[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
EFF Analysis of Vice-President Gore's Letter on Cryptography Policy
- To: [email protected] (computer underground digest), [email protected] (risks digest), [email protected] (eff.talk), [email protected] (fringeware), [email protected] (red rock eater), [email protected], [email protected] (thesegroups), [email protected], [email protected], [email protected] (cypherpunks)
- Subject: EFF Analysis of Vice-President Gore's Letter on Cryptography Policy
- From: Stanton McCandlish <[email protected]>
- Date: Fri, 22 Jul 1994 19:24:42 -0400 (EDT)
- Cc: [email protected] (alt.politics.datahighway), [email protected] (talk.politics.crypto), [email protected] (sci.crypt), [email protected] ([email protected]), [email protected] (alt.security.pgp), [email protected] (alt.wired), [email protected] (alt.privacy), [email protected] (alt.privacy.clipper), [email protected], [email protected] (alt.activism), [email protected] (alt.activism.d)
- Followup-To: comp.org.eff.talk,talk.politics.crypto
- Sender: [email protected]
EFF Analysis of Vice-President Gore's Letter on Cryptography Policy
-------------------------------------------------------------------
July 22, 1994
Two days ago, Vice-President Al Gore signaled a major setback in the
Administration's Clipper program, and a willingness to engage in serious
negotiations leading to a comprehensive new policy on digital privacy and
security. Many questions remain about the future, but one thing is
certain: Clipper is a dead end, and those of us who are concerned about
digital privacy have won a new opportunity to shape a better policy.
The Vice-President's letter to Rep. Maria Cantwell (D-WA) made it clear
that while Clipper might have a small place in the telephone security
market, it has no future in the digital world. "...[T]he Clipper Chip is
an approved federal standard for telephone communications and not for
computer networks and video networks. For that reason, we are working with
industry to investigate other technologies for those applications.... We
welcome the opportunity to work with industry to design a more versatile,
less expensive system. Such a key escrow system would be implementable in
software, firmware, hardware, or any combination thereof, would not rely
upon a classified algorithm, would be voluntary, and would be exportable."
Clipper does not meet most of these criteria, so, according to the Vice-
President, it is a dead end.
END OF THE LINE FOR CLIPPER -- LONG-RUN EFFORT TO DRIVE MARKET WILL FAIL
The premise of the Clipper program was that the government could drive the
market toward use of encryption products which incorporated
government-based key escrow agents. A series of subtle and not so subtle
government actions would encourage private citizens to use this technology,
thus preserving law enforcement access to encrypted communications.
Clipper was originally announced as the first element of a family of
hardware-based, government key escrow encryption devices that would meet
security needs for both voice and data communications on into the future.
Clipper itself was purely a voice and low-speed data product, but other
members of the Skipjack family, including Tessera and Capstone, were to be
compatible with Clipper and were intended to lead the way from escrowed
encryption in voice to escrowed encryption for data. Plans are already
announced, in fact, to use Tessera and Capstone in large government email
networks. At the time, the hope was that government use of this technology
would push private sector users toward key escrow systems as well.
Now, the announcement that the Administration is re-thinking plans for data
encryption standards leaves Clipper a stranded technology. No one wants to
buy, or worse yet, standardize on, technology which has no upgrade path.
As a long-run effort to force the market toward government-escrowed
encryption standards, Clipper is a failure.
WE STILL MUST WORK FOR VOLUNTARY, OPEN, EXPORTABLE STANDARDS
The fight for privacy and security in digital media is by no means over.
Though the Administration has backed away from Clipper, and expressed
willingness to talk about other solutions, we are pursuing serious progress
on the following issues:
* Improved telephone encryption standards
For the reasons listed by the Vice-President, in addition to the inherent
problems of making copies of all your keys available, Clipper is a poor
choice for telephone encryption. Industry should develop a standard for
truly secure and private telephones, make them available from multiple
manufacturers worldwide, and make them interoperate securely with audio
conferencing software on multimedia PC's.
