Date: Tue, 8 Feb 1994 08:25:16 -0800 From: Phil Agre <[p--g--e] at [weber.ucsd.edu]> To: [r--e] at [weber.ucsd.edu] Subject: start the revolution (1000 lines) Here are several messages about the latest cryptography-and-civil-liberties action in Washington. Parental discretion advised. Folks in the US are called on to take several political actions. Please distribute widely. Date: 4 Feb 1994 18:21:05 -0600 From: [m--h] at [eff.org] (Stanton McCandlish) To: [alt politics datahighway list] at [eff.org] Subject: Alert--Admin. names escrow agents, no compromise on Clipper - 7 files EFF Press Release 04/04/94 * DISTRIBUTE WIDELY * At two briefings, Feb. 4, 1994, the Clinton Administration and various agencies gave statements before a Congressional committee, and later representatives of civil liberties organizations, industry spokespersons and privacy advocates. The Electronic Frontier Foundation's position, based on what we have seen and heard from the Administration today, is that the White House is set on a course that pursues Cold War national security and law enforcement interests to the detriment of individual privacy and civil liberties. The news is grim. The Administration is: * not backing down on Clipper * not backing down on key escrow * not backing down on selection of escrow agents * already adamant on escrowed key access procedures * not willing to elminate ITAR restrictions * hiding behind exaggerated threats of "drug dealers" and "terrorists" The material released to the industry and advocacy version of the briefing have been placed online at ftp.eff.org (long before their online availability from goverment access sites, one might add). See below for specific details. No information regarding the Congressional committee version of the briefing has been announced. EFF Director Jerry Berman, who attended the private sector meeting, reported the following: "The White House and other officials briefed industry on its Clipper chip and encryption review. While the review is not yet complete, they have reached several policy conclusions. First, Clipper will be proposed as a new Federal Information Processing Standard (FIPS) next Wednesday. [Feb. 9] It will be "vountary" for government agencies and the private sector to use. They are actively asking other vendors to jump in to make the market a Clipper market. Export licensing processes will be speeded up but export restrictions will not be lifted in the interests of national security. The reason was stated bluntly at the briefing : to frustrate competition with clipper by other powerful encryption schemes by making them difficult to market, and to "prevent" strong encryption from leaving the country thus supposedly making the job of law enforcement and intelligence more difficult. Again in the interest of national security. Of course, Clipper will be exportable but they would not comment on how other governments will view this. Treasury and NIST will be the escrow agents and Justice asserted that there was no necessity for legislation to implement the escrow procedures. "I asked if there would be a report to explain the rationale for choosing these results - we have no explanation of the Administration's thinking, or any brief in support of the results. They replied that there would be no report because they have been unable to write one, due to the complexity of the issue. "One Administation spokesperson said this was the Bosnia of Telecommunications. I asked, if this was so, how, in the absense of some policy explanation, could we know if our policy here will be as successful as our policy in Bosnia?" The announcements, authorization procedures for release of escrowed keys, and q-and-a documents from the private sector briefing are online at EFF. They are: "Statement of the [White House] Press Secretary" [White House] file://ftp.eff.org/pub/EFF/Policy/Crypto/wh_press_secy.statement "Statement of the Vice President" [very short - WH] file://ftp.eff.org/pub/EFF/Policy/Crypto/gore_crypto.statement "Attorney General Makes Key Escrow Encryption Announcements" [Dept. of Just.] file://ftp.eff.org/pub/EFF/Policy/Crypto/reno_key_escrow.statement "Authorization Procedures for Release pf Emcryption Key Components in Conjunction with Intercepts Pursuant to Title III/State Statutes/FISA" [3 docs. in one file - DoJ] file://ftp.eff.org/pub/EFF/Policy/Crypto/doj_escrow_intercept.rules "Working Group on Data Security" [WH] file://ftp.eff.org/pub/EFF/Policy/Crypto/interagency_workgroup.announce "Statement of Dr. Martha Harris Dep. Asst. Secy. of State for Polit.-Mil. Affairs: Encryption - Export Control Reform" [Dept. of State] file://ftp.eff.org/pub/EFF/Policy/Crypto/harris_export.statement "Questions and Answers about the Clinton Administration's Encryption Policy" [WH] file://ftp.eff.org/pub/EFF/Policy/Crypto/wh_crypto.q-a These files are available via anonymous ftp, or via WWW at: http://www.eff.org/ in the "EFF ftp site" menu off the front page. Gopher access: gopher://gopher.eff.org/ Look in "EFF Files"/"Papers and Testimony"/"Crypto" All 7 of these documents will be posted widely on the net immediately following this notice. Contacts: Digital Privacy: Jerry Berman, Exec. Director <[j--r--n] at [eff.org]> Daniel J. Weitzner, Sr. Staff Counsel <[d j w] at [eff.org]> Archives: Stanton McCandlish, Online Activist <[m--h] at [eff.org]> General EFF Information: [i--o] at [eff.org] -- Stanton McCandlish * [m--h] at [eff.org] * Electronic Frontier Found. OnlineActivist F O R M O R E I N F O, E - M A I L T O: I N F O @ E F F . O R G O P E N P L A T F O R M O N L I N E R I G H T S V I R T U A L C U L T U R E C R Y P T O -- Stanton