|
EFFector Online 5.09 - May 28, 1993 - EFF Comments
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
==============================================================================
////////////// ////////////// //////////////
/// /// ///
/////// /////// ///////
/// /// ///
////////////// /// ///
-==--==--==-<>-==--==--==-
In this issue:
EFF Comments to NIST
Computers, Freedom and Privacy Conference 1994
Summary of Rural Datafications Conference
-==--==--==-<>-==--==--==-
EFF Comments to the NIST (the National Institute of Standards and
Technology:
May 27, 1993
Before the
COMPUTER SYSTEM SECURITY AND PRIVACY ADVISORY BOARD
Technology Building, Room B-154
National Institute of Standards and Technology Gaithersburg, MD
20899
COMMENTS OF THE ELECTRONIC FRONTIER FOUNDATION
Regarding
Key Escrow Chip Cryptographic Technology and Government
Cryptographic Policies and Regulations
The Electronic Frontier Foundation (EFF) commends the Computer
System Security and Privacy Advisory Board for offering the public
the opportunity to comment on developments in cryptography and
communications privacy policy. Recent Administration proposals,
including use of the Clipper Chip and establishment of a government-
controlled key escrow system, raise questions that cut to the core of
privacy protection in the age of digital communication technology.
The questions noted by the Advisory Board in its Notice of Open
Meeting (58 FR 28855) reflect a broad range of concerns, from civil
liberties to global competitiveness. The Digital Privacy and Security
Working Group -- a cooperative effort of civil liberties organizations
and corporate users and developers of communication technology
which is chaired by the EFF -- has also submitted over one hundred
questions to the Administration. (These questions are being
submitted to the Advisory Board under separate cover on behalf of
the Working Group.) That there are so many questions demonstrates
the need for a comprehensive review of cryptography and privacy
policy.
We are encouraged that the Administration has expressed a
willingness to undertake such a review. However, it has become clear
that plans for rapid introduction of the Clipper Chip could
unacceptably distort this important policy review. The
Administration has made no secret of the fact that it hopes to use
government purchasing power to promote Clipper as a de facto
standard for encryption. With Clipper on the market, the policy
process will be biased toward a long-term solution such as Clipper
with key escrow. Moreover, the rush to introduce Clipper is already
forcing a hasty policy review which may fail to provide adequate
public dialogue on the fundamental privacy questions which must be
resolved to reach a satisfactory cryptography policy. Based on the
depth and complexity of questions raised by this review, EFF
believes that no solution, with Clipper Chip or otherwise, should be
adopted by the government until the comprehensive cryptography
review initiated by the Administration is complete.
EFF is a nonprofit, public interest organization whose public policy
mission is to insure that the new electronic highways emerging from
the convergence of telephone, cable, broadcast, and other
communications technologies enhance free speech and privacy rights,
and are open and accessible to all segments of society.
In these comments, we will elaborate on questions 1, 2, and 3 listed
in the Advisory Board's Notice. We offer these comments primarily to
raise additional questions that must be answered during the course
of the Administration's policy review.
A. WILL PARTICULAR ENCRYPTION TECHNOLOGIES BE MANDATED OR
PROSCRIBED?: A THRESHOLD QUESTION
Unraveling the current encryption policy tangle must begin with one
threshold question: will there come a day when the federal
government controls the domestic use of encryption through
mandated key escrow schemes or outright prohibitions against the
use of particular encryption technologies? Is Clipper the first step in
this direction? A mandatory encryption regime raises profound
constitutional questions, some of which we will discuss below. So far,
the Administration has not declared that use of Clipper will be
mandatory, but several factors point in that direction:
1. Secrecy of the algorithm justified by need to ensure key escrow
compliance:
Many parties have already questioned the need for a secret
algorithm, especially given the existence of robust, public-domain
encryption techniques. The most common explanation given for use
of a secret algorithm is the need to prevent users from by-passing
the key escrow system proposed along with the Clipper Chip. If the
system is truly voluntary, then why go to such lengths to ensure
compliance with the escrow procedure?
2. How does a voluntary system solve law enforcement's problems?
The major stated rationale for government intervention in the
domestic encryption arena is to ensure that law enforcement has
access to criminal communications, even if they are encrypted. Yet, a
voluntary scheme seems inadequate to meet this goal. Criminals who
seek to avoid interception and decryption of their communications
would simply use another system, free from escrow provisions.
Unless a government-proposed encryption scheme is mandatory, it
would fail to achieve its primary law enforcement purpose. In a
voluntary regime, only the law-abiding would use the escrow
system.
