From: m...@eff.org (Stanton McCandlish)
Subject: EFFector Online 07.13 - Oct. 07 1994
Date: 7 Oct 1994 21:55:44 -0400
Organization: Electronic Frontier Foundation
Summary: new EFF Exec. Dir; Edwards on DT; NRC crypto study; CFP95;
Godwin at cyber-law conf.; OTA privacy report; bills online from GPO,
new NII docs at EFF
Keywords: EFF,Taubman,DT,Digital Telephony,Telephony,DigTel,Edwards,hr 4922,
hr.4922,h.r. 4922,hr4922,h.r.4922,4922,s2375,s 2375,s.2375,s. 2375,2375,FBI,
________________ _______________ _______________
/_______________/\ /_______________\ /\______________\
\\\\\\\\\\\\\\\\\ \ ||||||||||||||||| / ////////////////
\\\\\\\\\\\\\\\\\/ ||||||||||||||||| / ////////////////
\\\\\\_______/\ ||||||_______\ / //////_____\
\\\\\\\\\\\\\ \ |||||||||||||| / /////////////
\\\\\\\\\\\\\/____ |||||||||||||| / /////////////
\\\\\___________/\ ||||| / ////
\\\\\\\\\\\\\\\\ \ ||||| / ////
\\\\\\\\\\\\\\\\/ ||||| \////
EFFector Online Volume 07 No. 12 October 7, 1994 edit...@eff.org
A Publication of the Electronic Frontier Foundation ISSN 1062-9424
In This Issue:
EFF Organizational Changes: New Exec. Dir., New Privacy Project
Rep. Edwards Announcement on Digital Telephony, Oct. 7, 1994
National Research Council Study of National Cryptography Policy
Computers, Freedom and Privacy '95 - Call for Participation
EFF's Godwin to Speak at Criminal Law in Cyberspace Conf., 10/27/94
OTA Report - Information Security & Privacy in Network Environments
GPO Puts Bills Online, but Wants You to Pay for Them Twice
Horde of New NII Documents Online at EFF
What YOU Can Do
Subject: EFF Organizational Changes: New Exec. Dir., New Privacy Project
** Taubman Executive Director, Berman Policy Director **
September 28, 1994
The Chairman and Board of Directors of the Electronic Frontier Foundation
(EFF) today announced the immediate appointment of Andrew E. Taubman as
Executive Director of EFF. The Board of Directors approved the hiring of
Mr. Taubman at its most recent meeting in mid-July. At the same time,
Jerry Berman, Executive Director since January 1992, was appointed the
Director of Policy. The move was made to effect the best placement of
talents and experience. Mr. Taubman will focus on EFF as an organization,
while Mr. Berman's role in policy and legislative development will
continue in recognition of the increased significance of EFF's political
role in Washington.
"I am delighted to welcome Drew to EFF, where we expect him to play a
major role in orchestrating the next phase of development of the
organization. The Board went through a long and thoughtful process to
find the best candidate, and in Drew we believe we have him," said
Mitchell Kapor, co-founder of EFF.
Prior to joining EFF, Mr. Taubman was the President/Managing Partner of
The Taubman Group, a Cleveland-based management consultancy created in
1985 for public sector and related organizations. His professional
positions include appointments as Vice President of the Cleveland
Institute of Music, Ohio; Executive Director of The Ohio Caring
Foundation's Caring Program For Children, Cincinnati; Director of
Development and Alumni Affairs/Associate Director of the University of
Cincinnati Foundation, Ohio; Associate Director of Development at Wright
State University, Dayton, Ohio; Cultural Arts Director of The Leo
Yassenoff Center, Columbus, Ohio; and Development Officer, Public
Television and Radio at Michigan State University, East Lansing,
Michigan. His community involvement as a committee member/officer or
trustee has been regular and diversified in health care and the arts. He
has consulted and testified on healthcare reform, social service,
education, and the arts.
Mr. Taubman received his BA in Arts Administration from Michigan State
University and has continued his professional education with a focus on
the non-profit sector.
** EFF Privacy and Technology Project **
An additional organizational change at EFF was the creation in May of the
Privacy and Technology Project. This project is headed by Janlori
Goldman, former Director of the Privacy and Technology Project at the
ACLU. Ms. Goldman is assisted by Staff Counsel Deirdre K. Mulligan, a
1994 graduate of Georgetown Law School, who assisted on the ACLU project
while a Public Interest Law Scholar in law school.
** Legal Services and Community Building **
Concurrent with the implementation of these recent changes, EFF's Board
of Directors is committed to continued support for Legal Services and
increased development of the Community Building aspect of EFF's mission.
"I am very optimistic about this change," said co-founder John Perry
Barlow. "Jerry Berman needs to be in a position to focus on policy, and
we think we've built an organization that can support his efforts rather
than require his continuous attention to administrative detail. EFF has
a revitalized focus on community services and understanding the issues
involved in civilizing cyberspace. Drew Taubman is exactly the person to
run this phase of EFF."
For further information, please contact Kathleen Zaffina at
kzaff...@eff.org or 202/347-5400.
Subject: Rep. Edwards Announcement on Digital Telephony, Oct. 7, 1994
Representative Don Edwards (D-CA), Chairman of the House Judiciary
Subcommittee on Civil and Constitutional Rights, and principal House
author of the Digital Telephony bill which passed the House Wednesday,
asked EFF to forward the attached memo to the net community.
