========================================================================= ________________ _______________ _______________ /_______________/\ /_______________\ /\______________\ \\\\\\\\\\\\\\\\\/ ||||||||||||||||| / //////////////// \\\\\________/\ |||||________\ / /////______\ \\\\\\\\\\\\\/____ |||||||||||||| / ///////////// \\\\\___________/\ ||||| / //// \\\\\\\\\\\\\\\\/ ||||| \//// e c t o r ========================================================================= EFFector Vol. 10, No. 02 Feb. 27, 1997 editor@eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 IN THIS ISSUE: Pro-CODE Bill Announced Today: Free Crypto From Cold-War Regs An Open Letter to the Internet Community from Senator Burns Upcoming Events Quote of the Day What YOU Can Do Administrivia * See http://www.eff.org/hot.html or ftp.eff.org, /pub/Alerts/ for more information on current EFF activities and online activism alerts! * ---------------------------------------------------------------------- Subject: Pro-CODE Bill Announced Today: Free Crypto From Cold-War Regs ----------------------------------------------------------------------- Below is a joint advisory from CDT, EFF and VTW about the re-introduction of Sen. Conrad Burns's "Pro-CODE" encryption export deregulation bill. EFF commends Burns and co-sponsors for continuing to raise this issue in Congress, and for their opposition to the Administration's obsolete (and unconstitutional) policies. Though EFF does not *endorse* this legislation (principally because it may perpetuate a policy of excluding the public from government decision-making on encryption policy), we do recognize and laud the bill as an improvement over the status quo in almost all respects. Pro-CODE would turn the current export process upside down, permitting export of most encryption, and requiring reportage of an encryption program's capabilities only *after* export. The bill also creates no new or redundant crime categories. PRO-CODE BILL ANNOUNCED TODAY BILL WOULD LIBERATE ENCRYPTION FROM ANTIQUATED COLD-WAR REGULATIONS February 27, 1997 Please widely redistribute this document with this banner intact until March 15, 1997 From the Center for Democracy and Technology (CDT), the Electronic Frontier Foundation (EFF), and the Voters Telecommunication Watch (VTW) ________________________________________________________________________ CONTENTS The Latest News What You Can Do Now Background On Pro-CODE What's At Stake For More Information / Supporting Organizations ________________________________________________________________________ THE LATEST NEWS Today, a bi-partisan group of seventeen United States Senators, led by Conrad Burns (R-MT) and Patrick Leahy (D-VT), introduced the "Promotion of Commerce Online in the Digital Era (Pro-CODE) Act", a bill designed to promote privacy and security on the Internet by relaxing government controls on encryption technologies. Encryption technologies are the locks and keys of the Information age -- enabling individuals and businesses to protect sensitive information as it is transmitted over the Internet. Pro-CODE aims to enable this by removing some of the regulations that currently prevent Americans from using this technology. A short summary of the bill and background on the encryption policy debate are attached below, along with information on what you can do to help ensure that Congress takes action on this important issue. ________________________________________________________________________ WHAT YOU CAN DO NOW 1. CALL THE Pro-CODE SPONSORS AND THANK THEM FOR THEIR EFFORTS Members of Congress tend to hear from their constituents only when they do something constituents don't like. Today however, several Senators have taken a stand on an issue of critical importance to Internet users. It's crucial that we encourage them with phone calls of support. If you live in any of the states listed below, please take a moment to give these Senators a call. Allard (R-CO) Ashcroft (R-MO) Boxer (D-CA) Brownback (R-KS) Burns (R-MT) Craig (R-ID) Dominici (R-NM) Dorgan (D-ND) Faircloth (R-NC) Grahms (R-MN) Hutchison (R-TX) Inhoffe (R-OK) Kempthorne (R-ID) Leahy (D-VT) Lott (R-MS) Murray (D-WA) Nickles (R-OK) Thomas (R-WY) Wyden (D-OR) Please take a moment to give these Senators a call. You:Senator Mojo's office please! Sen:Hello, Senator Mojo's office! You: SAY I heard that the Senator introduced Pro-CODE to add more privacy on THIS-> the Internet. Please thank the Senator for me and I support efforts to fix antiquated encryption export laws. I live in . Sen: Ok, thanks! 