[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

A Study of National Cryptography Policy



Please forward this message to any individual or mailing list
that you believe should receive it.  If you have seen it already, our apologies.
Many thanks..
*********************
As part of the Defense Authorization Bill for FY 1994, the U.S. Congress
has asked the Computer Science and Telecommunications Board
(CSTB) of the National Research Council (NRC) to undertake a study of
national policy with respect to the use and regulation of cryptography.
The report of the study committee is due two years after all necessary
security clearances have been processed, probably sometime summer
1996, and is subject to NRC review procedures.  The legislation
states that 120 days after the day on which the report is submitted to
the Secretary of Defense, the Secretary shall submit the report to the
Committees on Armed Services, Intelligence, Commerce, and the
Judiciary of the Senate and House of Representatives in unclassified
form, with classified annexes as necessary.

This study is expected to address the appropriate balance in cryptography policy
among various national interests (e.g., U.S. economic competitiveness
(especially with respect to export controls), national security, law
enforcement, and the protection of the privacy rights of individuals),
and the strength of various cryptographic technologies known today
and anticipated in the future that are relevant for commercial
purposes.  The federal process through which national cryptography
policy has been formulated is also expected to be a topic of
consideration, and, if appropriate, the project will address
recommendations for improving the formulation of national
cryptographic policy in the future.

This project, like other NRC projects, will depend heavily on input
from industry, academia, and other communities in the concerned
public.  Apart from the study committee (described below), briefings
and consultations from interested parties will be arranged and others
will be involved as anonymous peer reviewers.

It is expected that the study committee will be a high-level group that
will command credibility and respect across the range of government,
academic, commercial, and private interests.  The committee will
include members with expertise in areas such as:

  - relevant computer and communications technology;
  - cryptographic technologies and cryptanalysis;
  - foreign, national security, and intelligence affairs;
  - law enforcement;
  - commercial interests; and
  - privacy and consumer interests.

All committee members (and associated staff) will have to be cleared
at the "SI/TK" level; provisions have been made to expedite the
processing of security clearances for those who do not currently have
them.  Committee members will be chosen for their stature, expertise,
and seniority in their fields; their willingness to listen and consider
fairly other points of view; and their ability to contribute to the
formulation of consensus positions.  The committee as a whole will
be chosen to reflect the range of judgment and opinion on the subject
under consideration.

The detailed composition of the committee has not yet been decided;
suggestions for committee members are sought from the community at
large.  Note that NRC rules regarding conflict of interest forbid the
selection as committee members of individuals that have substantial
personal financial interests that might be significantly affected by the
outcome of the study.  Please forward suggestions for people to
participate in this project to [email protected] by DECEMBER 17,
1993; please include their institutional affiliations, their field(s) of
expertise, a note describing how the criteria described above apply to
them, and a way to contact them.  For our administrative
convenience, please put in the "SUBJECT:" field of your message the
words "crypto person".

Finally, some people have expressed concern about the fact that the
project will involve consideration of classified material.  Arguments
can and have been made on both sides of this point, but in any event
this particular ground rule was established by the U.S. Congress, not
by the CSTB.  Whether one agrees or disagrees with the asserted
need for classification, the task at hand is to do the best possible job
given this constraint.

On the National Research Council

The National Research Council (NRC) is the operating arm of the
Academy complex, which includes the National Academy of Sciences,
the National Academy of Engineering, and the Institute of Medicine.
The NRC is a source of impartial and independent advice to the
federal government and other policy makers that is able to bring to
bear the best scientific and technical talent in the nation to answer
questions of national significance.  In addition, it often acts as a
neutral party in convening meetings among multiple stakeholders on
any given issue, thereby facilitating the generation of consensus on
controversial issues.

The Computer Science and Telecommunications Board (CSTB) of the
NRC considers technical and policy issues pertaining to computer
science, telecommunications, and associated technologies.  CSTB
monitors the health of the computer science, computing technology,
and telecommunications fields, including attention as appropriate to
the issues of human resources and information infrastructure and
initiates studies involving computer science, computing technology,
and telecommunications as critical resources and sources of national
economic strength.  A list of CSTB publications is available on
request.