=======================================================================
C D T P O L I C Y P O S T
***********************************************************************
A BRIEFING ON PUBLIC POLICY ISSUES
AFFECTING CIVIL LIBERTIES ONLINE
from
THE CENTER FOR DEMOCRACY AND TECHNOLOGY
***********************************************************************
Volume 5, Number 10 June 14, 1999
=======================================================================
CONTENTS:
(1) Crypto Legislation Moves Into Perilous Territory
(2) Overseas Availibility Of Crypto Grows
(3) U.S. Allies Continue to Reject Key Recovery
(4) Subscription Information
(5) About the Center for Democracy and Technology
** This document may be redistributed freely with this banner intact **
Excerpts may be re-posted with permission of ari@cdt.org
_______________________________________________________________________
(1) CRYPTO LEGISLATION MOVES INTO PERILOUS TERRITORY
Four House committees (International Relations, Commerce, Intelligence and
Armed Services) are supposed to vote on encryption legislation before the
4th of July, a bruising schedule and one fraught with peril given the
education work that remains to be done.
The lead bill in the House is the SAFE Act (H.R. 850), which would lift
most export controls on strong encryption, allowing US companies to sell
their products overseas and bringing to an end the "dumbing down" effect
that export controls have had on domestic encryption.
To make it easier for Netizens to contact members of the relevant
committees, CDT has revised its Action page. Go to http://www.cdt.org/action/
and find out if your Member of Congress sits on one of these keys
committees. We make it easy for you to contact your elected representative
or the committee chairmen.
For background information on SAFE, go to:
http://www.cdt.org/crypto/legis_106/SAFE/
On Wednesday, June 9, 1999, CDT staff counsel Alan Davidson testified
before the House Intelligence Committee in support of SAFE. Of all the
committees with jurisdiction over the bill, the Intelligence Committee is
most likely to approve weakening or gutting amendments. CDT's testimony is
available at: http://www.cdt.org/testimony/davidsontestimony060899.shtml
_______________________________________________________________________
(2) OVERSEAS AVAILABILITY OF CRYPTO GROWS
Some of the most devastating evidence against the long-term viability of
U.S. export controls is found in the spread of encryption technology
globally. It is impossible to control basic cryptographic knowledge or its
implementation, and the effort to do so is merely counterproductive to
privacy and security of U.S. citizens.
This trend has been confirmed by a recent survey identifying 805 hardware
and/or software products incorporating cryptography manufactured in 35
countries outside the United States, representing a 22% increase over the
findings of a study just 18 months ago. A total of 512 foreign companies
either manufacture or distribute foreign cryptographic products in at least
67 countries outside the United States. The latest survey, conduct for
Americans for Computer Privacy by Prof. Lance Hoffman of George Washington
University, identified at least 167 foreign cryptographic products that use
strong encryption in the form of these algorithms: Triple DES, IDEA,
BLOWFISH, RC5, or CAST-128. New cryptography product manufacturers have
appeared in six new countries since December 1997.
The study was released on Thursday, June 10 at a hearing of the Senate
Commerce Committee on Chairman John McCain's bill, S. 798. No privacy
advocates were invited to testify.
For background information on S. 798, go to:
http://www.cdt.org/crypto/legis_106/PROTECT/
The foreign availability study and cybercast materials on the Senate
hearing are available at: http://www.computerprivacy.org/
_______________________________________________________________________
(3) U.S. ALLIES CONTINUE TO REJECT KEY RECOVERY
Support for the US policy approach continues to erode abroad. While the
Clinton Administration defends export controls and some in Congress even
push domestic controls, other countries seeking leadership roles in the
information age have recently repudiated key recovery of the type sought by
the U.S. government.
The U.S. government has acknowledged that its controls on encryption make
sense only if there is general worldwide support for similar restrictions.
