home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker Chronicles 1
/
HACKER1.ISO
/
cud3
/
cud327f.txt
< prev
next >
Wrap
Text File
|
1992-09-20
|
9KB
|
184 lines
Date: Wed, 17 Jul 1991 14:47:33 EDT
From: Dave Banisar <Dave_Banisar@WASHOFC.CPSR.ORG>
Subject: File 6--Crypto-conference statement
CRYPTO-CONFERANCE STATEMENT
On July 10, 1991, the Computer Professionals for Social
Responsibility, the Electronic Frontier Foundation, and RSA Data
Security Inc. sponsored a conference on cryptography and privacy. The
conference was organized in response to S-266, a Senate bill which
mostly dealt with terrorism but had a provision which required
telecommunications equipment manufacturers and service providers to
provide a way for legally authorized law enforcement agencies to get
"plaintext" transcriptions of messages sent by indviduals. The
conference was attended by industry, congressional and agency staff,
privacy advocates and experts in cryptography and computer security.
The purpose of the conference was to inform the Congress and
administration about the privacy concerns regarding of government
control of cryptographic research, export controls of encryption
systems and S-266. Conference materials are available for a nominal
fee from CPSR. Contact Marc Rotenberg at mrotenberg@washofc.cpsr.org
or (202) 544-9240 for more information.
STATEMENT IN SUPPORT OF COMMUNICATIONS PRIVACY
Washington, DC
June 10, 1991
As representatives of leading computer and telecommunications
companies, as members of national privacy and civil liberties
organizations, as academics and researchers across the country, as
computer users, as corporate users of computer networks, and as
individuals interested in the protection of privacy and the promotion
of liberty, we have joined together for the purpose of recommending
that the United States government undertake a new approach to support
communications privacy and to promote the availability of
privacy-enhancing technologies. We believe that our effort will
strengthen economic competitiveness, encourage technological
innovation, and ensure that communications privacy will be carried
forward into the next decade.
In the past several months we have become aware that the federal
government has failed to take advantage of opportunities to promote
communications privacy. In some areas, it has considered proposals
that would actually be a step backward. The area of cryptography is a
prime example.
Cryptography is the process of translating a communication into a
code so that it can be understood only by the person who prepares the
message and the person who is intended to receive the message. In the
communications world, it is the technological equivalent of the seal
on an envelope. In the security world, it is like a lock on a door.
Cryptography also helps to ensure the authenticity of messages and
promotes new forms of business in electronic environments.
Cryptography makes possible the secure exchange of information through
complex computer networks, and helps to prevent fraud and industrial
espionage.
For many years, the United States has sought to restrict the use of
encryption technology, expressing concern that such restrictions were
necessary for national security purposes. For the most part, computer
systems were used by large organizations and military contractors.
Computer policy was largely determined by the Department of Defense.
Companies that tried to develop new encryption products confronted
export control licensing, funding restrictions, and classification
review. Little attention was paid to the importance of communications
privacy for the general public.
It is clear that our national needs are changing. Computers are
ubiquitous. We also rely on communication networks to exchange
messages daily. The national telephone system is in fact a large
computer network.
We have opportunities to reconsider and redirect our current policy
on cryptography. Regrettably, our government has failed to move thus
far in a direction that would make the benefits of cryptography
available to a wider public.
In late May, representatives of the State Department met in Europe
with the leaders of the Committee for Multilateral Export Controls
("COCOM"). At the urging of the National Security Agency, our
delegates blocked efforts to relax restrictions on cryptography and
telecommunications technology, despite dramatic changes in Eastern
Europe. Instead of focusing on specific national security needs, our
delegates continued a blanket opposition to secure network
communication technologies.
While the State Department opposed efforts to promote technology
overseas, the Department of Justice sought to restrict its use in the
United States. A proposal was put forward by the Justice Department
that would require telecommunications providers and manufacturers to
redesign their services and products with weakened security. In
effect, the proposal would have made communications networks less well
protected so that the government could obtain access to all telephone
communications. A Senate Committee Task Force Report on Privacy and
Technology established by Senator Patrick Leahy noted that this
proposal could undermine communications privacy.
The public opposition to S. 266 was far-reaching. Many individuals
wrote to Senator Biden and expressed their concern that cryptographic
equipment and standards should not be designed to include a "trapdoor"
to facilitate government eavesdropping. Designing in such trapdoors,
they noted, is no more appropriate than giving the government the
combination to every safe and a master key to every lock.
We are pleased that the provision in S. 266 regarding government
surveillance was withdrawn. We look forward to Senator Leahy's
hearing on cryptography and communications privacy later this year.
At the same time, we are aware that proposals like S. 266 may reemerge
and that we will need to continue to oppose such efforts. We also
hope that the export control issue will be revisited and the State
Department will take advantage of the recent changes in East-West
relations and relax the restrictions on cryptography and network
communications technology.
We believe that the government should promote communications
privacy. We therefore recommend that the following steps be taken.
First, proposals regarding cryptography should be moved beyond the
domain of the intelligence and national security community. Today, we
are increasingly dependent on computer communications. Policies
regarding the appropriate use of cryptography should be subject to
public review and public debate.
Second, any policy proposal regarding government eavesdropping
should be critically reviewed. Asking manufacturers and service
providers to make their services less secure will ultimately undermine
efforts to strengthen communications privacy. While these proposals
may be based on sound concerns, there are less invasive ways to pursue
legitimate government goals.
Third, government agencies with appropriate expertise should work
free of NSA influence to promote the availability of cryptography so
as to ensure communications privacy for the general public. The
National Academy of Science has recently completed two important
studies on export controls and computer security. The Academy should
now undertake a study specifically on the use of cryptography and
communications privacy, and should also evaluate current obstacles to
the widespread adoption of cryptographic protection.
Fourth, the export control restrictions for computer network
technology and cryptography should be relaxed. The cost of export
control restrictions are enormous. Moreover, foreign companies are
often able to obtain these products from other sources. And one result
of export restrictions is that US manufacturers are less likely to
develop privacy-protecting products for the domestic market.
As our country becomes increasingly dependent on computer
communications for all forms of business and personal communication,
the need to ensure the privacy and security of these messages that
travel along the networks grows.
Cryptography is the most important technological safeguard for
ensuring privacy and security. We believe that the general public
should be able to use this technology free of government restrictions.
There is a great opportunity today for the United States to play a
leadership role in promoting communications privacy. We hope to begin
this process by this call for a reevaluation of our national interest
in cryptography and privacy.
Mitchell Kapor, Electronic Frontier Foundation
Marc Rotenberg, CPSR
John Gilmore, EFF
D. James Bidzos, RSA
Phil Karn, BellCore
Ron Rivest, MIT
Jerry Berman, ACLU
Whitfield Diffie, Northern Telecom
David Peyton, ADAPSO
Ronald Plesser, Information Industry Association
Dorothy Denning, Georgetown University
David Kahn, author *The Codebreakers*
Ray Ozzie, IRIS Associates
Evan D. Hendricks, US Privacy Council
Priscella M. Regan, George Mason University
Lance J. Hoffman, George Washington University
David Bellin, Pratt University
Eugene Spafford, Purdue University
Steve Booth, Hewlett-Packard
Steve Kent
Dave Farber, University of Pennsylvania
------------------------------