B. POLICY CONCERNS ABOUT GOVERNMENT-RUN KEY ESCROW SYSTEM
Even if government-proposed encryption standards remain
voluntary, the use of key escrow systems still raises serious
concerns:
1. Is it wise to rely on government agencies, or government-selected
private institutions to protect the communications privacy of all who
would someday use a system such as Clipper?
2. Will the public ever trust a secret algorithm with an escrow
system enough to make such a standard widely used?
C. CONSTITUTIONAL IMPLICATIONS OF GOVERNMENT CONTROLS ON
USE OF ENCRYPTION
Beyond the present voluntary system is the possibility that specific
government controls on domestic encryption could be enacted. Any
attempt to mandate a particular cryptographic standard for private
communications, a requirement that an escrow system be used, or a
prohibition against the use of specific encryption algorithms, would
raise fundamental constitutional questions. In order to appreciate the
importance of the concerns raised, we must recognize that we are
entering an era in which most of society will rely on encryption to
protect the privacy of their electronic communications. The following
questions arise:
1. Does a key escrow system force a mass waiver of all users' Fifth
Amendment right against self-incrimination?
The Fifth Amendment protects individuals facing criminal charges
from having to reveal information which might incriminate them at
trial. So far, no court has determined whether or not the Fifth
Amendment allows a defendant to refuse to disclose his or her
cryptographic key. As society and technology have changed, courts
and legislatures have gradually adapted fundamental constitutional
rights to new circumstances. The age of digital communications
brings many such challenges to be resolved. Such decisions require
careful, deliberate action. But the existence of a key escrow system
would have the effect of waiving this right for every person who
used the system in a single step. We believe that this question
certainly deserves more discussion.
2. Does a mandatory key escrow system violate the Fourth
Amendment prohibition against "unreasonable search and seizure"?
In the era where people work for "virtual corporations" and conduct
personal and political lives in cyberspace, the distinction between
communication of information and storage of information is
increasingly vague. The organization in which one works or lives may
constitute a single virtual space, but be physically dispersed. So, the
papers and files of the organization or individual may be moved
within the organization by means of telecommunications technology.
Until now, the law of search and seizure has made a sharp distinction
between, on the one hand, seizures of papers and other items in a
person's physical possession, and on the other hand, wiretapping of
communications. Seizure of papers or personal effects must be
conducted with the owner's knowledge, upon presentation of a
search warrant. Only in the exceptional case of wiretapping, may a
person's privacy be invaded by law enforcement without
simultaneously informing the target. Instantaneous access to
encryption keys, without prior notice to the communicating parties,
may well constitute a secret search, if the target is a virtual
organization or an individual whose "papers" are physically
dispersed. Under the Fourth Amendment, secret searches are
unconstitutional.
3. Does prohibition against use of certain cryptographic techniques
infringe individuals' right to free speech?
Any government restriction on or control of speech is to be regarded
with the utmost scrutiny. Prohibiting the use of a particular form of
cryptography for the express purpose of making communication
intelligible to law enforcement is akin to prohibiting anyone from
speaking a language not understood by law enforcement. Some may
argue that cryptography limitations are controls on the "time, place
and manner" of speech, and therefore subject to a more lenient legal
standard. However, time, place and manner restrictions that have
been upheld by courts include laws which limit the volume of
speakers from interfering with surrounding activities, or those which
confine demonstrators to certain physical areas.
No court has ever upheld an outright ban on the use of a particular
language. Moreover, even a time, place and manner restriction must
be shown to be the "least restrictive means" of accomplishing the
government's goal. It is precisely this question -- the availability of
alternatives which could solve law enforcement's actual problems --
that must be explored before a solution such as Clipper is promoted.
D. PUBLIC PROCESS FOR CRYPTOGRAPHY POLICY
As this Advisory Board is well aware, the Computer Security Act of
1987 clearly established that neither military nor law enforcement
agencies are the proper protectors of personal privacy. When
considering the law, Congress asked, "whether it is proper for a
super-secret agency [the NSA] that operates without public scrutiny
to involve itself in domestic activities...?" The answer was a clear
"no." Recent Administration announcements regarding the Clipper
Chip suggest that the principle established in the 1987 Act has been
circumvented. For example, this Advisory Board was not consulted
with until after public outcry over the Clipper announcements. Not
only does the initial failure to consult eschew the guidance of the
1987 Act, but also it ignored the fact that this Advisory Board was
already in the process of conducting a cryptography review.
As important as the principle of civilian control was in 1987, it is
even more critical today. The more individuals around the country
come to depend on secure communications to protect their privacy,
the more important it is to conduct privacy and security policy
dialogues in public, civilian forums.
