[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

INFO: White House Clipper 3.1.1 plan unveiled; continues to ignore privacy concerns



=============================================================================
          ____                  _              _   _
         / ___|_ __ _   _ _ __ | |_ ___       | \ | | _____      _____
        | |   | '__| | | | '_ \| __/ _ \ _____|  \| |/ _ \ \ /\ / / __|
        | |___| |  | |_| | |_) | || (_) |_____| |\  |  __/\ V  V /\__ \
         \____|_|   \__, | .__/ \__\___/      |_| \_|\___| \_/\_/ |___/
                    |___/|_|

             WHITE HOUSE RELEASES CLIPPER 3.1.1 PLAN; SAME OLD STORY
              EXCLUDES CONGRESS; PROPOSAL DRIVEN BY LAW ENFORCEMENT
                  NO CONCERNS FOR PRIVACY OF INTERNET USERS
		          http://www.crypto.com/

                          Date: October 2, 1996

         URL:http://www.crypto.com/            [email protected]
           If you redistribute this, please do so in its entirety,
                         with the banner intact.
-----------------------------------------------------------------------------
Table of Contents
        Introduction
	White House announces new encryption proposal
	Text of White House announcement
	Response from Senator Patrick Leahy (D-VT)
	Response from Senator Conrad Burns (R-MT)
        How to receive crypto-news
        Press contacts

-----------------------------------------------------------------------------
INTRODUCTION

Interested in spreading the word in Congress about privacy rights and
encryption?  Want to help Congress fight the White House's poorly
crafted, dictatorial, encryption policies?

WWW.Crypto.Com has opened up a new service, "Adopt Your Legislator",
which allows you to add your name to a targeted list for contacting
your legislators.

Whenever your legislator is teetering on an issue related to privacy or
encryption, we'll notify you directly for a focused call-in/write-in
campaign.

It's fast, it's easy, it's like having your own personal activist.  Sign
up at http://www.crypto.com/ or through one of the many fine organizations
below that have links to the adoption pages:

	Electronic Frontier Foundation (http://www.eff.org/)
	Center for Democracy and Technology (http://www.cdt.org/)
	Voters Telecommunications Watch (http://www.vtw.org/)

Look for the "My Lock, My Key" icon and follow it to help fight the
new Clipper 3.1.1 proposal and fight for your privacy!

-----------------------------------------------------------------------------
WHITE HOUSE ANNOUNCES NEW ENCRYPTION PROPOSAL

The White House announced their new encryption proposal yesterday.  There are
several main points that have come out now, or will appear soon:
	-jurisdictional move from State to Commerce for export applications
	 with a Department of Justice role
	-temporary increase of key lengths to 56 bits, provided future key
	 escrow functionality is promised,
	-joint effort with companies such as IBM to produce key escrow
	 products,
	-increased purchasing of key recovery products by Federal agencies
	 to stimulate the creation of a key escrow industry, and
	-legislation to legitimize the key escrow recovery market.

There are absolutely no plans to permanently increase the key length of
unescrowed encryption products.  Companies who do not have an escrow plan
in place by the end of the two year temporary increase will lose their 
export status.

This proposal has a number of significant problems, including:

DOMINATED AND DRIVEN BY LAW ENFORCEMENT INTERESTS
This Clipper proposal, like the three previous ones, has been driven
entirely by the concerns of law enforcement.  This should come as no surprise
to even the most optimistic industry or public interest advocates.
As Senator Leahy (D-VT) says in his statement below:

	Internet users themselves -- not the FBI, not the NSA, not
     any government regulator -- should decide what encryption method
     best serves their needs.

JUSTICE ROLE IN EXPORT APPLICATIONS A BLATANT ATTEMPT AT DOMESTIC CONTROL
 OF CRYPTOGRAPHY
By allowing Justice a seat at the table in approving export applications,
the Clinton Administration has clearly demonstrated that they wish to 
control the domestic cryptography market.  Justice will certainly veto
the export applications of any products which they are not able to
break either by brute force or without key escrow.  This will probably
end up being an even worse route for companies wishing to export
products.