This memo does not represent EFF statements or policy. Please direct
any comments to the office of Rep. Edwards.
Please feel free to distribute this document widely.
Date: October 7, 1994
To: Persons Interested in the Digital Telephony "Wiretap" Bill
From: Don Edwards
Subcommittee on Civil and Constitutional Rights
House Judiciary Committee
My legislation, H.R. 4922, would be a major improvement over the current
relationship between the telecommunications industry and law enforcement.
Currently, the FBI holds the upper hand regarding decisions about security
and privacy, in a relationship that is shielded from public scrutiny.
In my estimation, there should be no doubt that future telecommunications
systems and services will be designed with law enforcement wiretap needs in
mind. Indeed, in opposing my bill the phone companies argued that no
legislation was needed because they were working to accommodate law
enforcement's demands without legislation. For me, therefore, the key
questions were whether that accommodation would be developed in the
sunshine and whether privacy would be a requirement given equal status with
the requirements of law enforcement.
** Closed Door Meetings or Sunshine **
For over a year, an industry committee that includes all of the major phone
companies, cellular providers and equipment manufacturers has been working
with the FBI and other law enforcement agencies to develop design proposals
to ensure wiretap accessibility in new and existing systems.
The sloe mission of the committee is to satisfy law enforcement's stated
"needs". Privacy is not within the charter of standards for digital
switches, cellular systems, evolving Personal Communications Services, the
Advanced Intelligent Network, and cable TV systems. The process is totally
closed to the public. All participants in the meetings are required to
sign non-disclosure agreements. Without legislation, that process will
continue behind closed doors.
** Three Principles of Accountability **
This status quo is unacceptable. Deliberations of industry and law
enforcement regarding the future of the telecommunications system should be
controlled in three ways, which my legislation would achieve:
(1) Statutory parameters must be set on the scope of what can be required
of telephone companies. Under current practice, law enforcement is
defining its "needs" to industry, which accepts them without question. Our
bill, in contrast, has substantially narrowed law enforcement's capability
requirements, setting a floor. In terms of capacity, our bill specifically
requires a notice and comment rule-making in the Federal Register, so the
whole country can know what law enforcement is doing.
(2) Privacy must be a requirement on an equal footing with law enforcement
interests. Our bill, for the first time ever, requires telephone companies
to affirmatively protect the privacy and security of communications not
authorized to be intercepted, and gives the FCC regulatory authority over
industry compliance with privacy standards. Up until now, phone companies
have had no duty to protect privacy. Whether communications were secure or
not had Been an artifact of telephone technology.
(3) There must be sunshine and accountability. Without H.R. 4922, the
phone companies will never have to tell anybody what they have done to
"accommodate" law enforcement. My bill requires that industry standards be
published. It gives any member of the public the right to challenge any
standard before the FCC and in court if it does not adequately protect
privacy. All FCC proceedings will be on the public record. The General
Accounting office will report every two years on what modifications have
been made in telecommunications systems and what modifications are being
** Internet Exempted from Wiretap Requirements in HR 4922 **
Finally, I should remind all interested persons that the bill does not
cover the Internet. The report on the bill clearly states:
"The definition of telecommunications carrier does not include persons or
entities to the extent that they are engaged in providing information
services, such as electronic mail providers, on-line services providers
such as Compuserve, Prodigy, America-On-Line, or Mead Data, or Internet
For a copy of the latest version of the bill, see:
gopher.eff.org, 1/EFF/Policy/Digital_Telephony, digtel94.bill
See digtel94_analysis.eff in the same directory for EFF's analysis of the
Leahy/Edwards Digital Telephony legislation.
Subject: National Research Council Study of National Cryptography Policy
** A Study of National Cryptography Policy **
September 14, 1994
Cryptographic technologies are critical to a wide variety of important
military and civilian applications involving sensitive or classified
information that must be protected from unauthorized disclosure. In
addition, cryptography is a key component of most authentication
technologies, i.e., technologies to guarantee the identity of a message's
sender. National cryptography policy has important implications for
U.S. economic competitiveness, national security, law enforcement
interests, and protection of the rights of private U.S. citizens.
In an attempt to clarify some of the relevant policy issues, Public Law
103-160 (passed by the U.S. Congress in November 1993) called for a
comprehensive study from the National Research Council on
cryptographic technologies and national cryptography policy. The study
will commence in the first week of October 1994. As this study
proceeds, the committee will make all feasible attempts to solicit a wide
range of input and commentary from interested parties. Input will be
presented to the committee through a mix of briefings, presentations,
consultations, invited and contributed papers, and testimony at regional
public hearings. In addition, members of the interested public are
invited to submit input to the committee as described below.