McCandlish * [m--h] at [eff.org] * Electronic Frontier Found. OnlineActivist F O R M O R E I N F O, E - M A I L T O: I N F O @ E F F . O R G O P E N P L A T F O R M O N L I N E R I G H T S V I R T U A L C U L T U R E C R Y P T O Date: 4 Feb 1994 18:55:39 -0600 From: [m--h] at [eff.org] (Stanton McCandlish) To: [alt politics datahighway list] at [eff.org] Subject: CRYPTO: "Q & A" about Admin.'s encryption policy ______ begin file ______ >From the White House ***************************************************************** Embargoed until 3:00 p.m. EST Feb. 4, 1994 QUESTIONS AND ANSWERS ABOUT THE CLINTON ADMINISTRATION'S ENCRYPTION POLICY Q. What were the findings of the encryption technology review? A. The review confirmed that sound encryption technology is needed to help ensure that digital information in both computer and telecommunications systems is protected against unauthorized disclosure or tampering. It also verified the importance of preserving the ability of law enforcement to understand encrypted communications when conducting authorized wiretaps. Key escrow technology meets these objectives. Specific decisions were made to enable federal agencies and the private sector to use the key escrow technology on a voluntary basis and to allow the export of key escrow encryption products. In addition, the Department of State will streamline export licensing procedures for products that can be exported under current regulations in order to help U.S. companies to sell their products abroad. To meet the critical need for ways to verify the author and sender of an electronic message -- something that is crucial to business applications for the National Information Infrastructure -- the federal government is committed to ensuring the availability of a royalty-free, public-domain Digital Signature Standard. Finally, an interagency working group has been established to continue to address these issues and to maintain a dialogue with industry and public interest groups. Q. Who has been consulted during this review? The Congress? Industry? What mechanism is there for continuing consultation? A. Following the President's directive announced on April 16, 1993, extensive discussions have been held with Congress, industry, and privacy rights groups on encryption issues. Formal public comment was solicited on the Escrowed Encryption Standard and on a wide variety of issues related to the review through the Computer System Security and Privacy Advisory Board. The White House Office of Science and Technology Policy and the National Security Council will chair the interagency working group. The group will seek input from the private sector both informally and through several existing advisory committees. It also will work closely with the Information Policy Committee of the Information Infrastructure Task Force, which is responsible for coordinating Administration telecommunications and information policy. Q. If national security and law enforcement interests require continued export controls of encryption, what specific benefits can U.S. encryption manufacturers expect? A. The reforms will simplify encryption product export licensing and speed the review of encryption product exports. Among other benefits, manufacturers should see expedited delivery of products, reduced shipping and reporting costs, and fewer individual license requests -- especially for small businesses that cannot afford international distributors. A personal exemption for business travellers using encryption products will eliminate delays and inconvenience when they want to take encryption products out of the U.S. temporarily. Q. Why is the key escrow standard being adopted? A. The key escrow mechanism will provide Americans and government agencies with encryption products that are more secure, more convenient, and less expensive than others readily available today -- while at the same time meeting the legitimate needs of law enforcement. Q. Will the standard be mandatory? A. No. The Administration has repeatedly stressed that the key escrow technology, and this standard, is for voluntary use by federal and other government agencies and by the private sector. The standard that is being issued only applies to federal agencies -- and it is voluntary. Does this approach expand the authority of government agencies to listen in on phone conversations? No Key escrow technology provides government agencies with no [sic] new authorities to access the content of the private conversations of Americans. Q. Will the devices be exportable? Will other devices that use the government hardware? A. Yes. After an initial review of the product, the State Department will permit the export of devices incorporating key escrow technology to most end users. One of the attractions of this technology is the protection it can give to U.S. companies operating at home and abroad. Q. Suppose a law enforcement agency is conducting a wiretap on a drug smuggling ring and intercepts a conversation encrypted using the device. What would they have to do to decipher the message? A. They would have to obtain legal authorization, normally a court order, to do the wiretap in the first place. They would then present documentation, including a certification of this authorization, to the two entities responsible for safeguarding the keys. (The key is split into component parts, which are stored separately in order to ensure the security of the key escrow system.) They then obtain the components for the keys for the device being used by the drug smugglers. The components are then combined and the message can be read. Q. Who will hold the escrowed