[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Congress & Crypto Roundup: Vote in Commerce cmte tomorrow



Both sides of the crypto-debate spent today jockeying for position before
an important vote tomorrow in the House Commerce committee. At issue is
whether the panel will follow the lead of the Intelligence committee and
restrict your ability to protect your privacy with whatever technology you
want. Law enforcement officials are pressing for a secret backdoor, and
Rep. Oxley was planning to offer a proposal (Oxley I) giving them just that.

* Today Oxley circulated a revised proposal that I think of as Oxley II.
It's designed to respond to some of the criticisms:
  http://www.cdt.org/crypto/legis_105/SAFE/Oxley_Manton_rev.html

* Law professors sent a letter criticizing Oxley I:
  http://www.law.miami.edu/~froomkin/lawprof-letter.htm

* Yesterday dozens of groups -- from Apple to USWest -- sent out a letter
criticizing Oxley I. (It's attached below.) The question is now: how many
of these groups will oppose Oxley II?

* Oxley is trying to carve off pieces of the alliance and get the Baby
Bells not to oppose Oxley II, Reuters reports below. Also, grassroots law
enforcement groups -- including some from California -- are sending their
own letters to support Oxley.

* Rep. Rick White is trying to cut a deal; he's proposing alternative,
compromise language. A note from his staff is attached below.

* Scientific and engineering professional societies, too, weighed in. I've
attached their note at the end of this message.

-Declan

--------------

>From White's staff:

>Congressman Rick White will offer an alternative to the Oxley/Manton
>substitute in order to preserve the SAFE bill while addressing some of
>the concerns of the law enforcement community.
>
>The White alternative would:
>
>1)  Give law enforcement the tools they needs.  The alternative would
>create a National Electronic Technologies Center (NETCenter) to serve
>local, state and federal law enforcement authorities by providing
>information and assistance regarding decryption technologies and
>techniques.  In addition the NETCenter would give law enforcement access
>to the tools they need to keep pace with changing technologies.
>
>2)  Tough on those who commit crimes by using encryption.  The
>alternative doubles the allowable jail time for those who break the law
>and commit crime and try to hide their tracks by use of encryption.
>
>3)  Study.  There has never been a study on a domestic key recovery
>system and the recent proposal by the FBI.  The White alternative calls
>for a six month study of domestic key recovery system to determine its
>effectiveness.
>
>4)  Americans should not have to turn over the keys to their electronic
>security.  The 4th Amendment protects our individual right(s) to keep
>protect our "effects."  The White alternative states that the federal
>government and the States cannot restrict the use of domestic encryption
>technologies and cannot condition the issuance of certificates of
>authentication -- which many believe will be necessary for electronic
>commerce to succeed -- on the use of a government-blessed key recovery
>system for encryption.

--------

September 22, 1997

The Hon. Thomas J. Bliley, Jr.
Chairman
House Commerce Committee
2125 Rayburn House Office Building
Washington, D.C.  20515

Dear Chairman Bliley:

We are writing to express our strong opposition to the Oxley-Manton
amendment to HR 695, the Security and Freedom through Encryption Act
(SAFE), which the Commerce Committee will consider this week, and to any
form of government domestic controls on encryption.

The Oxley-Manton amendment would impose unprecedented restrictions on the
domestic manufacture and availability of encryption, thus potentially
compromising the security of the nation's telephone system and the Internet
alike.  The amendment would:

* prohibit the domestic manufacture, sale and importation of any encryption
  product or service unless the government is given immediate access to the
  plaintext of communications and stored files without the knowledge of the
  user;

* prohibit network service providers, including telephone companies and
  Internet service providers, from offering encryption products or services
  unless communications can be immediately read without the knowledge of the
  user; and

* give the Attorney General unprecedented, broad new powers to establish
  standards for encryption products and services.

Encryption technologies are the vital tools consumers and businesses need
to operate with security and privacy in the information age, and are a
cornerstone of electronic commerce.  Government domestic controls on
encryption are incompatible with the consumer, corporate, and national
security benefits of the national information infrastructure.  Numerous
communications products and services are now under development that
incorporate encryption as an essential feature.   Oxley-Manton will stifle
these new products and services, end the deployment of market-driven key
recovery systems,  and undermine the potential of the new communications
media for electronic commerce and the promotion of democratic values.

