From: m...@eff.org (Stanton McCandlish)
Subject: EFFector Online 07.02 - ALERT! Take your stand on crypto/Clipper NOW!
Date: 10 Feb 1994 10:32:48 -0500
Organization: Electronic Frontier Foundation
Summary: Administration pushes Clipper, EFF pushes back - Support Cantwell bill
Keywords: Clipper Capstone Skipjack Tessersa crypt Cantwell export HR 3627
________________ _______________ _______________
/_______________/\ /_______________\ /\______________\
\\\\\\\\\\\\\\\\\ \ ||||||||||||||||| / ////////////////
\\\\\\\\\\\\\\\\\/ ||||||||||||||||| / ////////////////
\\\\\\_______/\ ||||||_______\ / //////_____\
\\\\\\\\\\\\\ \ |||||||||||||| / /////////////
\\\\\\\\\\\\\/____ |||||||||||||| / /////////////
\\\\\___________/\ ||||| / ////
\\\\\\\\\\\\\\\\ \ ||||| / ////
\\\\\\\\\\\\\\\\/ ||||| \////
EFFector Online Volume 07 No. 03 Feb. 09, 1994 edit...@eff.org
A Publication of the Electronic Frontier Foundation ISSN 1062-9424
In This Issue:
EFF Wants YOU! (to add your voice to the crypto fight)
Administration Announces Cold War Attitude on Crypto, Pushes Clipper
Statement of Vice President Gore
Statement of the White House Press Secretary
Attorney General Janet Reno Key Escrow Agents Press Release
Statement of Dr. M. Harris, Dep. Asst. Secy. of State for PMA
Volunteers/Information Needed for EFF Diskettes
What You Can Do
Subject: EFF Wants YOU! (to add your voice to the crypto fight)
* DISTRIBUTE WIDELY *
Monday, February 7th, 1994
From: Jerry Berman, Executive Director of EFF
Dear Friends on the Electronic Frontier,
I'm writing a personal letter to you because the time has now come for
action. On Friday, February 4, 1994, the Administration announced that it
plans to proceed on every front to make the Clipper Chip encryption scheme
a national standard, and to discourage the development and sale of
alternative powerful encryption technologies. If the government succeeds
in this effort, the resulting blow to individual freedom and privacy could
As you know, over the last three years, we at EFF have worked to ensure
freedom and privacy on the Net. Now I'm writing to let you know about
something *you* can do to support freedom and privacy. *Please take a
moment to send e-mail to U.S. Rep. Maria Cantwell (cantw...@eff.org) to
show your support of H.R. 3627, her bill to liberalize export controls on
encryption software.* I believe this bill is critical to empowering
ordinary citizens to use strong encryption, as well as to ensuring that
the U.S. software industry remains competitive in world markets.
Here are some facts about the bill:
Rep. Cantwell introduced H.R. 3627 in the House of Representatives on
November 22, 1993. H.R. 3627 would amend the Export Control Act to move
authority over the export of nonmilitary software with encryption
capabilities from the Secretary of State (where the intelligence community
traditionally has stalled such exports) to the Secretary of Commerce. The
bill would also invalidate the current license requirements for
nonmilitary software containing encryption capabilities, unless there is
substantial evidence that the software will be diverted, modified or
re-exported to a military or terroristic end-use.
If this bill is passed, it will greatly increase the availability of
secure software for ordinary citizens. Currently, software developers do
not include strong encryption capabilities in their products, because the
State Department refuses to license for export any encryption technology
that the NSA can't decipher. Developing two products, one with less secure
exportable encryption, would lead to costly duplication of effort, so even
software developed for sale in this country doesn't offer maximum
security. There is also a legitimate concern that software companies will
simply set up branches outside of this country to avoid the export
restrictions, costing American jobs.
The lack of widespread commercial encryption products means that it will
be very easy for the federal government to set its own standard--the
Clipper Chip standard. As you may know, the government's Clipper Chip
initiative is designed to set an encryption standard where the government
holds the keys to our private conversations. Together with the Digital
Telephony bill, which is aimed at making our telephone and computer
networks "wiretap-friendly," the Clipper Chip marks a dramatic new effort
on the part of the government to prevent us from being able to engage in
truly private conversations.
