The Hacker's Encyclopedia 1998

home *** CD-ROM | disk | FTP | other *** search

/ The Hacker's Encyclopedia 1998 / hackers_encyclopedia.iso / etc / misc / wireclip.txt < prev next >

Wrap

Text File | 2003-06-11 | 66.8 KB | 1,392 lines

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- =-=-=-=-=-=-Copyright 1993,4 Wired USA Ltd. All Rights Reserved=-=-=-=-=-= -=-=For complete copyright information, please see the end of this file=-=- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= WIRED 2.04 Electrosphere ************* Jackboots on the Infobahn ^^^^^^^^^^^^^^^^^^^^^^^^^ Clipper is a last ditch attempt by the United States, the last great power from the old Industrial Era, to establish imperial control over cyberspace. By John Perry Barlow [Note: The following article will appear in the April 1994 issue of WIRED. We, the editors of WIRED, are net-casting it now in its pre-published form as a public service. Because of the vital and urgent nature of its message, we believe readers on the Net should hear and take action now. You are free to pass this article on electronically; in fact we urge you to replicate it throughout the net with our blessings. If you do, please keep the copyright statements and this note intact. For a complete listing of Clipper-related resources available through WIRED Online, send email to <infobot@wired.com> with the following message: "send clipper.index". - The Editors of WIRED] On January 11, I managed to schmooze myself aboard Air Force 2. It was flying out of LA, where its principal passenger had just outlined his vision of the information superhighway to a suited mob of television, show- biz, and cable types who fervently hoped to own it one day - if they could ever figure out what the hell it was. >From the standpoint of the Electronic Frontier Foundation the speech had been wildly encouraging. The administration's program, as announced by Vice President Al Gore, incorporated many of the concepts of open competition, universal access, and deregulated common carriage that we'd been pushing for the previous year. But he had said nothing about the future of privacy, except to cite among the bounties of the NII its ability to "help law enforcement agencies thwart criminals and terrorists who might use advanced telecommunications to commit crimes." On the plane I asked Gore what this implied about administration policy on cryptography. He became as noncommittal as a cigar-store Indian. "We'll be making some announcements.... I can't tell you anything more." He hurried to the front of the plane, leaving me to troubled speculation. Despite its fundamental role in assuring privacy, transaction security, and reliable identity within the NII, the Clinton administration has not demonstrated an enlightenment about cryptography up to par with the rest of its digital vision. The Clipper Chip - which threatens to be either the goofiest waste of federal dollars since President Gerald Ford's great Swine Flu program or, if actually deployed, a surveillance technology of profound malignancy - seemed at first an ugly legacy of the Reagan-Bush modus operandi. "This is going to be our Bay of Pigs," one Clinton White House official told me at the time Clipper was introduced, referring to the disastrous plan to invade Cuba that Kennedy inherited from Eisenhower. (Clipper, in case you're just tuning in, is an encryption chip that the National Security Agency and FBI hope will someday be in every phone and computer in America. It scrambles your communications, making them unintelligible to all but their intended recipients. All, that is, but the government, which would hold the "key" to your chip. The key would separated into two pieces, held in escrow, and joined with the appropriate "legal authority.") Of course, trusting the government with your privacy is like having a Peeping Tom install your window blinds. And, since the folks I've met in this White House seem like extremely smart, conscious freedom-lovers - hell, a lot of them are Deadheads - I was sure that after they were fully moved in, they'd face down the National Security Agency and the FBI, let Clipper die a natural death, and lower the export embargo on reliable encryption products. Furthermore, the National Institutes of Standards and Technology and the National Security Council have been studying both Clipper and export embargoes since April. Given that the volumes of expert testimony they had collected overwhelmingly opposed both, I expected the final report would give the administration all the support it needed to do the right thing. I was wrong. Instead, there would be no report. Apparently, they couldn't draft one that supported, on the evidence, what they had decided to do instead. THE OTHER SHOE DROPS On Friday, February 4, the other jackboot dropped. A series of announcements from the administration made it clear that cryptography would become their very own "Bosnia of telecommunications" (as one staffer put it). It wasn't just that the old Serbs in the National Security Agency and the FBI were still making the calls. The alarming new reality was that the invertebrates in the White House were only too happy to abide by them. Anything to avoid appearing soft on drugs or terrorism. So, rather than ditching Clipper, they declared it a Federal Data Processing Standard, backing that up with an immediate government order for 50,000 Clipper devices. They appointed the National Institutes of Standards and Technology and the Department of Treasury as the "trusted" third parties that would hold the Clipper key pairs. (Treasury, by the way, is also home to such trustworthy agencies as the Secret Service and the Bureau of Alcohol, Tobacco, and Firearms.) They reaffirmed the export embargo on robust encryption products, admitting for the first time that its purpose was to stifle competition to Clipper. And they outlined a very porous set of requirements under which the cops might get the keys to your chip. (They would not go into the procedure by which the National Security Agency could get them, though they assured us it was sufficient.) They even signaled the impending return of the dread Digital Telephony, an FBI legislative initiative requiring fundamental reengineering of the information infrastructure; providing wiretapping ability to the FBI would then become the paramount design priority. INVASION OF THE BODY SNATCHERS Actually, by the time the announcements thudded down, I wasn't surprised by them. I had spent several days the previous week in and around the White House. I felt like I was in another remake of The Invasion of the Body Snatchers. My friends in the administration had been transformed. They'd been subsumed by the vast mindfield on the other side of the security clearance membrane, where dwell the monstrous bureaucratic organisms that feed on fear. They'd been infected by the institutionally paranoid National Security Agency's Weltanschauung. They used all the telltale phrases. Mike Nelson, the White House point man on the NII, told me, "If only I could tell you what I know, you'd feel the same way I do." I told him I'd been inoculated against that argument during Vietnam. (And it does seem to me that if you're going to initiate a process that might end freedom in America, you probably need an argument that isn't classified.) Besides, how does he know what he knows? Where does he get his information? Why, the National Security Agency, of course. Which, given its strong interest in the outcome, seems hardly an unimpeachable source. However they reached it, Clinton and Gore have an astonishingly simple bottom line, to which even the future of American liberty and prosperity is secondary: They believe that it is their responsibility to eliminate, by whatever means, the possibility that some terrorist might get a nuke and use it on, say, the World Trade Center. They have been convinced that such plots are more likely to ripen to hideous fruition behind a shield of encryption. The staffers I talked to were unmoved by the argument that anyone smart enough to steal a nuclear device is probably smart enough to use PGP or some other uncompromised crypto standard. And never mind that the last people who popped a hooter in the World Trade Center were able to get