The study plans to address the following issues:
* the impact of current and possible future restrictions and standards
regarding cryptographic technology on
- the availability of such technology to foreign and domestic
parties with interests hostile to or competitive with the
national security, economic, commercial, and privacy
interests of the U.S. government, U.S. industry, and private
- the competitiveness of U.S. manufacturers of such technology
in the international market;
- the competitiveness and performance of commercial U.S.
users of such technology;
- U.S. national security and law enforcement interests;
* the strength of various cryptographic technologies known and
anticipated that are relevant for commercial and private purposes;
* current and anticipated demand for information systems security
based on cryptography;
* the impact of foreign restrictions on the use of, importation of, and
the market for cryptographic technology;
* the extent to which current cryptography policy is adequate for
protecting U.S. interests in privacy, public safety, national
security, and economic competitiveness;
* strengths and weaknesses of current key escrow implementation
* how technology now and in the future can affect the feasible policy
options for balancing the national security and law enforcement
interests of government and the privacy and commercial interests
of U.S. industry and private U.S. citizens;
* recommendations for the process through which national security,
law enforcement, commercial, and privacy interests are balanced
in the formulation of national cryptography policy.
The study will be conducted by a 17-member committee (listed at the
end of this document) that collectively has expertise in computer and
communications technology; cryptographic technologies and
cryptanalysis; foreign, national security, and intelligence affairs; law
enforcement; science policy; trade policy; commercial and business
dimensions of computer technology (hardware and software vendors,
users of cryptographic technologies); and interests in privacy and civil
liberties. A subpanel of the full committee will be cleared at the SI
level and have access to all relevant information to ensure that the
findings, conclusions, and recommendations of the unclassified report
are consistent with what is known in the classified world.
The project plan calls for the study to be delivered approximately two
years after full processing of all necessary security clearances.
However, the NRC will make every attempt to deliver the study sooner,
and it currently believes that the core work of the study will be
completed about 18 to 20 months after funding for the study has been
received. Additional time will be devoted to dissemination of the study
report and follow-up activities.
The final report of the study committee is subject to NRC review
procedures that ensure the objectivity and integrity of all NRC reports.
The main text of the report will be unclassified; classified annexes (if
any) will be made available only to those with the appropriate security
** Providing Input to the Committee **
The questions that the study is expected to examine are provided above.
Members of the interested public are invited to submit their views on
these questions and any other questions that you believe the committee
should be addressing through either of the channels below. If desired,
requests for personal presentations to the committee should be submitted
through these channels as well; the committee will respond affirmatively
to as many such requests as possible, but time and resource constraints
will limit the number of such requests that can be honored.
Internet: send comments and other correspondence to
Computer Science and Telecommunications Board
National Research Council
Mail Stop HA-560
2101 Constitution Avenue, NW
Washington, DC 20418
** Committee to Study National Cryptography Policy **
Kenneth Dam, committee chair, was Deputy Secretary of State (1982-
1985) and is currently the Max Pam Professor of American and Foreign
Law at the University of Chicago Law School.
General W. Y. Smith, retired, committee vice-chair, is president
emeritus of the Institute for Defense Analyses, and has also served in a
number of military posts including that of deputy commander in chief of
the U.S. European Command in Germany.
Lee Bollinger, formerly dean of the University of Michigan Law School,
is currently provost of Dartmouth College and a constitutional scholar.
Ann Caracristi, retired, was Deputy Director of the National Security
Benjamin Civiletti was U.S. Attorney General (1979-1981), and is
currently in private practice with the law firm Venable, Baetjer, Howard
Colin Crook is senior technology officer for Citicorp.
Samuel Fuller is vice president of corporate research at Digital
Leslie Gelb is president of the Council on Foreign Relations. He served
as Assistant Secretary of State for Politico-Military Affairs
Ronald Graham is a director of information sciences at AT&T Bell Labs
and a professor of mathematics at Rutgers University.
Martin Hellman is professor of electrical engineering at Stanford
University. Dr. Hellman was one of the inventors of public key
Julius Katz is president of Hills & Company, and was deputy United
States trade representative (1989-1993).
Peter Neumann is principal scientist in the Computer Science Laboratory
at SRI International. He is the chairman of the ACM committee on
computers and public policy, and a member of the ACM study group on
Raymond Ozzie is president of Iris Associates, a wholly-owned
subsidiary of the Lotus Development Corporation. Iris Associates is the
developer of Lotus Notes.
Kumar Patel is vice chancellor for research at UCLA.
Edward Schmults was Deputy Attorney General of the United States
(1981-1984) and is a former senior vice president for external relations
and general counsel for the GTE Corporation.
Elliot Stone is executive director of the Massachusetts Health Data
Consortium, which is responsible for the collection and analysis of the
state's large health care databases.
Willis Ware, retired, is with the RAND Corporation as senior computer
scientist emeritus. He chairs the Computer System Security and Privacy
Advisory Board which was established by the Computer Security Act of
** Staff and Organizations **
Marjory Blumenthal is director of the Computer Science and
Telecommunications Board (CSTB).
Herbert Lin is study director and senior staff officer of the CSTB.
Inquiries about this study should be directed to him at 202-334-3191 or
via Internet at H...@NAS.EDU.
The National Research Council (NRC) is the operating arm of the
Academy complex, which includes the National Academy of Sciences,
the National Academy of Engineering, and the Institute of Medicine.
The NRC provides impartial and independent advice to the federal
government and other policy makers, by applying top scientific and
technical talent to answer questions of national significance. In
addition, the NRC often acts as a neutral party in convening meetings
among multiple stakeholders on various controversial issues, thereby
facilitating the generation of consensus.