* Strong encryption will not only ensure privacy but also help prevent crime
  on the network.  However, by mandating trap doors in all domestic encryption
  products and communications networks, the Oxley-Manton amendment will make
  the personal records and communications of individuals and businesses more
  vulnerable to hackers, terrorists, industrial spies and other criminals.  Put
  at risk will be medical records, tax returns, private email, business
  proprietary information and transactions, attorney-client communications,
  and cellular phone conversations.

* Oxley-Manton's broad requirement for "immediate access" to decryption keys
  without knowledge of the user would force Americans to forfeit their
  constitutional right of privacy as a condition of participating in the
  information age.

* Oxley-Manton invites disastrous industrial policy.  It is industrial policy
  with criminal sanctions attached.  The amendment authorizes the Attorney
  General to promulgate technical requirements for all encryption products
  and gives the Department of Justice prior approval authority over all
  encryption systems for computers and telecommunications.  This will stifle
  innovation. It will drive encryption expertise out of this country.  The
  market should be allowed to develop its own solutions, many of which in fact
  will meet law enforcement's needs within our existing system of legal
  authorities and safeguards.

* Oxley-Manton will be ineffective in keeping strong encryption out of the
  hands of criminals.  Criminals and terrorist groups will not use a system
  that gives the government access to their decryption keys.  In fact, the
  FBI has admitted in Congressional testimony that criminals will always
  have access to strong unbreakable encryption.

We urge the Committee to reject the Oxley-Manton amendment and any other
form of domestic encryption control.

Sincerely,

ACL Datacom, Inc., California
American Electronics Association
American Automobile Manufacturers Association
Americans for Tax Reform
America Online, Inc.
Ameritech
ANS Communications, Inc., New York
Apple Computer, Inc.
Ashton Communications Corp., California and Texas
Bell Atlantic
Bell South
Bowles Farming Co., Inc.
Business Software Alliance
Center for Democracy and Technology
Commercial Internet eXchange Association
CommerceNet
Compaq Computer Corp.
CompuServe, Inc.
Computer & Communications Industry Association
Computer Software Industry Association
Consumer Electronic Manufacturers Association
Counsel Connect
Crest Industries, Inc.
DataXchange Network, Inc.
Direct Marketing Association
Electronic Data Systems, Corp.
Electronic Frontier Foundation
Electronic Messaging Association
Epoch Internet
Fiber Network Solutions, Inc., Columbus, Ohio
Genuity Inc., a Bechtel company
IBM Corp.
Information Technology Association of America
Information Technology Industry Council (ITI)
Institute of Electrical and Electronics Engineers - US Activities
International Communications Association
Intuit Inc.
Internet Providers Association of Iowa
Microsoft
National Association of Manufacturers
NETCOM On-Line Communication Services, Inc.
NetINS, Inc., Iowa
Novell
Online Banking Association
National Association of Manufacturers
National Retail Federation
Netscape Communications Corp.
Phoenix Media/Communications Group
Pro-Trade Group
PGP, Inc.
RSA Data Security, Inc.
SBC Communications Inc.
Securities Industry Association
Silicon Valley Software Industry Coalition
Software Forum
Software Publishers Association
Sun Microsystems, Inc.
TheOnRamp Group, Inc., Ohio
Trusted Information Systems
United States Council for International Business
United States Internet Council
United States Telephone Association
U.S. Chamber of Commerce
US West
Voters Telecommunications Watch