it there without using any cryptography and while under FBI surveillance. We are dealing with religion here. Though only ten American lives have been lost to terrorism in the last two years, the primacy of this threat has become as much an article of faith with these guys as the Catholic conviction that human life begins at conception or the Mormon belief that the Lost Tribe of Israel crossed the Atlantic in submarines. In the spirit of openness and compromise, they invited the Electronic Frontier Foundation to submit other solutions to the "problem" of the nuclear-enabled terrorist than key escrow devices, but they would not admit into discussion the argument that such a threat might, in fact, be some kind of phantasm created by the spooks to ensure their lavish budgets into the post-Cold War era. As to the possibility that good old-fashioned investigative techniques might be more valuable in preventing their show-case catastrophe (as it was after the fact in finding the alleged perpetrators of the last attack on the World Trade Center), they just hunkered down and said that when wiretaps were necessary, they were damned well necessary. When I asked about the business that American companies lose because of their inability to export good encryption products, one staffer essentially dismissed the market, saying that total world trade in crypto goods was still less than a billion dollars. (Well, right. Thanks more to the diligent efforts of the National Security Agency than to dim sales potential.) I suggested that a more immediate and costly real-world effect of their policies would be to reduce national security by isolating American commerce, owing to a lack of international confidence in the security of our data lines. I said that Bruce Sterling's fictional data-enclaves in places like the Turks and Caicos Islands were starting to look real-world inevitable. They had a couple of answers to this, one unsatisfying and the other scary. The unsatisfying answer was that the international banking community could just go on using DES, which still seemed robust enough to them. (DES is the old federal Data Encryption Standard, thought by most cryptologists to be nearing the end of its credibility.) More frightening was their willingness to counter the data-enclave future with one in which no data channels anywhere would be secure from examination by one government or another. Pointing to unnamed other countries that were developing their own mandatory standards and restrictions regarding cryptography, they said words to the effect of, "Hey, it's not like you can't outlaw the stuff. Look at France." Of course, they have also said repeatedly - and for now I believe them - that they have absolutely no plans to outlaw non-Clipper crypto in the US. But that doesn't mean that such plans wouldn't develop in the presence of some pending "emergency." Then there is that White House briefing document, issued at the time Clipper was first announced, which asserts that no US citizen "as a matter of right, is entitled to an unbreakable commercial encryption product." Now why, if it's an ability they have no intention of contesting, do they feel compelled to declare that it's not a right? Could it be that they are preparing us for the laws they'll pass after some bearded fanatic has gotten himself a surplus nuke and used something besides Clipper to conceal his plans for it? If they are thinking about such an eventuality, we should be doing so as well. How will we respond? I believe there is a strong, though currently untested, argument that outlawing unregulated crypto would violate the First Amendment, which surely protects the manner of our speech as clearly as it protects the content. But of course the First Amendment is, like the rest of the Constitution, only as good as the government's willingness to uphold it. And they are, as I say, in the mood to protect our safety over our liberty. This is not a mind-frame against which any argument is going to be very effective. And it appeared that they had already heard and rejected every argument I could possibly offer. In fact, when I drew what I thought was an original comparison between their stand against naturally proliferating crypto and the folly of King Canute (who placed his throne on the beach and commanded the tide to leave him dry), my government opposition looked pained and said he had heard that one almost as often as jokes about roadkill on the information superhighway. I hate to go to war with them. War is always nastier among friends. Furthermore, unless they've decided to let the National Security Agency design the rest of the National Information Infrastructure as well, we need to go on working closely with them on the whole range of issues like access, competition, workplace privacy, common carriage, intellectual property, and such. Besides, the proliferation of strong crypto will probably happen eventually no matter what they do. But then again, it might not. In which case we could shortly find ourselves under a government that would have the automated ability to log the time, origin and recipient of every call we made, could track our physical whereabouts continuously, could keep better account of our financial transactions than we do, and all without a warrant. Talk about crime prevention! Worse, under some vaguely defined and surely mutable "legal authority," they also would be able to listen to our calls and read our e-mail without having to do any backyard rewiring. They wouldn't need any permission at all to monitor overseas calls. If there's going to be a fight, I'd rather it be with this government than the one we'd likely face on that hard day. Hey, I've never been a paranoid before. It's always seemed to me that most governments are too incompetent to keep a good plot strung together all the way from coffee break to quitting time. But I am now very nervous about the government of the United States of America. Because Bill 'n' Al, whatever their other new-paradigm virtues, have allowed the very old-paradigm trogs of the Guardian Class to define as their highest duty the defense of America against an enemy that exists primarily in the imagination - and is therefore capable of anything. To assure absolute safety against such an enemy, there is no limit to the liberties we will eventually be asked to sacrifice. And, with a Clipper Chip in every phone, there will certainly be no technical limit on their ability to enforce those sacrifices. WHAT YOU CAN DO GET CONGRESS TO LIFT THE CRYPTO EMBARGO The administration is trying to impose Clipper on us by manipulating market forces. By purchasing massive numbers of Clipper devices, they intend to induce an economy of scale which will make them cheap while the export embargo renders all competition either expensive or nonexistent. We have to use the market to fight back. While it's unlikely that they'll back down on Clipper deployment, the Electronic Frontier Foundation believes that with sufficient public involvement, we can get Congress to eliminate the export embargo. Rep. Maria Cantwell, D-Washington, has a bill (H.R. 3627) before the Economic Policy, Trade, and Environment Subcommittee of the House Committee on Foreign Affairs that would do exactly that. She will need a lot of help from the public. They may not care much about your privacy in DC, but they still care about your vote. Please signal your support of H.R. 3627, either by writing her directly or e-mailing her at cantwell@eff.org. Messages sent to that address will be printed out and delivered to her office. In the subject header of your message, please include the words "support HR 3627." In the body of your message, express your reasons for supporting the bill. You may also express your sentiments to Rep. Lee Hamilton, D-Indiana, the House Committee on Foreign Affairs chair, by e-mailing hamilton@eff.org. Furthermore, since there is nothing quite as powerful as a letter from a constituent, you should check the following list of subcommittee and committee members to see if your congressional representative is among them. If so, please copy them your letter to Rep. Cantwell. >Economic Policy, Trade, and Environment Subcommittee: Democrats: Sam Gejdenson (Chair), D-Connecticut; James