WorldLII [Home] [Databases] [WorldLII] [Search] [Feedback]

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1994 >> [1994] EPICAlert 4

[Database Search] [Name Search] [Recent Alerts] [Noteup] [Help]

EPIC Alert 1.04 [1994] EPICAlert 4 (21 July 1994)


EPIC ALERT




Volume 1.04 (special edition) July 21, 1994

Published by the Electronic Privacy Information Center (EPIC)
Washington, DC (Alertepic.org)



Table of Contents


SPECIAL EDITION -- "SON OF CLIPPER"


[1] Administration "Reversal" on Clipper
[2] EPIC Statement
[3] Letter from Gore to Cantwell
[4] What You Can Do (Email the VP)

[5] Upcoming Conferences and Events



[1] Administration "Reversal" on Clipper


A letter from Vice President Al Gore to Representative MariaCantwell (D-WA) sent this week during Congressional debate on theExport Administration Act has raised important questions about thecurrent state of the Clipper proposal. Some have hailed the statementas a major reversal. Others say the letter seals a bad deal.

Below we have included the letter from the Vice President, astatement from EPIC, and recommendations for further action.



[2] EPIC Statement on Gore Letter to Cantwell


News reports that the Clinton Administration has reverseditself on encryption policy are not supported by the letter from VicePresident Gore to Maria Cantwell regarding export control policy. Infact, the letter reiterates the White House's commitment to the NSA'skey escrow proposal and calls on the private sector to developproducts that will facilitate electronic surveillance.

The letter from the Vice President calls on the government andthe industry to develop jointly systems for key escrow cryptography.
Key escrow is the central feature of the Clipper chip and the NSA'srecommended method for electronic surveillance of digitalcommunications.

The letter also reaffirms the Administration's support forClipper Chip as the federal standard for voice networks. There is noindication that the White House will withdraw this proposal.
Statements that Clipper is "dead" are absurd.

The letter offers no changes in export control policy. Itrecommends instead that the status quo be maintained and that morestudies be conducted. (The White House already completed such astudy earlier this year. The results were never disclosed to thepublic, despite EPIC's request for release of the findings under theFreedom of Information Act.)

This is a significant setback for groups expecting that exportcontrol laws would be revised this year.

The White House expresses a willingness to allow unclassifiedalgorithms and to hold key escrow agents liable for misuse. These arethe only provisions of the Gore letter favorable to the usercommunity. But neither provision would even be necessary if the WhiteHouse did not attempt to regulate cryptography in the first place.

The Administration's willingness to accept private sectoralternatives to Clipper for data networks essentially ratifies anagreement to develop "wiretap ready" technologies for data networks.

We believe the letter from the Vice President is essentiallya blueprint for electronic surveillance of digital networks. Thegovernment will set out the requirements for surveillance systems suchas key escrow, and the industry will build complying systems.

The plan dovetails neatly with the FBI's Digital Telephonyproposal, which will establish legal penalties for companies and usersthat design systems that cannot be wiretapped.

We do not believe this is in the interests of users of theinformation highway. Key escrow necessarily weakens the security andprivacy of electronic communications. It makes networks vulnerable totampering and confidential messages subject to compromise. It is theapproach urged by organizations that specialize in electroniceavesdropping. No group of Internet users has ever called for keyescrow encryption.

If this proposal goes forward, electronic surveillance willalmost certainly increase, network security will be weakened, andpeople who design strong cryptography without key escrow could becomecriminals. This is not a victory for freedom or privacy.

We support unclassified standards and relaxation of exportcontrols. We cannot support the premise that the government andindustry should design key escrow systems. We also do not believethat Clipper is an appropriate standard for federal voicecommunications.

We are asking the Vice President to reconsider his positionand urging network users to make known their concerns about theproposal.

Electronic Privacy Information Center
Washington, DC
July 21, 1994



[3] Letter from Gore to Cantwell

THE VICE PRESIDENTWASHINGTON
July 20, 1994
The Honorable Maria Cantwell House of Representatives Washington, DC20515
"Dear Maria,

"I write today to express my sincere appreciation of yourefforts to move the national debate forward on the issue ofinformation security and export controls. I share your strongconviction for the need to develop a comprehensive policy regardingencryption, incorporating an export policy that does not disadvantageAmerican software companies in world markets while preserving our lawenforcement and national security goals.

"As you know, the Administration disagrees with you on theextent to which existing controls are harming U.S. industry in theshort run and the extent to which their immediate relaxation wouldaffect national security. For that reason we have supported afive-month Presidential study. In conducting this study, I want toassure you that the Administration will use the best availableresources of the federal government. This will include the activeparticipation of the National Economic Council and the Department ofCommerce. In addition, consistent with the Senate-passed language,
the first study will be completed within 150 days of passage of theExport Administration Act reauthorization bill, with the second studyto be completed within one year after the completion of the first. Iwant to personally assure you that we will reassess our existingexport controls based on the results of these studies. Moreover, allprograms with encryption that can be exported today will continue tobe exportable.

"On the other hand, we agree that we need to take action thisyear to ensure that over time American companies are able to includeinformation security features in their program in order to maintaintheir international competitiveness. We can achieve this by enteringinto a new phase of cooperation among government, industryrepresentatives and privacy advocates with a goal of trying to developa key escrow encryption system that will provide strong encryption, beacceptable to computer users worldwide, and address our nationalsecurity needs as well.

