[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RRE: AAAS Crypto Letter -> Scientific Freedom & Human Rights"
From: IN%"[email protected]" 20-FEB-1997 23:02:43.31
From: Phil Agre <[email protected]>
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command. For information on RRE, including instructions
for (un)subscribing, send an empty message to [email protected]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Date: Thu, 20 Feb 1997 14:16:54 -0500
From: [email protected] (Alex Fowler)
Subject: AAAS Crypto Letter -> Scientific Freedom & Human Rights
What follows is a copy of the letter sent under the signature of AAAS'
Executive Officer, Dr. Richard Nicholson, to the Department of Commerce on
the Bureau of Export Administration's Interim Rule on the transfer of
certain encryption items. The letter expresses our concern that the
current federal policy with regard to encryption raises serious questions
for both scientific freedom and human rights work. In addition, it marks
the first time that the Association has weighed in on the crypto debate at
this level.
Sincerely,
Alex Fowler
AAAS Scientific Freedom, Responsibility
and Law Program
American Association for the Advancement of Science
1200 New York Avenue, NW, Washington, DC, 20005
February 7, 1997
Ms. Nancy Crowe
Regulatory Policy Division
Bureau of Export Administration
Department of Commerce
14th Street and Pennsylvania Ave., NW, Room 2705
Washington, DC 20230
Dear Ms. Crowe:
On behalf of the American Association for the Advancement of Science
(AAAS), the world's largest general scientific society, I am responding to
the Bureau of Export Administration's Interim Rule on the transfer of
certain encryption items, published in the Federal Register, December 30,
1996. Before commenting directly on specific provisions of the Interim
Rule, it is important to make the point that its basic thrust threatens to
undermine essential features of scientific freedom and the open exchange of
information that are generally acknowledged as critical to innovation in
science and technology and are responsible in large part for the
preeminence of America's research and development enterprise. AAAS opposes
attempts by the government to restrict the communication or publication of
unclassified research and technical information, efforts which we believe
are inconsistent with scientific advancement. We are also concerned that
certain provisions of the Interim Rule will adversely affect the effective
use of information technologies in efforts to protect and promote human
rights.
Many of our members in the academic community have legitimate concerns that
teaching courses on cryptography appears to violate the Interim Rule if
foreign students are enrolled in such courses. Such a control seems to be
inadvertent, since Part 744.9 states that "mere teaching or discussion of
information about cryptography ... by itself would not establish the intent
described in this section, even where foreign persons are present."
However, Parts 734.3(b) and 734.9 place controls on all "educational
information" applying to encryption software controlled under ECCN 5D002,
and "Educational information" is defined as "release by instruction in ...
academic institutions." This matter requires further clarification to
avoid any unnecessary chilling effect on our educational process.
Currently, part 734.3 (b)(3) of the EAR posits a difference between the
paper and electronic publication of the same cryptographic materials.
While it is acceptable under this provision to publish such material in a
book and distribute it internationally without an export license, putting
the same information on a disk and sending it abroad is subject to EAR
approval. This distinction has serious ramifications for scholarly
communication as many professional journals are now moving onto the
Internet as electronic publications. Will cutting-edge innovations in
cryptography be publishable in this new medium? Consider the following
example: the full text of Science magazine, the major peer reviewed journal
published by AAAS, is currently available in both print and electronic
formats. According to the cited part in the EAR, an article accepted for
publication on a new cryptographic algorithm would be acceptable in the
print version of the publication. However, because the electronic version
is available to people outside the U.S., to comply with EAR, the journal
would either have to be published without this article or substantial parts
omitted. Scientific publications are crucial to the advancement of science
and technology and form a primary source of communication among researchers
worldwide. Restrictions that limit potential collaborations and channels
of communication into new and innovative cryptographic products will not
only impede scientific progress, but will also retard the evolution of a
secure Global Information Infrastructure.
AAAS has encouraged the development of ethical standards by scientists to
encourage responsible conduct and to establish accountability to a
supportive public. The codes of professional conduct promulgated by the
largest and most important U.S. professional engineering and computing
societies all stress the importance of protecting established cultural and
ethical norms of information privacy and data integrity. For example, the
American Society of Information Science's Code of Ethics for Information
Professionals mandates that its members "uphold each user's, provider's or
employer's rights to privacy" and resist "all forms of censorship" in
carrying out their responsibility "to improve, to the best of their means
and abilities, the information systems in which they work or which they
represent." The Interim Rule would compel these scientists and engineers
-- as employees of major software and hardware computing companies -- to
produce information security systems that are intentionally weak for
international markets. This would create an ethical dilemma for the
professional. He is bound by his responsibility to honor the ethical norms
agreed upon by his profession, but as a citizen of the U.S., he is also
bound by his responsibility to act according to these federal regulations.