2. ADOPT YOUR LEGISLATOR If you were one of the thousands of people that have adopted their legislator at http://www.crypto.com/, you would have received a personalized letter telling you that your legislator announced his or her sponsorship of Pro-CODE today. These personalized letters contain all the phone numbers you need, and we'll send them to you any time your legislator takes any action that would have a significant impact on the net. The Adopt Your Legislator campaign is the most effective method of mobilizing grass-roots support available today. Since late last year, VTW and CDT have been building a network of thousands of Internet users who are active and engaged in the fight for privacy and security on the Internet. By focusing our efforts on the constituents of specific legislators as well as on the net as a whole, we can ensure that members of Congress know that they have support within their district as well as throughout the Internet community. You can adopt your legislator at http://www.crypto.com/adopt/ ________________________________________________________________________ BACKGROUND ON THE PRO-CODE BILL The Promotion of Commerce Online in the Digital Era (Pro-CODE) Act is similar to a bill introduced by Senators Burns (R-MT) and Leahy (D-VT) last year (then S.1726). Pro-CODE enjoyed broad bi-partisan support in the Senate and was the subject of 3 hearings, including 2 which were cybercast live on the Internet. This year's Pro-CODE bill (no bill number yet available) is designed to encourage the widespread availability of strong, easy-to-use encryption technologies to protect privacy and security on the Internet. Specifically, Pro-CODE would: 1. Encourage the widespread availability of strong privacy and security products by relaxing export controls on encryption technologies that are already available on the mass market or in the public domain. This would include popular programs like Pretty Good Privacy (PGP) and World Wide Web browsers like those made by Netscape and Microsoft. Current US encryption policy restricts export of encryption products with key-lengths of more than 40 bits. A recent study by renowned cryptographers including Whit Diffie (one of the fathers of modern cryptography), Matt Blaze, and others concluded that 40 bits is "woefully inadequate" to protect personal and business communications. Over the last eighteen months, several examples of the weakness of 40-bit encryption have been demonstrated by college students with spare personal computers. 2. Prohibit the federal government from imposing mandatory key-escrow or key-recovery encryption policies on the domestic market and limit the authority of the Secretary of Commerce to set standards for encryption products. 3. Require the Secretary of Commerce to allow the unrestricted export of other encryption technologies if products of similar strength are generally available outside the United States. For more information on the Pro-CODE bill, background information on efforts to pass encryption policy reform legislation last year, and other materials please visit: For more information, see the Encryption Policy Resource Page at http://www.crypto.com/ ________________________________________________________________________ WHAT'S AT STAKE Encryption technologies are the locks and keys of the Information age -- enabling individuals and businesses to protect sensitive information as it is transmitted over the Internet. As more and more individuals and businesses come online, the need for strong, reliable, easy-to-use encryption technologies has become a critical issue to the health and viability of the Net. Current US encryption policy, which limits the strength of encryption products US companies can sell abroad, also limits the availability of strong, easy-to-use encryption technologies in the United States. US hardware and software manufacturers who wish to sell their products on the global market must either conform to US encryption export limits or produce two separate versions of the same product, a costly and complicated alternative. The export controls, which the NSA and FBI argue help to keep strong encryption out of the hands of foreign adversaries, are having the opposite effect. Strong encryption is available abroad, but because of the export limits and the confusion created by nearly four years of debate over US encryption policy, strong, easy-to-use privacy and security technologies are not widely available off the shelf or "on the net" here in the US. Because of this policy problem, US companies are now at a competitive disadvantage in the global marketplace. All of us care about our national security, and no one wants to make it any easier for criminals and terrorists to commit criminal acts. But we must also recognize encryption technologies can also aid law enforcement and protect national security by limiting the threat of industrial espionage and foreign spying. What's at stake in this debate is nothing less than the future of privacy and the fate of the Internet as a secure and trusted medium for commerce, education, and political discourse. ________________________________________________________________________ FOR MORE INFORMATION / SUPPORTING ORGANIZATIONS This alert was brought to you by the