CONCLUSION
The EFF thanks the Advisory Board for the opportunity to comment
on these critical public policy issues. In light of the wide range of
difficult issues raised in this inquiry, we encourage the Advisory
Board to call on the Administration to delay the introduction of
Clipper-based products until a thorough, public dialogue on
encryption and privacy policy has been completed.
Respectfully Submitted,
Electronic Frontier Foundation
Jerry Berman
Executive Director
[email protected]
Daniel J. Weitzner
Senior Staff Counsel
[email protected]
-==--==--==-<>-==--==--==-
Computers, Freedom and Privacy '94 Announcement
The fourth annual conference, "Computers, Freedom, and Privacy,"
will be held in Chicago, Il., March 23-26, 1994. This conference will
be jointly sponsored by the Association for Computing Machinery
(ACM) and The John Marshall Law School. George B. Trubow,
professor of law and director of the Center for Informatics Law at
John Marshall, is general chairman of the conference. The series
began in 1991 with a conference in Los Angeles, and subsequent
meetings took place in Washington, D.C., and San Francisco, in
successive years. Each conference has addressed a broad range of
issues confronting the "information society" in this era of the
computer revolution.
The advance of computer and communications technologies holds
great promise for individuals and society. From conveniences for
consumers and efficiencies in commerce to improved public health
and safety and increased knowledge of and participation in
government and community, these technologies are fundamentally
transforming our environment and our lives.
At the same time, these technologies present challenges to the idea
of a free and open society. Personal privacy is increasingly at risk
from invasions by high-tech surveillance and monitoring; a myriad of
personal information data bases expose private life to constant
scrutiny; new forms of illegal activity may threaten the traditional
barriers between citizen and state and present new tests of
Constitutional protection; geographic boundaries of state and nation
may be recast by information exchange that knows no boundaries as
governments and economies are caught up in global data networks.
Computers, Freedom, and Privacy '94 will present an assemblage of
experts, advocates and interested parties from diverse perspectives
and disciplines to consider the effects on freedom and privacy
resulting from the rapid technological advances in computer and
telecommunication science. Participants come from fields of
computer science, communications, law, business and commerce,
research, government, education, the media, health, public advocacy
and consumer affairs, and a variety of other backgrounds. A series of
pre-conference tutorials will be offered on March 23, 1994, with the
conference program beginning on Thursday, March 24, and running
through Saturday, March 26, 1994.
The emphasis in '94 will be on examining the many potential uses of
new technology and considering recommendations for dealing with
them. "We will be looking for specific suggestions to harness the new
technologies so society can enjoy the benefits while avoiding
negative implications," said Trubow. "We must manage the
technology, or it will manage us," he added.
Trubow is putting out a call for papers or program suggestions.
"Anyone who is doing a paper relevant to our subject matter, or who
has an idea for a program presentation that will demonstrate new
computer or communications technology and suggest what can be
done with it, is invited to let us know about it." Any proposal must
state the title of the paper or program, describe the theme and
content in a short paragraph, and set out the credentials and
experience of the author or suggested speakers. Conference
communications should be sent to:
CFP'94
John Marshall Law School
315 S. Plymouth Ct.
Chicago, IL 60604
(Voice: 312-987-1419; Fax: 312-427-8307; E-mail: [email protected])
Trubow anticipates that announcement of a student writing
competition for CFP'94 will be made soon, together with information
regarding the availability of a limited number of student
scholarships for the conference. Trubow said, "I expect the
organizational structure for CFP'94, including the designation of
program committees, to be completed by about the first of August, to
allow plenty of time for the development of a stimulating and
informative conference."
The venerable Palmer House, a Hilton hotel located at the corner of
State Street and Washington Ave. in Chicago's "loop," and only about
a block from the John Marshall Law School buildings, will be the
conference headquarters. Room reservations should be made directly
with the hotel, mentioning John Marshall Law School or "CFP'94" to
get the special conference rate of $99.00, plus tax.
The Palmer House Hilton
17 E. Monroe., Chicago, Il., 60603
Tel: 312-726-7500; 1-800-HILTONS; Fax 312-263-2556
-==--==--==-<>-==--==--==-
Preliminary Report -- Rural Datafication Conference
Chicago, May 13 & 14, 1993
Over 200 hundred people from all over the United States and Canada
gathered in Chicago last week to participate in _Rural Datafication:
achieving the goal of ubiquitous access to the Internet_. The
conference was sponsored by CICNet and nine cooperating state
communications networks or organizations: NetILLINOIS, INDNet,
IREN, MichNet, MRNet, NYSERNet, PREPnet, WiscNet, and WVNET. Two
of the represented states (Minnesota and Indiana) took the
opportunity to caucus among themselves to further define their own
activities.