---


Lawmakers try to get Baby Bells out of code debate
    By Aaron Pressman
   WASHINGTON, Sept 23 (Reuter) - With a Congressional panel set to vote
Wednesday on a proposal to impose domestic controls on encryption,
lawmakers backing the limits worked furiously to convince telephone
companies not to oppose them.
   Late Tuesday, officials at the five "Baby Bell" regional phone companies
 said they had not decided if last-minute changes to the proposal addressed
 their concerns.
   On Monday, the five companies joined dozens of high-tech firms and
business and Internet groups in a letter opposing the proposal authored by
Ohio Republican Rep. Mike Oxley.
   The restrictions, which would require all products sold in the United
States to include features allowing the government to covertly decode any
encrypted data, had been building strong momentum in Congress over the past
 month.
   And until the telephone company opposition surfaced two weeks ago, the
proposal was expected to be adopted easily by the House Commerce Committee.
 But the opposition of the influential Baby Bells stopped the process and
the committee decided to put off an earlier vote until Wednesday.
   In a recent revision, Oxley agreed to remove provisions which required
network service providers such as the phone companies to provide immediate
access to coded communications.
   Lawyers for the phone companies met Tuesday but did not reach a decision
 on the changes, according to Bell South spokesman Bill McCloskey. "The
meeting ended inconclusively," McCloskey said. "We have no verdict."
   Oxley's office remained confident that changes could be made to mollify
the phone companies. "We will get them onboard, there's no doubt," one
staffer said.
   While lawmakers worked to assuage the concerns of the Baby Bells, and
added a provision to appease the banking industry, leading science groups
and law professors separately issued new statements on Tuesday completely
opposing the Oxley restrictions.
   Professors from 23 law schools, including Yale, Harvard and Stanford,
said the restrictions were a "profound mistake" that would "contravene
fundamental principles of our constitutional tradition."
   Leading science, mathematics and engineering groups said the
restrictions were impeding on the advance of cryptography research thus
making all computer networks, including the Internet, less secure.
   The Oxley proposal will be considered as an amendment to a bill by
Virginia Republican Rep. Bob Goodlatte that began as an effort to loosen
strict U.S. export controls on encrypotion products and preclude domestic
restrictions.
   Rep. Rick White, Republican of Washington, said Tuesday he would offer
an alternative to Oxley's amendment that would meet many of the objections
of industry, Internet groups and others. But White's proposal was not
endorsed by leading law enforcement agencies that back Oxley's plan.
   White's plan would establish a center to help law enforcement agencies
crack encryption used by criminals, start a study of technologies to allow
government access and increase criminal penalties for use of encryption as
part of a crime.
   While two House committees have approved the Goodlatte bill intact, two
other panels added tighter export controls and domestic restrictions.
   After the Commerce Committee's vote, the bill goes to the House Rules
Committee which must reconcile the competitng versions. No action is
expected on the bill by the full House this year.
   ((--202-898-8312))
Tuesday, 23 September 1997 19:47:13
RTRS [nN2351141]

---

PRESS RELEASE

SEPTEMBER 24, 1997


LEADING US SCIENTIFIC, MATHEMATICS, AND ENGINEERING
SOCIETIES PROTEST RESTRICTIONS ON CRYPTOGRAPHY
RESEARCH AND DEVELOPMENT

The leading U.S. scientific, mathematics, and engineering societies sent a
united message to Congress today protesting proposed U.S. cryptography
policies that would maintain export restrictions limiting the open exchange
of scientific information and the progress of scientific research and
development.  In addition, these organizations warned that new requirements
for domestic key recovery raise serious scientific and technical problems
that undermine its viability as a policy alternative.  In a letter to the
House Commerce Committee, the societies indicated that the policies will
"diminish the scientific reputation of the United States and weaken us
economically."

This is the first time these highly influential societies have united to
inform Congress how cryptography policies will effect the future of
scientific research and development in the U. S.  Until now,  the debate
has focused on commercial, civil liberties, and national security/ law
enforcement interests.

The House Commerce Committee will vote today on proposed legislation
removing restrictions on the export of encryption products.  However,
amendments to this language were passed by two House Committees restricting
the domestic use of encryption.  The letter urges the Committee to reject
such proposals or " U.S. leadership in many areas of  science and
technology is likely to be jeopardized with no discernible benefits to our
National Interests."

Export controls and domestic restrictions on cryptography development and
use impact scientific freedoms in a number of ways. Cryptographers, a
specialized subset of computer scientists, mathematicians, and engineers,
are unable to communicateare unable to communicate with their colleagues
overseas or to participate in international projects aimed at developing a
secure GII.   The full and open exchange of scientific information
facilitated by these organizations has significantly increased the economic
strength of the United States. However the proposed new laws would continue
to force them to exclude members living outside the United States from this
free exchange.

According to Dr. Barbara Simons, " The scientific and engineering societies
today speak with one voice in urging Congress not to enact cryptography
policies which will prohibit scientists from performing important research.
If scientists cannot research and develop new cryptographic tools, the
future of electronic commerce may be in jeopardy."