TEMPORARY INCREASE IN KEY LENGTH IS NOT SUFFICIENT
The original Clipper proposal would have allowed encryption with
80 bits keys.  Clipper II bandied about the number 64 as the acceptable
level of encryption.  With Clipper 3.1.1, that amount has been reduced to
56 bits for the next two years.  This is clearly too little too late.

CONGRESS WAS NOT CONSULTED
Congress has clearly stated their intentions with regards to the White
House policy, and this year will certainly not be the end of their
involvement in the issue.  Senator Burns (R-MT) summarizes it well:

  This debate is not over by any stretch of the imagination.  The
  administration has prevented Congress from weighing in on this issue just
  as support was building for a legislative solution.  I intend to move
  forward with pro-encryption legislation in the next Congress.

You can continue to follow this issue at http://www.crypto.com/ !

-----------------------------------------------------------------------------
TEXT OF WHITE HOUSE ANNOUNCEMENT

THE WHITE HOUSE
Office of the Vice President

FOR IMMEDIATE RELEASE
CONTACT:  456-7035
TUESDAY, October 1, 1996

STATEMENT OF THE VICE PRESIDENT

President Clinton and I are committed to promoting the growth of electronic
commerce and robust, secure communications worldwide while protecting the
public safety and national security.  To that end, this Administration is
consulting with Congress, the information technology industry, state and
local law enforcement officials, and foreign governments on a major
initiative to liberalize export controls for commercial encryption
products.

The Administration's initiative will make it easier for Americans to use
stronger encryption products -- whether at home or abroad -- to protect
their privacy, intellectual property and other valuable information.  It
will support the growth of electronic commerce, increase the security of
the global information, and sustain the economic competitiveness of U.S.
encryption product manufacturers during the transition to a key management
infrastructure.

Under this initiative, the export of 56-bit key length encryption products
will be permitted under a general license after one-time review, and
contingent upon industry commitments to build and market future products
that support key recovery.  This policy will apply to hardware and software
products.  The relaxation of controls will last up to two years.

The Administration's initiative recognizes that an industry-led technology
strategy will expedite market acceptance of key recovery, and that the
ultimate solution must be market-driven.

Exporters of 56-bit DES or equivalent encryption products would make
commitments to develop and sell products that support the key recovery
system that I announced in July.  That vision presumes that a trusted party
(in some cases internal to the user's organization) would recover the
user's confidentiality key for the user or for law enforcement officials
acting under proper authority.  Access to keys would be provided in
accordance with destination country policies and bilateral understandings.
No key length limits or algorithm restrictions will apply to exported key
recovery products.

Domestic use of key recovery will be voluntary, and any American will
remain free to use any encryption system domestically.

The temporary relaxation of controls is one part of a broader encryption
policy initiative designed to promote electronic information security and
public safety.  For export control purposes, commercial encryption products
will no longer be treated as munitions.  After consultation with Congress,
jurisdiction for commercial encryption controls will be transferred from
the State Department to the Commerce Department.  The Administration also
will seek legislation to facilitate commercial key recovery, including
providing penalties for improper release of keys, and protecting key
recovery agents against liability when they properly release a key.

As I announced in July, the Administration will continue to expand the
purchase of key recovery products for U.S. government use, promote key
recovery arrangements in bilateral and multilateral discussions, develop
federal cryptographic and key recovery standards, and stimulate the
development of innovative key recovery products and services.

Under the relaxation, six-month general export licenses will be issued
after one-time review, contingent on commitments from exporters to explicit
benchmarks and milestones for developing and incorporating key recovery
features into their products and services, and for building the supporting
infrastructure internationally.  Initial approval will be contingent on
firms providing a plan for implementing key recovery.  The plan will
explain in detail the steps the applicant will take to develop, produce,
distribute, and/or market encryption products with key recovery features.
The specific commitments will depend on the applicant's line of business.

