[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
INFO: White House Clipper 3.1.1 plan unveiled; continues to ignore privacy concerns
=============================================================================
____ _ _ _
/ ___|_ __ _ _ _ __ | |_ ___ | \ | | _____ _____
| | | '__| | | | '_ \| __/ _ \ _____| \| |/ _ \ \ /\ / / __|
| |___| | | |_| | |_) | || (_) |_____| |\ | __/\ V V /\__ \
\____|_| \__, | .__/ \__\___/ |_| \_|\___| \_/\_/ |___/
|___/|_|
WHITE HOUSE RELEASES CLIPPER 3.1.1 PLAN; SAME OLD STORY
EXCLUDES CONGRESS; PROPOSAL DRIVEN BY LAW ENFORCEMENT
NO CONCERNS FOR PRIVACY OF INTERNET USERS
http://www.crypto.com/
Date: October 2, 1996
URL:http://www.crypto.com/ [email protected]
If you redistribute this, please do so in its entirety,
with the banner intact.
-----------------------------------------------------------------------------
Table of Contents
Introduction
White House announces new encryption proposal
Text of White House announcement
Response from Senator Patrick Leahy (D-VT)
Response from Senator Conrad Burns (R-MT)
How to receive crypto-news
Press contacts
-----------------------------------------------------------------------------
INTRODUCTION
Interested in spreading the word in Congress about privacy rights and
encryption? Want to help Congress fight the White House's poorly
crafted, dictatorial, encryption policies?
WWW.Crypto.Com has opened up a new service, "Adopt Your Legislator",
which allows you to add your name to a targeted list for contacting
your legislators.
Whenever your legislator is teetering on an issue related to privacy or
encryption, we'll notify you directly for a focused call-in/write-in
campaign.
It's fast, it's easy, it's like having your own personal activist. Sign
up at http://www.crypto.com/ or through one of the many fine organizations
below that have links to the adoption pages:
Electronic Frontier Foundation (http://www.eff.org/)
Center for Democracy and Technology (http://www.cdt.org/)
Voters Telecommunications Watch (http://www.vtw.org/)
Look for the "My Lock, My Key" icon and follow it to help fight the
new Clipper 3.1.1 proposal and fight for your privacy!
-----------------------------------------------------------------------------
WHITE HOUSE ANNOUNCES NEW ENCRYPTION PROPOSAL
The White House announced their new encryption proposal yesterday. There are
several main points that have come out now, or will appear soon:
-jurisdictional move from State to Commerce for export applications
with a Department of Justice role
-temporary increase of key lengths to 56 bits, provided future key
escrow functionality is promised,
-joint effort with companies such as IBM to produce key escrow
products,
-increased purchasing of key recovery products by Federal agencies
to stimulate the creation of a key escrow industry, and
-legislation to legitimize the key escrow recovery market.
There are absolutely no plans to permanently increase the key length of
unescrowed encryption products. Companies who do not have an escrow plan
in place by the end of the two year temporary increase will lose their
export status.
This proposal has a number of significant problems, including:
DOMINATED AND DRIVEN BY LAW ENFORCEMENT INTERESTS
This Clipper proposal, like the three previous ones, has been driven
entirely by the concerns of law enforcement. This should come as no surprise
to even the most optimistic industry or public interest advocates.
As Senator Leahy (D-VT) says in his statement below:
Internet users themselves -- not the FBI, not the NSA, not
any government regulator -- should decide what encryption method
best serves their needs.
JUSTICE ROLE IN EXPORT APPLICATIONS A BLATANT ATTEMPT AT DOMESTIC CONTROL
OF CRYPTOGRAPHY
By allowing Justice a seat at the table in approving export applications,
the Clinton Administration has clearly demonstrated that they wish to
control the domestic cryptography market. Justice will certainly veto
the export applications of any products which they are not able to
break either by brute force or without key escrow. This will probably
end up being an even worse route for companies wishing to export
products.
TEMPORARY INCREASE IN KEY LENGTH IS NOT SUFFICIENT
The original Clipper proposal would have allowed encryption with
80 bits keys. Clipper II bandied about the number 64 as the acceptable
level of encryption. With Clipper 3.1.1, that amount has been reduced to
56 bits for the next two years. This is clearly too little too late.
CONGRESS WAS NOT CONSULTED
Congress has clearly stated their intentions with regards to the White
House policy, and this year will certainly not be the end of their
involvement in the issue. Senator Burns (R-MT) summarizes it well:
This debate is not over by any stretch of the imagination. The
administration has prevented Congress from weighing in on this issue just
as support was building for a legislative solution. I intend to move
forward with pro-encryption legislation in the next Congress.
You can continue to follow this issue at http://www.crypto.com/ !