Otherwise, criminal groups as well as legitimate enterprises will procure
their security products from foreign suppliers. U.S. officials have
promised Congress repeatedly that an international consensus supporting key
recovery was emerging. Yet, over the past six months, the movement has
been in the opposite direction, including even among U.S. allies:
** United Kingdom
A May 1999 government task force report endorsed by Prime Minister Blair
concluded, "There is no 'silver bullet' policy that guarantees that the
development of encryption will not affect law enforcement capabilities."
The report found that "widespread adoption of key escrow was unlikely in
the current industry and public climate." The report concluded,
"Implementation of mandatory key escrow would significantly impair the
ability of the UK to become the leading environment in the world in which
to trade electronically."
* Accordingly, the UK task force recommended: "the government should reform
policy so that licensed providers should not be required to deposit data
encryption keys with third parties (i.e., no mandatory 'key escrow'). The
introduction of a mandatory link between licensed providers of services and
key escrow would not support the Government's twin objectives on e-commerce
and law enforcement."
Instead, the task force recommended the establishment of a Technical
Assistance Centre, similar to the NET Center added to the SAFE Act by the
Commerce Committee last Congress. Interestingly, the task force
recommended against making it a crime to use encryption in the furtherance
of an offense.
http://www.cabinet-office.gov.uk/Innovation/1999/encryption/index.htm
** Germany
On June 2, 1999, the German cabinet adopted an encryption policy that
rejected restrictions on the availability of strong encryption. Highlights
from the German policy statement:
* "The Federal Government has no intention of restricting the free
availability of encryption products in Germany. It regards the use of
secure encryption as a decisive prerequisite for data protection for the
public, for the development of electronic business transactions and for the
protection of company secrets. The Federal Government will thus actively
support the spread of secure encryption in Germany."
* "For reasons relating to the security of the state, the economy and
society, the Federal Government considers it indispensable that German
manufacturers be capable of developing and manufacturing secure and
powerful encryption products. It will take steps to improve the
international competitiveness of this sector."
http://jya.com/de-crypto-all.htm
** France
France had once pursued one of the most rigid crypto control schemes in the
world, and was often cited favorably by U.S. officials. But on January 19,
1999, Prime Minister Lionel Jospin announced that France was dropping its
domestic restrictions on the use of cryptography, opting, in the words of
the government's policy statement, for "a fundamental change of direction."
While France retained export controls, it dropped its requirement of
mandatory key escrow, and the government promised to introduce new
legislation to repeal the law mandating key escrow.
http://www.premier-ministre.gouv.fr/GB/INFO/FICHE1GB.HTM
The Electronic Privacy Information Center's global survey of encryption
controls is online at: http://www2.epic.org/reports/crypto1999.html
_______________________________________________________________________
4) SUBSCRIPTION INFORMATION
Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you and what you can do to
make a difference! Subscribe to the CDT's Activist Network. You'll
receive:
A) CDT Policy Posts, the regular news publication
of the Center for Democracy and Technology are received
by Internet users, industry leaders, policymakers the
news media and activists, and have become the leading
source for information about critical free speech and
privacy issues affecting the Internet and other
interactive communications media.
B) Updates on what you can do to make sure that the
Internet remains a decentralized, open, global and
user-controlled medium, including information on the
actions of your representatives in Congress.
To subscribe to CDT's Activist Network, sign up at:
http://www.cdt.org/join/
If you ever wish to remove yourself from the list, unsubscribe at:
http://www.cdt.org/action/unsubscribe.shtml
If you just want to change your address, you should unsubscribe yourself
and then sign up again or contact: webmaster@cdt.org
_______________________________________________________________________
(5) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US
The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.
Contacting us:
General information: info@cdt.org
World Wide Web: http://www.cdt.org/
Snail Mail: The Center for Democracy and Technology
1634 Eye Street NW * Suite 1100 * Washington, DC 20006
(v) +1.202.637.9800 * (f) +1.202.637.0968
-----------------------------------------------------------------------
End Policy Post 5.10
-----------------------------------------------------------------------