Center for Democracy and Technology, the Electronic Frontier Foundation, and the Voters Telecommunications Watch. http://www.cdt.org http://www.eff.org http://www.vtw.org There are many excellent resources online to get up to speed on the crypto issue including the following WWW sites: http://www.crypto.com http://www.privacy.org Please visit them often. Press inquiries should be directed to: Jonah Seiger of CDT at jseiger@cdt.org or +1.202.637.9800 Stanton McCandlish of EFF at mech@eff.org or +1.415.436.9333 Shabbir J. Safdar of VTW at shabbir@vtw.org or +1.917.978.8430 (beeper). ________________________________________________________________________ End alert ------------------------------ From: Conrad Burns Subject: An Open Letter to the Internet Community from Senator Burns -------------------------------------------------------------------- February 27, 1997 Today I am pleased to announce that I have reintroduced legislation to reform US encryption policy in a way that recognizes the realities of the global information infrastructure and the need for strong privacy and security protections on the Internet. The "Promotion of Commerce Online in the Digital Era (Pro-CODE) Act" would promote the growth of electronic commerce, encourage the widespread availability of strong privacy and security technologies for the Internet, and repeal the cold war-era regulations limiting the export of encryption technologies. The bill enjoys widespread support from both my Republican and Democratic colleagues and was introduced with 20 cosponsors. As a fellow Internet user, I am excited by the vast potential of the Net to facilitate new forms of commerce and communication. In order for the Net to reach its potential as a trusted medium for personal communications and proprietary business transactions however, Internet users must have access to strong privacy and security technologies. Yet for years, the federal government has pursued an encryption policy which has limited the availability of privacy and security products -- leaving Internet users and businesses out in the cold. Last year, the Pro-CODE bill (then S. 1726) received broad bipartisan support in the Senate. Internet users, rallying to the cry of "My Lock, My Key," expressed their support for the bill in meetings members of Congress in live interactive chat sessions. Netizens also participated in the first interactive online Senate hearings and provided valuable testimony for the Committee on this issue. Yet almost a year after Congress entered this critical Internet policy debate, and despite the overwhelming call for encryption policy reform, the Administration remains committed to an outdated and unworkable approach to US Encryption policy. In November of 1996, the Administration announced yet another effort to reform US encryption policy. The proposal, which would allow the export of strong encryption programs only if they include government-approved "key-recovery" mechanisms, has met with uniform criticism from Internet users, privacy experts, and the computer and communications industry. Current export controls are serving only to limit the availability of privacy and security technologies for Internet users inside the US and disadvantage US industry on the competitive global market, while doing nothing to keep strong encryption out of the hands of foreign adversaries. By relaxing encryption export controls, the Pro-CODE bill will reform US encryption policy in a way that recognizes the realities of the information revolution and the competitive global marketplace. The Internet community has been instrumental in helping to educate my colleagues in the Congress about the importance of encryption policy reform. In the coming months I will need your help and support as this bill makes its way through the legislative process. As the bill moves forward, I want to invite you to take advantage of several online resources set up to educate the Congress and the public about the need for encryption policy reform. You can find out more by visiting my web page at http://www.senate.gov/~burns/. Thank you for your support, Conrad Burns United States Senator or call 202-872-4200 Apr. 22- 24 - CHICAGO, IL - DCI Internet Expo; the world's largest Internet, Web and email conference and exposition; comprehensive program will cover Web-enabled marketing, best practices for e-commerce and application development; San Jose Convention Center; also will be held February 18-20 at the San Jose Convention Center; email: ExpoReg@dciexpo.com URL: http://www.dciexpo.com June 2- 4 - American Society for Information Science 1997 Mid-Year Conference; gathering will focus on privacy and security issues online; Scottsdale Arizona; paper submissions due Nov. 1, 1996. Contacts: Gregory B. Newby, Co-Chair GSLIS/UIUC Tel: (217) 244-7365; Email: gbnewby@uiuc.edu Mark H. Needleman, Co chair UCOP Tel: (510) 987-0530; Email: mhn@stubbs.ucop.edu