Oberstar, D- Minnesota; Cynthia McKinney, D-Georgia; Maria Cantwell, D-Washington; Eric Fingerhut, D-Ohio; Albert R. Wynn, D-Maryland; Harry Johnston, D-Florida; Eliot Engel, D-New York; Charles Schumer, D-New York. Republicans: Toby Roth (ranking), R-Wisconsin; Donald Manzullo, R-Illinois; Doug Bereuter, R-Nebraska; Jan Meyers, R-Kansas; Cass Ballenger, R-North Carolina; Dana Rohrabacher, R-California. >House Committee on Foreign Affairs: Democrats: Lee Hamilton (Chair), D-Indiana; Tom Lantos, D-California; Robert Torricelli, D-New Jersey; Howard Berman, D-California; Gary Ackerman, D-New York; Eni Faleomavaega, D-Somoa; Matthew Martinez, D- California; Robert Borski, D-Pennsylvania; Donal Payne, D-New Jersey; Robert Andrews, D-New Jersey; Robert Menendez, D-New Jersey; Sherrod Brown, D-Ohio; Alcee Hastings, D-Florida; Peter Deutsch, D-Florida; Don Edwards, D-California; Frank McCloskey, D-Indiana; Thomas Sawyer, D-Ohio; Luis Gutierrez, D-Illinois. Republicans: Benjamin Gilman (ranking), R-New York; William Goodling, R- Pennsylvania; Jim Leach, R-Iowa; Olympia Snowe, R-Maine; Henry Hyde, R- Illinois; Christopher Smith, R-New Jersey; Dan Burton, R-Indiana; Elton Gallegly, R-California; Ileana Ros-Lehtinen, R-Florida; David Levy, R-New York; Lincoln Diaz-Balart, R-Florida; Ed Royce, R-California. BOYCOTT CLIPPER DEVICES AND THE COMPANIES WHICH MAKE THEM. Don't buy anything with a Clipper Chip in it. Don't buy any product from a company that manufactures devices with Big Brother inside. It is likely that the government will ask you to use Clipper for communications with the IRS or when doing business with federal agencies. They cannot, as yet, require you to do so. Just say no. LEARN ABOUT ENCRYPTION AND EXPLAIN THE ISSUES TO YOUR UNWIRED FRIENDS The administration is banking on the likelihood that this stuff is too technically obscure to agitate anyone but nerds like us. Prove them wrong by patiently explaining what's going on to all the people you know who have never touched a computer and glaze over at the mention of words like "cryptography." Maybe you glaze over yourself. Don't. It's not that hard. For some hands-on experience, download a copy of PGP - Pretty Good Privacy - a shareware encryption engine which uses the robust RSA encryption algorithm. And learn to use it. GET YOUR COMPANY TO THINK ABOUT EMBEDDING REAL CRYPTOGRAPHY IN ITS PRODUCTS If you work for a company that makes software, computer hardware, or any kind of communications device, work from within to get them to incorporate RSA or some other strong encryption scheme into their products. If they say that they are afraid to violate the export embargo, ask them to consider manufacturing such products overseas and importing them back into the United States. There appears to be no law against that. Yet. You might also lobby your company to join the Digital Privacy and Security Working Group, a coalition of companies and public interest groups - including IBM, Apple, Sun, Microsoft, and, interestingly, Clipper phone manufacturer AT&T - that is working to get the embargo lifted. ENLIST! Self-serving as it sounds coming from me, you can do a lot to help by becoming a member of one of these organizations. In addition to giving you access to the latest information on this subject, every additional member strengthens our credibility with Congress. >Join the Electronic Frontier Foundation by writing membership@eff.org. >Join Computer Professionals for Social Responsibility by e-mailing cpsr.info@cpsr ..org. CPSR is also organizing a protest, to which you can lend your support by sending e-mail to clipper.petition@cpsr.org with "I oppose Clipper" in the message body. Ftp/gopher/WAIS to cpsr.org /cpsr/privacy/ crypto/clipper for more info. In his LA speech, Gore called the development of the NII "a revolution." And it is a revolutionary war we are engaged in here. Clipper is a last ditch attempt by the United States, the last great power from the old Industrial Era, to establish imperial control over cyberspace. If they win, the most liberating development in the history of humankind could become, instead, the surveillance system which will monitor our grandchildren's morality. We can be better ancestors than that. San Francisco, California Wednesday, February 9, 1994 * * * John Perry Barlow (barlow@eff.org) is co-founder and Vice-Chairman of the Electronic Frontier Foundation, a group which defends liberty, both in Cyberspace and the Physical World. He has three daughters. =-=-=-=-=-=-=-=-=-=-=-=WIRED Online Copyright Notice=-=-=-=-=-=-=-=-=-=-=-= Copyright 1993,4 Wired USA Ltd. All rights reserved. This article may be redistributed provided that the article and this notice remain intact. This article may not under any circumstances be resold or redistributed for compensation of any kind without prior written permission from Wired Ventures, Ltd. If you have any questions about these terms, or would like information about licensing materials from WIRED Online, please contact us via telephone (+1 (415) 904 0660) or email (info@wired.com). WIRED and WIRED Online are trademarks of Wired Ventures, Ltd. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= --------------------------------------------------------------------------- Date: Tue, 8 Feb 1994 08:25:16 -0800 From: Phil Agre <pagre@weber.ucsd.edu> Subject: start the revolution (1000 lines) Here are several messages about the latest cryptography-and-civil-liberties action in Washington. Parental discretion advised. Folks in the US are called on to take several political actions. Please distribute widely. Date: 4 Feb 1994 18:21:05 -0600 From: mech@eff.org (Stanton McCandlish) To: alt-politics-datahighway-list@eff.org Subject: Alert--Admin. names escrow agents, no compromise on Clipper - 7 files EFF Press Release 04/04/94 * DISTRIBUTE WIDELY * At two briefings, Feb. 4, 1994, the Clinton Administration and various agencies gave statements before a Congressional committee, and later representatives of civil liberties organizations, industry spokespersons and privacy advocates. The Electronic Frontier Foundation's position, based on what we have seen and heard from the Administration today, is that the White House is set on a course that pursues Cold War national security and law enforcement interests to the detriment of individual privacy and civil liberties. The news is grim. The Administration is: * not backing down on Clipper * not backing down on key escrow * not backing down on selection of escrow agents * already adamant on escrowed key access procedures * not willing to elminate ITAR restrictions * hiding behind exaggerated threats of "drug dealers" and "terrorists" The material released to the industry and advocacy version of the briefing have been placed online at ftp.eff.org (long before their online availability from goverment access sites, one might add). See below for specific details. No information regarding the Congressional committee version of the briefing has been announced. EFF Director Jerry Berman, who attended the private sector meeting, reported the following: "The White House and other officials briefed industry on its Clipper chip and encryption review. While the review is not yet complete, they have reached several policy conclusions. First, Clipper will be proposed as a new Federal Information Processing Standard (FIPS) next Wednesday. [Feb. 9] It will be "vountary" for government agencies and the private sector to use. They are actively asking other vendors to jump in to make the market a Clipper market. Export licensing processes will be speeded up but export restrictions will not be lifted in the interests of national security. The reason was stated bluntly at the briefing : to frustrate competition with clipper by other powerful encryption schemes by making them difficult to market, and to "prevent" strong encryption from leaving the country thus supposedly making the job of law enforcement and intelligence more difficult. Again in the interest of national security. Of course, Clipper will be exportable but they would not comment on how other governments will view this. Treasury and NIST will be the escrow agents and Justice asserted that there was no necessity for legislation to implement the escrow procedures. "I asked if