keys? A. The Attorney General has selected two U.S. agencies to hold the escrowed key components: the Treasury Department's Automated Systems Division and the Commerce Department's National Institute of Standards and Technology. Q. How strong is the security in the device? How can I be sure how strong the security is? A. This system is more secure than many other voice encryption system readily available today. While the algorithm upon which the Escrowed Encryption Standard is based will remain classified to protect the security of the system, an independent panel of cryptography experts found that the algorithm provides significant protection. In fact, the panel concluded that it will be 36 years until the cost of breaking the algorithm will be equal to the cost of breaking the current Data Encryption Standard now being used. Q. Is there a "trap door" that would allow unauthorized access to the keys? A. No. There is no trapdoor. Q. Whose decision was it to propose this product? A. The National Security Council, the Justice Department, the Commerce Department, and other key agencies were involved in this decision. The approach has been endorsed by the President, the Vice President, and appropriate Cabinet officials. ______ end file ________ -- Stanton McCandlish * [m--h] at [eff.org] * Electronic Frontier Found. OnlineActivist F O R M O R E I N F O, E - M A I L T O: I N F O @ E F F . O R G O P E N P L A T F O R M O N L I N E R I G H T S V I R T U A L C U L T U R E C R Y P T O Date: 4 Feb 1994 18:58:24 -0600 From: [m--h] at [eff.org] (Stanton McCandlish) To: [alt politics datahighway list] at [eff.org] Subject: CRYPTO: W. House Press Sec'y statements on Admin's crypto policy ____ begin file ____ THE WHITE HOUSE CONTACT: 202 156-7035 OFFlCE OF THE PRESS SECRETARY EMBARGOED UNTIL 3 PM (EST) FRIDAY, February 4, 1994 STATEMENT OF THE PRESS SECRETARY Last April, the Administration announced a comprehensive interagency review of encryption technology, to be overseen by the National Security Council. Today, the Administration is taking a number of steps to implement the recommendations resulting from that review. Advanced encryption technology offers individuals and businesses an inexpensive and easy way to encode data and telephone conversations. Unfortunately, the same encryption technology that can help Americans protect business secrets and personal privacy can also be used by terrorists, drug dealers, and other criminals. In the past, Federal policies on encryption have reflected primarily the needs of law enforcement and national security. The Clinton Administration has sought to balance these needs with the needs of businesses and individuals for security and privacy. That is why, today the National Institute of Standards ant Technology (NIST) is committing to ensure a royalty-free, public-domain Digital Signature Standard. Over many years, NIST has been developing digital signature technology that would provide a way to verify the author and sender of an electronic message. Such technology will be critical for a wide range of business applications for the National Information Infrastructure. A digital signature standard will enable individuals to transact business electronically rather than having to exchange signed paper contracts. The Administration has determined that such technology should not be subject to private royalty payments, and it will be taking steps to ensure that royalties are not required for use of a digital signature. Had digital signatures been in widespread use, the recent security problems with the Intemet would have been avoided. Last April, the Administration released the Key Escrow chip (also known as the "Clipper Chip") that would provide Americans with secure telecommunications without compromising the ability of law enforcement agencies to carry out legally authorized wiretaps. Today, the Department of Commerce and the Department of Justice are taking steps to enable the use of such technology both in the U.S. and overseas. At the same time, the Administration is announcing its intent to work with industry to develop other key escrow products that might better meet the needs of individuals and industry, particularly the American computer and telecommunications industry. Specific steps being announced today include: - Approval by the Commerce Secretary of the Escrowed Encryption Standard (EES) as a voluntary Federal Informahon Processing Standard, which will enable govemment gencies to purchase the Key Escrow chip for use with telephones nd modems. The department's National Institute of Standards and Technology (NIST) will publish the standard. - Publication by the Department of Justice of procedurs for the release of escrowed keys and the announcement of NIST and the Automated Services Division of the Treasury Department as the escrow agents that will store the keys needed for decryption of communications using the Key Escrow chip. Nothing in these procedures will diminish tne existing legal and procedural requirements that protect Americans from unauthorized wiretaps. - New procedures to allow export of products containing the Key Escrow chip to most countries. In addition, the Department of State will streamline export licensing procedures for encryption products that can be exported under current export regulations in order to help American companies sell their products overseas. In the past, it could take weeks for a company to obtain an export license for encryption products, and each shipment might require a separate license. The new procedures announced today will substantially reduce administrative delays and paperwork for