CDT Policy Post 4.2 - CONGRESS PREPARES TO TAKE UP CRYPTO AGAIN.


------------------------------------------------------------------------------
    _____ _____ _______
   / ____|  __ \__   __|   ____        ___               ____             __
  | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
  | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
  | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
   \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
   The Center for Democracy and Technology  /____/     Volume 4, Number 4
----------------------------------------------------------------------------
      A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
 CDT POLICY POST Volume 4, Number 4                    March 6, 1998

 CONTENTS: CONGRESS PREPARES TO TAKE UP CRYPTO AGAIN:
           (1) Sens. McCain and Kerrey propose revised crypto bill
           (2) Broad new coalition formed to fight crypto controls
           (3) Senate crypto hearings planned
           (4) Critical infrastructures
           (5) How to Subscribe/Unsubscribe
           (6) About CDT, Contacting us

  ** This document may be redistributed freely with this banner intact **
        Excerpts may be re-posted with permission of 

      |PLEASE SEE END OF THIS DOCUMENT FOR SUBSCRIPTION INFORMATION|
_____________________________________________________________________________

                 CONGRESS PREPARES TO TAKE UP CRYPTO AGAIN

Congress is back in session and the ongoing debate on encryption controls
has moved front and center. This spring Congress will be considering
diametrically opposed approaches to the regulation of encryption, including
an FBI proposal that would, for the first time, control the type of
encryption programs Americans may use within their own borders. The most
recent developments are outlined below.

(1) Sens. McCain and Kerrey propose revised crypto bill

Senators John McCain (R-AZ) and Robert Kerrey (D-NE) have a new version of
their Secure Public Networks Act, S.909. The revised draft includes several
changes in response to industry and privacy concerns. Despite these
changes, CDT remains opposed to S. 909 for one fundamental reason: the
revised draft still seeks, through a series of incentives (export controls,
government procurement and liability safe-harbors), to require encryption
users to surrender control over their keys on the government's terms.

Major changes in the revised McCain-Kerrey bill include:
* it heightens the legal standards for access to escrowed keys;
* it removes the linkage between key recovery and the regulation of
certificate authorities; and
* it refines export control requirements, lifting export limits to 56 bits
for non-key recovery products.


Overall, the new bill still threatens electronic privacy and security
through the coercion of the marketplace towards adoption of a government
key recovery standard, with all the risks that entails. Any legislation
that includes government-dictated standards for key recovery is not a
compromise. It entails too many risks and is fundamentally inconsistent
with the user-controlled nature of the new electronic technologies.

CDT also opposes the revised bill because its privacy standards fall short;
it criminalizes a wide range of uses of encryption; and it effectively
retains current export controls on encryption. CDT believes S.909 is at
best a codification of a bad status-quo.

In a press release, the Senators said they intend to move the bill to the
floor of the Senate for a vote in May.  See
http://www.senate.gov/~mccain/encryp.htm .


(2) Broad new coalition formed to fight crypto controls

Americans for Computer Privacy (ACP), a broad new coalition opposed to
encryption controls, held its introductory press conference Wednesday,
March 4.  See http://www.computerprivacy.org . ACP opposes domestic
restrictions on the use of encryption and supports lifting export controls
to permit the sale of strong U.S. encryption in the global market. Members
include not only key components of the computer industry and communications
industry but also such diverse groups as Americans for Tax Reform, the
National Rifle Association, and the Automobile Manufacturers Association,
as well as CDT.

CDT will work with ACP to explain to the public the dangers of encryption
controls; the vehicle for this public-education effort will be an expansion
of our successful 'Adopt Your Legislator' campaign. The campaign, which now
has 16,000 members across all 435 congressional districts, was a powerful
voice against domestic controls in the last session of Congress.

'Adopt Your Legislator' helps individual Internet users keep track online
of the positions their Members of Congress take on encryption policy.
Through electronic alerts, it updates supporters on the latest news about
the legislative fight. If you haven't joined the campaign, see:
http://www.crypto.com/adopt/


(3) Senate crypto hearings planned

Sen John Ashcroft (R-MO), chairman of the Senate Subcommittee on the
Constitution, is planning to hold a hearing on encryption on March 17. Sen.
Ashcroft is a staunch opponent of domestic controls and an advocate of
export relief. Witnesses invited to testify include: Rep. Goodlatte, author
of the House SAFE (Security and Freedom through Encryption) bill; a
representative of the Department of Justice; industry representatives;
Cindy Cohn, lead attorney in the Bernstein encryption case; and law
professors who will testify on the constitutionality of encryption
controls.

(4) Critical infrastructures

On the same day as the Ashcroft hearing, another Senate subcommittee will
hold a hearing to 'review policy directives for protecting America's
critical infrastructures.'  This issue has been the vehicle for some
disturbing proposals regarding the Internet.

In November 1997, the President's Commission on Critical Infrastructure
Protection issued its report. See http://www.pccip.gov  One little-noticed
provision (below) recommended the establishment of an 'Early Warning and
Response capability' to protect telecommunications networks against
cyber-attack:

'Conceptually, a successful cyber-attack warning and response system would
include:
1) A means for near real-time monitoring of the telecommunications
infrastructure.
2) The ability to recognize, collect, and profile system anomalies
associated with attacks.
3) The capability to trace, re-route, and isolate electronic signals that
are determined to be associated with an attack.'

The concept reappeared in December when the Justice and Interior ministers
of the G8, which includes the world's eight most industrialized nations,
agreed that 'To the extent practicable, information and telecommunications
systems should be designed to help prevent and detect network abuse, and
should also facilitate the tracing of criminals and the collection of
evidence.'

Witnesses invited to testify at this March 17 hearing include: a lead
witness fronm the National Security Council; FBI Director Freeh, who will
testify about the Infrastructure Protection Center, the FBI's new
cyber-attack-monitoring center; and former Sen. Sam Nunn and former deputy
Attorney General Jamie Gorelick, co-chairs of the President's Commission on
Critical Infrastructure Protection Advisory Committee.

CDT remains concerned that this new initiative will form the basis for a
sweeping plan to build new surveillance capabilities into the information
infrastructure.


_____________________________________________________________________________

(7) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
more than 13,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

                majordomo@cdt.org

in the BODY of the message (leave the SUBJECT LINE BLANK), type

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts
_____________________________________________________________________________

(8) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       http://www.cdt.org/


Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

----------------------------------------------------------------------------
End Policy Post 4.4                                               
----------------------------------------------------------------------------