The government will renew the licenses for additional six-month periods if
milestones are met.  Two years from now, the export of 56-bit products that
do not support key recovery will no longer be permitted.  Currently
exportable 40-bit mass market software products will continue to be
exportable.  We will continue to support financial institutions in their
efforts to assure the recovery of encrypted financial information.  Longer
key lengths will continue to be approved for products dedicated to the
support of financial applications.

The Administration will use a formal mechanism to provide industry, users,
state and local law enforcement, and other private sector representatives
with the opportunity to advise on the future of key recovery.  Topics will
include:

	. evaluating the developing global key recovery architecture
	. assessing lessons-learned from key recovery implementation
	. advising on technical confidence issues vis-a-vis access to
	  and release of keys
	. addressing interoperability and standards issues
	. identifying other technical, policy, and program issues
	  for governmental action.

The Administration's initiative is broadly consistent with the recent
recommendations of the National Research Council.  It also addresses many
of the objectives of pending Congressional legislation.

-----------------------------------------------------------------------------
RESPONSE FROM SENATOR PATRICK LEAHY (D-VT)

        STATEMENT OF SENATOR LEAHY ON THE 
        ADMINISTRATION'S NEW ENCRYPTION INITIATIVE
                                October 1, 1996
     
        The timing of the Administration's announcement on encryption, 
     within hours of the Congress' likely adjournment, is unfortunate. 
     The Administration needs to work with Congress to develop a 
     consensus on a national encryption policy that takes account of 
     the privacy, law enforcement and competitiveness concerns of our 
     Nation's citizens and businesses. 
     
        Taking unilateral steps will not resolve this issue, but 
     instead could delay building the consensus we so urgently need. 
     This issue simply cannot by resolved by Executive fiat.
     
        While technology should not dictate policy, particularly when 
     our public safety and national security interests are at issue, 
     any policy we adopt must protect our privacy.  As the 
     Administration and industry rush to find an alternative to 
     unbreakable encryption, they should take heed that any solution 
     which fails to protect the Fourth Amendment and privacy rights of 
     our citizens will be unacceptable.
     
        That is why, with bipartisan support, Senator Burns and I 
     introduced legislation in March that set out privacy safeguards 
     to protect the decoding keys to encrypted communications and 
     stringent legal procedures for law enforcement agencies to get 
     access to those keys. 
     
        In this plan, the Administration is directing the resources of 
     our high-tech industry to develop breakable, rather than 
     unbreakable, encryption. But no one is yet clear about who will 
     be legally allowed to break into encrypted messages, and under 
     what circumstances. These are questions that have to be answered 
     not only with our own government but also with foreign 
     governments.  The weakest link in a key recovery system may be 
     the country with the weakest privacy protections. Internet users, 
     who can send messages around the globe seamlessly, do not want 
     the privacy of their encrypted communications to be at the mercy 
     of a country that ignores the Fourth Amendment principles we 
     enjoy here. 
     
        These are significant privacy and security concerns not 
     answered by the Administration's plan. 
     
        Even without reading the fine print, the general outline of 
     the Administration's plan smacks of the government trying to 
     control the marketplace for high-tech products. Only those 
     companies that agree to turn over their business plans to the 
     government and show that they are developing key recovery 
     systems, will be rewarded with permission to sell abroad products 
     with DES encryption, which is the global encryption standard. 
     
        Conditioning foreign sales of products with DES on development 
     of key recovery systems puts enormous pressure on our computer 
     industry to move forward with key recovery, whether their 
     customers want it or not.
     
         Internet users themselves -- not the FBI, not the NSA, not 
     any government regulator -- should decide what encryption method 
     best serves their needs. Then the marketplace will be able to 
     respond. The Administration is putting the proverbial cart before 
     the horse, by putting law enforcement interests ahead of every 
     one elses.
     