encryption exports. To implement the Administration's encryption policy, an interagency Working Group on Encryption and Telecommunications has been established. It will be chaired by the White House Office of Science and Technology Policy and the National Security Council and will include representatives of the Departments of Commerce, Justice, State, and Treasury as well as the FBI, the National Security Agency, the Office of Management and Budget, and the National Economic Council. This group will work with industry and public-interest groups to develop new encryption technologies and to review and refine Administration policies regarding encryption, as needed. The Administration is expanding its efforts to work with industry to improve on the Key Escrow chip, to develop key-escrow software, and to examine alternatives to the Key Escrow chip. NIST will lead these efforts and will request additional staff and resources for this purpose. We understand that many in industry would like to see all encryption products exportable. However, if encryption technology is made freely available worldwide, it would no doubt be usod extensively by terrorists, drug dealers, and other criminals to harm Americans both in the U.S. and abroad. For this reason, the Administration will continue to restrict export of the most sophisticated encryption devices, both to preserve our own foreign intelligence gathering capability and because of the concerns of our allies who fear that strong encryption technology would inhibit their law enforcement capabilities. At the same time, the Administration understands the benefits that encryption and related technologies can provide to users of computers and telecommunications networks. Indeed, many of the applications of the evolving National Information Infrastructure will require some form of encryption. That is why the Administration plans to work more closely with the private sector to develop new forms of encryption that can protect privacy and corporate secrets without undermining the ability of law-enforcement agencies to conduct legally authorized wiretaps. That is also why the Administration is committed to make available free of charge a Digital Signature Standard. The Administration believes that the steps being announced today will help provide Americans with the telecommunications security they need without compromising the capability of law enforcement agencies and national intelligence agencies. Today, any American can purchase and use any type of encryption product. The Administration does not intend to change that policy. Nor do we have any intention of restrictiog domestic encryption or mandating the use of a particular technology. ____ end file ______ -- Stanton McCandlish * [m--h] at [eff.org] * Electronic Frontier Found. OnlineActivist F O R M O R E I N F O, E - M A I L T O: I N F O @ E F F . O R G O P E N P L A T F O R M O N L I N E R I G H T S V I R T U A L C U L T U R E C R Y P T O Date: Sat, 5 Feb 1994 00:58:22 -0800 From: "Brock N. Meeks" <[b--o--k] at [well.sf.ca.us]> To: [com priv] at [psi.com] Subject: R.I.P -- Privacy '94 Copyright (c) 1994 CyberWire Brock N. Meeks Jacking in from a Non-Government Approved Encryption Port: Washington, DC -- The Clinton Administration today gang raped your privacy. The White House Friday announced its endorsement of a sweeping new security and privacy initiative. Privacy, as we know it, will never be the same. All the rules have changed. Forever. The catch is that the government gets to write all the rules; you get no vote. None. Worse, you can't even read the fucking rule book because it's classified. The initiative involves the creation of "new products to accelerate the development and use of advanced and secure telecommunications networks and wireless telecommunications links," the White House said. In English: Law enforcement and intelligence agencies now have an easy way to fuck with any and all forms of spoken or electronically transmitted communications. The policy is voluntary, of course. You don't have to sign on to it. You don't have to use government approved encryption devices. But if you plan to do any business with the government, you'll have to use them. And if the government gets its way, well, you'll end using them whether you want to or not. You'll have no choice (are you sensing a trend here?). All telephones, computers, fax machines, modems, etc. will come "wiretap ready." It will be the de facto standard. If you don't use the government standard, you'll be branding yourself a CryptoRebel. Big fucking deal? Maybe, maybe not. But think for a second. Perhaps some agency will be able to check your "crypto-approval rating." Perhaps those favorable bank loans, mortgage rates or low insurance premiums will only go to those with high crypto-approval ratings. But the White House is adamant about making sure you understand this whole damn thing is voluntary. And don't let anything sway you from believing that, not even the White House backgrounder materials that say no U.S. citizen "as a matter of right, is entitled to an unbreakable commercial encryption product." Just use the "balanced" approach of the government system, where in this case the "breakability" of the encryption belongs only with them. Everything will work out fine. Just listen: "Encryption is a law and order issue since it can be use by criminals to thwart wiretaps and avoid detection and prosecution," said Vice President Gore. "Our policy is designed to provide better encryption to individuals and businesses while ensuring that the needs of law enforcement and national security are met." The Administration