there would be a report to explain the rationale for choosing these results - we have no explanation of the Administration's thinking, or any brief in support of the results. They replied that there would be no report because they have been unable to write one, due to the complexity of the issue. "One Administation spokesperson said this was the Bosnia of Telecommunications. I asked, if this was so, how, in the absense of some policy explanation, could we know if our policy here will be as successful as our policy in Bosnia?" The announcements, authorization procedures for release of escrowed keys, and q-and-a documents from the private sector briefing are online at EFF. They are: "Statement of the [White House] Press Secretary" [White House] file://ftp.eff.org/pub/EFF/Policy/Crypto/wh_press_secy.statement "Statement of the Vice President" [very short - WH] file://ftp.eff.org/pub/EFF/Policy/Crypto/gore_crypto.statement "Attorney General Makes Key Escrow Encryption Announcements" [Dept. of Just.] file://ftp.eff.org/pub/EFF/Policy/Crypto/reno_key_escrow.statement "Authorization Procedures for Release pf Emcryption Key Components in Conjunction with Intercepts Pursuant to Title III/State Statutes/FISA" [3 docs. in one file - DoJ] file://ftp.eff.org/pub/EFF/Policy/Crypto/doj_escrow_intercept.rules "Working Group on Data Security" [WH] file://ftp.eff.org/pub/EFF/Policy/Crypto/interagency_workgroup.announce "Statement of Dr. Martha Harris Dep. Asst. Secy. of State for Polit.-Mil. Affairs: Encryption - Export Control Reform" [Dept. of State] file://ftp.eff.org/pub/EFF/Policy/Crypto/harris_export.statement "Questions and Answers about the Clinton Administration's Encryption Policy" [WH] file://ftp.eff.org/pub/EFF/Policy/Crypto/wh_crypto.q-a These files are available via anonymous ftp, or via WWW at: http://www.eff.org/ in the "EFF ftp site" menu off the front page. Gopher access: gopher://gopher.eff.org/ Look in "EFF Files"/"Papers and Testimony"/"Crypto" All 7 of these documents will be posted widely on the net immediately following this notice. Contacts: Digital Privacy: Jerry Berman, Exec. Director <jberman@eff.org> Daniel J. Weitzner, Sr. Staff Counsel <djw@eff.org> Archives: Stanton McCandlish, Online Activist <mech@eff.org> General EFF Information: info@eff.org -- Stanton McCandlish * mech@eff.org * Electronic Frontier Found. OnlineActivist F O R M O R E I N F O, E - M A I L T O: I N F O @ E F F . O R G O P E N P L A T F O R M O N L I N E R I G H T S V I R T U A L C U L T U R E C R Y P T O Date: 4 Feb 1994 18:55:39 -0600 From: mech@eff.org (Stanton McCandlish) To: alt-politics-datahighway-list@eff.org Subject: CRYPTO: "Q & A" about Admin.'s encryption policy ______ begin file ______ >From the White House ***************************************************************** Embargoed until 3:00 p.m. EST Feb. 4, 1994 QUESTIONS AND ANSWERS ABOUT THE CLINTON ADMINISTRATION'S ENCRYPTION POLICY Q. What were the findings of the encryption technology review? A. The review confirmed that sound encryption technology is needed to help ensure that digital information in both computer and telecommunications systems is protected against unauthorized disclosure or tampering. It also verified the importance of preserving the ability of law enforcement to understand encrypted communications when conducting authorized wiretaps. Key escrow technology meets these objectives. Specific decisions were made to enable federal agencies and the private sector to use the key escrow technology on a voluntary basis and to allow the export of key escrow encryption products. In addition, the Department of State will streamline export licensing procedures for products that can be exported under current regulations in order to help U.S. companies to sell their products abroad. To meet the critical need for ways to verify the author and sender of an electronic message -- something that is crucial to business applications for the National Information Infrastructure -- the federal government is committed to ensuring the availability of a royalty-free, public-domain Digital Signature Standard. Finally, an interagency working group has been established to continue to address these issues and to maintain a dialogue with industry and public interest groups. Q. Who has been consulted during this review? The Congress? Industry? What mechanism is there for continuing consultation? A. Following the President's directive announced on April 16, 1993, extensive discussions have been held with Congress, industry, and privacy rights groups on encryption issues. Formal public comment was solicited on the Escrowed Encryption Standard and on a wide variety of issues related to the review through the Computer System Security and Privacy Advisory Board. The White House Office of Science and Technology Policy and the National Security Council will chair the interagency working group. The group will seek input from the private sector both informally and through several existing advisory committees. It also will work closely with the Information Policy Committee of the Information Infrastructure Task Force, which is responsible for coordinating Administration telecommunications and information policy. Q. If national security and law enforcement interests require continued export controls of encryption, what specific benefits can U.S. encryption manufacturers expect? A. The reforms will simplify encryption product export licensing and speed the review of encryption product exports. Among other benefits, manufacturers should see expedited delivery of products, reduced shipping and reporting costs, and fewer individual license requests -- especially for small businesses that cannot afford international distributors. A personal exemption for business travellers using encryption products will eliminate delays and inconvenience when they want to take encryption products out of the U.S. temporarily. Q. Why is the key escrow standard being adopted? A. The key escrow mechanism will provide Americans and government agencies with encryption products that are more secure, more convenient, and less expensive than others readily available today -- while at the same time meeting the legitimate needs of law enforcement. Q. Will the standard be mandatory? A. No. The Administration has repeatedly stressed that the key escrow technology, and this standard, is for voluntary use by federal and other government agencies and by the private sector. The standard that is being issued only applies to federal agencies -- and it is voluntary. Does this approach expand the authority of government agencies to listen in on phone conversations? No Key escrow technology provides government agencies with no [sic] new authorities to access the content of the private conversations of Americans. Q. Will the devices be exportable? Will other devices that use the government hardware? A. Yes. After an initial review of the product, the State Department will permit the export of devices incorporating key escrow technology to most end users. One of the attractions of this technology is the protection it can give to U.S. companies operating at home and abroad. Q. Suppose a law enforcement agency is conducting a wiretap on a drug smuggling ring and intercepts a conversation encrypted using the device. What would they have to do to decipher the message? A. They would have to obtain legal authorization, normally a court order, to do the wiretap in the first place. They would then present documentation, including a certification of this authorization, to the two entities responsible for safeguarding the keys. (The key is split into component parts, which are stored separately in order to ensure the security of the key escrow system.) They then obtain the components for the keys for the device being used by the drug smugglers. The components are then combined and the message can be read. Q. Who will hold the escrowed keys? A. The Attorney General has selected two U.S. agencies to hold the escrowed key components: the Treasury Department's Automated Systems Division and the Commerce Department's National Institute of Standards and Technology. Q. How strong is the security in the device? How can I be sure how strong the security is? A. This system is more secure than