We've been fighting Clipper Chip and Digital Telephony in the policy arena
and will continue to do so. But there's another way to fight those
initiatives, and that's to make sure that powerful alternative encryption
technologies are in the hands of any citizen who wants to use them. The
government hopes that, by pushing the Clipper Chip in every way short of
explicitly banning alternative technologies, it can limit your choices for
Here's what you can do:
I urge you to write to Rep. Cantwell today at cantw...@eff.org. In the
Subject header of your message, type "I support HR 3627." In the body of
your message, express your reasons for supporting the bill. EFF will
deliver printouts of all letters to Rep. Cantwell. With a strong showing
of support from the Net community, Rep. Cantwell can tell her colleagues
on Capitol Hill that encryption is not only an industry concern, but also
a grassroots issue. *Again: remember to put "I support HR 3627" in your
This is the first step in a larger campaign to counter the efforts of
those who would restrict our ability to speak freely and with privacy.
Please stay tuned--we'll continue to inform you of things you can do to
promote the removal of restrictions on encryption.
In the meantime, you can make your voice heard--it's as easy as e-mail.
Write to cantw...@eff.org today.
Executive Director, EFF
P.S. If you want additional information about the Cantwell bill, send
e-mail to cantwell-i...@eff.org. To join EFF, write members...@eff.org.
The text of the Cantwell bill can be found with the any of the following
URLs (Universal Resource Locators):
A summary of the bill and statement from Cantwell can be found at:
(cantwell.summary is the same file you get by mailing to
Subject: Administration Announces Cold War Attitude on Crypto, Pushes Clipper
At two briefings, Feb. 4, 1994, the Clinton Administration and various
agencies gave statements before a Congressional committee, and later
representatives of civil liberties organizations, industry spokespersons
and privacy advocates. The Electronic Frontier Foundation's position,
based on what we have seen and heard from the Administration today, is
that the White House is set on a course that pursues Cold War national
security and law enforcement interests to the detriment of individual
privacy and civil liberties.
The news is grim. The Administration is:
* not backing down on Clipper
* not backing down on key escrow
* not backing down on selection of escrow agents
* already adamant on escrowed key access procedures
* not willing to elminate ITAR restrictions
* hiding behind exaggerated threats of "drug dealers" and "terrorists"
The material released to the industry and advocacy version of the briefing
have been placed online at ftp.eff.org (long before their online
availability from goverment access sites, one might add). See below for
No information regarding the Congressional committee version of the briefing
has been announced. EFF Director Jerry Berman, who attended the private
sector meeting, reported the following:
"The White House and other officials briefed industry on its Clipper chip
and encryption review. While the review is not yet complete, they have
reached several policy conclusions. First, Clipper will be proposed as
a new Federal Information Processing Standard (FIPS) next Wednesday. [Feb.
9] It will be "vountary" for government agencies and the private sector
to use. They are actively asking other vendors to jump in to make the
market a Clipper market. Export licensing processes will be speeded up but
export restrictions will not be lifted in the interests of national
security. The reason was stated bluntly at the briefing: to frustrate
competition with Clipper from other powerful encryption schemes by making
them difficult to market, and to "prevent" strong encryption from leaving
the country, thus supposedly making the job of law enforcement and
intelligence more difficult. Again, in the interest of "national
security". Of course, Clipper will be exportable but they would not comment
on how other governments will view this. Treasury and NIST will be the
escrow agents and Justice asserted that there was no necessity for
legislation to implement the escrow procedures.
"I asked if there would be a report to explain the rationale for choosing
these results - we have no explanation of the Administration's thinking, or
any brief in support of the results. They replied that there would be no
report because they have been unable to write one, due to the complexity of
"One Administation spokesperson said this was the Bosnia of
Telecommunications. I asked, if this was so, how, in the absense of some
policy explanation, could we know if our policy here will be as successful
as our policy in Bosnia?"
The announcements, authorization procedures for release of escrowed keys,
and q-and-a documents from the private sector briefing are online at EFF.
