF-NEWS).

    ___ Paper: Please contact me through the U.S. Mail at the street address listed above.

    PRIVACY POLICY

    EFF occasionally shares our mailing list with other organizations promoting similar goals. However, we respect an individual's right to privacy and will not distribute your name without explicit permission.

    ___ I grant permission for the EFF to distribute my name and contact information to organizations sharing similar goals.

    This form came from EFFector Online (please leave this line on the form!)

    -------- 8< ------- cut here ------- 8< --------

    Administrivia

    EFFector Online is published by:


    The Electronic Frontier Foundation
    1667 K St. NW, Suite 801
    Washington DC 20006-1605 USA
    +1 202 861 7700 (voice)
    +1 202 861 1258 (fax)
    +1 202 861 1223 (BBS - 16.8k ZyXEL)
    +1 202 861 1224 (BBS - 14.4k V.32bis)
    Membership & donations: membership@eff.org
    Legal services: ssteele@eff.org
    Hardcopy publications: pubs@eff.org
    General EFF, legal, policy or online resources queries: ask@eff.org


    Editor: Stanton McCandlish, Online Services Mgr./Activist/Archivist (mech@eff.org)
    This newsletter printed on 100% recycled electrons.

    Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the views of EFF. To reproduce signed articles individually, please contact the authors for their express permission. Press releases and EFF announcements may be reproduced individ- ually at will.

    To subscribe to EFFector via email, send message body of "subscribe effector-online" (without the "quotes") to listserv@eff.org, which will add you to a subscription list for EFFector.

    Back issues are available at:


    ftp.eff.org,/pub/EFF/Newsletters/EFFector/
    gopher.eff.org,1/EFF/Newsletters/EFFector/
    http://www.eff.org/pub/EFF/Newsletters/EFFector/
    To get the latest issue, send any message to effector-reflector@eff.org (or er@eff.org), and it will be mailed to you automagically. You can also get the file "current" from the EFFector directory at the above sites at any time for a copy of the current issue.

    HTML editions available at:


    http://www.eff.org/pub/EFF/Newsletters/EFFector/HTML/ at EFFweb.

  • Effector Online HTML work by EFF Volunteer Steve Gilmore

    Return to the Table of Contents