many other voice encryption system readily available today. While the algorithm upon which the Escrowed Encryption Standard is based will remain classified to protect the security of the system, an independent panel of cryptography experts found that the algorithm provides significant protection. In fact, the panel concluded that it will be 36 years until the cost of breaking the algorithm will be equal to the cost of breaking the current Data Encryption Standard now being used. Q. Is there a "trap door" that would allow unauthorized access to the keys? A. No. There is no trapdoor. Q. Whose decision was it to propose this product? A. The National Security Council, the Justice Department, the Commerce Department, and other key agencies were involved in this decision. The approach has been endorsed by the President, the Vice President, and appropriate Cabinet officials. ______ end file ________ Date: 4 Feb 1994 18:58:24 -0600 From: mech@eff.org (Stanton McCandlish) To: alt-politics-datahighway-list@eff.org Subject: CRYPTO: W. House Press Sec'y statements on Admin's crypto policy / ____ begin file ____ THE WHITE HOUSE CONTACT: 202 156-7035 OFFlCE OF THE PRESS SECRETARY EMBARGOED UNTIL 3 PM (EST) FRIDAY, February 4, 1994 STATEMENT OF THE PRESS SECRETARY Last April, the Administration announced a comprehensive interagency review of encryption technology, to be overseen by the National Security Council. Today, the Administration is taking a number of steps to implement the recommendations resulting from that review. Advanced encryption technology offers individuals and businesses an inexpensive and easy way to encode data and telephone conversations. Unfortunately, the same encryption technology that can help Americans protect business secrets and personal privacy can also be used by terrorists, drug dealers, and other criminals. In the past, Federal policies on encryption have reflected primarily the needs of law enforcement and national security. The Clinton Administration has sought to balance these needs with the needs of businesses and individuals for security and privacy. That is why, today the National Institute of Standards ant Technology (NIST) is committing to ensure a royalty-free, public-domain Digital Signature Standard. Over many years, NIST has been developing digital signature technology that would provide a way to verify the author and sender of an electronic message. Such technology will be critical for a wide range of business applications for the National Information Infrastructure. A digital signature standard will enable individuals to transact business electronically rather than having to exchange signed paper contracts. The Administration has determined that such technology should not be subject to private royalty payments, and it will be taking steps to ensure that royalties are not required for use of a digital signature. Had digital signatures been in widespread use, the recent security problems with the Intemet would have been avoided. Last April, the Administration released the Key Escrow chip (also known as the "Clipper Chip") that would provide Americans with secure telecommunications without compromising the ability of law enforcement agencies to carry out legally authorized wiretaps. Today, the Department of Commerce and the Department of Justice are taking steps to enable the use of such technology both in the U.S. and overseas. At the same time, the Administration is announcing its intent to work with industry to develop other key escrow products that might better meet the needs of individuals and industry, particularly the American computer and telecommunications industry. Specific steps being announced today include: - Approval by the Commerce Secretary of the Escrowed Encryption Standard (EES) as a voluntary Federal Informahon Processing Standard, which will enable govemment gencies to purchase the Key Escrow chip for use with telephones nd modems. The department's National Institute of Standards and Technology (NIST) will publish the standard. - Publication by the Department of Justice of procedurs for the release of escrowed keys and the announcement of NIST and the Automated Services Division of the Treasury Department as the escrow agents that will store the keys needed for decryption of communications using the Key Escrow chip. Nothing in these procedures will diminish tne existing legal and procedural requirements that protect Americans from unauthorized wiretaps. - New procedures to allow export of products containing the Key Escrow chip to most countries. In addition, the Department of State will streamline export licensing procedures for encryption products that can be exported under current export regulations in order to help American companies sell their products overseas. In the past, it could take weeks for a company to obtain an export license for encryption products, and each shipment might require a separate license. The new procedures announced today will substantially reduce administrative delays and paperwork for encryption exports. To implement the Administration's encryption policy, an interagency Working Group on Encryption and Telecommunications has been established. It will be chaired by the White House Office of Science and Technology Policy and the National Security Council and will include representatives of the Departments of Commerce, Justice, State, and Treasury as well as the FBI, the National Security Agency, the Office of Management and Budget, and the National Economic Council. This group will work with industry and public-interest groups to develop new encryption technologies and to review and refine Administration policies regarding encryption, as needed. The Administration is expanding its efforts to work with industry to improve on the Key Escrow chip, to develop key-escrow software, and to examine alternatives to the Key Escrow chip. NIST will lead these efforts and will request additional staff and resources for this purpose. We understand that many in industry would like to see all encryption products exportable. However, if encryption technology is made freely available worldwide, it would no doubt be usod extensively by terrorists, drug dealers, and other criminals to harm Americans both in the U.S. and abroad. For this reason, the Administration will continue to restrict export of the most sophisticated encryption devices, both to preserve our own foreign intelligence gathering capability and because of the concerns of our allies who fear that strong encryption technology would inhibit their law enforcement capabilities. At the same time, the Administration understands the benefits that encryption and related technologies can provide to users of computers and telecommunications networks. Indeed, many of the applications of the evolving National Information Infrastructure will require some form of encryption. That is why the Administration plans to work more closely with the private sector to develop new forms of encryption that can protect privacy and corporate secrets without undermining the ability of law-enforcement agencies to conduct legally authorized wiretaps. That is also why the Administration is committed to make available free of charge a Digital Signature Standard. The Administration believes that the steps being announced today will help provide Americans with the telecommunications security they need without compromising the capability of law enforcement agencies and national intelligence agencies. Today, any American can purchase and use any type of encryption product. The Administration does not intend to change that policy. Nor do we have any intention of restrictiog domestic encryption or mandating the use of a particular technology. ____ end file ______ Date: Sat, 5 Feb 1994 00:58:22 -0800 From: "Brock N. Meeks" <brock@well.sf.ca.us> To: com-priv@psi.com Subject: R.I.P -- Privacy '94 Copyright (c) 1994 CyberWire Brock N. Meeks Jacking in from a Non-Government Approved Encryption Port: Washington, DC -- The Clinton Administration today gang raped your privacy. The White House Friday announced its endorsement of a sweeping new security and privacy initiative. Privacy, as we know it, will never be the same. All the rules have changed. Forever. The catch is that