A study of National Cryptography Policy

[ssteele@eff.org (Shari Steele)]

>Date: Mon, 29 Nov 93 12:23:02 EST
>From: "Herb Lin" <hlin@nas.edu>
>Encoding: 5789 Text
>To: farber@cis.upenn.edu, editors@eff.org, alert@washofc.cpsr.org
>Subject: A study of National Cryptography Policy
>
>
>Please forward this message to any individual or mailing list
>that you believe should receive it.  Many thanks..
>*********************
>As part of the Defense Authorization Bill for FY 1994, the U.S. Congress
>has asked the Computer Science and Telecommunications Board
>(CSTB) of the National Research Council (NRC) to undertake a study of
>national policy with respect to the use and regulation of cryptography.
>The report of the study committee is due two years after all necessary
>security clearances have been processed, probably sometime summer
>1996, and is subject to NRC review procedures.  The legislation
>states that 120 days after the day on which the report is submitted to
>the Secretary of Defense, the Secretary shall submit the report to the
>Committees on Armed Services, Intelligence, Commerce, and the
>Judiciary of the Senate and House of Representatives in unclassified
>form, with classified annexes as necessary.  As of this date (November 29,
>1993), the House and the Senate have agreed to this study, but the
>President has not yet signed the bill.
>
>Assuming the legislation is signed by the President,  this study is
>expected to address the appropriate balance in cryptography policy
>among various national interests (e.g., U.S. economic competitiveness
>(especially with respect to export controls), national security, law
>enforcement, and the protection of the privacy rights of individuals),
>and the strength of various cryptographic technologies known today
>and anticipated in the future that are relevant for commercial
>purposes.  The federal process through which national cryptography
>policy has been formulated is also expected to be a topic of
>consideration, and, if appropriate, the project will address
>recommendations for improving the formulation of national
>cryptographic policy in the future.
>
>This project, like other NRC projects, will depend heavily on input
>from industry, academia, and other communities in the concerned
>public.  Apart from the study committee (described below), briefings
>and consultations from interested parties will be arranged and others
>will be involved as anonymous peer reviewers.
>
>It is expected that the study committee will be a high-level group that
>will command credibility and respect across the range of government,
>academic, commercial, and private interests.  The committee will
>include members with expertise in areas such as:
>
>  - relevant computer and communications technology;
>  - cryptographic technologies and cryptanalysis;
>  - foreign, national security, and intelligence affairs;
>  - law enforcement;
>  - commercial interests; and
>  - privacy and consumer interests.
>
>All committee members (and associated staff) will have to be cleared
>at the "SI/TK" level; provisions have been made to expedite the
>processing of security clearances for those who do not currently have
>them.  Committee members will be chosen for their stature, expertise,
>and seniority in their fields; their willingness to listen and consider
>fairly other points of view; and their ability to contribute to the
>formulation of consensus positions.  The committee as a whole will
>be chosen to reflect the range of judgment and opinion on the subject
>under consideration.
>
>The detailed composition of the committee has not yet been decided;
>suggestions for committee members are sought from the community at
>large.  Note that NRC rules regarding conflict of interest forbid the
>selection as committee members of individuals that have substantial
>personal financial interests that might be significantly affected by the
>outcome of the study.  Please forward suggestions for people to
>participate in this project to CSTB@NAS.EDU by DECEMBER 17,
>1993; please include their institutional affiliations, their field(s) of
>expertise, a note describing how the criteria described above apply to
>them, and a way to contact them.  For our administrative
>convenience, please put in the "SUBJECT:" field of your message the
>words "crypto person".
>
>Finally, some people have expressed concern about the fact that the
>project will involve consideration of classified material.  Arguments
>can and have been made on both sides of this point, but in any event
>this particular ground rule was established by the U.S. Congress, not
>by the CSTB.  Whether one agrees or disagrees with the asserted
>need for classification, the task at hand is to do the best possible job
>given this constraint.
>
>On the National Research Council
>
>The National Research Council (NRC) is the operating arm of the
>Academy complex, which includes the National Academy of Sciences,
>the National Academy of Engineering, and the Institute of Medicine.
>The NRC is a source of impartial and independent advice to the
>federal government and other policy makers that is able to bring to
>bear the best scientific and technical talent in the nation to answer
>questions of national significance.  In addition, it often acts as a
>neutral party in convening meetings among multiple stakeholders on
>any given issue, thereby facilitating the generation of consensus on
>controversial issues.
>
>The Computer Science and Telecommunications Board (CSTB) of the
>NRC considers technical and policy issues pertaining to computer
>science, telecommunications, and associated technologies.  CSTB
>monitors the health of the computer science, computing technology,
>and telecommunications fields, including attention as appropriate to
>the issues of human resources and information infrastructure and
>initiates studies involving computer science, computing technology,
>and telecommunications as critical resources and sources of national
>economic strength.  A list of CSTB publications is available on
>request.
>
>