Within the NRC, the CSTB considers technical and policy issues
pertaining to computer science, telecommunications, and associated
technologies as critical resources and sources of national economic
strength. A list of CSTB publications is available on request to
C...@NAS.EDU or by calling 202-334-2605.
Subject: Computers, Freedom and Privacy '95 - Call for Participation
The Fifth Conference on Computers, Freedom and Privacy -- CFP'95
Call for Participation
Sponsored by the Association for Computing Machinery and
Stanford Law School
28 - 31 March 1995
San Francisco Airport Marriott Hotel
This is an invitation to submit session and topic proposals for inclusion in
the program of the Fifth Conference on Computers, Freedom and Privacy.
Proposals may be for individual talks, panel discussions, debates, or other
presentations in appropriate formats. Proposed topics should be within the
general scope of the conference, as outlined below.
The advance of computer and telecommunications technologies holds great
promise for individuals and society. From convenience for consumers and
efficiency in commerce to improved public health and safety and increased
participation in democratic institutions, these technologies can fundamentally
transform our lives. New computer and telecommunications technologies are
bringing new meanings to our freedoms to speak, associate, be left alone,
learn, and exercise political power.
At the same time these technologies pose threats to the ideals of a just,
free, and open society. Political, social, and economic fairness may hinge on
ensuring those who are poor, disabled, or otherwise disadvantaged have access
to these technologies. Personal privacy is increasingly at risk from invasion
by high-tech surveillance and eavesdropping. The myriad databases containing
personal information maintained in the public and private sectors expose
private life to constant scrutiny.
Technological advances also enable new forms of illegal activity, posing new
problems for legal and law enforcement officials and challenging the very
definitions of crime and civil liberties. But technologies used to combat
these crimes can threaten the traditional barriers between the individual and
Even such fundamental notions as speech, assembly and property are being
transformed by these technologies, throwing into question the basic
Constitutional protections that have guarded them. Similarly, information
knows no borders; as the scope of economies becomes global and as networked
communities transcend international boundaries, ways must be found to
reconcile competing political, social, and economic interests in the digital
The Fifth Conference on Computers, Freedom and Privacy will assemble experts,
advocates and interested people from a broad spectrum of disciplines and
backgrounds in a balanced public forum to explore and better understand how
computer and telecommunications technologies are affecting freedom and privacy
in society. Participants will include people from the fields of computer
science, law, business, research, information, library science, health, public
policy, government, law enforcement, public advocacy, and many others.
Topics covered in previous CFP conferences include:
Personal Information and Privacy
Access to Government Information
Computers in the Workplace
Electronic Speech, Press and Assembly
Governance of Cyberspace
Role of Libraries on the Information Superhighway
Free Speech, Cryptography, and the Public Communications Network
We are also actively seeking proposals with respect to other possible topics
on the general subject of computers, freedom and privacy. Some new topics we
are considering include:
Telecommuting: Liberation or Exploitation?
Courtesy, and the Freedom to be Obnoxious
Commercial Life on the Net
How Does the Net Threaten Government Power?
Are Computers Killing Intellectual Property?
Universal Access to Network Services
The Meaning of Freedom in the Computer Age
All proposals should be accompanied by a position statement of at least one
page, describing the proposed topic. Proposals for panel discussions, debates
and other multi-person presentations should include a list of proposed
participants and session chair. Proposals should be sent to:
Stanford Law and Technology Policy Center
Stanford Law School
Stanford, California 94305-8610
or by email to: cf...@forsythe.stanford.edu with the word "Proposal" in the
subject line. Proposals should be submitted as soon as possible to allow
thorough consideration for inclusion in the formal program. The deadline for
submissions is 1 November 1994.
STUDENT PAPER COMPETITION
Full time students are invited to enter the student paper competition. Winners
will receive a scholarship to attend the conference and present their papers.
Papers should not exceed 2,500 words and should examine how computer and
telecommunications technologies are affecting freedom and privacy in society.
All papers should be submitted to Professor Gary T. Marx by 20 November 1994.
Authors may submit their papers either by sending them as straight text via
email to: Gary.M...@colorado.edu or by sending six printed copies to:
Professor Gary T. Marx
University of Colorado
Campus Box 327
Boulder, Colorado 80309-0327
Submitters should include the name of their institution, degree program, and a
signed statement affirming that they are a full-time student at their
institution and that the paper is an original, unpublished work of their own.
For more information on the CFP'95 program and advance registration, as it
becomes available, write to:
Stanford Law and Technology Policy Center
Stanford Law School
Stanford, California 94305-8610
or send email to: cf...@forsythe.stanford.edu with the word "Information" in
the subject line.
Please distribute and post this notice!