won't tell you exactly why they expect you simply hand over all your privacy safeguards to them. "Listen, if you knew what we knew about criminal activity, this issue wouldn't even be debated," said Mike Nelson with the Office of Science and Technology Policy and co-chair of the Working Group on Data Security, a newly created interagency task force. Chicken or the Egg? ================== The new policy was hatched in the super-secret recesses of the National Security Agency (NSA). And while Clinton was still trying to find the instruction manual for his White House telephone system, the NSA, FBI and other assorted agencies shoved their ideas onto the National Security Council table. Before the Administration could blink, it found itself in the unenviable position of having backed a severely flawed security policy that has compromised the privacy of every U.S. citizen and drawn the ire of every civil liberties in the country. But the White House quickly put the breaks on, calling for a full scale, government wide "review" of its security and privacy policies. It gave privacy advocacy groups some breathing room. Surely the Administration, once it had a chance to actually study this damn thing, would see it through it. But the White House punted. The review was a smoke screen. Instead, it provided momentum inside the Administration. It was from this review, ordered last April, that this new initiative springs. And when all was said and done, the White House screwed the pooch. Clipper Sails On ================ The one trick pony here is the Clipper Chip, a device that can be installed in virtually any communications device. The chip scrambles all conversations. No one can crack the code, expect the government, of course. The Feds hold all the keys. Rather, they hold the only keys that count. Each Clipper chip is made with 3 unique keys. All three are needed to descramble the encrypted messages streaming through them. But only the government's keys matter. The key you get with your Clipper Chip is essentially the chip's social security number. You'll never actually see this key, have any idea what its number is or get your hands on it. If you try to sneak a peak at it, the damn thing self destructs. Honest. The other two keys will be held in electronic vaults; fraternal twins, separated by mandate. Each of these keys will be held by government agencies, called "escrow agents." One will be held by the National Institute for Standards and Technology, the other by the Automated Systems Division of the Dept. of Treasury. When a law enforcement agency, which could be your local sheriff's department, wants to wiretap a conversation that's been encrypted by Clipper they apply to each of the escrow agents. The agents send their respective key, electronically, to a "black box" operated by the law enforcement agency. As encrypted conversations stream into the box, they come out the back side in nice, neat sounding vowels and consonants, or in the case of electronic mail, in plain ol' ASCII. Yes, all law enforcement agencies need a court approved wiretap before they can pull this whole scheme off. This, the Administration says, is where you're privacy is protected. "We're not going to use Clipper to listen in on the American public," said Raymond Kammer of NIST deputy director. It will only be used to catch criminals. Honest. We Don't Need No Stinkin' Warrant ================================= Maybe now would be a good time to mention the National Security Agency. You know these guys. Super-secret, spook agency. Their mission? To monitor and intercept foreign communications. Did you catch that word FOREIGN? I hope so, it's crucial. The NSA is only allowed to intercept foreign communications -- spying on U.S. citizens is a crime. They can't even pry into a U.S. citizen's business a court ordered wiretap. A judge would never allow it. Yet it was the NSA that cooked up this whole Clipper Chip scheme. Why you ask? Good question. But the Administration refuses to discuss the issue. Here's another they can't answer. Suppose the NSA intercepts a message from Iraq and finds it's Clipper encrypted (that damn little black box is specially made to sniff out the Clipper's algorithm and descramble it's social security number). What does the NSA do with this encrypted Iraqi message? How does it decrypt the message? There's a classic Catch-22 running here. Agencies need the Clipper keys from the escrow agents to read the message or listen in on the conversation. But to get the keys you need proof that you have a warrant. The NSA is *never* issued a warrant. You see, the NSA doesn't need a warrant to spy on FOREIGN communications. So, this begs the $64,000 question is: How does the NSA get the escrow agents to give them the keys to decrypt the message if they can't show a warrant? Answer: They don't have to show a warrant; they don't have to cause; they don't have to show spit. What's wrong with this picture? "We have appropriate procedures and safeguards built into the system for the NSA," Nelson said. "I can't tell you what those are, of course, that would divulging too much about the NSA's operation." Fox Guarding the Chickens ========================= There will be absolutely no abuse of the system. This is what the Administration would like you to believe. They also would like you to believe that President's don't approve Watergate break-ins, that arms are never traded for hostages, that the FBI never secretly records civil rights leaders in the heat of infidelity and that FBI directors have never shown a proclivity for red sequined dresses and shiny high-heeled cruel shoes. Representatives