******************************************************************** ////////////// ////////////// ////////////// /// /// /// /////// /////// /////// /// /// /// ////////////// /// /// ******************************************************************** EFFector Online Volume 6 No. 3 10/19/1993 editors@eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 -==--==--==-<>-==--==--==- In This Issue: EFF Changes: New Editor, Suns Move to DC! Notes from House Hearing on Cryptography Export Controls Administration Expands FOIA Rights UK Cryptoprivacy Association Meeting -==--==--==-<>-==--==--==- EFF Changes: New Editor, Suns Move to DC! _EFFector_Online_ is now produced by Stanton "Mechanism" McCandlish, EFF's Online Activist, mech@eff.org. Some new formatting: All articles are separated by the -==-==-==... line you see above, which should make it convenient to scan forward to a new article quickly. General comments about _EFFector_, EFF, and the issues raised should be directed to editor@eff.org. Other important addresses, some of which have changed: eff@eff.org - to get on mailing lists, and other tech stuff ask@eff.org - to ask questions about EFF or the issues we are involved in Our Sun Microsystems SPARCstations have been moved by our former sysadmins, Helen Rose-Davis and Chris Davis (now with KEI), from Cambridge, MA to Washington, DC finally! Our ftp site was unavailable for most of the weekend, but by Mon. 11/17 was back up again, thanks to Chris, Helen, and the new EFF System Administrator, Dan Brown (brown@eff.org), who had the system up and running within one hour of it's arrival on-site. Pretty impressive! Note that EFF *is* still reachable at eff.org, the ftp site is still ftp.eff.org, the gopher site is still gopher.eff.org, wais is wais.eff.org, as always. However, kragar.eff.org may not be a valid host domain name much longer, so avoid using it and use ftp.eff.org instead. -==--==--==-<>-==--==--==- Subject: Notes from House Hearing on Cryptography Export Controls October 12, 1993 House Foreign Affairs Committee Subcommittee on Economic Policy, Trade, and the Enviornment Hearing on mass market cryptography and export controls Rep. Sam Gejdenson (D-Conn.), Chair [A hopefully informative and probably biased account of the hearing by EFF] Committee Members present: Gejdenson, Cantwell (D-Wash.), Fingerhut (D-Ohio), Rohrbacher (R-Calif.) Manzullo (R-Ill.) Witnesses: PANEL 1 (Open) J. Hendren, Arkansas Systems (A data security firm that does a lot of international banking work) Ray Ozzie, IRIS Associates for Business Software Alliance (Lotus Notes developer) Stephen Walker, Trusted Information Systems for Software Publishers Association Philip Zimmermann, PGP developer Don Harbert, Digital Eqiupment Corp. PANEL 2 (Secret Session) NSA representative Opening Statement of Gejdenson: "This hearing is about the well intentioned attempts of the National Security Agency to try to control the uncontrollable.... The NSA itself acknowledges that if you have a long distance telephone line and a modem, you can send this software anywhere in the world. If you have a computer and a modem you can take this software off of the Internet anywhere in the world.... I do not question the value of the information sought by the National Security Agency. But once it is determined that the dispersion of this software cannot be controlled, then however much we might want to protect our ability to obtain information, it is beyond our means to do so. Just as in the case of telecommunications, the National Security Agency is attempting to put the genie back in the bottle. It won't happen; and a vibrant and productive sector of American indsutry may be sacrificed in the process." The main points raised by witnesses were these: 1. DES and other strong encryption which is barred by ITAR is in the public domain and available on the global market from foreign software manufacturers: -Ray Ozzie used his laptop and a modem to show how to get a DES implementation from ftp.germany.eu.net. The committee loved it and most of them seemed to understand what was going on on the screen, even though they had never heard of ftp. -Stephen Walker described the results of an SPA study which uncovered over 250 cryptography packages which offer DES-based or stronger algorithms. -Phil Zimmermann testified that he designed PGP from publicly available information. 2. Foreign DES implementations are just as good as US versions. Surprisingly enough, this is a contentious issue. Some members of the committee seemed to have been told by someone or another that foreign versions of DES may not be as strong as those that are made in the USA. If this were true, then export controls might still be justified despite the numerous foreign versions of DES on the market. In my view, this is a pretty desperate argument. -Steve Walker demonstrated that all DES works the same way by encrypting a passage from Mozart's Eine Kleine Nachtmusik with several different foreign DES packages, and then decrypting them. Surprise! They all sounded just the same. 3. Lots of money is being lost by US software/hardware vendors: -Don Harbert from DEC told of loses of over $70 Million in just the last few months. -BSA estimates that export controls exclude access to a global market the is $6-9 Billion. 