Subject: EFF's Godwin to Speak at Criminal Law in Cyberspace Conf., 10/27/94
District of Columbia Bar Association
The New Technology Committee of the Computer Law Section, and the Criminal
Law and Individual Rights Section, invite you to a Panel Discussion entitled:
** CRIMINAL LAW IN CYBERSPACE: OUTLAWS ON THE NET **
Speakers: Scott Charney, Chief, Computer Crimes
Unit of the U.S. Department of Justice
Mike Godwin, Counsel to the Electronic Frontier Foundation
Mark D. Rasch, Arent Fox Kintner Plotkin & Kahn
Moderator: Andrew Grosso, Co-Chair, New Technology Committee
Whenever a new technology becomes prevalent, the law enters a period of
struggle during which it tries to find adequate means for resolving disputes
involving that technology, and for protecting the rights of people affected
by it. We are now in such a period for the Internet and the developing
National Information Infrastructure (NII). Of all legal fields, the struggle
concerning the criminal law is the most pronounced, since old statutes
must be narrowly construed to protect civil liberties, while used in a
creative fashion in order to deter malevolent acts which have never seen
before. This program focuses on computer network crime having national
and international ramifications, including several recent investigations and
This panel brings together noted experts in the field of civil liberties and
computer crime to discusses the issues presented by the latest
developments in this area. Scott Charney is the Chief of the Computer
Crimes Unit of the U. S. Department of Justice, and is actively involved
in the formulation of federal policy with regard to computer-related
crimes. Mike Godwin is the On Line Legal Counsel for the Electronic
Frontier Foundation who is a respected defender of civil liberties for
telecommunications users. Mark D. Rasch is prominent defense attorney
who, while an attorney with the Fraud Section of the Department of
Justice, prosecuted the "Internet Worm" case in 1989. Andrew Grosso,
the panel moderator, is a Co-Chair of the New Technology Committee and
a former federal prosecutor. Written materials by the panelists will
Date: Thursday, October 27, 1994
Time: 12:00 Noon
Place: D.C. Bar Headquarters
1250 H Street, N.W.
Cost: Box Lunch: $25.00 for Section members and
students; $30.00 for Non-Members.
Program Only: $19.00 for Section Members and students;
$24.00 for Non-Members.
** Registration Form **
Mail to: Computer Law Section
D.C. Bar, 1250 H Street, N.W. 6th Floor
Washington, D.C. 20005-3908
Please reserve ____________ spaces(s) for me at the October 27 program.
Enclosed is my check for __________ made payable to the DC Bar.
Checks must be received by October 25. Sorry, phone reservations cannot
Name(s) Phone(s) Bar No(s). Bar Member?
_____________ ____________ ___________ Yes/No
_____________ ____________ ___________ Yes/No
_____________ ____________ ___________ Yes/No
Please notify the Sections Office (202-626-3463) if you require any
special dietary or physical accommodations.
Subject: OTA Report - Information Security & Privacy in Network Environments
OFFICE OF TECHNOLOGY ASSESSMENT
Washington, DC 20510
** Information Security and Privacy in Network Environments **
The OTA report "Information Security and Privacy in Network
Environments" is now available. The report was released on
September 23, 1994. Ordering information and details about
electronic access are at the end of this file.
** Congress Must Step in to Protect Personal Privacy **
As electronic transactions and records become central to
everything from commerce and tax records to health care, new
concerns arise for the security and privacy of networked
information. These concerns, if not properly resolved,
threaten to limit networking's full potential in terms of
participation and usefulness, says the congressional Office
of Technology Assessment (OTA) in a report released today.
Some 20 to 30 million people worldwide can exchange messages
over the Internet. Every day U.S. banks transfer about $1
trillion among themselves, and New York markets trade an
average of $2 trillion in securities. Nearly all of these
transactions pass over information networks.
The report "Information Security and Privacy in Network
Environments" focuses on safeguarding unclassified
information in networks, not on the security or
survivability of networks themselves, or on the reliability
of network services to ensure information access.
Appropriate safeguards must account for--and anticipate--
technical, institutional, and social changes that
increasingly shift responsibility for safeguarding
information to the end users, says OTA. The laws currently
governing commercial transactions, data privacy, and
intellectual property were largely developed for a time when
telegraphs, typewriters, and mimeographs were the commonly
used office technologies and business was conducted with
paper documents sent by mail. Technologies and business
practices have dramatically changed, but the law has been
slower to adapt, says OTA.
Information safeguards, especially those based on
cryptography, are achieving new prominence. OTA emphasizes
that decisions about cryptography policy will affect the
everyday lives of most Americans because cryptography will
help ensure the confidentiality and integrity of health
records and tax returns, speed the way to electronic
commerce, and manage copyrighted material in electronic
form. Congress has a vital role in formulating national
cryptography policy, says OTA, and more generally in
safeguarding electronic information and commercial
transactions and protecting personal privacy in a networked
A field of applied mathematics/computer science,
cryptography is the technique of concealing the contents of
a message by a code or a cipher. The message is
unintelligible without special knowledge of some secret
(closely held) information, the key that "unlocks" the
encrypted text and reveals the original text. Key
management is fundamental to security. It includes
generation of the encryption key or keys, as well as their
storage, distribution, cataloging, and eventual destruction.
The federal government still has the most expertise in
cryptography, says OTA. As a developer, user, and regulator
of safeguard technologies, the federal government faces a
fundamental tension between two important policy objectives:
fostering the development and widespread use of cost-
effective safeguards; and--through use of federal standards
and export controls--controlling the proliferation of
commercial safeguard technologies that can impair U.S.
signals-intelligence and law-enforcement capabilities.
