1994-05-07 - (fwd) EFF’s Jerry Berman testimony - House Clipper/DigTel hearing 5/3/94 (fwd)

Header Data

From: paul@hawksbill.sprintmrn.com (Paul Ferguson)
To: cypherpunks@toad.com
Message Hash: 014918b0df79969ec566f07407365687a57f83dd4d42537abd67542c0b6e7949
Message ID: <9405070245.AA14271@hawksbill.sprintmrn.com>
Reply To: N/A
UTC Datetime: 1994-05-07 01:43:33 UTC
Raw Date: Fri, 6 May 94 18:43:33 PDT

Raw message

From: paul@hawksbill.sprintmrn.com (Paul Ferguson)
Date: Fri, 6 May 94 18:43:33 PDT
To: cypherpunks@toad.com
Subject: (fwd) EFF's Jerry Berman testimony - House Clipper/DigTel hearing 5/3/94 (fwd)
Message-ID: <9405070245.AA14271@hawksbill.sprintmrn.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> From: mech@eff.org (Stanton McCandlish)
> Newsgroups: talk.politics.crypto
> Subject: EFF's Jerry Berman testimony - House Clipper/DigTel hearing 5/3/94
> Date: 6 May 1994 11:11:10 -0500
> Organization: UTexas Mail-to-News Gateway
> Lines: 491
> Sender: daemon@cs.utexas.edu
> Approved: mech@eff.org
> Message-ID: <199405061610.MAA06408@eff.org>
> NNTP-Posting-Host: cs.utexas.edu
> 
>   
> 
> 
> Testimony 
> 
> of
> 
> Jerry J. Berman, Executive Director
> Electronic Frontier Foundation
> 
> before the 
> 
> Committee on Science, Space and Technology
> 
> Subcommittee on Technology, Environment and 
> Aviation
> 
> U.S. House of Representatives
> 
> 
> Hearing on 
> 
> Communications and Computer Surveillance, Privacy 
> and Security
> 
> 
> May 3, 1994
> 
> Mr. Chairman and Members of the Committee
> 
> 	I want to thank you for the opportunity to testify today on 
> communications 
> and computer surveillance, privacy, and security policy.  The Electronic 
> Frontier Foundation (EFF) is a public interest membership organization 
> dedicated to achieving the democratic potential of new communications 
> and computer technology and works to protect civil liberties in new 
> digital environments.  EFF also coordinates the Digital Privacy and 
> Security Working Group (DPSWG), a coalition of more than 50 computer, 
> communications, and public interest organizations and associations 
> working on communications privacy issues.  The Working Group has 
> strongly opposed the Administration's clipper chip and digital telephony 
> proposals. 
> 	EFF is especially pleased that this subcommittee has taken an 
> interest in these issues.  It is our belief that Administration policy 
> developed in this area threatens individual privacy rights, will thwart 
> the development of the information infrastructure, and does not even 
> meet the stated needs of law enforcement and national security agencies.  
> A fresh and comprehensive look at these issues is needed.
> 
> 
> I.	Background on digital privacy and security policy
> -------------------------------------------------------
> 
> 	From the beginning of the 1992 Presidential campaign, President 
> Clinton and Vice President Gore committed themselves to support the 
> development of the National Information Infrastructure.  They recognize 
> that the "development of the NII can unleash an information revolution 
> that will change forever the way people live, work, and interact with 
> each other."  They also know that the information infrastructure can 
> only realize its potential if users feel confident about security 
> measures available. 
> 	If allowed to reach its potential, this information infrastructure 
> will carry vital personal information, such as health care records, 
> private communications among friends and families, and personal 
> financial transactions.  The business community will transmit valuable 
> information such as plans for new products, proprietary financial data, 
> and other strategic communications.  If communications in the new 
> infrastructure are vulnerable, all of our lives and businesses would be 
> subject to both damaging and costly invasion.