The government should avoid whenever possible creating circumstances where
professionals must make such choices.
AAAS provides technical assistance to human rights groups on the design and
development of information management systems for large-scale human rights
data collection and analysis. This process concentrates politically
volatile information in computers, such as the names of witnesses to
military massacres in Guatemala who could be subjected to intimidation,
harassment, or murder by those intent on preventing the public discussion
and analysis of the information. Such a system must be protected by strong
cryptography.
In our human rights work, we have observed the growing importance of
non-governmental monitoring of state compliance with international human
rights agreements as the first line of defense a civil society has against
abusive regimes. By documenting and publicizing analyses of abusive
behavior by governments, non-governmental human rights organizations
provide a fundamental check on state repression. In order to be effective,
human rights monitoring organizations must function with a high level of
confidentiality. They must protect the people who give them information
about state violations of human rights. Similarly, organizations must
protect their own staff, many of whom may not be openly associated with the
organization.
As an increasing proportion of human rights work is supported by the use of
information technology, cryptographic techniques, including but not limited
to encryption, have become immensely more important. Organizations that
concentrate valuable, dangerous information in databases on hard disks must
be able to protect them from local authorities, who may be the subjects of
human rights investigations. Human rights groups communicating their
findings with collaborating organizations in other countries must be able
to transmit their information securely.
The sending organization must include sufficient information so that the
receiving organization can verify the claims. If the information needed to
verify the claims were intercepted, it could put the claimants in very
serious danger. Using strong cryptography, human rights organizations can
communicate their findings without putting informants or staff at
additional risk.
These are only a few examples of the compelling need for strong
cryptography by human rights organizations. The licensing provisions in
the Interim Rule permit only inadequate technology for the fundamental,
democratic needs of non-government human rights organizations. Part 742.15
of the Interim Rule suggests three categories of weak or unsafe encryption
that are eligible for accelerated licensing: (1) includes 40-bit products
called "mass market encryption software"; (2) permits key recovery
products; and (3) allows non-recovery encryption items using the DES
algorithm with 56-bit keys.
Provisions (1) and (3) are equally untenable for human rights purposes
because they authorize only products known to be breakable with available
and inexpensive technology. Provision (2), key recovery, is equally
unsatisfactory for human rights organizations. If keys can be recovered by
the U.S. government, why should human rights organizations whose entire
function is defined by abusive governments trust that their information
will remain secure? Given past and ongoing AAAS work in countries such as
Haiti, Honduras, Guatemala, Turkey, and South Africa, this matter is of
particular concern to us.
In view of these concerns, we urge the Bureau of Export Administration to
amend the Interim Rule in favor of a more open exchange of ideas and
information relating to cryptography. We believe this would advance the
nation's interests in a manner consistent with the values that are
responsible for America's widely admired scientific achievements and its
enduring democratic traditions.
Sincerely,
Richard S. Nicholson
cc:
John H. Gibbons
Mary L. Good
Orrin G. Hatch, Chair, Senate Judiciary Committee
Patrick J. Leahy, Ranking Minority Member, Senate Judiciary Committee
Jesse Helms, Chair, Senate Foreign Relations Committee
Joseph R. Biden, Jr., Ranking Minority Member, Senate Foreign Relations
Committee
John McCain, Chair, Senate Commerce, Science, and Transportation
Committee
Ernest F. Hollings, Ranking Minority Member, Senate Commerce, Science
& Transportation Committee
Conrad Burns, Member, Senate Commerce, Science, and Transportation
Committee
Tom Bliley, Chair, House Commerce Committee
John D. Dingell, Ranking Minority Member, House Commerce Committee
Bob Goodlatte, Member, House Commerce Committee
Henry J. Hyde, Chair, House Judiciary Committee
John Conyers, Jr., Ranking Minority Member, House Judiciary Committee
Benjamin A. Gilman, Chair, House International Relations Committee
Lee H. Hamilton, Ranking Minority Member, House International
Relations Committee
F. James Sensenbrenner, Jr., Chair, House Science Committee
George E. Brown, Jr., Ranking Minority Member, House Science Committee
Kenneth C. Bass, III, Esq.
Ann Beeson, Esq.
Cindy A. Cohn, Esq.
Gino J. Scarselli, Esq.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
For more information, contact:
Alexander Fowler or Patrick Ball
Directorate for Science and Policy Programs
1200 New York Avenue, NW
Washington, DC 20005
(202) 326-6600; Fax (202) 289-4950
[email protected] or [email protected]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=