-----------------------------------------------------------------------------
TEXT OF WHITE HOUSE ANNOUNCEMENT
THE WHITE HOUSE
Office of the Vice President
FOR IMMEDIATE RELEASE
CONTACT: 456-7035
TUESDAY, October 1, 1996
STATEMENT OF THE VICE PRESIDENT
President Clinton and I are committed to promoting the growth of electronic
commerce and robust, secure communications worldwide while protecting the
public safety and national security. To that end, this Administration is
consulting with Congress, the information technology industry, state and
local law enforcement officials, and foreign governments on a major
initiative to liberalize export controls for commercial encryption
products.
The Administration's initiative will make it easier for Americans to use
stronger encryption products -- whether at home or abroad -- to protect
their privacy, intellectual property and other valuable information. It
will support the growth of electronic commerce, increase the security of
the global information, and sustain the economic competitiveness of U.S.
encryption product manufacturers during the transition to a key management
infrastructure.
Under this initiative, the export of 56-bit key length encryption products
will be permitted under a general license after one-time review, and
contingent upon industry commitments to build and market future products
that support key recovery. This policy will apply to hardware and software
products. The relaxation of controls will last up to two years.
The Administration's initiative recognizes that an industry-led technology
strategy will expedite market acceptance of key recovery, and that the
ultimate solution must be market-driven.
Exporters of 56-bit DES or equivalent encryption products would make
commitments to develop and sell products that support the key recovery
system that I announced in July. That vision presumes that a trusted party
(in some cases internal to the user's organization) would recover the
user's confidentiality key for the user or for law enforcement officials
acting under proper authority. Access to keys would be provided in
accordance with destination country policies and bilateral understandings.
No key length limits or algorithm restrictions will apply to exported key
recovery products.
Domestic use of key recovery will be voluntary, and any American will
remain free to use any encryption system domestically.
The temporary relaxation of controls is one part of a broader encryption
policy initiative designed to promote electronic information security and
public safety. For export control purposes, commercial encryption products
will no longer be treated as munitions. After consultation with Congress,
jurisdiction for commercial encryption controls will be transferred from
the State Department to the Commerce Department. The Administration also
will seek legislation to facilitate commercial key recovery, including
providing penalties for improper release of keys, and protecting key
recovery agents against liability when they properly release a key.
As I announced in July, the Administration will continue to expand the
purchase of key recovery products for U.S. government use, promote key
recovery arrangements in bilateral and multilateral discussions, develop
federal cryptographic and key recovery standards, and stimulate the
development of innovative key recovery products and services.
Under the relaxation, six-month general export licenses will be issued
after one-time review, contingent on commitments from exporters to explicit
benchmarks and milestones for developing and incorporating key recovery
features into their products and services, and for building the supporting
infrastructure internationally. Initial approval will be contingent on
firms providing a plan for implementing key recovery. The plan will
explain in detail the steps the applicant will take to develop, produce,
distribute, and/or market encryption products with key recovery features.
The specific commitments will depend on the applicant's line of business.
The government will renew the licenses for additional six-month periods if
milestones are met. Two years from now, the export of 56-bit products that
do not support key recovery will no longer be permitted. Currently
exportable 40-bit mass market software products will continue to be
exportable. We will continue to support financial institutions in their
efforts to assure the recovery of encrypted financial information. Longer
key lengths will continue to be approved for products dedicated to the
support of financial applications.
The Administration will use a formal mechanism to provide industry, users,
state and local law enforcement, and other private sector representatives
with the opportunity to advise on the future of key recovery. Topics will
include:
. evaluating the developing global key recovery architecture
. assessing lessons-learned from key recovery implementation
. advising on technical confidence issues vis-a-vis access to
and release of keys
. addressing interoperability and standards issues
. identifying other technical, policy, and program issues
for governmental action.
The Administration's initiative is broadly consistent with the recent
recommendations of the National Research Council. It also addresses many
of the objectives of pending Congressional legislation.
-----------------------------------------------------------------------------
RESPONSE FROM SENATOR PATRICK LEAHY (D-VT)
STATEMENT OF SENATOR LEAHY ON THE
ADMINISTRATION'S NEW ENCRYPTION INITIATIVE
October 1, 1996
The timing of the Administration's announcement on encryption,
within hours of the Congress' likely adjournment, is unfortunate.
The Administration needs to work with Congress to develop a
consensus on a national encryption policy that takes account of
the privacy, law enforcement and competitiveness concerns of our
Nation's citizens and businesses.
Taking unilateral steps will not resolve this issue, but
instead could delay building the consensus we so urgently need.
This issue simply cannot by resolved by Executive fiat.
While technology should not dictate policy, particularly when
our public safety and national security interests are at issue,
any policy we adopt must protect our privacy. As the
Administration and industry rush to find an alternative to
unbreakable encryption, they should take heed that any solution
which fails to protect the Fourth Amendment and privacy rights of
our citizens will be unacceptable.