Karla Petersen, Panel Sessions Tel: (312) 508-2657; Email: kpeter1@luc.edu Richard Hill, Executive Director, ASIS Tel: (301) 495-0900; Email: rhill@cni.org URL: http://www.asis.org June 14- 19 + CALGARY, CANADA ED-MEDIA/ED-TELECOM 97--World Conference on Educational Multimedia and Hypermedia and World Conference on Educational Telecommunications are jointly held international conferences, organized by the Association for the Advancement of Computing in Education (AACE). These annual conferences serve as multi- disciplinary forums for the discussion and dissemination of information on the research, development, and applications on all topics related to multimedia/hypermedia and distance education. We invite you to attend ED-MEDIA/ED-TELECOM 97 and submit proposals for papers, panels, roundtables, tutorials, workshops, demonstrations/posters, and SIG discussions. Proposals may be submitted in either hard copy (send 5 copies or fax 1 copy) or in electronic form. Electronic proposals in the form of URL addresses or ASCII files (uncoded) are preferred. Submission Deadline: Oct. 25, 1996; Send to: Program Chairs ED-MEDIA 97/AACE P.O. Box 2966 Charlottesville, VA 22902, USA E-mail: AACE@virginia.edu; Phone: 804-973-3987; Fax: 804-978-7449 URL: http://www.aace.org/conf/edmedia June 19- 20 - WASHINGTON, DC - CyberPayments '97 Conference will investigate issues of online commerce including electronic cash and checks, credit cards, encryption systems and security products; Sheraton Washington Hotel, Washington, DC For more information contact: email: vinceiaboni@msn.com tel: +1 216 464 2618 x228 +1 800 529 7375 June 20- 21 + GLASGOW, SCOTLAND - International Symposium on Technology and Society 1997 (ISTAS'97): Technology and Society at a Time of Sweeping Change; University of Strathclyde in Glasgow, Scotland ISTAS '97 aims to tackle questions of how advancements in technology are affecting the social and natural landscape; ISTAS '97 Secretariat Conference Services Department The Institution of Electrical Engineers Savoy Place London WC2R 0BL UK Tel: + 44(0)171 344 5469/8425 Fax: +44 (0)171 240 8830 E-mail: ISTAS@iee.org.uk URL: http://www.iee.org.uk/LSboard/Conf/call_for/istas97.htm June 22- 25 + TORONTO - GLOBAL KNOWLEDGE '97; given the vital role of knowledge in economic and social development, and the opportunities and challenges posed by new information and communication technologies, how can developing countries, and particularly the world's poor, access and harness knowledge for development, so as to promote empowerment, enable life-long learning, and reduce poverty? URL: http://www.bvx.ca/ict/gk97.htm Conference Secretariat The World Bank Economic Development Institute 1818 H Street, NW, M7-075 Washington, DC 20433 USA Tel: 202-473-6442 Fax: 202-676-0858 E-mail: GlobalKnowledge@worldbank.org Alain Brousseau Phone: (819) 997-6849 Fax: (819) 953-6356 E-mail: alain_brousseau@acdi-cida.gc.ca July 13- 17 - ACUTA 26th Annual Conference; Atlanta, Georgia. Contact: +1 606 278 3338 (voice) Aug. 24 + NAGOYA, JAPAN - IJCAI-97 Workshop on AI in Digital Libraries: Moving From Chaos to (More) Order; Nagoya Congress Center, Nagoya, Japan; URL: http://www.dlib.com/people/innes/aiindl/cfp.html Sep. 7 - 11 + LANCASTER, UK - ECSCW'97, the Fifth European Conference on Computer Supported Cooperative Work; deadline for paper submissions is January 13, 1997; papers must contain an abstract of not more than 100 words and not exceed 16 pages in length; full formatting instructions are available from http://www.comp.lancs.ac.uk/computing/research/cseg/ecscw97/papers/ queries: ecscw97-papers@comp.lancs.ac.uk for more information: snail mail: ECSCW'97 Conference Office Computing Department Lancaster University Lancaster LA1 4YR UK URL: http://www.comp.lancs.ac.uk/computing/research/cseg/ecscw97/ email: ecscw97@comp.lancs.ac.uk Sep. 12- 14 SAN DIEGO - Association of Online Professionals Annual Conference; sysop trade association's yearly gathering to discuss issues of relevance to the industry URL: http://www.aop.org/confrnc.html Sep. 25- 27 + PRAGUE, CZECHOSLOVAKIA - RUFIS'97: Role of Universities in the Future Information Society; Czech Technical University, Prague, Czechoslovakia; to obtain a registration form, please, send an empty e-mail message to: rufis-call@mail.vc.cvut.cz Karel Kveton UNESCO International Centre for Scientific Computing Czech Technical University - Prague Computing Centre Zikova 4, 166 35 Prague 6 Phone: + 42 2 2431 0369, fax: + 42 2 311 7529 e-mail: kveton@vc.cvut.cz URL: http://www.cvut.cz/RUFIS97 Oct. 7- 10 + BEIJING, CHINA - '97 China Database: Electronic Publications & Software Exhibition; Beijing International Convention Center Contact: Mr. Cheng Bin and Ms. Hu Yongning Beijing Evertrust Exposition Co. Ltd. 15 Fuxing Road, Beijing, China Post code: 100038 Tel: +86-10-68514007 Fax: +86-10-68537092 URL: http: // www.sti.ac. cn/Exhibition/ invi.htm