from four government organizations stood before the press and outlined all the careful thinking and rigorous safeguards that have gone into this system. There are at least 9 different steps that must be followed to get these Clipper keys transferred from the escrow agents to the agency authorized to do the wiretap. Fair enough, isn't it? Well, it would be except for the fact that the Justice Department intentionally wrote a giant fucking loop- hole into the law. Buried in the Justice Department briefing papers, outlining the authorization procedures for release of the escrow keys, is this gem: "These procedures do not create, and are not intended to create, any substantive rights for individuals intercepted through electronic surveillance, and noncompliance with these procedures shall not provide the basis for any motion to suppress or other objection to the introduction of electronic surveillance evidence lawfully acquired." So, if somebody screws up, like for instance, asks for the keys to be sent before they actually have a wiretap in hand, or has no wiretap authority at all! there is no recourse provision. Criminals As Dumb Shits ======================= But what about that wily criminal element? Once they get wind of this, won't they seek out another type of encryption? The FBI doesn't think so. In fact, the FBI thinks criminals are such dumb shits that they'll forget all about the fact that Clipper even exists. "I predict that few criminals will remember years from now what they've read in the Wall Street Journal" about how these devices were installed in telephones, said FBI's James Kallestrom. (Of course, if criminals are so stupid, why are they perusing the Wall St. Journal... maybe he really meant the New York Times...) So let's get this right. The FBI is sure that criminals will "just forget" that Clipper is installed in their phones and use them anyway. These are the criminals that also would be forgetting that their multi-million dollar drug deals, not to mention their own sweet ass, could be in jeopardy every time they make a call. Yes, the government really thinks so. It's more likely that some bright, enterprising criminal mind will create a worldwide black market that deals in "non-Clipper Installed" encryption devices. Damn, talk about an industry with some growth potential. Getting To the Data Stream ========================== The whole damn program goes into the crapper, however, if the government can't get access to source, to the digital data stream, as it comes out of the telephone switch. In order to do this you have to tap the digital conversation. That's right, you guessed it: Digital Wiretap Access. The FBI failed on its own last year to generate any support in Congress for this digital wiretap proposal. Hell, the FBI couldn't even get a single member of Congress to introduce the thing. So the FBI broke the chain of command: They got the President and Vice President to sign off on the idea. The Administration will soon announce its decision on how it will give the FBI the right to easily wiretap even your unencrypted conversations. "Within a few months at most we should have something decided," said Barry Smith of the FBI's Congressional Affairs office. The FBI's Kallestrom said it was "all but a done deal." This isn't a question of whether or not the Administration will line up behind the FBI on this. It already has. It's only a matter of paperwork, and the nagging little issue of how to pay for making the telephone companies comply with the new rules. But these are small details, compared to the heat the Administration already knows it'll take when they finally unwrap this puppy. Private No More =============== OSTP's Nelson quipped that these security and privacy issues are the Cyberspace version of the Administration's muddied Bosnia policy. Like Bosnia, the White House expects the American public to "trust us" on this issue. After all, the Administration says, they know a hell of a lot more than we do about what kind criminal activity is really going down. Trusting these law enforcement and intelligence agencies is one thing; tempting them by putting all-powerful tools right into their hip pockets is something that should generate a hue and cry loud enough for all of Washington to hear. So, if you're really pissed off, just pick up the phone can call your neighbor. Somebody in Washington is bound to hear it. Meeks out.... Date: Mon, 7 Feb 1994 10:41:44 -0800 From: "Brock N. Meeks" <[b--o--k] at [well.sf.ca.us]> Subject: Congress Wades In Jacking in from the Congressional Port: Washington, DC -- White House's slippery plan to salt information highway with its home-grown encryption technology has irked at least two members of Congress, prompting a call for congressional hearings. Senator Patrick Leahy (D-Vt.), chairman of the Technology and Law Subcommittee said he would likely hold hearings "on the serious issues raised" by Administration's announcement that it would urge private sector to voluntarily adopt its Clipper Chip technology. "Basically, what this means is that the United States Government will hold the two keys to unlock any private communication coded with this program," Leahy said. Citizens and potential foreign customers aren't likely to see Clipper "as the solution to privacy and security concerns," he said. White House plan was called "disappointing," by Rep. Don Edwards (D-Cal.). "I was hoping for a more realistic policy from the Administration," said Edwards, a former FBI agent. "Competitors all over the world can sell the strongest encryption technology, but U.S. companies cannot," he said. Leahy waded in on