[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Government Accounting Office Report on Communications Privacy



A few days ago, the Government Accounting Office (GAO) -- a pretty sharp
internal gov't investigative organization that's about a lot more than
accounting -- issued a report on communications privacy.  (Much of what's
in the report will probably raise of big "duh, we've been saying this for a
decade," from cypherpunks and other digerati, but it's still very important
to have the GAO saying this stuff.)

The report makes four very important findings:

1. Privacy-protecting technology (crytopgraphy) is increasingly important
for protecting the security of business communications and personal
information.  But federal policy is getting in the way of this technology.

"Increased use of computer and communications networks, computer literacy,
and dependence on information technology heighten US industries risk of
losing proprietary information to economic espionage.  In part to reduce
the risk, industry is more frequently using hardware and software with
encryption capabilities.  However, federal policies and actions stemming
from national security and law enforcement concerns hinder the use and the
export of U.S. commercial encryption technology and may hinder its
development."

2. The NSA's role in this area is has been extensive, and possibly beyond
the spirit of the Computer Security Act. 

"Although the Computer Security Act of 1987 reaffirmed NIST's reponsibility
for developing federal information-processing standards for security of
sensitive, unclassified information, NIST follows NSA's lead in developing
certain cryptographic standards"

3. Opportunity for public input in the standards process has been
insufficient, leading to proposals like Clipper which lack public support.

"These policy issues are formulated and announced to the public, however,
with very little input from directly affected business interests, academia,
and others."

The report draws no specific policy conclusions, but provides excellent
ammunition for those of us who are trying to open up the standards process
and get export controls lifted.

Full text of the report (GAO/OSI-94-2 Communications Privacy: Federal
Policy and Actions) is supposed to be made available by ftp from GAO.  As
soon as it is, I'll let people know where it is.



......................................................................
Daniel J. Weitzner, Senior Staff Counsel              <[email protected]>
Electronic Frontier Foundation                        202-347-5400 (v) 
1001 G St, NW  Suite 950 East                         202-393-5509 (f)
Washington, DC 20001

*** Join EFF!!!  Send mail to [email protected] for information ***