[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(fwd) EFF's Jerry Berman testimony - House Clipper/DigTel hearing 5/3/94 (fwd)
Forwarded message:
> From: [email protected] (Stanton McCandlish)
> Newsgroups: talk.politics.crypto
> Subject: EFF's Jerry Berman testimony - House Clipper/DigTel hearing 5/3/94
> Date: 6 May 1994 11:11:10 -0500
> Organization: UTexas Mail-to-News Gateway
> Lines: 491
> Sender: [email protected]
> Approved: [email protected]
> Message-ID: <[email protected]>
> NNTP-Posting-Host: cs.utexas.edu
>
>
>
>
> Testimony
>
> of
>
> Jerry J. Berman, Executive Director
> Electronic Frontier Foundation
>
> before the
>
> Committee on Science, Space and Technology
>
> Subcommittee on Technology, Environment and
> Aviation
>
> U.S. House of Representatives
>
>
> Hearing on
>
> Communications and Computer Surveillance, Privacy
> and Security
>
>
> May 3, 1994
>
> Mr. Chairman and Members of the Committee
>
> I want to thank you for the opportunity to testify today on
> communications
> and computer surveillance, privacy, and security policy. The Electronic
> Frontier Foundation (EFF) is a public interest membership organization
> dedicated to achieving the democratic potential of new communications
> and computer technology and works to protect civil liberties in new
> digital environments. EFF also coordinates the Digital Privacy and
> Security Working Group (DPSWG), a coalition of more than 50 computer,
> communications, and public interest organizations and associations
> working on communications privacy issues. The Working Group has
> strongly opposed the Administration's clipper chip and digital telephony
> proposals.
> EFF is especially pleased that this subcommittee has taken an
> interest in these issues. It is our belief that Administration policy
> developed in this area threatens individual privacy rights, will thwart
> the development of the information infrastructure, and does not even
> meet the stated needs of law enforcement and national security agencies.
> A fresh and comprehensive look at these issues is needed.
>
>
> I. Background on digital privacy and security policy
> -------------------------------------------------------
>
> From the beginning of the 1992 Presidential campaign, President
> Clinton and Vice President Gore committed themselves to support the
> development of the National Information Infrastructure. They recognize
> that the "development of the NII can unleash an information revolution
> that will change forever the way people live, work, and interact with
> each other." They also know that the information infrastructure can
> only realize its potential if users feel confident about security
> measures available.
> If allowed to reach its potential, this information infrastructure
> will carry vital personal information, such as health care records,
> private communications among friends and families, and personal
> financial transactions. The business community will transmit valuable
> information such as plans for new products, proprietary financial data,
> and other strategic communications. If communications in the new
> infrastructure are vulnerable, all of our lives and businesses would be
> subject to both damaging and costly invasion.
> In launching its Information Infrastructure Task Force (IITF) the
> Clinton Administration recognized this when it declared that:
>
> The trustworthiness and security of communications channels and
> networks are essential to the success of the NII.... Electronic
> information systems can create new vulnerabilities. For example,
> electronic files can be broken into and copied from remote locations,
> and cellular phone conversations can be monitored easily. Yet these
> same systems, if properly designed, can offer greater security than
> less advanced communications channels. [_Agenda_for_Action_, 9]
>
> Cryptography -- technology which allows encoding and decoding of
> messages -- is an absolutely essential part of the solution to
> information security and privacy needs in the Information Age. Without
> strong cryptography, no one will have the confidence to use networks to
> conduct business, to engage in commercial transactions electronically,
> or to transmit sensitive personal information. As the Administration
> foresees, we need
>
> network standards and transmission codes that facilitate
> interconnection and interoperation between networks, and ensure the
> privacy of persons and the security of information carried....
> [_Agenda_for_Action_, 6]
>
> While articulating these security and privacy needs, the Administration
> has also emphasized that the availability of strong encryption poses
> challenges to law enforcement and national security efforts. Though the
> vast majority of those who benefit from encryption will be law abiding
> citizens, some criminals will find ways to hide behind new technologies.