> 	In launching its Information Infrastructure Task Force (IITF) the 
> Clinton Administration recognized this when it declared that:
> 
>    The trustworthiness and security of communications channels and    
>    networks are essential to the success of the NII....  Electronic  
>    information systems can create new vulnerabilities.  For example, 
>    electronic files can be broken into and copied from remote locations, 
>    and cellular phone conversations can be monitored easily.  Yet these 
>    same systems, if properly designed, can offer greater security than 
>    less advanced communications channels.  [_Agenda_for_Action_, 9]
> 
> Cryptography -- technology which allows encoding and decoding of 
> messages -- is an absolutely essential part of the solution to 
> information security and privacy needs in the Information Age.  Without 
> strong cryptography, no one will have the confidence to use networks to 
> conduct business, to engage in commercial transactions electronically, 
> or to transmit sensitive personal information.  As the Administration 
> foresees, we need
> 
>    network standards and transmission codes that facilitate 
>    interconnection and interoperation between networks, and ensure the 
>    privacy of persons and the security of information carried.... 
>    [_Agenda_for_Action_, 6]
> 
> While articulating these security and privacy needs, the Administration 
> has also emphasized that  the availability of strong encryption poses 
> challenges to law enforcement and national security efforts.  Though the 
> vast majority of those who benefit from encryption will be law abiding 
> citizens, some criminals will find ways to hide behind new technologies. 
> 
> 
> II.	Current cryptography policy fails to meet the needs of 
> ------------------------------------------------------------
>        the growing information infrastructure 
> ----------------------------------------------
> 
> 	As a solution to the conflict between the need for user privacy 
> and the desire to ensure law enforcement access, the Administration has 
> proposed that individuals and organizations who use encryption deposit a 
> copy of their private key -- the means to decode any communications they 
> send -- with the federal government. 
> 	 In our view, this is not a balanced solution but one that 
> undermines the need for security and privacy without resolving important 
> law enforcement concerns.  It is up to the Congress to send the 
> Administration back to the drawing board.
> 
> A.	Current Export Controls and New Clipper Proposal Stifle Innovation
> ------------------------------------------------------------------------
> 
> 	Two factors are currently keeping strong encryption out of the 
> reach of United States citizens and corporations.  First, general 
> uncertainty about what forms of cryptography will and will not be legal 
> to produce in the future.  Second, export controls make it economically 
> impossible for US manufacturers that build products for the global 
> marketplace to incorporate strong encryption for either the domestic or 
> foreign markets.  Despite this negative impact on the US market, export 
> controls are decreasingly successful at limiting the foreign 
> availability of strong encryption.  A recent survey shows that of the 
> more than 260 foreign encryption products now available globally, over 
> 80 offer encryption which is stronger than what US companies are allowed 
> to export.  Export controls do constrain the US market, but the 
> international market appears to be meeting its security needs without 
> help from US industry.  The introduction of Clipper fails to address the 
> general uncertainty in the cryptography market.  Announcement of a key 
> escrow policy alone is not sufficient to get the stalled US cryptography 
> market back on track.
> 
> B.	The secrecy of the Clipper/Skipjack algorithm reduces public trust            
> ------------------------------------------------------------------------
>       and casts doubt on the voluntariness of the whole system
> --------------------------------------------------------------
> 
> 	Many parties have already questioned the need for a secret 
> algorithm, especially given the existence of robust, public-domain 
> encryption techniques.  The most common explanation given for use of a 
> secret algorithm is the need to prevent users from bypassing the key 
> escrow system proposed along with the Clipper Chip.  Clipper has always 
> been presented by the Administration as a voluntary option.  But if the 
> system is truly voluntary, why go to such lengths to ensure compliance 
> with the escrow procedure?  
> 
> C.	Current plans for escrow system offer inadequate technical 
> ----------------------------------------------------------------
>       security and insufficient legal protections for users
> -----------------------------------------------------------
> 
> 	The implementation of a nationwide key escrow system is clearly a 
> complex task.  But preliminary plans available already indicate several 
> areas of serious concern:
> 
> 1.	_No_legal_rights_for_escrow_users_:  As currently written, the 
> escrow procedures insulate the government escrow agents from any legal 
> liability for unauthorized or negligent release of an individual's key.  
