CDT Led Coalition Letter to VP Gore, November 8, 1995

November 8, 1995

The Honorable Albert Gore, Jr.
Office of the Vice President
Old Executive Office Building, Room 276
Washington, D.C. 20501

Dear Mr. Vice President:

A secure, private, and trusted Global Information Infrastructure (GII) is essential to promote economic growth and meet the needs of the Information Age society. Competitive businesses need cryptography to protect proprietary information as it flows across increasingly vulnerable global networks. Individuals require privacy protection in order to build the confidence necessary to use the GII for personal and financial transactions. Promoting the development of the GII and meeting the needs of the Information Age will require strong, flexible, widely-available cryptography. The undersigned groups recognize that the Administration's recently articulated cryptography initiative was a serious attempt to meet some of these challenges, but the proposed initiative is no substitute for a comprehensive national cryptography policy. To the extent that the current policy becomes a substitute for a more comprehensive policy, the initiative actually risks hindering the development of a secure and trusted GII.

A number of the undersigned organizations have already written to express concern about the latest Administration cryptography initiative. As some of us have noted, the Administration's proposed export criteria will not allow users to choose the encryption systems that best suit their security requirements. Government ceilings on key lengths will not provide an adequate level of security for many applications, particularly as advances in computing render current cryptography systems less secure. Competitive international users are steadily adopting stronger foreign encryption in their products and will be unlikely to embrace U.S. restrictions. As they stand, current export restrictions place U.S. hardware manufacturers, software developers, and computer users at a competitive disadvantage, seriously hinder international interoperability, and threaten the strategically important U.S. communications and computer hardware and software industries. Moreover, the Administration policy does not spell out any of the privacy safeguards essential to protect individual liberties and to build the necessary public trust in the GII.

The current policy directive also does not address the need for immediate liberalization of current export restrictions. Such liberalization is vital to enable U.S. companies to export state-of-the-art software products during the potentially lengthy process of developing and adopting a comprehensive national cryptography policy. Without relief, industry and individuals alike are faced with an unworkable limit on the level of security available and remain hamstrung by restrictions that will not be viable in the domestic and international marketplace.

Many members of the undersigned groups have been working actively with the Administration on a variety of particular applications, products, and programs promoting information security. All of us are united, however, by the concern that the current network and information services environment is not as secure as it should be, and that the current policy direction will delay the secure, private, and trusted environment that is sought.

Despite the difficulties of balancing the competing interests involved, the undersigned companies, trade associations, and privacy organizations are commencing a process of collective fact-finding and policy deliberation, aimed at building consensus around a more comprehensive cryptography policy framework that meets the following criteria:

Robust security: access to levels of encryption sufficient to address domestic and international security threats, especially as advances in computing power make currently deployed cryptography systems less secure.
International interoperability: the ability to securely interact worldwide.
Voluntary use: freedom for users to choose encryption solutions, developed in the marketplace, that meet their particular needs.
Acceptance by the marketplace: commercial viability and ability to meet the expressed needs of cryptography users.
Constitutional privacy protections: safeguards to ensure basic Fourth Amendment privacy protection and regulation of searches, seizures, and interceptions.
Respect for the legitimate needs of law enforcement and national security, while recognizing the reality that determined criminals will have access to virtually unbreakable encryption.

In six months, we plan to present our initial report to the Administration, the Congress, and the public in the hopes that it will form the basis for a more comprehensive, long-term approach to cryptography on the GII. We look forward to working with the Administration on this matter.

Sincerely,

American Electronics Association
America Online, Inc.
Apple Computer, Inc.
AT&T
Business Software Alliance
Center for Democracy & Technology
Center for National Security Studies
Commercial Internet eXchange Association
CompuServe, Inc.
Computer & Communications Industry Association
Computing Technology Industry Association
Crest Industries, Inc.
Dun & Bradstreet
Eastman Kodak Company
Electronic Frontier Foundation
Electronic Messaging Association
EliaShim Microcomputers, Inc.
Formation, Inc.
Institute for Electrical and Electronic Engineers - United States Activities
Information Industry Association
Information Technology Industry Council
Information Technology Association of America
Lotus Development Corporation
MCI
Microsoft Corporation
Novell, Inc.
OKIDATA Corporation
Oracle Corporation
Securities Industry Association
Software Industry Council
Software Publishers Association
Software Security, Inc.
Summa Four, Inc.
Sybase, Inc.
Tandem Computers, Inc.
Telecommunications Industry Association
ViON Corporation