Administration and law enforcement claims that Clipper would help thwart terrorist and criminal activity, saying it was "obvious" these groups would shun Clipper enabled devices. "Why would any sophisticated criminal or terrorist decide to use Clipper Chip to keep their communications secret when this is the one encryption method to which the government holds the keys?" he asked. Despite Leahy's misgivings, the Administration and law enforcement agencies continue to bank on the success of Clipper because most criminals are "just dumb," the FBI has stated repeatedly. The Administration's decision to keep the handcuffs on export controls of privately developed encryption schemes also worried the congressmen. Leahy called it "a misstep... Why would any foreign government want to buy American software or telecommunications equipment containing Clipper Chip when the U.S. government has the keys to eavesdrop on any private communications?" Edwards said the new policy "won't stop terrorists and drug traffickers from acquiring encryption technology," adding he hoped President Clinton would "look at this policy again." The government shouldn't be in the business of mandating particular technologies, Leahy said. "Whatever confidence I might have that the U.S. government will limit its use of the decoding keys to specific and justifiable law enforcement objectives, I doubt my confidence will be universally shared," he said. Meeks out... Well, almost... Leahy's office said he *wants* to hear from the public on the matter of holding hearings. Any and all comments on the viability of the program, any concerns the public has, should be sent to Leahy immediately, a staffer said. Leahy can be reached at: Committee on the Judiciary, Washington, DC 20510; his phone number is 202-224-3406. Date: Mon, 7 Feb 1994 22:28:08 EST From: Dave Banisar <[b--i--r] at [washofc.cpsr.org]> To: CPSR Civil Liberties Group <[c p sr civilliberties] at [Pa.dec.com]> Subject: Campaign Against Clipper Campaign Against Clipper CPSR ANNOUNCES CAMPAIGN TO OPPOSE CLIPPER PROPOSAL Embargoed until 2 pm, Monday, February 7, 1994 contact: [r--n--g] at [washofc.cpsr.org] (202 544 9240) Washington, DC -- Following the White House decision on Friday to endorse a secret surveillance standard for the information highway, Computer Professionals for Social Responsibility (CPSR) today announced a national campaign to oppose the government plan. The Clipper proposal, developed in secret by the National Security Agency, is a technical standard that will make it easier for government agents to wiretap the emerging data highway. Industry groups, professional associations and civil liberties organizations have expressed almost unanimous opposition to the plan since it was first proposed in April 1993. According to Marc Rotenberg, CPSR Washington director, the Administration made a major blunder with Clipper. "The public does not like Clipper and will not accept it. This proposal is fatally flawed." CPSR cited several problems with the Clipper plan: o The technical standard is subject to misuse and compromise. It would provide government agents with copies of the keys that protect electronic communications. "It is a nightmare for computer security," said CPSR Policy Analyst Dave Banisar. o The underlying technology was developed in secret by the NSA, an intelligence agency responsible for electronic eavesdropping, not privacy protection. Congressional investigations in the 1970s disclosed widespread NSA abuses, including the illegal interception of millions of cables sent by American citizens. o Computer security experts question the integrity of the technology. Clipper was developed in secret and its specifications are classified. CPSR has sued the government seeking public disclosure of the Clipper scheme. o NSA overstepped its legal authority in developing the standard. A 1987 law explicitly limits the intelligence agency's power to set standards for the nation's communications network. o There is no evidence to support law enforcement's claims that new technologies are hampering criminal investigations. CPSR recently forced the release of FBI documents that show no such problems. o The Administration ignored the overwhelming opposition of the general public. When the Commerce Department solicited public comments on the proposal last fall, hundreds of people opposed the plan while only a few expressed support. CPSR today announced four goals for its campaign to oppose the Clipper initiative: o First, to educate the public about the implications of the Clipper proposal. o Second, to encourage people to express their views on the Clipper proposal, particularly through the computer network. Toward that goal, CPSR has already begun an electronic petition on the Internet computer network urging the President to withdraw the Clipper proposal. In less than one week, the CPSR campaign has drawn thousands of electronic mail messages expressing concern about Clipper. To sign on, email [clipper petition] at [cpsr.org] with the message "I oppose clipper" in the body of the text. o Third, to pursue litigation to force the public disclosure of documents concerning the Clipper proposal and to test the legality of the Department of Commerce's decision to endorse the plan. o Fourth, to examine alternative approaches to Clipper. Mr. Rotenberg said "We want the public to understand the full implications of this plan. Today it is only a few experts and industry groups that understand the proposal. But the consequences of Clipper will touch everyone. It will affect medical payments, cable television service, and everything in between. CPSR