"Statement of the [White House] Press Secretary" [White House]
"Statement of the Vice President" [very short - WH]
"Attorney General Makes Key Escrow Encryption Announcements" [Dept. of Just.]
"Authorization Procedures for Release pf Emcryption Key Components in
Conjunction with Intercepts Pursuant to Title III/State Statutes/FISA"
[3 docs. in one file - DoJ]
"Working Group on Data Security" [WH]
"Statement of Dr. Martha Harris Dep. Asst. Secy. of State for Polit.-Mil.
Affairs: Encryption - Export Control Reform" [Dept. of State]
"Questions and Answers about the Clinton Administration's Encryption
These files are available for anonymous ftp, or via gopher and the Web:
All 7 of these documents will be posted widely on the net.
[They will also be posted to CIS and AOL, and many are reproduced in this
issue of EFFector.]
Subject: Statement of Vice President Gore
Today's announcements on encryption represent important steps in
the implementation of the Administration's policy on this critical
issue. Our policy is designed to provide better encryption to
individuals and businesses while ensuring that the needs of law
enforcement and national security are met.
Encryption is a law and order issue since it can be used by criminals
to thwart wiretaps and avoid detection and prosecution. It also has
huge strategic value. Encryption technology and cryptoanalysis
turned the tide in the Pacific and elsewhere during World War II.
Subject: Statement of the White House Press Secretary
Last April, the Administration announced a comprehensive
interagency review of encryption technology, to be overseen by the
National Security Council. Today, the Administration is taking a
number of steps to implement the recommendations resulting from
Advanced encryption technology offers individuals and businesses
an inexpensive and easy way to encode data and telephone
conversations. Unfortunately, the same encryption technology that
can help Americans protect business secrets and personal privacy
can also be used by terrorists, drug dealers, and other criminals.
In the past, Federal policies on encryption have reflected primarily
the needs of law enforcement and national security. The Clinton
Administration has sought to balance these needs with the needs of
businesses and individuals for security and privacy. That is why,
today the National Institute of Standards ant Technology (NIST) is
committing to ensure a royalty-free, public-domain Digital Signature
Standard. Over many years, NIST has been developing digital
signature technology that would provide a way to verify the author
and sender of an electronic message. Such technology will be critical
for a wide range of business applications for the National
Information Infrastructure. A digital signature standard will enable
individuals to transact business electronically rather than having to
exchange signed paper contracts. The Administration has determined
that such technology should not be subject to private royalty
payments, and it will be taking steps to ensure that royalties are not
required for use of a digital signature. Had digital signatures been in
widespread use, the recent security problems with the Internet
would have been avoided.
Last April, the Administration released the Key Escrow chip (also
known as the "Clipper Chip") that would provide Americans with
secure telecommunications without compromising the ability of law
enforcement agencies to carry out legally authorized wiretaps. Today,
the Department of Commerce and the Department of Justice are
taking steps to enable the use of such technology both in the U.S. and
overseas. At the same time, the Administration is announcing its
intent to work with industry to develop other key escrow products
that might better meet the needs of individuals and industry,
particularly the American computer and telecommunications
industry. Specific steps being announced today include:
- Approval by the Commerce Secretary of the Escrowed Encryption
Standard (EES) as a voluntary Federal Information Processing
Standard, which will enable government agencies to purchase the
Key Escrow chip for use with telephones and modems. The
department's National Institute of Standards and Technology
(NIST) will publish the standard.
- Publication by the Department of Justice of procedures for the
release of escrowed keys and the announcement of NIST and the
Automated Services Division of the Treasury Department as the
escrow agents that will store the keys needed for decryption of
communications using the Key Escrow chip. Nothing in these
procedures will diminish the existing legal and procedural
requirements that protect Americans from unauthorized wiretaps.
- New procedures to allow export of products containing the Key
Escrow chip to most countries.
In addition, the Department of State will streamline export licensing
procedures for encryption products that can be exported under
current export regulations in order to help American companies sell
their products overseas. In the past, it could take weeks for a
company to obtain an export license for encryption products, and
each shipment might require a separate license. The new procedures
announced today will substantially reduce administrative delays and
paperwork for encryption exports.