> This is contrary to the very notion of an escrow system, which 
> ordinarily would provide a legal remedy for the depositor whose 
> deposit is released without authorization.  If anything, escrow agents 
> should be subject to strict liability for unauthorized disclosure of 
> keys.
> 
> 2.	_No_stability_in_escrow_rules_:  The Administration has 
> specifically declared that it will not seek to have the escrow 
> procedures incorporated into legislation or official regulations.  
> Without formalization of rules, users have no guaranty that subsequent 
> administrations will follow the same rules or offer the users the same 
> degree of protection.  This will greatly reduce the trust in the system.
> 
> 3.	_Fixed_Key_:  A cardinal rule of computer security is that 
> encryption keys must be changed often.  Since the Clipper keys are 
> locked permanently into the chips, the keys can never be changed.  This 
> is a major technical weakness of the current proposal.
> 
> 4.	_Less_intrusive,_more_secure_escrow_alternatives_are_available_: 
> The Clipper proposal represents only one of many possible kinds of key 
> escrow systems.  More security could be provided by having more 
> than two escrow agents.  And, in order to increase public trust, some 
> or all of these agents could be non-governmental agencies, with the 
> traditional fiduciary duties of an escrow agent.  
> 
> D.	Escrow Systems Threaten Fundamental Constitutional Values
> ---------------------------------------------------------------
> 
> 	The Administration, Congress, and the public ought to have the 
> opportunity to consider the implications of limitations on cryptography 
> from a constitutional perspective.  A delicate balance between 
> constitutional privacy rights and the needs of law enforcement has been 
> crafted over the history of this country.  We must act carefully as we 
> face the constitutional challenges posed by new communication 
> technologies.
> 	Unraveling the current encryption policy tangle must begin with 
> one threshold question: will there come a day when the federal 
> government controls the domestic use of encryption through mandated key 
> escrow schemes or outright prohibitions against the use of particular 
> encryption technologies?  Is Clipper the first step in this direction?  
> A mandatory encryption regime raises profound constitutional questions.
> 	In the era where people work for "virtual corporations" and 
> conduct personal and political lives in "cyberspace," the distinction 
> between _communication_ of information and _storage_ of information is 
> increasingly vague.  The organization in which one works may constitute 
> a single virtual space, but be physically dispersed.  So, the papers and 
> files of the organization or individual may be moved within the 
> organization by means of telecommunications technology.  Instantaneous 
> access to encryption keys, without prior notice to the communicating 
> parties, may well constitute a secret search, if the target is a 
> virtual corporation or an individual whose "papers" are physically 
> dispersed.
> 	Wiretapping and other electronic surveillance has always been 
> recognized as an exception to the fundamental Fourth Amendment 
> prohibition against secret searches.  Even with a valid search warrant, 
> law enforcement agents must "knock and announce" their intent to search 
> a premises before proceeding.  Failure to do so violates the Fourth 
> Amendment.  Until now, the law of search and seizure has made a sharp 
> distinction between, on the one hand, _seizures_of_papers_ and other 
> items in a person's physical possession, and on the other hand, 
> _wiretapping_of_communications_.  Seizure of papers or personal effects 
> must be conducted with the owner's knowledge, upon presentation of a 
> search warrant.  Only in the exceptional case of wiretapping, may a 
> person's privacy be invaded by law enforcement without simultaneously 
> informing that person.  
> 	Proposals to regulate the use of cryptography for the sake of law 
> enforcement efficiency should be viewed carefully in the centuries old 
> tradition of privacy protection.
> 
> E.	Voluntary escrow system will not meet law enforcement needs
> -----------------------------------------------------------------
> 
> 	Finally, despite all of the troubling aspects of the Clipper 
> proposal, it is by no means clear that it will even solve the problems 
> that law enforcement has identified.  The major stated rationale for 
> government intervention in the domestic encryption arena is to ensure 
> that law enforcement has access to criminal communications, even if they 
> are encrypted.  Yet, a voluntary scheme seems inadequate to meet this 
> goal.  Criminals who seek to avoid interception and decryption of their 
> communications would simply use another system, free from escrow 
> provisions.  Unless a government-proposed encryption scheme is 
> mandatory, it would fail to achieve its primary law enforcement purpose.  