is a membership-based public interest organization. For more information about CPSR, send email to [c p sr] at [cpsr.org] or call 415 322 3778. For more information about Clipper, check the CPSR Internet library CPSR.ORG. FTP/WAIS/Gopher and listserv access are available. Date: Mon, 7 Feb 1994 18:10:03 -0500 (EST) From: Stanton McCandlish <[m--h] at [eff.org]> Subject: EFF Wants You (to add your voice to the crypto fight!) The Electronic Frontier Foundation needs your help to ensure privacy rights! * DISTRIBUTE WIDELY * Monday, February 7th, 1994 From: Jerry Berman, Executive Director of EFF [j--r--n] at [eff.org] Dear Friends of the Electronic Frontier, I'm writing a personal letter to you because the time has now come for action. On Friday, February 4, 1994, the Administration announced that it plans to proceed on every front to make the Clipper Chip encryption scheme a national standard, and to discourage the development and sale of alternative powerful encryption technologies. If the government succeeds in this effort, the resulting blow to individual freedom and privacy could be immeasurable. As you know, over the last three years, we at EFF have worked to ensure freedom and privacy on the Net. Now I'm writing to let you know about something *you* can do to support freedom and privacy. *Please take a moment to send e-mail to U.S. Rep. Maria Cantwell ([c--tw--l] at [eff.org]) to show your support of H.R. 3627, her bill to liberalize export controls on encryption software.* I believe this bill is critical to empowering ordinary citizens to use strong encryption, as well as to ensuring that the U.S. software industry remains competitive in world markets. Here are some facts about the bill: Rep. Cantwell introduced H.R. 3627 in the House of Representatives on November 22, 1993. H.R. 3627 would amend the Export Control Act to move authority over the export of nonmilitary software with encryption capabilities from the Secretary of State (where the intelligence community traditionally has stalled such exports) to the Secretary of Commerce. The bill would also invalidate the current license requirements for nonmilitary software containing encryption capablities, unless there is substantial evidence that the software will be diverted, modified or re-exported to a military or terroristic end-use. If this bill is passed, it will greatly increase the availability of secure software for ordinary citizens. Currently, software developers do not include strong encryption capabilities in their products, because the State Department refuses to license for export any encryption technology that the NSA can't decipher. Developing two products, one with less secure exportable encryption, would lead to costly duplication of effort, so even software developed for sale in this country doesn't offer maximum security. There is also a legitimate concern that software companies will simply set up branches outside of this country to avoid the export restrictions, costing American jobs. The lack of widespread commercial encryption products means that it will be very easy for the federal government to set its own standard--the Clipper Chip standard. As you may know, the government's Clipper Chip initiative is designed to set an encryption standard where the government holds the keys to our private conversations. Together with the Digital Telephony bill, which is aimed at making our telephone and computer networks "wiretap-friendly," the Clipper Chip marks a dramatic new effort on the part of the government to prevent us from being able to engage in truly private conversations. We've been fighting Clipper Chip and Digital Telephony in the policy arena and will continue to do so. But there's another way to fight those initiatives, and that's to make sure that powerful alternative encryption technologies are in the hands of any citizen who wants to use them. The government hopes that, by pushing the Clipper Chip in every way short of explicitly banning alternative technologies, it can limit your choices for secure communications. Here's what you can do: I urge you to write to Rep. Cantwell today at [c--tw--l] at [eff.org.] In the Subject header of your message, type "I support HR 3627." In the body of your message, express your reasons for supporting the bill. EFF will deliver printouts of all letters to Rep. Cantwell. With a strong showing of support from the Net community, Rep. Cantwell can tell her colleagues on Capitol Hill that encryption is not only an industry concern, but also a grassroots issue. *Again: remember to put "I support HR 3627" in your Subject header.* This is the first step in a larger campaign to counter the efforts of those who would restrict our ability to speak freely and with privacy. Please stay tuned--we'll continue to inform you of things you can do to promote the removal of restrictions on encryption. In the meantime, you can make your voice heard--it's as easy as e-mail. Write to [c--tw--l] at [eff.org] today. Sincerely, Jerry Berman Executive Director, EFF [j--r--n] at [eff.org] P.S. If you want additional information about the Cantwell bill, send e-mail to [cantwell info] at [eff.org.] To join EFF, write [m--er--p] at [eff.org.] For introductory info about EFF, send any message to [i--o] at [eff.org.] The text of the Cantwell bill can be found on the Internet with the any of the following URLs (Universal Resource Locaters): ftp://ftp.eff.org/pub/Policy/Legislation/cantwell.bill http://www.eff.org/ftp/EFF/Policy/Legislation/cantwell.bill gopher://gopher.eff.org/00/EFF/legislation/cantwell.bill It will be available on AOL (keyword EFF) and CIS (go EFFSIG) soon.