        But that is not the only catch in the Administration's plan. 
     Permission to export DES will end in two years. Allowing American 
     companies to sell DES overseas is a step long overdue. Given the 
     fact that a Japanese company is already selling "triple DES", one 
     might say this step is too little, too late. Threatening to pull 
     the plug on DES in two years, when this genie is already out of 
     the bottle, does not promote our high-tech industries overseas. 
     Does this mean that U.S. companies selling sophisticated computer 
     systems with DES encryption overseas must warn their customers 
     that the supply may end in two years? Customers both here and 
     abroad want stable suppliers, not those jerked around by their 
     government.
     
        The most effective way to protect the privacy and security of 
     our on-line communications is to use encryption technology. Every 
     American should be concerned about our country's policy on 
     encryption since the resolution of this debate will affect 
     privacy, jobs and the competitiveness of our high-tech 
     industries. 

-----------------------------------------------------------------------------
RESPONSE FROM SENATOR CONRAD BURNS (R-MT)

  For immediate release:          Contact:                    Matt Raymond
  Tuesday, October 1, 1996                                  (202) 224-8150
                                                           Randall Popelka
                                                            (202) 224-6137
  
  Burns Cautious on Encryption Plan
  Oversight Vowed for Plan That "Raises More Questions Than It Answers"
  
        WASHINGTON, D.C. _ Montana Senator Conrad Burns today reacted 
  cautiously to plans by the Clinton administration to loosen restrictions 
  on exports of stronger encryption for computer software and hardware.  He 
  also criticized the White House for its failure to negotiate on the 
  cornerstone of its proposals: that companies must agree to "escrow" their 
  decryption keys.
  
        "I have no doubt that it was the pressure of Congress, high-tech 
  companies and privacy advocates that dragged the White House kicking and 
  screaming into agreeing that export restrictions should be eased," said 
  Burns, chief sponsor of the Pro-CODE bill, which would loosen 
  restrictions on encryption exports and prohibit government-mandated key 
  escrow.  "However, I can't say I'm pleased with a process that has all 
  but excluded Congress and the public from the discussion.
  
        "The administration's insistence on key escrow as a condition of 
  lifting these restrictions has never been negotiable.  Meanwhile, what 
  choice do these companies have but to yield as their global 
  competitiveness withers on the vine?
  
        "This plan raises even more questions than it answers, such as, 
  what about the widespread availability of much stronger encryption than 
  that which is allowed by the White House?  How do we deal with rapid 
  changes in technology that will inevitably render the 56-bit limit 
  obsolete?  The devil is definitely in the details.
  
        "This debate is not over by any stretch of the imagination.  The 
  administration has prevented Congress from weighing in on this issue just 
  as support was building for a legislative solution.  I intend to move 
  forward with pro-encryption legislation in the next Congress.
  
        "I will also push for vigorous oversight of the administration's 
  plan in the Commerce Committee."  The Senate Commerce Committee, of which 
  Burns is a member, has jurisdiction over the Commerce Department.  The 
  administration has stated its intent to transfer export licensing 
  authority over encryption from the State Department to the Commerce 
  Department.
  
-----------------------------------------------------------------------------
HOW TO RECEIVE CRYPTO-NEWS

To subscribe to crypto-news, sign up from our WWW page (http://www.crypto.com)
or send mail to [email protected] with "subscribe crypto-news" in the body
of the message.  To unsubscribe, send a letter to [email protected] with
"unsubscribe crypto-news" in the body.

-----------------------------------------------------------------------------
PRESS CONTACT INFORMATION

Press inquiries on Crypto-News should be directed to
	Shabbir J. Safdar (VTW) at +1.718.596.2851 or [email protected]
	Jonah Seiger (CDT) at +1.202.637.9800 or [email protected]

-----------------------------------------------------------------------------
End crypto-news
=============================================================================