the government gets to write all the rules; you get no vote. None. Worse, you can't even read the fucking rule book because it's classified. The initiative involves the creation of "new products to accelerate the development and use of advanced and secure telecommunications networks and wireless telecommunications links," the White House said. In English: Law enforcement and intelligence agencies now have an easy way to fuck with any and all forms of spoken or electronically transmitted communications. The policy is voluntary, of course. You don't have to sign on to it. You don't have to use government approved encryption devices. But if you plan to do any business with the government, you'll have to use them. And if the government gets its way, well, you'll end using them whether you want to or not. You'll have no choice (are you sensing a trend here?). All telephones, computers, fax machines, modems, etc. will come "wiretap ready." It will be the de facto standard. If you don't use the government standard, you'll be branding yourself a CryptoRebel. Big fucking deal? Maybe, maybe not. But think for a second. Perhaps some agency will be able to check your "crypto-approval rating." Perhaps those favorable bank loans, mortgage rates or low insurance premiums will only go to those with high crypto-approval ratings. But the White House is adamant about making sure you understand this whole damn thing is voluntary. And don't let anything sway you from believing that, not even the White House backgrounder materials that say no U.S. citizen "as a matter of right, is entitled to an unbreakable commercial encryption product." Just use the "balanced" approach of the government system, where in this case the "breakability" of the encryption belongs only with them. Everything will work out fine. Just listen: "Encryption is a law and order issue since it can be use by criminals to thwart wiretaps and avoid detection and prosecution," said Vice President Gore. "Our policy is designed to provide better encryption to individuals and businesses while ensuring that the needs of law enforcement and national security are met." The Administration won't tell you exactly why they expect you simply hand over all your privacy safeguards to them. "Listen, if you knew what we knew about criminal activity, this issue wouldn't even be debated," said Mike Nelson with the Office of Science and Technology Policy and co-chair of the Working Group on Data Security, a newly created interagency task force. Chicken or the Egg? ================== The new policy was hatched in the super-secret recesses of the National Security Agency (NSA). And while Clinton was still trying to find the instruction manual for his White House telephone system, the NSA, FBI and other assorted agencies shoved their ideas onto the National Security Council table. Before the Administration could blink, it found itself in the unenviable position of having backed a severely flawed security policy that has compromised the privacy of every U.S. citizen and drawn the ire of every civil liberties in the country. But the White House quickly put the breaks on, calling for a full scale, government wide "review" of its security and privacy policies. It gave privacy advocacy groups some breathing room. Surely the Administration, once it had a chance to actually study this damn thing, would see it through it. But the White House punted. The review was a smoke screen. Instead, it provided momentum inside the Administration. It was from this review, ordered last April, that this new initiative springs. And when all was said and done, the White House screwed the pooch. Clipper Sails On ================ The one trick pony here is the Clipper Chip, a device that can be installed in virtually any communications device. The chip scrambles all conversations. No one can crack the code, expect the government, of course. The Feds hold all the keys. Rather, they hold the only keys that count. Each Clipper chip is made with 3 unique keys. All three are needed to descramble the encrypted messages streaming through them. But only the government's keys matter. The key you get with your Clipper Chip is essentially the chip's social security number. You'll never actually see this key, have any idea what its number is or get your hands on it. If you try to sneak a peak at it, the damn thing self destructs. Honest. The other two keys will be held in electronic vaults; fraternal twins, separated by mandate. Each of these keys will be held by government agencies, called "escrow agents." One will be held by the National Institute for Standards and Technology, the other by the Automated Systems Division of the Dept. of Treasury. When a law enforcement agency, which could be your local sheriff's department, wants to wiretap a conversation that's been encrypted by Clipper they apply to each of the escrow agents. The agents send their respective key, electronically, to a "black box" operated by the law enforcement agency. As encrypted conversations stream into the box, they come out the back side in nice, neat sounding vowels and consonants, or in the case of electronic mail, in plain ol' ASCII. Yes, all law enforcement agencies need a court approved wiretap before they can pull this whole scheme off. This, the Administration says, is where you're privacy is protected. "We're not going to use Clipper to listen in on the American public," said Raymond Kammer of NIST deputy director. It will only be used to catch criminals. Honest. We Don't Need No Stinkin' Warrant ================================= Maybe now would be a good time to mention the National Security Agency. You know these guys. Super-secret, spook agency. Their mission? To monitor and intercept foreign communications. Did you catch that word FOREIGN? I hope so, it's crucial. The NSA is only allowed to intercept foreign communications -- spying on U.S. citizens is a crime. They can't even pry into a U.S. citizen's business a court ordered wiretap. A judge would never allow it. Yet it was the NSA that cooked up this whole Clipper Chip scheme. Why you ask? Good question. But the Administration refuses to discuss the issue. Here's another they can't answer. Suppose the NSA intercepts a message from Iraq and finds it's Clipper encrypted (that damn little black box is specially made to sniff out the Clipper's algorithm and descramble it's social security number). What does the NSA do with this encrypted Iraqi message? How does it decrypt the message? There's a classic Catch-22 running here. Agencies need the Clipper keys from the escrow agents to read the message or listen in on the conversation. But to get the keys you need proof that you have a warrant. The NSA is *never* issued a warrant. You see, the NSA doesn't need a warrant to spy on FOREIGN communications. So, this begs the $64,000 question is: How does the NSA get the escrow agents to give them the keys to decrypt the message if they can't show a warrant? Answer: They don't have to show a warrant; they don't have to cause; they don't have to show spit. What's wrong with this picture? "We have appropriate procedures and safeguards built into the system for the NSA," Nelson said. "I can't tell you what those are, of course, that would divulging too much about the NSA's operation." Fox Guarding the Chickens ========================= There will be absolutely no abuse of the system. This is what the Administration would like you to believe. They also would like you to believe that President's don't approve Watergate break-ins, that arms are never traded for hostages, that the FBI never secretly records civil rights leaders in the heat of infidelity and that FBI directors have never shown a proclivity for red sequined dresses and shiny high-heeled cruel shoes. Representatives from four government organizations stood before the press and outlined all the careful thinking and rigorous safeguards that have gone into this system. There are at least 9 different steps that must be followed to get these Clipper keys transferred from the escrow agents to the agency authorized to do the wiretap. Fair enough, isn't it? Well, it would be except for the fact that the Justice Department intentionally wrote a giant fucking loop- hole into the law. Buried in