>
>
> II. Current cryptography policy fails to meet the needs of
> ------------------------------------------------------------
> the growing information infrastructure
> ----------------------------------------------
>
> As a solution to the conflict between the need for user privacy
> and the desire to ensure law enforcement access, the Administration has
> proposed that individuals and organizations who use encryption deposit a
> copy of their private key -- the means to decode any communications they
> send -- with the federal government.
> In our view, this is not a balanced solution but one that
> undermines the need for security and privacy without resolving important
> law enforcement concerns. It is up to the Congress to send the
> Administration back to the drawing board.
>
> A. Current Export Controls and New Clipper Proposal Stifle Innovation
> ------------------------------------------------------------------------
>
> Two factors are currently keeping strong encryption out of the
> reach of United States citizens and corporations. First, general
> uncertainty about what forms of cryptography will and will not be legal
> to produce in the future. Second, export controls make it economically
> impossible for US manufacturers that build products for the global
> marketplace to incorporate strong encryption for either the domestic or
> foreign markets. Despite this negative impact on the US market, export
> controls are decreasingly successful at limiting the foreign
> availability of strong encryption. A recent survey shows that of the
> more than 260 foreign encryption products now available globally, over
> 80 offer encryption which is stronger than what US companies are allowed
> to export. Export controls do constrain the US market, but the
> international market appears to be meeting its security needs without
> help from US industry. The introduction of Clipper fails to address the
> general uncertainty in the cryptography market. Announcement of a key
> escrow policy alone is not sufficient to get the stalled US cryptography
> market back on track.
>
> B. The secrecy of the Clipper/Skipjack algorithm reduces public trust
> ------------------------------------------------------------------------
> and casts doubt on the voluntariness of the whole system
> --------------------------------------------------------------
>
> Many parties have already questioned the need for a secret
> algorithm, especially given the existence of robust, public-domain
> encryption techniques. The most common explanation given for use of a
> secret algorithm is the need to prevent users from bypassing the key
> escrow system proposed along with the Clipper Chip. Clipper has always
> been presented by the Administration as a voluntary option. But if the
> system is truly voluntary, why go to such lengths to ensure compliance
> with the escrow procedure?
>
> C. Current plans for escrow system offer inadequate technical
> ----------------------------------------------------------------
> security and insufficient legal protections for users
> -----------------------------------------------------------
>
> The implementation of a nationwide key escrow system is clearly a
> complex task. But preliminary plans available already indicate several
> areas of serious concern:
>
> 1. _No_legal_rights_for_escrow_users_: As currently written, the
> escrow procedures insulate the government escrow agents from any legal
> liability for unauthorized or negligent release of an individual's key.
> This is contrary to the very notion of an escrow system, which
> ordinarily would provide a legal remedy for the depositor whose
> deposit is released without authorization. If anything, escrow agents
> should be subject to strict liability for unauthorized disclosure of
> keys.
>
> 2. _No_stability_in_escrow_rules_: The Administration has
> specifically declared that it will not seek to have the escrow
> procedures incorporated into legislation or official regulations.
> Without formalization of rules, users have no guaranty that subsequent
> administrations will follow the same rules or offer the users the same
> degree of protection. This will greatly reduce the trust in the system.
>
> 3. _Fixed_Key_: A cardinal rule of computer security is that
> encryption keys must be changed often. Since the Clipper keys are
> locked permanently into the chips, the keys can never be changed. This
> is a major technical weakness of the current proposal.
>
> 4. _Less_intrusive,_more_secure_escrow_alternatives_are_available_:
> The Clipper proposal represents only one of many possible kinds of key
> escrow systems. More security could be provided by having more
> than two escrow agents. And, in order to increase public trust, some
> or all of these agents could be non-governmental agencies, with the
> traditional fiduciary duties of an escrow agent.
>
> D. Escrow Systems Threaten Fundamental Constitutional Values
> ---------------------------------------------------------------
>
> The Administration, Congress, and the public ought to have the
> opportunity to consider the implications of limitations on cryptography
> from a constitutional perspective. A delicate balance between
> constitutional privacy rights and the needs of law enforcement has been
> crafted over the history of this country. We must act carefully as we
> face the constitutional challenges posed by new communication
> technologies.
> Unraveling the current encryption policy tangle must begin with
> one threshold question: will there come a day when the federal
> government controls the domestic use of encryption through mandated key
> escrow schemes or outright prohibitions against the use of particular
> encryption technologies? Is Clipper the first step in this direction?