The concern is reflected in the ongoing debates over key-
escrow encryption and the government's Escrowed Encryption
Standard (EES). The Clinton Administration announced the
"escrowed-encryption" initiative, often called the "Clipper
chip," in 1993. This type of encryption is intended to
allow easy decryption by law enforcement when the equivalent
of a wiretap has been authorized. The Department of
Commerce issued the EES, developed by the National Security
Agency (NSA), as a federal information processing standard
for encrypting unclassified information in February 1994.
The initiative in general and the EES in particular have
seen intense public criticism and concern, OTA reports. The
controversy and unpopularity stem in large part from privacy
concerns and the fact that government-designated "escrow
agents" will hold the users' cryptographic keys.
Congress has asked the National Research Council (NRC) to
conduct a major study, expected to be available in 1996,
which would support a broad review of cryptography. OTA
presents several options for congressional consideration in
the course of such a review. Because the timing of the NRC
review is out of phase with the government's implementation
of key-escrow encryption, one option would be to place a
hold on further deployment of key-escrow encryption, pending
a congressional policy review.
An important outcome of a broad review of national
cryptography policy, says OTA, would be the development of
more open processes to determine how cryptography will be
deployed throughout society, including the development of
infrastructures to support electronic commerce and network
use of copyrighted materials. More openness would build
trust and confidence in government operations and leadership
and allow for public consensus-building.
OTA examines and offers policy options for congressional
consideration in three areas: 1) cryptography policy,
including federal information processing standards and
export controls; 2) guidance on safeguarding unclassified
information in federal agencies; and 3) legal issues and
information security, including electronic commerce,
privacy, and intellectual property.
Requesters for the report are the Senate Committee on
Governmental Affairs and the House Subcommittee on
Telecommunications and Finance.
OTA is a nonpartisan analytical agency that serves the U.S.
Congress. Its purpose is to aid Congress with the complex
and often highly technical issues that increasingly affect
** Congressional Comment **
Senator John Glenn (D-OH) Chairman, Senate Committee on
"In the new electronic age, we are relying more and
more on information technology to streamline government,
educate our children, make health care more accessible and
affordable, and make our businesses more productive and
competitive. This rush to embrace a new age of technology
must not, however, obscure our ongoing responsibility to
protect important information and maintain the personal
privacy of citizens.
"Because we need policies and practices to match the
reality of this new age, I joined with Senator Roth in
asking the Office of Technology Assessment (OTA) to study
security and privacy issues in the network environment. I
am very happy to say that OTA's report provides an excellent
summary of these issues. More importantly, OTA spells out
clear steps that Congress and the Executive Branch should
consider if we are to develop policies and practices equal
to the task of providing security and privacy protections in
an increasingly networked world.
"The Senate Committee on Governmental Affairs, which I
chair has already rung warning bells in this area. Our
oversight of agency operations has uncovered threats to
security and privacy as diverse as foreigners hacking into
Department of Defense computers and IRS employees browsing
through computerized taxpayer records. We must recognize
that new technologies, particularly the development of
computer networks, are leapfrogging security and privacy
controls designed for a simpler time. Policies and
practices for managing paper file cabinets simply are no
match for the instantaneous world-wide flow of data through
"Addressing the needs of this new world demands that we
find fair balancing points among often competing imperatives
for personal privacy, law enforcement, national security,
governmental efficiency, and economic competitiveness.
OTA's very insightful report highlights the need for the
development of new security and privacy controls, which
should be done openly, with thorough debate and public
accountability. Therefore, in the next Congress, this
Committee will continue its oversight of agency operations
and will pursue legislation to ensure that government
agencies handle data from citizens and businesses
responsibly, and that government employees entrusted with
maintaining security are held accountable for breaches or
misuse of their responsibilities.
"I commend the Office of Technology Assessment for its
timely and very insightful contribution to the development
of policies and practices that can match the realities of
the emerging electronic information age."
Senator William V. Roth, Jr. (R-DE), Ranking Republican,
Senate Committee on Governmental Affairs:
"Since 1988, computer network security breaches have
grown dramatically, increasing 50% per year on the Internet
--today's information highway. The ability of the
government to protect Americans' most private information is
at stake. For example, the Internal Revenue Service is
among those agencies who rely increasingly on computer
networks for such things as filing tax returns. Anyone who
pays federal taxes has to wonder who might be browsing
through their personal financial data.
"We need to recognize the potential danger and act
accordingly. Last year, I asked the Office of Technology
Assessment to look at such problems and recommend changes.
Its report highlights how today's government institutions
are poorly structured to deal with information security.
Moreover, the report underscores the fact that much more
work must be done. I intend to pursue hearings on the
report and amendments to the Computer Security Act."
** How to Obtain This Report **
* ORDERING INFORMATION: For copies of the 252-page report
"Information Security and Privacy in Network Environments"
for congressional use, please call (202) 224-9241. Copies
for noncongressional use are available from the
Superintendent of Documents for $16.00 each. To order, call
(202) 512-0132 (GPO's main bookstore) or (202) 512-1800 and
indicate stock number 052-003-01387-8. Or you can send
your check or your VISA or MasterCard number and expiration
date to Superintendent of Documents, P.O. Box
371954, Pittsburgh, PA 15250-7974 , [FAX (202) 512-2250].
For free 8-page summaries, please call (202) 224-8996.
