[1500] in Kerberos
re: Communications Privacy (FYI)
daemon@ATHENA.MIT.EDU (geer@irc.cbm.dec.com)
Thu Aug 8 12:45:12 1991
From: geer@irc.cbm.dec.com
To: kerberos@ATHENA.MIT.EDU
Date: Thu, 08 Aug 91 11:45:26 EDT
------- Forwarded Message
Date: Wed, 7 Aug 91 19:42:17 EDT
From: Karen Rosin Sollins <sollins@lcs.mit.edu>
Sender: sollins@allspice.lcs.mit.edu
To: jtw@mercury.lcs.mit.edu, ddc@lcs.mit.edu, bboard@lcs.mit.edu
Subject: Communications Privacy (FYI)
STATEMENT IN SUPPORT OF COMMUNICATIONS PRIVACY
Washington, DC
June 10, 1991
As representatives of leading computer and telecommunications companies, as
members of national privacy and civil liberties organizations, as academics
and researchers across the country, as computer users, as corporate users of
computer networks, and as individuals interested in the protection of privacy
and the promotion of liberty, we have joined together for the purpose of
recommending that the United States government undertake a new approach to
support communications privacy and to promote the availability of
privacy-enhancing technologies. We believe that our effort will strengthen
economic competitiveness, encourage technological innovation, and ensure that
communications privacy will be carried forward into the next decade.
In the past several months we have become aware that the federal government
has failed to take advantage of opportunities to promote communications
privacy. In some areas, it has considered proposals that would actually be a
step backward. The area of cryptography is a prime example.
Cryptography is the process of translating a communication into a code so that
it can be understood only by the person who prepares the message and the
person who is intended to receive the message. In the communications world,
it is the technological equivalent of the seal on an envelope. In the
security world, it is like a lock on a door. Cryptography also helps to
ensure the authenticity of messages and promotes new forms of business in
electronic environments. Cryptography makes possible the secure exchange of
information through complex computer networks, and helps to prevent fraud and
industrial espionage.
For many years, the United States has sought to restrict the use of encryption
technology, expressing concern that such restrictions were necessary for
national security purposes. For the most part, computer systems were used by
large organizations and military contractors. Computer policy was largely
determined by the Department of Defense. Companies that tried to develop new
encryption products confronted export control licensing, funding restrictions,
and classification review. Little attention was paid to the importance of
communications privacy for the general public.
It is clear that our national needs are changing. Computers are ubiquitous.
We also rely on communication networks to exchange messages daily. The
national telephone system is in fact a large computer network.
We have opportunities to reconsider and redirect our current policy on
cryptography. Regrettably, our government has failed to move thus far in a
direction that would make the benefits of cryptography available to a wider
public.
In late May, representatives of the State Department met in Europe with the
leaders of the Committee for Multilateral Export Controls ("COCOM"). At the
urging of the National Security Agency, our delegates blocked efforts to relax
restrictions on cryptography and telecommunications technology, despite
dramatic changes in Eastern Europe. Instead of focusing on specific national
security needs, our delegates continued a blanket opposition to secure network
communication technologies.
While the State Department opposed efforts to promote technology overseas, the
Department of Justice sought to restrict its use in the United States. A
proposal was put forward by the Justice Department that would require
telecommunications providers and manufacturers to redesign their services and
products with weakened security. In effect, the proposal would have made
communications networks less well protected so that the government could
obtain access to all telephone communications. A Senate Committee Task Force
Report on Privacy and Technology established by Senator Patrick Leahy noted
that this proposal could undermine communications privacy.
The public opposition to S. 266 was far-reaching. Many individuals wrote to
Senator Biden and expressed their concern that cryptographic equipment and
standards should not be designed to include a "trapdoor" to facilitate
government eavesdropping. Designing in such trapdoors, they noted, is no more
appropriate than giving the government the combination to every safe and a
master key to every lock.
We are pleased that the provision in S. 266 regarding government surveillance
was withdrawn. We look forward to Senator Leahy's hearing on cryptography and
communications privacy later this year. At the same time, we are aware that
proposals like S. 266 may reemerge and that we will need to continue to oppose
such efforts. We also hope that the export control issue will be revisited
and the State Department will take advantage of the recent changes in
East-West relations and relax the restrictions on cryptography and network
communications technology.
We believe that the government should promote communications privacy. We
therefore recommend that the following steps be taken.
First, proposals regarding cryptography should be moved beyond the domain of
the intelligence and national security community. Today, we are growing
increasingly dependent on computer communications. Policies regarding the
appropriate use of cryptography should be subject to public review and public
debate.
Second, any proposal to facilitate government eavesdropping should be
critically reviewed. Asking manufacturers and service providers to make their
services less secure will ultimately undermine efforts to strengthen
communications privacy across the country. While these proposals may be based
on sound concerns, there are less invasive ways to pursue legitimate
government goals.
Third, government agencies with appropriate expertise should work free of NSA
influence to promote the availability of cryptography so as to ensure
communications privacy for the general public. The National Academy of
Science has recently completed two important studies on export controls and
computer security. The Academy should now undertake a study specifically on
the use of cryptography and communications privacy, and should also evaluate
current obstacles to the widespread adoption of cryptographic protection.
Fourth, the export control restrictions for computer network technology and
cryptography should be substantially relaxed. The cost of export control
restrictions are enormous. Moreover, foreign companies are often able to
obtain these products from other sources. And one result of export
restrictions is that US manufacturers are less likely to develop
privacy-protecting products for the domestic market.
As our country becomes increasingly dependent on computer communications for
all forms of business and personal communication, the need to ensure the
privacy and security of these messages that travel along the networks grows.
Cryptography is the most important technological safeguard for ensuring
privacy and security. We believe that the general public should be able to
make use of this technology free of government restrictions.
There is a great opportunity today for the United States to play a leadership
role in promoting communications privacy. We hope to begin this process by
this call for a reevaluation of our national interest in cryptography and
privacy.
Mitchell Kapor, Electronic Frontier Foundation
Marc Rotenberg, CPSR
John Gilmore, EFF
D. James Bidzos, RSA
Phil Karn, BellCore
Ron Rivest, MIT
Jerry Berman, ACLU
Whitfield Diffie, Northern Telecom
David Peyton, ADAPSO
Ronald Plesser, Information Industry Association
Dorothy Denning, Georgetown University
David Kahn, author *The Codebreakers*
Ray Ozzie, IRIS Associates
Evan D. Hendricks, US Privacy Council
Priscella M. Regan, George Mason University
Lance J. Hoffman, George Washington University
David Bellin, Pratt University
(affiliations are for identification purposes only)
------- End of Forwarded Message