CONTACTS:

Dr. Barbara Simons
Chair
U.S. Public Policy Committee for the Association for Computing
phone:  408:256-3661
pager:  1-888-329-3091
pager id:       2533409
e-mail  [email protected]

Dr. Peter Neumann
U.S. Public Policy Committee for the Association for Computing
email:  [email protected]

Ed Lazowska
Chair, Computer Science
University of Washington
e-mail: [email protected]
phone:  206 543 4755

David L. Waltz
President,
American Association for Artificial Intelligence (AAAI)
e-mail: [email protected]
phone:  609-951-2700
fax:    609-951-2483

Irving Lerch
Co-Chair, Committee on Scientific Freedom and Responsibility
American Association for the Advancement of Science
phone:  301 209 3236

Mary Gray
Co-Chair, Scientific Freedom and Responsibility
American Association for the Advancement of Science
phone:  202 885 3171

Staff:  Lauren Gelman 202/544-4859      [email protected]
        Alex Fowler 202/ 326-7016       [email protected]

September 24, 1997

Dear Chairman Bliley:

As representatives of the leading scientific, mathematics, and
engineering societies in the United States, we are writing to protest
current and proposed U.S. cryptography policies that restrict the open
exchange of scientific information and the progress of scientific research
and development.  We object to national policies that criminalize
the use of cryptography that is not approved by the Administration or
that mandate domestic key recovery schemes.

The leadership that the United States currently enjoys in research and
development of encryption algorithms, cryptographic products, and computer
security technology will be seriously eroded, if not essentially eliminated,
by misguided proposals to restrict the domestic use of encryption.

  o The development of strong cryptographic technology is crucial to the
    further growth of our electronic infrastructure.  Encryption protects
    the security and privacy of communications and stored data.
    A lack of strong universally available encryption exacerbates security
    problems on personal computers, intranets, and the world-wide Internet.
    A recent National Academy of Sciences study warned against the
    government's premature reliance on key recovery as an encryption
    technique.  It urged that the method be deployed in test situations first
    to work out problems.  This has not been done.

  o Our organizations publish numerous scientific journals and conference
    proceedings, often relying on the Internet for publication.  The free
    exchange of scientific information facilitated by our organizations
    has significantly increased the economic strength of the United States.
    But the proposed new laws would continue to force us to exclude members
    living outside the United States from this free exchange.  The result would
    diminish the scientific reputation of the United States and weaken us
    economically.

  o It is unreasonable and probably unconstitutional to distinguish between
    printed and electronic distribution of encryption source code.  U.S. policy
    should not create an artificial distinction between paper and electronic
    versions of a document.

  o U.S. scientists and engineers involved with research and development of
    cryptographic tools cannot publish their results using electronic media,
    are restricted in their efforts to educate the next generation of computer
    scientists, and cannot communicate with their international colleagues.
    For example, the U.S. cryptography community has not been able to
    participate in the Internet Protocol Security project, an effort to
    develop new international standards for Internet security.

  o Publication restrictions relating to cryptography have a negative
    impact on peer review and the development of robust algorithms.  To
    demonstrate that encryption algorithms are secure, cryptographers
    publish their algorithms and other cryptographers try to break them.
    Not only does this process tend to identify faulty algorithms, but it is
    also a precondition for the public to have confidence that the algorithm
    is secure.

  o Computer systems currently are plagued by considerable security
    and privacy weaknesses. These problems will become more widespread
    as electronic commerce develops and computer systems become ubiquitous.
    Cryptographers in the U.S. face numerous barriers when addressing
    computer security issues, and some security researchers may be unwilling
    to continue their work because they will be restricted in publishing and
    discussing their research.

In conclusion, we urge you to eliminate current policies that stifle the
ability of researchers and implementers to study and build cryptographic
algorithms, secure information systems, and secure network protocols.
Otherwise, U.S. leadership in many areas of science and technology is
likely to be jeopardized with no discernible benefits to our National
Interests.

For more information please contact Barbara Simons at 408/256-3661,
Alex Fowler at 202/326-7016 or Lauren Gelman at 202/544-4859.

Sincerely,

------------


-------------------------
Declan McCullagh
Time Inc.
The Netly News Network
Washington Correspondent
http://netlynews.com/