Federal Express service is available for an additional $8.50
* ELECTRONIC ACCESS: The full report is available
electronically. To download via ftp from OTA, use the
following procedures: ftp to otabbs.ota.gov (126.96.36.199)
Login as anonymous. Password is your e-mail address. The
files are located in /pub/information.security and the file
names and sizes are:
Appendix A--Congressional Letters of Request and
Appendix B--Computer Security Act and Related
Documents--are not available electronically.
Subject: GPO Puts Bills Online, but Wants You to Pay for Them Twice
The US Federal Government Printing Office announced last week that it
"now has all Congressional Bills available online", as part of its "GPO
Access" program. "The Congressional Bills database contains all published
versions of House and Senate bills introduced since the start of the 103d
Though the GPO promises updates to the database by 6am each publishing day,
the service is still of limited usefulness to those trying to track the
progress of active legislation. Worse yet, GPO expects you to pay for
online access to the bills, and the Federal Register, even though your taxes
paid for them already, and even though the documents are not covered by
copyright and are often available from a variety of internet servers
(generally piecemeal - sites tend to archive only those documents related
to their own interests, though others are more comprehensive but lagging
behind or prohibitively expensive). The Library of Congress' own LOCIS
system provides the text of bills via telnet. Without user fees. However,
this method of access leaves a lot to be desired compared to ftp, gopher,
or WWW access.
The GPO's Sept. 27, 1994 press release outlined several payment schedules
ranging from $35/mo. to $375/year for full or partial single-workstation
Other problems include failure to implement the system in accordance with
simple and widespread standards (e.g. it is necessary to purchase a
specialized WAIS client to use the GPO's wide-area information server's
features), and failure to provide all of the available material to
dialup users as opposed to internet users.
On the bright side, access to Federal Depository Library patrons is free,
when there's a connection at all and a terminal available. And the posting
of the bills for a fee can be regarded as something of a good start (i.e.,
it did not require additional legislation to whip the GPO into gear). But
is this enough to make this move by the GPO applaudable? Or is this
just a mildly "better than nothing" arrangement? That's up to you to
decide. Comments can be submitted to +1 202 512 1530 (voice), +1 202 512
1262 (fax), or h...@eids05.eids.gpo.gov.
For the original GPO press release, see:
gopher.eff.org, 1/Alerts, gpo_online.announce
[Note: "Flaming" the GPO admins will not help. What might go a long way,
over time, to getting these problems resolved are reasoned submissions
explaining why failure to adhere to the WAIS standard, and why charging for
access to something that is far cheaper to produce than its paper
equivalent (and already paid for anyway), are perhaps misguided solutions.
Readers might additionally like to know that Congress's General Accounting
Office (GAO) is now putting it's material online, but also for a fee.]
Subject: Horde of New NII Documents Online at EFF
There's been a flurry of document-releasing recently at the Information
Infrastructure Task Force, the National Performance Review, the National
Telecommunications and Information Administration, and the Patent &
Trademark Office. EFF is archiving many of the more important documents,
including several time-sensitive notices of inquiry, annoucements of
conferences, and requests for comments, all of which YOU can participate in.
How much of this is hype and how much of this deserves serious attention
is a good question, but one might wish to keep in mind that the more
agencies talk about regulating NII issues at the same time they are talking
about the NII being more like (or just plain being) the Internet, the
closer they are to talking about regulating the Internet outright. Speak
up now or forever hold thy peace. There are several Requests for Comment
included in here, and you owe it to yourself to submit clear and direct
comments letting regulators know what you think needs to be done or not done.
[NOTE: Due to large number of IITF docs, IITF material may be moved to
a Gov_docs subdirectory of .../OP - if you find that the files aren't there,
just append Gov_docs to the paths above. This move is not imminent, but
cat_iitf.charter - Charter of the IITF Committee on Applications and Tech.
fed_med_edu_agri_nii_funding.notices - pile of Federal govt. funding mechan-
ism and grant notices re: agricultur-
al telecom, telemedicine, and distance
gii_iitf.note - Short IITF document on the Global Information Infrastructure.
Maybe some less parochial memes are catching on?
hiawg_iitf.charter - Charter of the IITF Health Information and Applications
iitf.faq - factsheet on IITF, what it is, and what it does.
iitf_0912.report - monthly IITF Committee Report for Sept. 1994
iitf_goals_nii.paper - Selection of IITF papers, "The Information Infrastruc-
ture: Reaching Society's Goals".
nii_access_051394_ntia_cpuc_hearing.summary - Summary of NTIA and Calif. Pub.
Utility Commission hearing
on open access and the NII
nii_access_051394_ntia_cpuc_hearing.transcript - transcript of above hearing
nii_prinicples_progress.report - Clinton Administration "NII Progress Report"
and "NII Principles and Actions: A Checklist
of Progress" report, 93-94.
See also WWW version at:
nist_nii_framework.report - NIST report, "Framework for NII Services".
for WWW version with graphics.
npr_it_082294.report - NPR report, "Reengineering Through Information
ntia_iitf_nii_94_hearings.report - NTIA/IITF summary of 1994 hearings
on NII, open access and universal service.