E-mail: expo@istic.sti.ac.cn Oct. 28- 31 - EDUCOM '97; Minneapolis-St. Paul, Minnesota. Contact: +1 202 872 4200 (voice) Email: conf@educom.edu Dec. 1 - Computer Security Day (started by Washington DC chapter of the Assoc. for Computing Machinery, to "draw attention to computer security during the holdiay season when it might otherwise become lax." ------------------------------ Subject: Quote of the Day ------------------------- "Moderation in temper is always a virtue; moderation in principle is always a vice." - Thomas Paine Find yourself wondering if your privacy and freedom of speech are safe when bills to censor the Internet are swimming about in a sea of of surveillance legislation and anti-terrorism hysteria? Worried that in the rush to make us secure from ourselves that our government representatives may deprive us of our essential civil liberties? Concerned that legislative efforts nominally to "protect children" will actually censor all communications down to only content suitable for the playground? Alarmed by commercial and religious organizations abusing the judicial and legislative processes to stifle satire, dissent and criticism? Join EFF! http://www.eff.org/join (or send any message to info@eff.org). Even if you don't live in the U.S., the anti-Internet hysteria will soon be visiting a legislative body near you. If it hasn't already. ------------------------------ Subject: What YOU Can Do ------------------------ * Keep and eye on your local legislature/parliament All kinds of wacky censorious legislation is turning up at the US state and non-US national levels. Don't let it sneak by you - or by the online activism community. Without locals on the look out, it's very difficult for the Net civil liberties community to keep track of what's happening locally as well as globally. * Inform your corporate government affairs person or staff counsel if you have one. Keep them up to speed on developments you learn of, and let your company's management know if you spot an issue that warrants your company's involvement. * Find out who your congresspersons are Writing letters to, faxing, and phoning your representatives in Congress is one very important strategy of activism, and an essential way of making sure YOUR voice is heard on vital issues. If you are having difficulty determining who your US legislators are, try contacting your local League of Women Voters, who maintain a great deal of legislator information, or consult the free ZIPPER service that matches Zip Codes to Congressional districts with about 85% accuracy at: http://www.stardot.com/~lukeseem/zip.html Computer Currents Interactive has provided Congress contact info, sorted by who voted for and against the Communications Decency Act: http://www.currents.net/congress.html (NB: Some of these folks have, fortunately, been voted out of office.) * Join EFF! You *know* privacy, freedom of speech and ability to make your voice heard in government are important. You have probably participated in our online campaigns and forums. Have you become a member of EFF yet? The best way to protect your online rights is to be fully informed and to make your opinions heard. EFF members are informed and are making a difference. Join EFF today! For EFF membership info, send queries to membership@eff.org, or send any message to info@eff.org for basic EFF info, and a membership form. ------------------------------ Administrivia ============= EFFector is published by: The Electronic Frontier Foundation 1550 Bryant St., Suite 725 San Francisco CA 94103 USA +1 415 436 9333 (voice) +1 415 436 9993 (fax) Membership & donations: membership@eff.org Legal services: ssteele@eff.org General EFF, legal, policy or online resources queries: ask@eff.org Editor: Stanton McCandlish, Program Director/Webmaster (mech@eff.org) This newsletter is printed on 100% recycled electrons. Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the views of EFF. To reproduce signed articles individually, please contact the authors for their express permission. Press releases and EFF announcements may be reproduced individ- ually at will. To subscribe to EFFector via email, send message body of "subscribe effector-online" (without the "quotes") to listserv@eff.org, which will add you to a subscription list for EFFector. Back issues are available at: ftp.eff.org, /pub/EFF/Newsletters/EFFector/ gopher.eff.org, 1/EFF/Newsletters/EFFector http://www.eff.org/pub/EFF/Newsletters/EFFector/ To get the latest issue, send any message to effector-reflector@eff.org (or er@eff.org), and it will be mailed to you automagically. You can also get the file "current" from the EFFector directory at the above sites at any time for a copy of the current issue. HTML editions available at: http://www.eff.org/pub/EFF/Newsletters/EFFector/HTML/ at EFFweb. ------------------------------ End of EFFector Online v10 #02 Digest ************************************* $$