> A mandatory encryption regime raises profound constitutional questions.
> In the era where people work for "virtual corporations" and
> conduct personal and political lives in "cyberspace," the distinction
> between _communication_ of information and _storage_ of information is
> increasingly vague. The organization in which one works may constitute
> a single virtual space, but be physically dispersed. So, the papers and
> files of the organization or individual may be moved within the
> organization by means of telecommunications technology. Instantaneous
> access to encryption keys, without prior notice to the communicating
> parties, may well constitute a secret search, if the target is a
> virtual corporation or an individual whose "papers" are physically
> dispersed.
> Wiretapping and other electronic surveillance has always been
> recognized as an exception to the fundamental Fourth Amendment
> prohibition against secret searches. Even with a valid search warrant,
> law enforcement agents must "knock and announce" their intent to search
> a premises before proceeding. Failure to do so violates the Fourth
> Amendment. Until now, the law of search and seizure has made a sharp
> distinction between, on the one hand, _seizures_of_papers_ and other
> items in a person's physical possession, and on the other hand,
> _wiretapping_of_communications_. Seizure of papers or personal effects
> must be conducted with the owner's knowledge, upon presentation of a
> search warrant. Only in the exceptional case of wiretapping, may a
> person's privacy be invaded by law enforcement without simultaneously
> informing that person.
> Proposals to regulate the use of cryptography for the sake of law
> enforcement efficiency should be viewed carefully in the centuries old
> tradition of privacy protection.
>
> E. Voluntary escrow system will not meet law enforcement needs
> -----------------------------------------------------------------
>
> Finally, despite all of the troubling aspects of the Clipper
> proposal, it is by no means clear that it will even solve the problems
> that law enforcement has identified. The major stated rationale for
> government intervention in the domestic encryption arena is to ensure
> that law enforcement has access to criminal communications, even if they
> are encrypted. Yet, a voluntary scheme seems inadequate to meet this
> goal. Criminals who seek to avoid interception and decryption of their
> communications would simply use another system, free from escrow
> provisions. Unless a government-proposed encryption scheme is
> mandatory, it would fail to achieve its primary law enforcement purpose.
> In a voluntary regime, only the law-abiding would use the escrow system.
>
> III. Recent policy developments indicate that Administration policy is
> -----------------------------------------------------------------------
> bad for the NII, contrary to the Computer Security Act, and
> -----------------------------------------------------------------
> requires Congressional oversight
> --------------------------------------
>
> Along with the Clipper Chip proposal, the Administration announced
> a comprehensive review of cryptography and privacy policy. Almost
> immediately after the Clipper announcement, the Digital Privacy and
> Security Working Group began discussions with the Administration on
> issues raised by the Clipper proposal and by cryptography in general.
> Unfortunately, this dialogue has been largely one-sided. EFF and many
> other groups have provided extensive input to the Administration, yet
> the Administration has not reciprocated -- the promised policy report
> has not been forthcoming. Moreover, the National Security Agency and
> the Federal Bureau of Investigation are proceeding unilaterally to
> implement their own goals in this critical policy area.
> Allowing these agencies to proceed unilaterally would be a grave
> mistake. As this subcommittee is well aware, the Computer Security Act
> of 1987 clearly established that neither military nor law enforcement
> agencies are the proper protectors of personal privacy. When
> considering the law, Congress asked, "whether it is proper for a super-
> secret agency [the NSA] that operates without public scrutiny to involve
> itself in domestic activities...?" The answer was a clear "no." Recent
> Administration announcements regarding the Clipper Chip suggest that the
> principle established in the 1987 Act has been circumvented.
> As important as the principle of civilian control was in 1987, it
> is even more critical today. The more individuals around the country
> come to depend on secure communications to protect their privacy, the
> more important it is to conduct privacy and security policy dialogues in
> public, civilian forums.
> The NII can grow into the kind of critical, national resource
> which this Administration seeks to promote only if major changes in
> current cryptography and privacy policy. In the absence of such
> changes, digital technology will continue to rapidly render our
> commercial activities and communications -- and, indeed, much of our
> personal lives -- open to scrutiny by strangers. The Electronic
> Frontier Foundation believes that Americans must be allowed access
> to the cryptographic tools necessary to protect their own privacy.
