[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A study of National Cryptography Policy




As the broadcast message noted, the ground rules regarding
classification were not established by the CSTB, but rather by the U.S.
Congress.  Note also that the final report is intended to be unclassified,
though classified annexes may be necessary for completeness.

Regarding the two-year time frame of the study: the premise of the study is
that there are many perspectives on the issue and that the appropriate policy
balance has not yet been established; surely you would acknowledge that
both these statements are true.  Thus, a serious study of the issue requires
time to reflect, especially if different perspectives are to be reconciled.

So, let me invite you folks to submit whatever materials you would like the
study
committee to consider (e.g., printed articles, written statements, etc), and
what
opportunity, if any, you would like to have to testify before the committee or
its
staff.

Herb Lin
****
>As part of the Defense Authorization Bill for FY 1994, the U.S. Congress
>has asked the Computer Science and Telecommunications Board
>(CSTB) of the National Research Council (NRC) to undertake a study of
>national policy with respect to the use and regulation of cryptography.
[...]

A *two year*, *classified* study of national cryptography policy??

I suppose it's just as well. The closest thing we currently have to a
"national cryptography policy" are some ineffective and pointless
export controls that, if proposed legislation is adopted, may go away
in a few months anyway. That would leave civilian cryptography pretty
much unregulated -- exactly as it should be.

So sure, take all the time you like to "study" the issue. The longer
the better. The "cryptography genie" is already well out of its
bottle; in two years, it will be everywhere.

And yes, by all means, require security clearances of all the
participants and classify all of the proceedings. That will exclude
many of the biggest names in civilian cryptography -- those who are
not US citizens, who will not submit themselves to government
censorship, and who do not wish to lend any legitimacy to a government
effort that will inevitably try to regulate what will (and should) be
left alone. And it will stifle any embarassing public debates on minor
issues like free speech, freedom of association and personal privacy,
all of which are just annoying technicalities that keep law
enforcement and intelligence agencies from doing their jobs more
efficiently.

Better yet, restrict membership to these loyal law enforcement and
intelligence agencies, the same ones responsible for the silly current
state of export controls on cryptography. That should eliminate what
few shreds of credibility might remain in the Board's final report.

Phil