the Justice Department briefing papers, outlining the authorization procedures for release of the escrow keys, is this gem: "These procedures do not create, and are not intended to create, any substantive rights for individuals intercepted through electronic surveillance, and noncompliance with these procedures shall not provide the basis for any motion to suppress or other objection to the introduction of electronic surveillance evidence lawfully acquired." So, if somebody screws up, like for instance, asks for the keys to be sent before they actually have a wiretap in hand, or has no wiretap authority at all! there is no recourse provision. Criminals As Dumb Shits ======================= But what about that wily criminal element? Once they get wind of this, won't they seek out another type of encryption? The FBI doesn't think so. In fact, the FBI thinks criminals are such dumb shits that they'll forget all about the fact that Clipper even exists. "I predict that few criminals will remember years from now what they've read in the Wall Street Journal" about how these devices were installed in telephones, said FBI's James Kallestrom. (Of course, if criminals are so stupid, why are they perusing the Wall St. Journal... maybe he really meant the New York Times...) So let's get this right. The FBI is sure that criminals will "just forget" that Clipper is installed in their phones and use them anyway. These are the criminals that also would be forgetting that their multi-million dollar drug deals, not to mention their own sweet ass, could be in jeopardy every time they make a call. Yes, the government really thinks so. It's more likely that some bright, enterprising criminal mind will create a worldwide black market that deals in "non-Clipper Installed" encryption devices. Damn, talk about an industry with some growth potential. Getting To the Data Stream ========================== The whole damn program goes into the crapper, however, if the government can't get access to source, to the digital data stream, as it comes out of the telephone switch. In order to do this you have to tap the digital conversation. That's right, you guessed it: Digital Wiretap Access. The FBI failed on its own last year to generate any support in Congress for this digital wiretap proposal. Hell, the FBI couldn't even get a single member of Congress to introduce the thing. So the FBI broke the chain of command: They got the President and Vice President to sign off on the idea. The Administration will soon announce its decision on how it will give the FBI the right to easily wiretap even your unencrypted conversations. "Within a few months at most we should have something decided," said Barry Smith of the FBI's Congressional Affairs office. The FBI's Kallestrom said it was "all but a done deal." This isn't a question of whether or not the Administration will line up behind the FBI on this. It already has. It's only a matter of paperwork, and the nagging little issue of how to pay for making the telephone companies comply with the new rules. But these are small details, compared to the heat the Administration already knows it'll take when they finally unwrap this puppy. Private No More =============== OSTP's Nelson quipped that these security and privacy issues are the Cyberspace version of the Administration's muddied Bosnia policy. Like Bosnia, the White House expects the American public to "trust us" on this issue. After all, the Administration says, they know a hell of a lot more than we do about what kind criminal activity is really going down. Trusting these law enforcement and intelligence agencies is one thing; tempting them by putting all-powerful tools right into their hip pockets is something that should generate a hue and cry loud enough for all of Washington to hear. So, if you're really pissed off, just pick up the phone can call your neighbor. Somebody in Washington is bound to hear it. Meeks out.... Date: Mon, 7 Feb 1994 10:41:44 -0800 From: "Brock N. Meeks" <brock@well.sf.ca.us> Subject: Congress Wades In Jacking in from the Congressional Port: Washington, DC -- White House's slippery plan to salt information highway with its home-grown encryption technology has irked at least two members of Congress, prompting a call for congressional hearings. Senator Patrick Leahy (D-Vt.), chairman of the Technology and Law Subcommittee said he would likely hold hearings "on the serious issues raised" by Administration's announcement that it would urge private sector to voluntarily adopt its Clipper Chip technology. "Basically, what this means is that the United States Government will hold the two keys to unlock any private communication coded with this program," Leahy said. Citizens and potential foreign customers aren't likely to see Clipper "as the solution to privacy and security concerns," he said. White House plan was called "disappointing," by Rep. Don Edwards (D-Cal.). "I was hoping for a more realistic policy from the Administration," said Edwards, a former FBI agent. "Competitors all over the world can sell the strongest encryption technology, but U.S. companies cannot," he said. Leahy waded in on Administration and law enforcement claims that Clipper would help thwart terrorist and criminal activity, saying it was "obvious" these groups would shun Clipper enabled devices. "Why would any sophisticated criminal or terrorist decide to use Clipper Chip to keep their communications secret when this is the one encryption method to which the government holds the keys?" he asked. Despite Leahy's misgivings, the Administration and law enforcement agencies continue to bank on the success of Clipper because most criminals are "just dumb," the FBI has stated repeatedly. The Administration's decision to keep the handcuffs on export controls of privately developed encryption schemes also worried the congressmen. Leahy called it "a misstep... Why would any foreign government want to buy American software or telecommunications equipment containing Clipper Chip when the U.S. government has the keys to eavesdrop on any private communications?" Edwards said the new policy "won't stop terrorists and drug traffickers from acquiring encryption technology," adding he hoped President Clinton would "look at this policy again." The government shouldn't be in the business of mandating particular technologies, Leahy said. "Whatever confidence I might have that the U.S. government will limit its use of the decoding keys to specific and justifiable law enforcement objectives, I doubt my confidence will be universally shared," he said. Meeks out... Well, almost... Leahy's office said he *wants* to hear from the public on the matter of holding hearings. Any and all comments on the viability of the program, any concerns the public has, should be sent to Leahy immediately, a staffer said. Leahy can be reached at: Committee on the Judiciary, Washington, DC 20510; his phone number is 202-224-3406. Date: Mon, 7 Feb 1994 22:28:08 EST From: Dave Banisar <banisar@washofc.cpsr.org> To: CPSR Civil Liberties Group <cpsr-civilliberties@Pa.dec.com> Subject: Campaign Against Clipper Campaign Against Clipper CPSR ANNOUNCES CAMPAIGN TO OPPOSE CLIPPER PROPOSAL Embargoed until 2 pm, Monday, February 7, 1994 contact: rotenberg@washofc.cpsr.org (202 544 9240) Washington, DC -- Following the White House decision on Friday to endorse a secret surveillance standard for the information highway, Computer Professionals for Social Responsibility (CPSR) today announced a national campaign to oppose the government plan. The Clipper proposal, developed in secret by the National Security Agency, is a technical standard that will make it easier for government agents to wiretap the emerging data highway. Industry groups, professional associations and civil liberties organizations have expressed almost unanimous opposition to the plan since it was first proposed in April 1993. According to Marc Rotenberg, CPSR Washington director, the Administration made a major blunder with Clipper. "The public does not like Clipper and will not accept it. This proposal is fatally flawed." CPSR cited several problems with the Clipper plan: o The technical standard is subject to misuse and compromise. It would provide government agents with copies of