Subtitled "America Speaks Out", natch.
ntia_iitf_uniserv_conf.announce - Announcement of NTIA/IITF virtual
conference on universal service and the
NII. * TIME SENSITIVE - DEADLINE: OCT. 14,
ntia_uniserv_access.noi - NTIA Notice of Inquiry on NII universal service
& open access issues. * TIME SENSITIVE - DEADLINE:
DEC. 14, 1994
omb_gils.notice - OMB bulletin on establishment of a Government Information
Locator Service (GILS)
pto_iitf_nii_security.rfc - Request for Comments and Notice of Hearing (PTO
and IITF) on Commercial Security in the NII.
* TIME SENSITIVE - DEADLINE: OCT. 13, 1994 *
pto_intprop_extension.rfc - Extenstion to deadline for comments submitted
in response to PTO's Request for Comments on
draft report on the NII and Intellectual Property
Rights. * TIME SENSITIVE - DEADLINE: OCT. 21,
putting_ii_to_work_iitf.report - IITF report: "Putting Information
Infrastructure to Work"
putting_ii_to_work_iitf.comments - public comments from a variety of
individuals and organizations on the
s1822_doc_irving_092094.testimony - Dept. of Commerce Asst. Secy. Larry
Irving's Sept. 20 1994 US Senate testimony
before the Antitrust, Monopolies and Bus-
iness Rights Subcommittee of the Judiciary
on S. 1822, the would-be Communications
Act of 1994 (Senate companion to the
Markey bill, HR. 3636, which implemented
most of EFF's Open Platform NII
satel_gii_doc_irving_hr_072894.testimony - Dept. of Commerce's Larry Irving
testimony to House of Rep. on
satellite-based technologies and
tpwg_cat_iitf.charter - Charter of the Technology Policy Working Group of
the Committee on Applications and Technology of IITF
Subject: What YOU Can Do
"The net poses a fundamental threat not only to the authority of the
government, but to all authority, because it permits people to organize,
think, and influence one another without any institutional supervision
whatsoever. The government is responding to this threat with the Clipper
- John Seabrook, "My First Flame", _New_Yorker_ 06/06/94
Ensuring the democratic potential of the technologies of computer-mediated
communication requires active participation in the political processes that
shape our destinies. Government agencies, legislatures and heads of state
are accustomed to making decisions about the future of technology, media,
education, and public access to information, with far-reaching and
long-lasting effects on citizens and their lives, but are accustomed to
doing so with little input or opposition from anyone but the largest of
corporations, and other government representatives.
Now, more than ever, EFF is working to make sure that you can play an
active role in making these choices. Our members are making themselves heard
on the whole range of issues. EFF collected over 5000 letters of support
for Rep. Maria Cantwell's bill to liberalize restrictions on cryptography.
We also gathered over 1400 letters supporting Sen. Leahy's open hearings on
the proposed Clipper encryption scheme, which were held in May 1994. And
EFF collected over 90% of the public comments that were submitted to NIST
regarding whether or not Clipper should be made a federal standard.
Additionally, EFF has worked for the passage of legislation that would
ensure open access to the information infrastructure of today and tomorrow,
and continues to provide some of the best online resources on privacy,
intellectual freedom, the legalities of networking, and public access to
government representatives and information.
You *know* privacy, freedom of speech and ability to make your voice heard
in government are important. You have probably participated in our online
campaigns and forums. Have you become a member of EFF yet? The best way to
protect your online rights is to be fully informed and to make your
opinions heard. EFF members are informed and are making a difference. Join
For EFF membership info, send queries to members...@eff.org, or send any
message to i...@eff.org for basic EFF info, and a membership form.
EFFector Online is published by:
The Electronic Frontier Foundation
1001 G Street NW, Suite 950 E
Washington DC 20001 USA
+1 202 347 5400 (voice)
+1 202 393 5509 (fax)
+1 202 638 6119 (BBS - 16.8k ZyXEL)
+1 202 638 6120 (BBS - 14.4k V.32bis)
Internet fax gate: remote-printer....@188.8.131.52.184.108.40.206.0.2.1.tpc.int
Coordination, production and shipping by:
Stanton McCandlish, Online Activist/SysOp/Archivist <m...@eff.org>
Reproduction of this publication in electronic media is encouraged. Signed
articles do not necessarily represent the views of EFF. To reproduce
signed articles individually, please contact the authors for their express
permission. Press releases and EFF announcements may be reproduced individ-
ually at will.
To subscribe to EFFector via email, send message body of "subscribe
effector-online" (no "quotes") to listse...@eff.org, which will add you
to a subscription list for EFFector.
To get the latest issue, send any message to e...@eff.org, and it will be
mailed to you automagically. You can also get ftp.eff.org,
/pub/EFF/Newsletters/EFFector/current at any time.
Internet Contact Addresses
Membership & donations: members...@eff.org
Legal services: sste...@eff.org
Hardcopy publications: p...@eff.org
Technical questions/problems, access to mailing lists: e...@eff.org
General EFF, legal, policy or online resources queries: a...@eff.org
End of EFFector Online v07 #13
<A HREF="http://www.eff.org/~mech/mech.html"> Stanton McCandlish
</A><HR><A HREF="mailto:m...@eff.org"> m...@eff.org
</A><P><A HREF="http://www.eff.org/"> Electronic Frontier Fndtn.
</A><P><A HREF="http://www.eff.org/~mech/a.html"> Online Activist </A>