To implement the Administration's encryption policy, an interagency
Working Group on Encryption and Telecommunications has been
established. It will be chaired by the White House Office of Science
and Technology Policy and the National Security Council and will
include representatives of the Departments of Commerce, Justice,
State, and Treasury as well as the FBI, the National Security Agency,
the Office of Management and Budget, and the National Economic
Council. This group will work with industry and public-interest
groups to develop new encryption technologies and to review and
refine Administration policies regarding encryption, as needed.
The Administration is expanding its efforts to work with industry to
improve on the Key Escrow chip, to develop key-escrow software,
and to examine alternatives to the Key Escrow chip. NIST will lead
these efforts and will request additional staff and resources for this
We understand that many in industry would like to see all
encryption products exportable. However, if encryption technology is
made freely available worldwide, it would no doubt be used
extensively by terrorists, drug dealers, and other criminals to harm
Americans both in the U.S. and abroad. For this reason, the
Administration will continue to restrict export of the most
sophisticated encryption devices, both to preserve our own foreign
intelligence gathering capability and because of the concerns of our
allies who fear that strong encryption technology would inhibit their
law enforcement capabilities.
At the same time, the Administration understands the benefits that
encryption and related technologies can provide to users of
computers and telecommunications networks. Indeed, many of the
applications of the evolving National Information Infrastructure will
require some form of encryption. That is why the Administration
plans to work more closely with the private sector to develop new
forms of encryption that can protect privacy and corporate secrets
without undermining the ability of law-enforcement agencies to
conduct legally authorized wiretaps. That is also why the
Administration is committed to make available free of charge a
Digital Signature Standard.
The Administration believes that the steps being announced today
will help provide Americans with the telecommunications security
they need without compromising the capability of law enforcement
agencies and national intelligence agencies. Today, any American can
purchase and use any type of encryption product. The
Administration does not intend to change that policy. Nor do we have
any intention of restricting domestic encryption or mandating the use
of a particular technology.
Subject: Attorney General Janet Reno Key Escrow Agents Press Release
Attorney General Janet Reno today announced selection of the two
U.S. Government entities that will hold the escrowed key
components for encryption using the key escrow encryption method.
At the same time, the Attorney General made public procedures
under which encryption key components will be released to
government agencies for decrypting communications subject to
Key Escrow Encryption (formerly referred to as Clipper Chip )
strikes an excellent balance between protection of communications
privacy and protection of society. It permits the use in
commercial telecommunications products of chips that provide
extremely strong encryption, but can be decrypted, when necessary,
by government agencies conducting legally authorized wiretaps.
Decryption is accomplished by use of keys--80-bit binary numbers--
that are unique to each individual encryption chip. Each unique
key is in turn split into two components, which must be recombined
in order to decrypt communications. Knowing one component does not
make decryption any more feasible than not knowing either one.
The two escrow agents are the National Institute of Standards and
Technology (NIST), a part of the Department of Commerce, and the
Automated Systems Division of the Department of the Treasury. The
two escrow agents were chosen because of their abilities to
safeguard sensitive information, while at the same time being able
to respond in a timely fashion when wiretaps encounter encrypted
communications. In addition, NIST is responsible for establishing
standards for protection of sensitive, unclassified information in
Federal computer systems.
The escrow agents will act under strict procedures, which are
being made public today, that will ensure the security of the key
components and govern their release for use in conjunction with
lawful wiretaps. They will be responsible for holding the key
components: for each chip, one agent will hold one of the key
components, and the second agent will hold the other. Neither will
release a key component, except to a government agency with a
requirement to obtain it in connection with a lawfully authorized
wiretap. The system does not change the rules under which
government agencies are authorized to conduct wiretaps.
When an authorized government agency encounters suspected key-
escrow encryption, a written request will have to be submitted to
the two escrow agents. The request will, among other things, have
to identify the responsible agency and the individuals involved;
certify that the agency is involved in a lawfully authorized
wiretap; specify the wiretap's source of authorization and its
duration; and specify the serial number of the key-escrow
encryption chip being used. In every case, an attorney involved in
the investigation will have to provide the escrow agents assurance
that a validly authorized wiretap is being conducted.
