From: tenney@netcom.com (Glenn S. Tenney)
Date: Sun, 25 Apr 93 18:17:57 PDT
To: COMMUNET%UVMVM.BITNET@uga.cc.uga.edu
Subject: No Subject
Message-ID: <9304260117.AA12424@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I received a fax of a letter from Representative Markey (Subcommittee on
Telecommunications and Finance) to Ron Brown (Secretary of Commerce). 
Since encryption and the Clipper chip are raised in this letter, I felt it
would be of interest to you.  I understand that on 29 April, Mr. Markey
will be holding a hearing on the questions raised in this letter.  There
may also be a follow-on hearing dedicated to the clipper chip, but that's
not definite.

I'm sending this to a few people (via BCC) and to a few mailing lists
(listed in the TO line) related to privacy, encryption, clipper chip, etc. 
I'l also be posting this to the sci.crypt and alt.clipper newsgroups. 
Because of the traffic on some of the mailing lists, if you have a comment
for me you should email directly to me.

I've typed in the letter, which follows.  Any errors in transcription are
mine...

---
Glenn Tenney
tenney@netcom.com            Amateur radio: AA6ER
Voice: (415) 574-3420        Fax: (415) 574-0546


------------------ letter of interest follows ----------------

April 19, 1993

The Honorable Ronald H. Brown
Secretary
Department of Commerce
14th and Pennsylvania Ave., NW
Washington, DC 20236

Dear Secretary Brown:

   As you know, I have long been interested in the privacy and security of
telecommunications transmissions and data in a networked environment. 
Recent reports concerning the Administration's endorsement of an electronic
encryption standard, based upon "clipper chip" technology, have raised a
number of related issues.  The international competitiveness of U.S. high
tech manufacturers and the software industry is a key factor that the
government should consider when addressing issues of encryption and data
security.  As the nation moves forward in developing the national
communications and information infrastructure, security of
telecommunications transmissions and network data will be an increasingly
important factor for protecting the privacy of users.

   The "hacker" community can compromise the integrity of
telecommunications transmissions and databases linked by the network.  The
people and businesses that use the nation's telecommunications network and
the personal computers linked through it increasingly are demanding that
information be protected against unauthorized access, alteration, and
theft.

   I am concerned that the Administration's plan may mean that to remain
competitive internationally, U.S. companies would be compelled to develop
two products -- one for U.S. government customers, and another for private,
commercial users who may want a higher encryption standard.  This may
inadvertently increase costs to those U.S. companies hoping to serve both
markets.  To assist the Subcommittee's analysis of this issue, please
respond to the following questions:

1. Has the encryption algorithm or standard endorsed by the Administration
been tested by any entity other than NSA, NIST or the vendor?  If so,
please identify such entities and the nature of testing performed.  If not,
please describe any plans to have the algorithm tested by outside experts
and how such experts will be chosen.

2. Under the Administration's plan, what entities will be the holders of
the "keys" to decrypt scrambled data?  What procedures or criteria will the
Administration utilize to designate such key holders?

3. Does the encryption algorithm endorsed by the Administration contain a
"trap door" or "back door," which could allow an agency or entity of the
Federal government to crack the code?

4. It is clear that over time, changes in technologies used for
communications will require new techniques and additional equipment.  How
will encryption devices adapt to the rapid advancement of
telecommunications technology?

5. What additional costs would the proposed encryption place on the Federal
government?  What is the estimated cost to consumers and businesses which
opt for the federal standard in their equipment?

6. What is the Commerce Department's assessment of the competitive impact
of the Administration's endorsement of the "clipper chip" technology on
U.S. exports of computer and telecommunications hardware and software
products?

   I would appreciate your response by no later than close-of-business,
Wednesday, April 28, 1993.  If you have any questions, please have your
staff contact Colin Crowell or Karen Colannino of the Subcommittee staff at
(202) 226-2424.

Sincerely,

Edward J. Markey
Chairman

###