The program began Thursday afternoon with hosted discussion
groups intended to discover where we could make improvements in
networked information services. Then a panel described current
successful projects in British Columbia (Roger Hart), North Dakota
(Dan Pullen), Montana (Frank Odasz), Washington, Alaska, and Oregon
(Sherrilynne Fuller), Pennsylvania (Art Hussey), and Massachusetts
(Miles Fidelman). Questions from the panel and the audience would
have kept the room filled far into the night had the moderator not
sent everyone out to dinner.
The next morning's sessions featured knowledgeable speakers open
to interaction with the other conference attendees. Mike Staman set
the stage. He was followed by Ross Stapleton who spoke about
recognizing that our government is also not well-networked; by
Simona Nass who spoke about some of the legal and policy issues of
networked communities; by Anthony Riddle who spoke about how
the networked information community could build from the
experiences of the community access television people; and by
George Baldwin who spoke about using networked information to
preserve Native American cultures. Rick Gates finished up the
morning with a presentation that described his efforts to teach
information discovery on the nets using play.
The afternoon session featured reports from the hosted discussion
groups on agriculture, on health care and health education, on
libraries, on post-secondary education, on community and
government information, and on K-12 education. Joel Hartman of
Bradley University and netILLINOIS moderated.
The interaction among the attendees and between and with the
speakers and panelists brought the most benefit, according to some
attendees. The attendees recognized that we haven't quite figured
out how to solve the extensive problems that bar network access to
all but they are excited about continuing to identify and work on
removing the barriers. A number suggested that the meeting should
actually be the first Rural Datafication Conference and offered to host
and/or organize the anticipated follow-on meeting next year. Many
offered format and speaker suggestions for that meeting and look
forward to the anticipated proceedings from the conference which
CICNet expects to publish.
CICNet is working on a summary of the meeting and working to build
a gopher/ftp-archive and printed version of the meeting. We'll
announce the availability of those versions as soon as we can. Thanks
to all the participants for a successful meeting and to all of you who
have expressed interest but couldn't come.
____________________________
Glee Harrah Cady, Manager, Information Services, CICNet 2901
Hubbard, Ann Arbor, MI 48105 +1.313.998.6419
[email protected]
=============================================================
EFFector Online is published by
The Electronic Frontier Foundation
666 Pennsylvania Ave. SE Suite 303
Washington, DC 20003 USA
Phone: +1 202 544 9237 FAX: +1 202 547 5481
Internet Address: [email protected]
Coordination, production and shipping by Cliff Figallo, EFF
Online Communications Coordinator ([email protected])
Reproduction of this publication in electronic media is encouraged.
Signed articles do not necessarily represent the view of the EFF.
To reproduce signed articles individually, please contact the authors
for their express permission.
*This newsletter is printed on 100% recycled electrons*
=============================================================
MEMBERSHIP IN THE ELECTRONIC FRONTIER FOUNDATION
In order to continue the work already begun and to expand our
efforts and activities into other realms of the electronic frontier, we
need the financial support of individuals and organizations.
If you support our goals and our work, you can show that support by
becoming a member now. Members receive our bi-weekly electronic
newsletter, EFFector Online (if you have an electronic address that
can be reached through the Net), and special releases and other
notices on our activities. But because we believe that support should
be freely given, you can receive these things even if you do not elect
to become a member.
Your membership/donation is fully tax deductible.
Our memberships are $20.00 per year for students and $40.00 per
year for regular members. You may, of course, donate more if you
wish.
Our privacy policy: The Electronic Frontier Foundation will never,
under any circumstances, sell any part of its membership list. We
will, from time to time, share this list with other non-profit
organizations whose work we determine to be in line with our goals.
But with us, member privacy is the default. This means that you
must actively grant us permission to share your name with other
groups. If you do not grant explicit permission, we assume that you
do not wish your membership disclosed to any group for any reason.
=============================================================
Mail to:
Membership Coordinator
The Electronic Frontier Foundation
666 Pennsylvania Ave. SE Suite 303
Washington, DC 20003 USA
I wish to become a member of the EFF. I enclose: $_______
I wish to renew my membership in the EFF. I enclose: $_______
$20.00 (student or low income membership)
$40.00 (regular membership)
[ ] I enclose an additional donation of $_______
Name:
Organization:
Address:
City or Town:
State: Zip: Phone: ( ) (optional)
FAX: ( ) (optional)
Email address:
I enclose a check [ ].
Please charge my membership in the amount of $
to my Mastercard [ ] Visa [ ] American Express [ ]
Number:
Expiration date:
Signature: ________________________________________________
Date:
I hereby grant permission to the EFF to share my name with
other non-profit groups from time to time as it deems
appropriate [ ].
Initials:___________________________
|
|