> We had hoped that the Administration was committed to making these
> changes, but several recent developments lead us to fear that the effort
> has been abandoned, leaving individual agencies to pursue their own
> policy agendas instead of being guided by a comprehensive policy. The
> following issues concern us:
>
> * Delayed Cryptography Policy Report
> ----------------------------------------
>
> The policy analysis called for along with the April 16, 1993
> Presidential Decision Directive has not been released, though it was
> promised to have been completed by early fall of 1993. We had hoped
> that this report would be the basis for public dialogue on the important
> privacy, competitiveness, and law enforcement issues raised by
> cryptography policy. To date, none of the Administration's policy
> rationale has been revealed to the public, despite the fact that
> agencies in the Executive Branch are proceeding with their own plan
>
> * Escrowed Encryption Federal Information Processing Standard (FIPS)
> ------------------------------------------------------------------------
> approved against overwhelming weight of public comments
> -------------------------------------------------------------
>
> The Presidential Decision Directive also called for consideration of a
> Federal Information Processing Standard (FIPS) for key-escrow
> encryption systems. This process was to have been one of several
> forums whereby those concerned about the proposed key-escrow system
> could voice opinions. EFF, as well as over 225 of our individual
> members, raised a number of serious concerns about the draft FIPS in
> September of this 1993. EFF expressed its opposition to government
> implementation of key-escrow systems as proposed. We continue to
> oppose the deployment of Skipjack family escrow encryption systems
> both because they violate fundamental First, Fourth, and Fifth
> amendment principles, and because they fail to offer users adequate
> security and flexibility.
>
> Despite overwhelming opposition from over 300 commenters, the
> Department of Commerce recently approved FIPS 185.
>
> * Large-Scale Skipjack Deployment Announced
> -----------------------------------------------
>
> At the December 9, 1993 meeting of the Computer Systems Security and
> Privacy Advisory Board, an NSA official announced plans to deploy from
> 10,000 to 70,000 Skipjack devices in the Defense Messaging System in
> the near future. The exact size of the order was said to be dependent
> only on budget constraints. The Administration is on record in the
> national press promising that no large-scale Skipjack deployment would
> occur until a final report of the Administration Task Force was
> complete. Ten thousand units was set as the upper limit of initial
> deployment. Skipjack deployment at the level planned in the Defense
> Messaging System circumvents both the FIPS notice and comments process
> which has been left in a state of limbo, as well as the Administration's
> promise of a comprehensive policy framework.
>
> * New FBI Digital Telephony Legislation Proposed
> ----------------------------------------------------
>
> The FBI recently proposed a new "Digital Telephony" bill. After initial
> analysis, we strongly oppose the bill, which would require all common
> carriers to construct their networks to deliver to law enforcement
> agencies, in real time, both the contents of all communications on their
> networks and the "signaling" or transactional information.
>
> In short, the bill lays the groundwork for turning the National
> Information Infrastructure into a nation-wide surveillance system, to be
> used by law enforcement with few technical or legal safeguards. This
> image is not hyperbole, but a real assessment of the power of the
> technology and inadequacy of current legal and technical privacy
> protections for users of communications networks.
>
> Although the FBI suggests that the bill is primarily designed to
> maintain status quo wiretap capability in the face of technological
> changes, in fact, it seeks vast new surveillance and monitoring tools.
>
> Lengthy delays on the promised policy report, along with these
> unilateral steps toward Clipper/Skipjack deployment, lead us to believe
> that Administration policy is stalled by the Cold War-era national
> security concerns that have characterized cryptography policy for the
> last several decades.
> EFF believes that it would be a disastrous error to allow national
> information policy -- now a critical component of domestic policy -- to
> be dictated solely by backward-looking national-security priorities and
> unsubstantiated law-enforcement claims. The directions set by this
> Administration will have a major impact on privacy, information
> security, and the fundamental relationship between the government and
> individual autonomy. This is why the Administration must take action--
> and do so before the aforementioned agencies proceed further--to ensure
> that cryptography policy is restructured to serve the
> interests of privacy and security in the National Information
> Infrastructure. We still believe the Administration can play the
> leadership role it was meant to play in shaping this policy. If it does
> not, the potential of the NII, and of fundamental civil liberties in the
> information age, will be threatened.