Upon receipt of a proper request, the escrow agents will transmit
their respective key components to the appropriate agency. The
components will be combined within a decrypt device, which only
then will be able to decrypt communications protected by key-
escrow encryption. When the wiretap authorization ends, the device
s ability to decrypt communications using that particular chip
will also be ended.
The Department of Justice will, at the various stages of the
process, take steps to monitor compliance with the procedures.
Subject: Statement of Dr. M. Harris, Dep. Asst. Secy. of State for PMA
The Secretary of State is announcing today measures arising from
the Administration's decision to reform export control procedures
applicable to products incorporating encryption technology. These
reforms are part of the Administration's effort to eliminate
unnecessary controls and ensure efficient implementation. The
reforms will simplify encryption product export licensing and
speed the review of encryption product exports, thus helping U.S.
manufacturers to compete more effectively in the global market.
While there will be no changes in the types of equipment
controlled by the Munitions List, we are announcing measures to
Last year the President announced an initiative to encourage U.S.
manufacturers and users of encryption to take advantage of a
government technology (the key-escrow chip) that provides
excellent security while ensuring that the Government has a means
to decode the encryption when lawfully authorized, such as when
executing a court-authorized warrant in connection with a criminal
investigation. At the time he announced this initiative, the
President directed a comprehensive review of U.S. policy regarding
domestic use and export of encryption technology. The reforms we
are announcing today result from that review.
The President has determined that vital U.S. national security and
law enforcement interests compel maintaining appropriate control
of encryption. Still, there is much that can be done to reform
existing controls to ensure that they are efficiently implemented
and to maintain U.S. leadership in the world market for encryption
technology. Accordingly, the President has asked the Secretary of
State to take immediate action to implement a number of procedural
reforms. The reforms are:
* License Reform: Under new licensing arrangements, encryption
manufacturers will be able to ship their products from the United
States directly to customers within approved regions without
obtaining individual licenses for each end user. This will improve
the ability of our manufacturers to provide expedited delivery of
products, and to reduce shipping and tracking costs. It should
also reduce the number of individual license requests, especially
for small businesses that cannot afford international
* Rapid review of export license applications: A significant
number of encryption export license applications can be reviewed
more quickly. For such exports, we have set a license turnaround
goal of two working days.
* Personal use exemption: We will no longer require that U.S.
citizens obtain an export license prior to taking encryption
products out of the U.S. temporarily for their own personal use.
In the past, this requirement caused delays and inconvenience for
* Allow exports of key-escrow encryption: After initial review,
key-escrow encryption products may now be exported to most end
users. Additionally, key-escrow products will qualify for special
These reforms should have the effect of minimizing the impact of
export controls on U.S. industry. The Department of State will
take all appropriate actions to ensure that these reforms are
implemented as quickly as possible. The Secretary of State asks
that encryption product manufacturers evaluate the impact of these
reforms over the next year and provide feedback both on how the
reforms have worked out and on recommendations for additional
The contact point for further information on these reforms is Rose
Biancaniello, Office of Defense Trade Controls, Bureau of
Political-Military Affairs, Department of State, (703) 875-6644.
Subject: Volunteers/Discounts Needed for EFF Diskettes
EFF is updating it's "Frontier Files" disk and needs to make 500 hundred
DOS and 100 Macintosh duplicates this month. We are looking for
volunteers who can do the duplication onto 3 1/2" DD disks or pointers to free
and/or reduced rate mass duplication services. EFF is also seeking a
volunteer to format and produce an Amiga version of the Files in a
quantity of about 50. EFF will of course pay for or provide the diskettes.
The Frontier Files will include EFF newsletters and papers, legal
information, net documents like the "Big Dummy's Guide to the Internet"
and more. A notice will be posted in EFFector as soon as the disks are
available for distribution.
E-mail info to Sarah Simpson, Membership Coordinator <ssimp...@eff.org>
with subject of "Frontier Files".
Subject: What You Can Do
"Relying on the government to protect your privacy is like asking a peeping
tom to install your window blinds."
