Path: gmdzi!unido!mcsun!uunet!zaphod.mps.ohio-state.edu!mips!
pacbell.com!att!ucbvax!hoptoad!gnu
From: gnu@hoptoad.uucp (John Gilmore)
Newsgroups: sci.crypt,misc.legal,alt.privacy
Subject: Statement in Support of Communications Privacy
Message-ID: <18671@hoptoad.uucp>
Date: 19 Jun 91 05:09:36 GMT
Organization: Cygnus Support, Palo Alto
Lines: 184
Xref: gmdzi sci.crypt:54290 misc.legal:66738 alt.privacy:798

The Electronic Frontier Foundation, Computer Professionals for Social
Responsibility, and RSA Data Security Inc. cosponsored a meeting of
cryptographers, civil libertarians, business leaders, and people from
all over the government who handle cryptography and privacy issues.
The following statement was released at the meeting.

	STATEMENT IN SUPPORT OF COMMUNICATIONS PRIVACY
			Washington, DC
			 June 10, 1991

	As representatives of leading computer and 
telecommunications companies, as members of national 
privacy and civil liberties organizations, as academics and 
researchers across the country, as computer users, as 
corporate users of computer networks, and as individuals 
interested in the protection of privacy and the promotion of 
liberty, we have joined together for the purpose of 
recommending that the United States government undertake a 
new approach to support communications privacy and to 
promote the availability of privacy-enhancing technologies.  
We believe that our effort will strengthen economic 
competitiveness, encourage technological innovation, and 
ensure that communications privacy will be carried forward 
into the next decade.

	In the past several months we have become aware that 
the federal government has failed to take advantage of 
opportunities to promote communications privacy.  In some 
areas, it has considered proposals that would actually be a 
step backward.  The area of cryptography is a prime example.

	Cryptography is the process of translating a 
communication into a code so that it can be understood only by 
the person who prepares the message and the person who is 
intended to receive the message.  In the communications 
world, it is the technological equivalent of the seal on an 
envelope.  In the security world, it is like a lock on a door.  
Cryptography also helps to ensure the authenticity of 
messages and promotes new forms of business in electronic 
environments.  Cryptography makes possible the secure 
exchange of information through complex computer networks, 
and helps to prevent fraud and industrial espionage. 

	For many years, the United States has sought to restrict 
the use of encryption technology, expressing concern that such 
restrictions were necessary for national security purposes.  
For the most part, computer systems were used by large 
organizations and military contractors.  Computer policy was 
largely determined by the Department of Defense.  Companies 
that tried to develop new encryption products confronted 
export control licensing, funding restrictions, and 
classification review.  Little attention was paid to the 
importance of communications privacy for the general public.

	It is clear that our national needs are changing.  
Computers are ubiquitous.  We also rely on communication 
networks to exchange messages daily.  The national telephone 
system is in fact a large computer network.  

	We have opportunities to reconsider and redirect our 
current policy on cryptography.  Regrettably, our government 
has failed to move thus far in a direction that would make the 
benefits of cryptography available to a wider public.

	In late May, representatives of the State Department met 
in Europe with the leaders of the Committee for Multilateral 
Export Controls ("COCOM").  At the urging of the National 
Security Agency, our delegates blocked efforts to relax 
restrictions on cryptography and telecommunications 
technology, despite dramatic changes in Eastern Europe.  
Instead of focusing on specific national security needs, our 
delegates continued a blanket opposition to secure network 
communication technologies.

	While the State Department opposed efforts to promote 
technology overseas, the Department of Justice sought to 
restrict its use in the United States. A proposal was put 
forward by the Justice Department that would require 
telecommunications providers and manufacturers to redesign 
their services and products with weakened security.  In effect, 
the proposal would have made communications networks less 
well protected so that the government could obtain access to 
all telephone communications.  A Senate Committee Task Force 
Report on Privacy and Technology established by Senator 
Patrick Leahy noted that this proposal could undermine 
communications privacy.

	The public opposition to S. 266 was far-reaching.  Many 
individuals wrote to Senator Biden and expressed their concern 
that cryptographic equipment and standards should not be 
designed to include a "trapdoor" to facilitate government 
eavesdropping.  Designing in such trapdoors, they noted, is no 
more appropriate than giving the government the combination 
to every safe and a master key to every lock.

	We are pleased that the provision in S. 266 regarding 
government surveillance was withdrawn.  We look forward to 
Senator Leahy's hearing on cryptography and communications 
privacy later this year.  At the same time, we are aware that 
proposals like S. 266 may reemerge and that we will need to 
continue to oppose such efforts.  We also hope that the export 
control issue will be revisited and the State Department will 
take advantage of the recent changes in East-West relations 
and relax the restrictions on cryptography and network 
communications technology.

	We believe that the government should promote 
communications privacy. We therefore recommend that the 
following steps be taken.

	First, proposals regarding cryptography should be moved 
beyond the domain of the intelligence and national security 
community.  Today, we are growing increasingly dependent on 
computer communications.  Policies regarding the appropriate 
use of cryptography should be subject to public review and 
public debate.

	Second, any proposal to facilitate government 
eavesdropping should be critically reviewed.  Asking 
manufacturers and service providers to make their services 
less secure will ultimately undermine efforts to strengthen 
communications privacy across the country.  While these 
proposals may be based on sound concerns, there are less 
invasive ways to pursue legitimate government goals.  

	Third, government agencies with appropriate expertise 
should work free of NSA influence to promote the availability 
of cryptography so as to ensure communications privacy for 
the general public.  The National Academy of Science has 
recently completed two important studies on export controls 
and computer security.  The Academy should now undertake a 
study specifically on the use of cryptography and 
communications privacy, and should also evaluate current 
obstacles to the widespread adoption of cryptographic 
protection.

	Fourth, the export control restrictions for computer 
network technology and cryptography should be substantially 
relaxed.  The cost of export control restrictions are enormous. 
Moreover, foreign companies are often able to obtain these 
products from other sources. And one result of export 
restrictions is that US manufacturers are less likely to 
develop privacy-protecting products for the domestic market.

	As our country becomes increasingly dependent on 
computer communications for all forms of business and 
personal communication, the need to ensure the privacy and 
security of these messages that travel along the networks 
grows.  Cryptography is the most important technological 
safeguard for ensuring privacy and security.  We believe that 
the general public should be able to make use of this 
technology free of government restrictions.

	There is a great opportunity today for the United States 
to play a leadership role in promoting communications privacy.  
We hope to begin this process by this call for a reevaluation of 
our national interest in cryptography and privacy.


Mitchell Kapor, Electronic Frontier Foundation
Marc Rotenberg, CPSR
John Gilmore, EFF
D. James Bidzos, RSA
Phil Karn, BellCore
Ron Rivest, MIT
Jerry Berman, ACLU
Whitfield Diffie, Northern Telecom
David Peyton, ADAPSO
Ronald Plesser, Information Industry Association
Dorothy Denning, Georgetown University
David Kahn, author *The Codebreakers*
Ray Ozzie, IRIS Associates
Evan D. Hendricks, US Privacy Council
Priscella M. Regan, George Mason University
Lance J. Hoffman, George Washington University
David Bellin, Pratt University

(affiliations are for identification purposes only)
-- 
John Gilmore   {sun,uunet,pyramid}!hoptoad!gnu   g...@toad.com   g...@cygnus.com
*  Truth :  the most deadly weapon ever discovered by humanity. Capable of   *
*  destroying entire perceptual sets, cultures, and realities. Outlawed by   *
*  all governments everywhere. Possession is normally punishable by death.   *
						-- Richard Childers