the keys that protect electronic communications. "It is a nightmare for computer security," said CPSR Policy Analyst Dave Banisar. o The underlying technology was developed in secret by the NSA, an intelligence agency responsible for electronic eavesdropping, not privacy protection. Congressional investigations in the 1970s disclosed widespread NSA abuses, including the illegal interception of millions of cables sent by American citizens. o Computer security experts question the integrity of the technology. Clipper was developed in secret and its specifications are classified. CPSR has sued the government seeking public disclosure of the Clipper scheme. o NSA overstepped its legal authority in developing the standard. A 1987 law explicitly limits the intelligence agency's power to set standards for the nation's communications network. o There is no evidence to support law enforcement's claims that new technologies are hampering criminal investigations. CPSR recently forced the release of FBI documents that show no such problems. o The Administration ignored the overwhelming opposition of the general public. When the Commerce Department solicited public comments on the proposal last fall, hundreds of people opposed the plan while only a few expressed support. CPSR today announced four goals for its campaign to oppose the Clipper initiative: o First, to educate the public about the implications of the Clipper proposal. o Second, to encourage people to express their views on the Clipper proposal, particularly through the computer network. Toward that goal, CPSR has already begun an electronic petition on the Internet computer network urging the President to withdraw the Clipper proposal. In less than one week, the CPSR campaign has drawn thousands of electronic mail messages expressing concern about Clipper. To sign on, email clipper.petition@cpsr.org with the message "I oppose clipper" in the body of the text. o Third, to pursue litigation to force the public disclosure of documents concerning the Clipper proposal and to test the legality of the Department of Commerce's decision to endorse the plan. o Fourth, to examine alternative approaches to Clipper. Mr. Rotenberg said "We want the public to understand the full implications of this plan. Today it is only a few experts and industry groups that understand the proposal. But the consequences of Clipper will touch everyone. It will affect medical payments, cable television service, and everything in between. CPSR is a membership-based public interest organization. For more information about CPSR, send email to cpsr@cpsr.org or call 415 322 3778. For more information about Clipper, check the CPSR Internet library CPSR.ORG. FTP/WAIS/Gopher and listserv access are available. Date: Mon, 7 Feb 1994 18:10:03 -0500 (EST) From: Stanton McCandlish <mech@eff.org> Subject: EFF Wants You (to add your voice to the crypto fight!) The Electronic Frontier Foundation needs your help to ensure privacy rights! * DISTRIBUTE WIDELY * Monday, February 7th, 1994 From: Jerry Berman, Executive Director of EFF jberman@eff.org Dear Friends of the Electronic Frontier, I'm writing a personal letter to you because the time has now come for action. On Friday, February 4, 1994, the Administration announced that it plans to proceed on every front to make the Clipper Chip encryption scheme a national standard, and to discourage the development and sale of alternative powerful encryption technologies. If the government succeeds in this effort, the resulting blow to individual freedom and privacy could be immeasurable. As you know, over the last three years, we at EFF have worked to ensure freedom and privacy on the Net. Now I'm writing to let you know about something *you* can do to support freedom and privacy. *Please take a moment to send e-mail to U.S. Rep. Maria Cantwell (cantwell@eff.org) to show your support of H.R. 3627, her bill to liberalize export controls on encryption software.* I believe this bill is critical to empowering ordinary citizens to use strong encryption, as well as to ensuring that the U.S. software industry remains competitive in world markets. Here are some facts about the bill: Rep. Cantwell introduced H.R. 3627 in the House of Representatives on November 22, 1993. H.R. 3627 would amend the Export Control Act to move authority over the export of nonmilitary software with encryption capabilities from the Secretary of State (where the intelligence community traditionally has stalled such exports) to the Secretary of Commerce. The bill would also invalidate the current license requirements for nonmilitary software containing encryption capablities, unless there is substantial evidence that the software will be diverted, modified or re-exported to a military or terroristic end-use. If this bill is passed, it will greatly increase the availability of secure software for ordinary citizens. Currently, software developers do not include strong encryption capabilities in their products, because the State Department refuses to license for export any encryption technology that the NSA can't decipher. Developing two products, one with less secure exportable encryption, would lead to costly duplication of effort, so even software developed for sale in this country doesn't offer maximum security. There is also a legitimate concern that software companies will simply set up branches outside of this country to avoid the export restrictions, costing American jobs. The lack of widespread commercial encryption products means that it will be very easy for the federal government to set its own standard--the Clipper Chip standard. As you may know, the government's Clipper Chip initiative is designed to set an encryption standard where the government holds the keys to our private conversations. Together with the Digital Telephony bill, which is aimed at making our telephone and computer networks "wiretap-friendly," the Clipper Chip marks a dramatic new effort on the part of the government to prevent us from being able to engage in truly private conversations. We've been fighting Clipper Chip and Digital Telephony in the policy arena and will continue to do so. But there's another way to fight those initiatives, and that's to make sure that powerful alternative encryption technologies are in the hands of any citizen who wants to use them. The government hopes that, by pushing the Clipper Chip in every way short of explicitly banning alternative technologies, it can limit your choices for secure communications. Here's what you can do: I urge you to write to Rep. Cantwell today at cantwell@eff.org. In the Subject header of your message, type "I support HR 3627." In the body of your message, express your reasons for supporting the bill. EFF will deliver printouts of all letters to Rep. Cantwell. With a strong showing of support from the Net community, Rep. Cantwell can tell her colleagues on Capitol Hill that encryption is not only an industry concern, but also a grassroots issue. *Again: remember to put "I support HR 3627" in your Subject header.* This is the first step in a larger campaign to counter the efforts of those who would restrict our ability to speak freely and with privacy. Please stay tuned--we'll continue to inform you of things you can do to promote the removal of restrictions on encryption. In the meantime, you can make your voice heard--it's as easy as e-mail. Write to cantwell@eff.org today. Sincerely, Jerry Berman Executive Director, EFF jberman@eff.org P.S. If you want additional information about the Cantwell bill, send e-mail to cantwell-info@eff.org. To join EFF, write membership@eff.org. For introductory info about EFF, send any message to info@eff.org. The text of the Cantwell bill can be found on the Internet with the any of the following URLs (Universal Resource Locaters): ftp://ftp.eff.org/pub/Policy/Legislation/cantwell.bill http://www.eff.org/ftp/EFF/Policy/Legislation/cantwell.bill gopher://gopher.eff.org/00/EFF/legislation/cantwell.bill It will be available on AOL (keyword EFF) and CIS (go EFFSIG) soon. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help@anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin@anon.penet.fi. ---------------------------------------------------------------------------