* Truly voluntary standards
Any cryptographic standard adopted by the government for private sector use
must be truly voluntary. Voluntary means, to us, that there are statutory
guarantees that no citizen will be required or pressured into using the
standard for communications with the government, or with others. No
government benefits, services, or programs should be conditioned on use of
a particular standard, especially if it involves government or private key
escrow.
* Open standards
Standards chosen must be developed in an open, public process, free from
classified algorithms. The worldwide independent technical community must
be able to create and evaluate draft standards, without restriction or
government interference, and without any limits on full participation by
the international cryptographic community.
* No government escrow systems
Any civilian encryption standard which involves government getting copies
of all the keys poses grave threats to privacy and civil liberties, and is
not acceptable in a free society.
* Liberalization of export controls
Lifting export controls on cryptography will make the benefits of strong
cryptography widely available to our own citizens. U.S. hardware, software
and consumer electronics manufacturers will build encryption into
affordable products once they are given access to a global marketplace.
Today's widespread availability of "raw" cryptographic technology both
inside and outside the United States shows that the technology will always
be available to "bad guys".
The real question is whether our policies will allow encryption to be built
into the fabric of our national and international infrastructure, to
provide significantly increased individual privacy, improved financial
privacy, increased financial security, enhanced freedom of association,
increased individual control over identity, improved security and integrity
of documents, contracts, and licenses, reduced fraud and counterfeiting,
the creation of significant new markets for buying and selling of
intellectual property, and a lessened ability to detect and prosecute
victimless crimes.
These benefits are not free, however. EFF does recognize that new
communications technologies pose real challenges to the work of law
enforcement. Just as the automobile, the airplane, and even the telephone
created new opportunities for criminal activity, and new difficulties for
law enforcement, encryption technology will certainly require changes in
traditional investigative techniques. We also recognize that encryption
will prevent many of the online crimes that will likely occur without it.
We further believe that these technologies will create new investigative
tools for law enforcement, even as they obsolete old ones. Entering this
new environment, private industry, law enforcement, and private citizens
must work together to balance the requirements of both liberty and
security.
Finally, the export controls used today to attempt to control this
technology are probably not Constitutional under the First Amendment; if
the problems of uncontrolled export are too great, a means of control must
be found which does not restrict free expression.
CONGRESSIONAL LEADERSHIP TOWARD COMPREHENSIVE POLICY FRAMEWORK IS CRITICAL
The efforts of Congresswoman Maria Cantwell, Senator Patrick Leahy, and
other members of Congress, show that comprehensive policies on privacy,
security and competitiveness in digital communication technologies can only
be achieved with the active involvement of Congress. Unilateral policy
efforts by the Executive branch, such as Clipper and misguided export
control policies, will not serve the broad interests of American citizens
and businesses. So, we are pleased to see that the Vice-President has
pledged to work with the Congress and the private sector in shaping a
forward-looking policy. We see the Vice-President's letter to
Congresswoman Cantwell as an important opening for dialogue on these
issues.
The principles of voluntariness and open standards announced in the Vice-
President's letter, as well as those mentioned here, must be incorporated
into legislation. We believe that under the leadership of Senator Leahy,
Reps. Cantwell, Valentine, Brooks and others, this will be possible in the
next congress. EFF is eager to work with the Congress, the Administration,
along with other private sector organizations to help formulate a new
policy. EFF is also pleased to be part of the team of grass roots
activism, industry lobbying, and public interest advocacy which has yielded
real progress on these issues.
FOR MORE INFORMATION CONTACT:
Jerry Berman, Executive Director <[email protected]>
Daniel J. Weitzner, Deputy Policy Director <[email protected]>
For the full text of the Gore/Cantwell letter, see:
ftp.eff.org, /pub/Alerts/gore_clipper_retreat_cantwell_072094.letter
gopher.eff.org, 1/Alerts, gore_clipper_retreat_cantwell_072094.letter
http://www.eff.org/pub/Alerts/gore_clipper_retreat_cantwell_072094.letter