4. People want their privacy -Phil Zimmermann told the committee about his experience with PGP users and how badly people need and want to protect their privacy in electronic environments Committee Responses: Overall, the committee was quite sympathetic to the witnesses. Chairman Gejdenson seemed very supportive of changing export controls. Rep. Dana Rohrbacher, no flaming liberal, said, "the cold war is over. I sympathize with everything that has been said here." ................................................................... Daniel J. Weitzner, Senior Staff Counsel Electronic Frontier Foundation 1001 G St, NW Suite 950 East Washington, DC 20001 202-347-5400 (v) 202-393-5509 (f) -==--==--==-<>-==--==--==- >From ssteele Mon Oct 18 16:29:07 1993 Received: from [192.77.172.156] (ssteele.eff.org) by eff.org with SMTP id AA18441 (5.65c/IDA-1.5/ident for ); Mon, 18 Oct 1993 16:29:07 -0400 Date: Mon, 18 Oct 1993 16:29:07 -0400 Message-Id: <199310182029.AA18441@eff.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: mech@eff.org From: ssteele (Shari Steele) Subject: articles for EFFector Online Status: RO Hi Stanton. I'd start with an introduction of yourself and how you'll be doing EFFector Online from now on. Next, put in an announcement about the successful move of the EFF computers to DC. Include a plug for Chris, Helen and Dan, tell what equipment was moved, and assure folks of how they can still reach us. I usually just take the headers and footers from the last issue of EFFector. Let me know if you don't have a copy of that. Shari -==--==--==-<>-==--==--==- Administration Expands FOIA Rights In an announcement made on Monday, October 4, 1993, President Bill Clinton has called on all federal departments and agencies "to renew their commitment to the Freedom of Information Act (FOIA), to its underlying principles of government openness, and to its sound administration." Attorney General Janet Reno specified some changes the Administration will be making in its enforcement of FOIA. First, the Department of Justice will no longer allow agencies the excuse that there MIGHT be a legal basis for withholding information. Instead, agencies will be encouraged to disclose unless there is a clear legal reason that prevents disclosure. "In short, it shall be the policy of the U.S. Department of Justice to defend the assertion of a FOIA exemption only in those cases where the agency reasonably foresees that disclosure would be harmful to an interest protected by that exemption." Attorney General Reno also announced that the Department of Justice would be reviewing regulations implementing FOIA and forms used in the process. DoJ will also strive to reduce the current FOIA backlogs over the coming year. The Electronic Frontier Foundation (EFF) was especially pleased that President Clinton refered to enhancing "public access through the use of electronic information systems." EFF believes that electronic access to information is critical, and EFF has been working with Congress (through support of Senator Patrick Leahy's (D-VT) Electronic FOIA amendments and other legislation) and members of the Administration to ensure that electronically stored information is as easily obtainable as printed documents. EFF Director of Legal Services Shari Steele commented, "We are encouraged that the Clinton Administration has recognized the importance of this method of information dissemination. In this electronic era, it is critical that information be made available in a format that is most useful to citizens as they inquire about the activities of their government." After over a decade of government whittling away at citizen access to public information, EFF is pleased to see this shift in priorities. "We applaud the Clinton Administration for taking this first step toward restoring our vital right to access information," Ms. Steele continued, "and we are hopeful that the Administration will take further steps in this direction, particularly when it comes to information that is stored electronically." A copy of the Administration's memorandum is available for anonymous ftp at /pub/EFF/legislation/freedom-info-act-10.4.93 on ftp.eff.org. -==--==--==-<>-==--==--==- UK Cryptoprivacy Association Meeting Date: Sunday, 31 October 1993 Time: 1430 At the offices of: FOREST 4th floor 2 Grosvenor Gardens London SW1W 0DH [ FOREST is located at the corner of Grosvenor Gardens and Hobart Place, a couple of blocks west of Victoria Station. There is a taxi shelter across the street from the