"Key escrow encryption offers a very effective way toaccomplish our mutual goals. That is why the Administration adoptedthe key escrow encryption standard in the "Clipper Chip" to providevery secure encryption for telephone communications while preservingthe ability for law enforcement and national security. But theClipper Chip is an approved federal standard for telephonecommunication and not for computer networks and video networks. Forthat reason, we are working with industry to investigate othertechnologies for these applications.

"The administration understands the concerns that industry hasregarding the Clipper Chip. We welcome the opportunity to work withindustry to design a more versatile, less expensive system Such a keyescrow scheme would be implementable in software, firmware orhardware, or any combination thereof, would not rely on a classifiedalgorithm, would be voluntary, and would be exportable. While thereare many severe challenges to developing such a system, we arecommitted to a diligent effort with industry and academics to achievesuch a system. We welcome your offer to assist us in furthering thiseffort.

"We also want to assure users of key escrow encryptionproducts that they will not be subject to unauthorized electronicsurveillance. As we have done with the Clipper Chip, future keyescrow schemes must contain safeguards to provide for key disclosureonly under legal authorization and should have audit procedures toensure the integrity of the system. Escrow holders should be strictlyliable for releasing keys without legal authorization.

"We also recognize that a new key escrow encryption systemmust permit the use of private-sector key escrow agents as one option.
It is also possible that as key escrow encryption technology spreads,
companies may establish layered escrowing services for their ownproducts. Having a number of escrow agents would give individuals andbusinesses more choice and flexibility in meeting their needs forsecure communications.

"I assure you the President and I are acutely aware of theneed to balance economic and privacy needs with law enforcement andnational security. This is not an easy task, I think that ourapproach offers the best opportunity to strike an appropriate balance.
I am looking forward to working with you and others who share ourinterest in developing a comprehensive national policy on encryption.
I am convinced that our cooperative endeavors will open new creativesolutions to this critical problems."

Sincerely /s/ Al Gore



[4] What You Can Do (Email the VP)


The Clipper debate has reached a critical juncture. The White Houseand industry are about to seal a deal to make key escrow the standardfor encrypted communications. If you believe that individuals shouldhave the right to make full use of new technologies to protectprivacy, now is the time for your voice to be heard (and your email tobe sent).

EMAIL the Vice President at vice.presidentwhitehouse.gov
- Thank him for the Administration's willingness to reconsider itsviews on Clipper
- Express support for the decision to support unclassified algorithmsand liability for key escrow agents
- But urge him not to require key escrow as a standard for encryptionproducts
- Emphasize that key escrow is the soul of Clipper, the method forconducting electronic surveillance of digital communications
- Call for extensive testing and studies before any key escrow systemis deployed
You should also:

- Urge him to withdraw Clipper as a standard for voice communications
- Urge him to support relaxation of export controls
- Ask for the public release of the earlier White House study oncryptography
- Ask for the public release of White House documents reviewing theweaknesses of the key escrow proposal
The Vice President has clearly shown a willingness to listento the concerns of the user community on this issue. Your lettercould make a difference.





[5] Upcoming Privacy Related Conferences and Events


DEF CON ][ ("underground" computer culture) "Load up your laptopMuffy, we're heading to Vegas!" The Sahara Hotel, Las Vegas, NV. July22-24. Contact: dtangentdefcon.org.

Hackers on Planet Earth: The First US Hacker Congress. HotelPennsylvania, New York City, NY. August 13-14. Sponsored by 2600Magazine. Contact: 2600well.sf.ca.us.

Technologies of Surveillance; Technologies of Privacy. The Hague, TheNetherlands. September 5. Sponsored by Privacy International and EPIC.
Contact: Simon Davies (daviesprivint.demon.co.uk).

16th International Conference on Data Protection. The Hague,
Netherlands. September 6-8. Contact: B. Crouwers 31 70 3190190(tel), 31-70-3940460 (fax).

CPSR Annual Meeting. University of California, San Diego. October 8-9.
Contact: Phil Agre

Symposium: An Arts and Humanities Policy for the National InformationInfrastructure. Boston, Mass. October 14-16. Sponsored by the Centerfor Art Research in Boston. Contact: Jay Jaroslav(jaroslavartdata.win.net).

Third Biannual Conference on Participatory Design, Chapel Hill, NorthCarolina. October 27-28. Sponsored by CPSR. Contact:
triggparc.xerox.com.

Ethics in the Computer Age Conference. Gatlinburg, Tennessee. November11-13. Sponsored by ACM. Contact: jkizzautcvm.utc.edu
(Send calendar submissions to Alertepic.org)



To subscribe to the EPIC Alert, send the message:

SUBSCRIBE CPSR-ANNOUNCE Firstname Lastname
to listservcpsr.org. You may also receive the Alert by reading theUSENET newsgroup comp.org.cpsr.announce


The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues relating to theNational Information Infrastructure, such as the Clipper Chip, theDigital Telephony proposal, medical record privacy, and the sale ofconsumer data. EPIC is sponsored by the Fund for ConstitutionalGovernment and Computer Professionals for Social Responsibility. EPICpublishes the EPIC Alert and EPIC Reports, pursues Freedom ofInformation Act litigation, and conducts policy research on emergingprivacy issues. For more information email infoepic.org, or writeEPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1202 544 9240 (tel), +1 202 547 5482 (fax).

The Fund for Constitutional Government is a non-profit organizationestablished in 1974 to protect civil liberties and constitutionalrights. Computer Professionals for Social Responsibility is a nationalmembership organization of people concerned about the impact oftechnology on society. For information contact: cpsr-infocpsr.org
END EPIC Alert 1.04


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/1994/4.html