Path: gmdzi!unido!mcsun!uunet!zaphod.mps.ohio-state.edu!mips!
pacbell.com!att!ucbvax!hoptoad!gnu
From: gnu@hoptoad.uucp (John Gilmore)
Newsgroups: sci.crypt,misc.legal,alt.privacy
Subject: Statement in Support of Communications Privacy
Message-ID: <18671@hoptoad.uucp>
Date: 19 Jun 91 05:09:36 GMT
Organization: Cygnus Support, Palo Alto
Lines: 184
Xref: gmdzi sci.crypt:54290 misc.legal:66738 alt.privacy:798
The Electronic Frontier Foundation, Computer Professionals for Social
Responsibility, and RSA Data Security Inc. cosponsored a meeting of
cryptographers, civil libertarians, business leaders, and people from
all over the government who handle cryptography and privacy issues.
The following statement was released at the meeting.
STATEMENT IN SUPPORT OF COMMUNICATIONS PRIVACY
Washington, DC
June 10, 1991
As representatives of leading computer and
telecommunications companies, as members of national
privacy and civil liberties organizations, as academics and
researchers across the country, as computer users, as
corporate users of computer networks, and as individuals
interested in the protection of privacy and the promotion of
liberty, we have joined together for the purpose of
recommending that the United States government undertake a
new approach to support communications privacy and to
promote the availability of privacy-enhancing technologies.
We believe that our effort will strengthen economic
competitiveness, encourage technological innovation, and
ensure that communications privacy will be carried forward
into the next decade.
In the past several months we have become aware that
the federal government has failed to take advantage of
opportunities to promote communications privacy. In some
areas, it has considered proposals that would actually be a
step backward. The area of cryptography is a prime example.
Cryptography is the process of translating a
communication into a code so that it can be understood only by
the person who prepares the message and the person who is
intended to receive the message. In the communications
world, it is the technological equivalent of the seal on an
envelope. In the security world, it is like a lock on a door.
Cryptography also helps to ensure the authenticity of
messages and promotes new forms of business in electronic
environments. Cryptography makes possible the secure
exchange of information through complex computer networks,
and helps to prevent fraud and industrial espionage.
For many years, the United States has sought to restrict
the use of encryption technology, expressing concern that such
restrictions were necessary for national security purposes.
For the most part, computer systems were used by large
organizations and military contractors. Computer policy was
largely determined by the Department of Defense. Companies
that tried to develop new encryption products confronted
export control licensing, funding restrictions, and
classification review. Little attention was paid to the
importance of communications privacy for the general public.
It is clear that our national needs are changing.
Computers are ubiquitous. We also rely on communication
networks to exchange messages daily. The national telephone
system is in fact a large computer network.
We have opportunities to reconsider and redirect our
current policy on cryptography. Regrettably, our government
has failed to move thus far in a direction that would make the
benefits of cryptography available to a wider public.
In late May, representatives of the State Department met
in Europe with the leaders of the Committee for Multilateral
Export Controls ("COCOM"). At the urging of the National
Security Agency, our delegates blocked efforts to relax
restrictions on cryptography and telecommunications
technology, despite dramatic changes in Eastern Europe.
Instead of focusing on specific national security needs, our
delegates continued a blanket opposition to secure network
communication technologies.
While the State Department opposed efforts to promote
technology overseas, the Department of Justice sought to
restrict its use in the United States. A proposal was put
forward by the Justice Department that would require
telecommunications providers and manufacturers to redesign
their services and products with weakened security. In effect,
the proposal would have made communications networks less
well protected so that the government could obtain access to
all telephone communications. A Senate Committee Task Force
Report on Privacy and Technology established by Senator
Patrick Leahy noted that this proposal could undermine
communications privacy.
The public opposition to S. 266 was far-reaching. Many
individuals wrote to Senator Biden and expressed their concern
that cryptographic equipment and standards should not be
designed to include a "trapdoor" to facilitate government
eavesdropping. Designing in such trapdoors, they noted, is no
more appropriate than giving the government the combination
to every safe and a master key to every lock.
We are pleased that the provision in S. 266 regarding
government surveillance was withdrawn. We look forward to
Senator Leahy's hearing on cryptography and communications
privacy later this year. At the same time, we are aware that
proposals like S. 266 may reemerge and that we will need to
continue to oppose such efforts. We also hope that the export
control issue will be revisited and the State Department will
take advantage of the recent changes in East-West relations
and relax the restrictions on cryptography and network
communications technology.
We believe that the government should promote
communications privacy. We therefore recommend that the
following steps be taken.
First, proposals regarding cryptography should be moved
beyond the domain of the intelligence and national security
community. Today, we are growing increasingly dependent on
computer communications. Policies regarding the appropriate
use of cryptography should be subject to public review and
public debate.
Second, any proposal to facilitate government
eavesdropping should be critically reviewed. Asking
manufacturers and service providers to make their services
less secure will ultimately undermine efforts to strengthen
communications privacy across the country. While these
proposals may be based on sound concerns, there are less
invasive ways to pursue legitimate government goals.
Third, government agencies with appropriate expertise
should work free of NSA influence to promote the availability
of cryptography so as to ensure communications privacy for
the general public. The National Academy of Science has
recently completed two important studies on export controls
and computer security. The Academy should now undertake a
study specifically on the use of cryptography and
communications privacy, and should also evaluate current
obstacles to the widespread adoption of cryptographic
protection.
Fourth, the export control restrictions for computer
network technology and cryptography should be substantially
relaxed. The cost of export control restrictions are enormous.
Moreover, foreign companies are often able to obtain these
products from other sources. And one result of export
restrictions is that US manufacturers are less likely to
develop privacy-protecting products for the domestic market.
As our country becomes increasingly dependent on
computer communications for all forms of business and
personal communication, the need to ensure the privacy and
security of these messages that travel along the networks
grows. Cryptography is the most important technological
safeguard for ensuring privacy and security. We believe that
the general public should be able to make use of this
technology free of government restrictions.
There is a great opportunity today for the United States
to play a leadership role in promoting communications privacy.
We hope to begin this process by this call for a reevaluation of
our national interest in cryptography and privacy.
Mitchell Kapor, Electronic Frontier Foundation
Marc Rotenberg, CPSR
John Gilmore, EFF
D. James Bidzos, RSA
Phil Karn, BellCore
Ron Rivest, MIT
Jerry Berman, ACLU
Whitfield Diffie, Northern Telecom
David Peyton, ADAPSO
Ronald Plesser, Information Industry Association
Dorothy Denning, Georgetown University
David Kahn, author *The Codebreakers*
Ray Ozzie, IRIS Associates
Evan D. Hendricks, US Privacy Council
Priscella M. Regan, George Mason University
Lance J. Hoffman, George Washington University
David Bellin, Pratt University
(affiliations are for identification purposes only)
--
John Gilmore {sun,uunet,pyramid}!hoptoad!gnu g...@toad.com g...@cygnus.com
* Truth : the most deadly weapon ever discovered by humanity. Capable of *
* destroying entire perceptual sets, cultures, and realities. Outlawed by *
* all governments everywhere. Possession is normally punishable by death. *
-- Richard Childers