That is why, with bipartisan support, Senator Burns and I
introduced legislation in March that set out privacy safeguards
to protect the decoding keys to encrypted communications and
stringent legal procedures for law enforcement agencies to get
access to those keys.
In this plan, the Administration is directing the resources of
our high-tech industry to develop breakable, rather than
unbreakable, encryption. But no one is yet clear about who will
be legally allowed to break into encrypted messages, and under
what circumstances. These are questions that have to be answered
not only with our own government but also with foreign
governments. The weakest link in a key recovery system may be
the country with the weakest privacy protections. Internet users,
who can send messages around the globe seamlessly, do not want
the privacy of their encrypted communications to be at the mercy
of a country that ignores the Fourth Amendment principles we
enjoy here.
These are significant privacy and security concerns not
answered by the Administration's plan.
Even without reading the fine print, the general outline of
the Administration's plan smacks of the government trying to
control the marketplace for high-tech products. Only those
companies that agree to turn over their business plans to the
government and show that they are developing key recovery
systems, will be rewarded with permission to sell abroad products
with DES encryption, which is the global encryption standard.
Conditioning foreign sales of products with DES on development
of key recovery systems puts enormous pressure on our computer
industry to move forward with key recovery, whether their
customers want it or not.
Internet users themselves -- not the FBI, not the NSA, not
any government regulator -- should decide what encryption method
best serves their needs. Then the marketplace will be able to
respond. The Administration is putting the proverbial cart before
the horse, by putting law enforcement interests ahead of every
one elses.
But that is not the only catch in the Administration's plan.
Permission to export DES will end in two years. Allowing American
companies to sell DES overseas is a step long overdue. Given the
fact that a Japanese company is already selling "triple DES", one
might say this step is too little, too late. Threatening to pull
the plug on DES in two years, when this genie is already out of
the bottle, does not promote our high-tech industries overseas.
Does this mean that U.S. companies selling sophisticated computer
systems with DES encryption overseas must warn their customers
that the supply may end in two years? Customers both here and
abroad want stable suppliers, not those jerked around by their
government.
The most effective way to protect the privacy and security of
our on-line communications is to use encryption technology. Every
American should be concerned about our country's policy on
encryption since the resolution of this debate will affect
privacy, jobs and the competitiveness of our high-tech
industries.
-----------------------------------------------------------------------------
RESPONSE FROM SENATOR CONRAD BURNS (R-MT)
For immediate release: Contact: Matt Raymond
Tuesday, October 1, 1996 (202) 224-8150
Randall Popelka
(202) 224-6137
Burns Cautious on Encryption Plan
Oversight Vowed for Plan That "Raises More Questions Than It Answers"
WASHINGTON, D.C. _ Montana Senator Conrad Burns today reacted
cautiously to plans by the Clinton administration to loosen restrictions
on exports of stronger encryption for computer software and hardware. He
also criticized the White House for its failure to negotiate on the
cornerstone of its proposals: that companies must agree to "escrow" their
decryption keys.
"I have no doubt that it was the pressure of Congress, high-tech
companies and privacy advocates that dragged the White House kicking and
screaming into agreeing that export restrictions should be eased," said
Burns, chief sponsor of the Pro-CODE bill, which would loosen
restrictions on encryption exports and prohibit government-mandated key
escrow. "However, I can't say I'm pleased with a process that has all
but excluded Congress and the public from the discussion.
"The administration's insistence on key escrow as a condition of
lifting these restrictions has never been negotiable. Meanwhile, what
choice do these companies have but to yield as their global
competitiveness withers on the vine?
"This plan raises even more questions than it answers, such as,
what about the widespread availability of much stronger encryption than
that which is allowed by the White House? How do we deal with rapid
changes in technology that will inevitably render the 56-bit limit
obsolete? The devil is definitely in the details.
"This debate is not over by any stretch of the imagination. The
administration has prevented Congress from weighing in on this issue just
as support was building for a legislative solution. I intend to move
forward with pro-encryption legislation in the next Congress.
"I will also push for vigorous oversight of the administration's
plan in the Commerce Committee." The Senate Commerce Committee, of which
Burns is a member, has jurisdiction over the Commerce Department. The
administration has stated its intent to transfer export licensing
authority over encryption from the State Department to the Commerce
Department.
-----------------------------------------------------------------------------
HOW TO RECEIVE CRYPTO-NEWS
To subscribe to crypto-news, sign up from our WWW page (http://www.crypto.com)
or send mail to [email protected] with "subscribe crypto-news" in the body
of the message. To unsubscribe, send a letter to [email protected] with
"unsubscribe crypto-news" in the body.
-----------------------------------------------------------------------------
PRESS CONTACT INFORMATION
Press inquiries on Crypto-News should be directed to
Shabbir J. Safdar (VTW) at +1.718.596.2851 or [email protected]
Jonah Seiger (CDT) at +1.202.637.9800 or [email protected]
-----------------------------------------------------------------------------
End crypto-news
=============================================================================