office. Those who have trouble finding this location can page Russell Whitaker on 081-812-2661, and stand by the payphone or cellphone for a callback. ] The UK Cryptoprivacy Association has its roots in the U.S. cypherpunk advocacy of strong personal cryptography. The next UKCA meeting, to be held at the offices of FOREST (see the above), will feature roundtable discussion on such issues as: - The recent well-publicised discovery of a larger number of U.S. National Security Agency (NSA) electronic listening posts than had been previously suspected; - Further news on the spread of freely-available public key cryptography software in Eastern Europe, Russia, and the Transcaucasian states; - The status of the various UK and Moscow PGP public key servers and software archive sites, with input from a couple of maintainers of these services in the UK; - The implications of the legal controversy surrounding the development and distribution of PGP encryption software in the U.S., with further discussion on the possibility of volunteer contributions to Phil Zimmermann's legal defence fund; - Introduction to public key cryptography for novices Attendees are encouraged to bring and exchange diskettes with their PGP public keys. A few of us will bring along our MS-DOS laptops, to sign public keys on site. In the interest of speeding things along, it is recommended that all keys signed at the meeting be submitted later, with their newly appended signatures, to the PGP Key Server at Demon Internet Services. Send a message with the subject line "help" to pgp-public-keys@demon.co.uk, for more information. PGP (Phil Zimmermann's "Pretty Good Privacy") public key encryption software can be obtained by ftp from, among other places, ftp.demon.co.uk in the directory /pub/pgp. Versions include, but are not limited to, Unix, MS-DOS, Archimedes, and MacOS. Full source code is available. This meeting will also feature discussion on the upcoming First European Conference on Computers, Freedom and Privacy (ECFP '93) to be held on 20 November 1993, which will feature speakers including John Gilmore, David Chaum, and Duncan Frissell, as well as a representative of the UK's Data Protection Registry. Russell Earl Whitaker ECFP Ventures Ltd russell@eternity.demon.co.uk -==--==--==-<>-==--==--==- EFFector Online is published biweekly by: Electronic Frontier Foundation 1001 G Street, N.W., Suite 950 East Washington, DC 20001 USA Phone: +1 202 347 5400 FAX: +1 202 393 5509 Internet Address: eff@eff.org Coordination, production and shipping by Shari Steele, Director of Legal Services & Community Outreach (ssteele@eff.org) Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the view of the EFF. To reproduce signed articles individually, please contact the authors for their express permission. *This newsletter is printed on 100% recycled electrons.* -==--==--==-<>-==--==--==- MEMBERSHIP IN THE ELECTRONIC FRONTIER FOUNDATION In order to continue the work already begun and to expand our efforts and activities into other realms of the electronic frontier, we need the financial support of individuals and organizations. If you support our goals and our work, you can show that support by becoming a member now. Members receive our bi-weekly electronic newsletter, EFFector Online (if you have an electronic address treached through the Net), and special releases and other notices on our activities. But because we believe that support should be freely given, you can receive these things even if you do not elect to become a member. Your membership/donation is fully tax deductible. Our memberships are $20.00 per year for students and $40.00 per year for regular members. You may, of course, donate more if you wish. -==--==--==-<>-==--==--==- Mail to: Membership Coordinator Electronic Frontier Foundation 1001 G Street, N.W. Suite 950 East Washington, DC 20001 USA Membership rates: $20.00 (student or low income membership) $40.00 (regular membership) [ ] I wish to become a member of the EFF. I enclose: $_______ [ ] I wish to renew my membership in the EFF. I enclose: $_______ [ ] I enclose an additional donation of $_______ Name: Organization: Address: City or Town: State: Zip: Phone: ( ) (optional) FAX: ( ) (optional) E-mail address: I enclose a check [ ]. Please charge my membership in the amount of $ to my Mastercard [ ] Visa [ ] American Express [ ] Number: Expiration date: Signature: ______________________________________________ Date: Optional: I hereby grant permission to the EFF to share my name with other nonprofit groups from time to time as it deems appropriate. Initials:______________________ -- Stanton McCandlish Electronic Frontier Foundation Online Activist & SysOp "A nation that is afraid to let its people judge the truth and falsehood of ideas in an open market is a nation that is afraid of its people." -JFK -=> mech@eff.org NitV-DC BBS 202-232-2715, Fido 1:109/? IndraNet 369:111/1