>
> IV. Congressional oversight of cryptography & privacy policy is
> -----------------------------------------------------------------
> urgently needed to right the balance between privacy,
> -----------------------------------------------------------
> competitiveness & law enforcement needs
> ---------------------------------------------
>
> All participants in this debate recognize that the need for
> privacy and security is real, and that new technologies pose real
> challenges for law enforcement and national security operations.
> However, the solutions now on the table cripple the NII, pose grave
> threats to privacy, and fail to even meet law enforcement objectives.
> In our judgment, the Administration has failed, thus far, to articulate
> a comprehensive set of policies which will advance the goals upon
> which we all agree.
> Congress must act now to ensure that cryptography policy is
> developed in the context of the broader goal of promoting the
> development of an advanced, interoperable, secure, information
> infrastructure.
> In order to meet the privacy and security needs of the growing
> infrastructure, Congress should seek a set of public policies which
> promote the widespread availability of cryptographic systems according
> to the following criteria:
>
> * Use Voluntary Standards to Promote Innovation and Meet
> ------------------------------------------------------------
> Diverse Needs:
> --------------------
>
> The National Information Infrastructure stretches to
> encompass devices as diverse as super computers, handheld personal
> digital assistants and other wireless communications devices, and plain
> old telephones. Communication will be carried over copper wires, fiber
> optic cables, and satellite links. The users of the infrastructure will
> range from elementary school children to federal agencies. Encryption
> standards must be allowed to develop flexibly to meet the wide-ranging
> needs all components of the NII. In its IITF Report, the Administration
> finds that standards also must be compatible with the large installed
> base of communications technologies, and flexible and adaptable enough
> to meet user needs at affordable costs. [_AA_, 9] The diverse uses of
> the NII require that any standard which the government seeks to promote
> as a broadly deployed solution should be implementable in software as
> well as hardware and based on widely available algorithms.
>
> * Develop Trusted Algorithms and End-to-End Security:
> ---------------------------------------------------------
>
> Assuring current and future users of the NII that their communications
> are
> secure and their privacy is protected is a critical task. This means
> that the
> underlying algorithms adopted must have a high level of public trust and
> the overall systems put in place must be secure.
>
> * Encourage National and International Interoperability:
> ------------------------------------------------------------
>
> The promise of the NII is seamless national and international
> communications of all types. Any cryptographic standard offered for
> widespread use must allow US corporations and individuals to function as
> part of the global economy and global communications infrastructure.
>
> * Seek Reasonable Cooperation with Law Enforcement and National
> -------------------------------------------------------------------
> Security Needs:
> ---------------------
>
> New technologies pose new challenges to law enforcement and national
> security surveillance activities. American industry is committed to
> working with law enforcement to help meet its legitimate surveillance
> needs, but the development of the NII should not be stalled on this
> account.
>
> * Promote Constitutional Rights of Privacy and Adhere to Traditional
> ------------------------------------------------------------------------
> Fourth Amendment Search and Seizure Rules:
> ------------------------------------------
>
> New technology can either be a threat or an aid to protection of
> fundamental privacy rights. Government policy should promote
> technologies which enable individuals to protect their privacy and be
> sure that those technologies are governed by laws which respect the
> long history of constitutional search and seizure restraints.
>
> * Maintain Civilian Control over Public Computer and
> --------------------------------------------------------
> Communications Security:
> ------------------------------
>
> In accordance with the Computer Security Act of 1987, development of
> security and privacy standards should be directed by the civilian
>
> V. Conclusion
> ----------------
>
> Among the most important roles that the federal government has in
> NII deployment are setting standards and guaranteeing privacy and
> security. Without adequate security and privacy, the NII will never
> realize it economic or social potential. Cryptography policy must, of
> course, take into account the needs of law enforcement and national
> security agencies, but cannot be driven by these concerns alone. The
> Working Group, along with other industry and public interest
> organizations, is committed to working with the Administration to
> solving the privacy and security questions raised by the growing NII.
> This must be done based on the principles of voluntary standards,
> promotion of innovation, concern for law enforcement needs, and
> protection of constitutional rights of privacy.
>
> ***************
>
>