- John Perry Barlow, EFF co-founder, "Decrypting the Puzzle Palace"
The Electronic Frontier Foundation believes that individuals should be
able to ensure the privacy of their personal communications through any
technological means they choose. However, the government's current
restrictions on the export of encrytion software have stifled the
development and commercial availability of strong encryption in the U.S.
Rep. Maria Cantwell has introduced a bill (H.R. 3627) in the House that
would liberalize export controls on software that contains encryption, but
needs vocal support if the bill is to make it out of the committee stage.
If you believe that privacy is a right and not a privledge, send e-mail in
support of the bill to Rep. Cantwell in care of EFF at cantw...@eff.org.
Background and analysis of the bill are available from an automailer by
sending any email to cantwell-info@eff. org.
The decisions that are made today will affect our futures indefinately.
EFF is a respected voice for the rights of users of online technologies
and EFF members receive regular online updates on the issues that affect
our online communications and particpate in shaping the future.
We feel that the best way to protect your online rights is to be fully
informed and to make your opinions heard. EFF members are informed, and
are making a difference. Join EFF today!
MEMBERSHIP IN THE ELECTRONIC FRONTIER FOUNDATION
Print out in monospaced (non-proportional) font and mail to:
Attn: Membership Coordinator
Electronic Frontier Foundation
1001 G St. NW, Suite 950 East
Washington DC 20001 USA
SIGN ME UP!
I wish to become a member of the Electronic Frontier Foundation. I enclose:
___ Regular membership -- $40
___ Student membership -- $20
I wish to make an additional tax-deductible donation in the amount of
$__________ to further support the activities of EFF and to broaden
participation in the organization.
___ Enclosed is a check or money order payable to
the Electronic Frontier Foundation.
___ Please charge my:
___ MasterCard ___ Visa ___ American Express
Card Number: _____________________________________________
Expiration Date: _________________________________________
NOTE: We do not recommend sending credit card information via email!
YOUR CONTACT INFORMATION:
BBS: _____________________ BBS Name: ____________________
E-mail addresses: ______________________________________________
___ Electronic: Please contact me via the Internet address listed above.
I would like to receive the following at that address:
___ EFFector Online - EFF's biweekly electronic newsletter
(back issues available from ftp.eff.org,
___ Online Bulletins - bulletins on key developments
affecting online communications.
NOTE: Traffic may be high. You may wish to browse these
publications in the Usenet newsgroup comp.org.eff.news (also
available in FidoNet, as EFF-NEWS).
___ Paper: Please contact me through the US Mail at the street
address listed above.
NOTE: Paper documents available upon request.
"Networks & Policy" Newsletter automatically sent via US Mail.
EFF occasionally shares our mailing list with other organizations promoting
similar goals. However, we respect an individual's right to privacy and
will not distribute your name without explicit permission.
___ I grant permission for the EFF to distribute my name and contact
information to organizations sharing similar goals.
This form came from EFFector Online (please leave this line on the form!)
The Electronic Frontier Foundation is a nonprofit, 501(c)(3) organization
supported by contributions from individual members, corporations and
private foundations. Donations are tax-deductible.
EFFector Online is published biweekly by:
Electronic Frontier Foundation
1001 G St. NW, Suite 950 E
Washington DC 20001 USA
Phone: +1 202 347 5400, FAX: +1 202 393 5509
Internet Address: e...@eff.org or a...@eff.org
Coordination, production and shipping by:
Stanton McCandlish, Online Activist/SysOp <m...@eff.org>
Reproduction of this publication in electronic media is encouraged. Signed
articles do not necessarily represent the views of EFF. To reproduce
signed articles individually, please contact the authors for their express
Internet Contact Addresses
Membership & donations: members...@eff.org
Legal services: sste...@eff.org
Hardcopy publications: p...@eff.org
Online publications, conferences, & other resources: m...@eff.org
Technical questions/problems, access to mailing lists: e...@eff.org
General EFF, legal, or policy questions: a...@eff.org
End of EFFector Online v07 #03
Stanton McCandlish * m...@eff.org * Electronic Frontier Found. OnlineActivist
F O R M O R E I N F O, E - M A I L T O: I N F O @ E F F . O R G
O P E N P L A T F O R M O N L I N E R I G H T S
V I R T U A L C U L T U R E C R Y P T O