> In a voluntary regime, only the law-abiding would use the escrow system.  
> 
> III.	Recent policy developments indicate that Administration policy is 
> -----------------------------------------------------------------------
>       bad for the NII, contrary to the Computer Security Act, and 
> -----------------------------------------------------------------
>       requires Congressional oversight
> --------------------------------------
> 
> 	Along with the Clipper Chip proposal, the Administration announced 
> a comprehensive review of cryptography and privacy policy.  Almost 
> immediately after the Clipper announcement, the Digital Privacy and 
> Security Working Group began discussions with the Administration on 
> issues raised by the Clipper proposal and by cryptography in general.  
> Unfortunately, this dialogue has been largely one-sided.  EFF and many 
> other groups have provided extensive input to the Administration, yet 
> the Administration has not reciprocated -- the promised policy report 
> has not been forthcoming.  Moreover, the National Security Agency and 
> the Federal Bureau of Investigation are proceeding unilaterally to 
> implement their own goals in this critical policy area.
> 	Allowing these agencies to proceed unilaterally would be a grave 
> mistake. As this subcommittee is well aware, the Computer Security Act 
> of 1987 clearly established that neither military nor law enforcement 
> agencies are the proper protectors of personal privacy.  When 
> considering the law, Congress asked, "whether it is proper for a super-
> secret agency [the NSA] that operates without public scrutiny to involve 
> itself in domestic activities...?"  The answer was a clear "no."  Recent 
> Administration announcements regarding the Clipper Chip suggest that the 
> principle established in the 1987 Act has been circumvented. 
> 	As important as the principle of civilian control was in 1987, it 
> is even more critical today.  The more individuals around the country 
> come to depend on secure communications to protect their privacy, the 
> more important it is to conduct privacy and security policy dialogues in 
> public, civilian forums.
> 	The NII can grow into the kind of critical, national resource 
> which this Administration seeks to promote only if major changes in 
> current cryptography and privacy policy.  In the absence of such 
> changes, digital technology will continue to rapidly render our 
> commercial activities and communications -- and, indeed, much of our 
> personal lives -- open to scrutiny by strangers.  The Electronic 
> Frontier Foundation believes that Americans must be allowed access 
> to the cryptographic tools necessary to protect their own privacy.
> 	We had hoped that the Administration was committed to making these 
> changes, but several recent developments lead us to fear that the effort 
> has been abandoned, leaving individual agencies to pursue their own 
> policy agendas instead of being guided by a comprehensive policy.  The 
> following issues concern us:
> 
> *	Delayed Cryptography Policy Report
> ----------------------------------------
> 
> The policy analysis called for along with the April 16, 1993 
> Presidential Decision Directive has not been released, though it was 
> promised to have been completed by early fall of 1993.  We had hoped 
> that this report would be the basis for public dialogue on the important 
> privacy, competitiveness, and law enforcement issues raised by 
> cryptography policy.  To date, none of the Administration's policy 
> rationale has been revealed to the public, despite the fact that 
> agencies in the Executive Branch are proceeding with their own plan
> 
> *	Escrowed Encryption Federal Information Processing Standard (FIPS)      
> ------------------------------------------------------------------------
>       approved against overwhelming weight of public comments
> -------------------------------------------------------------
> 
> The Presidential Decision Directive also called for consideration of a 
> Federal Information Processing Standard (FIPS) for key-escrow 
> encryption systems.  This process was to have been one of several 
> forums whereby those concerned about the proposed key-escrow system 
> could voice opinions.  EFF, as well as over 225 of our individual 
> members, raised a number of serious concerns about the draft FIPS in 
> September of this 1993.  EFF expressed its opposition to government 
> implementation of key-escrow systems as proposed.  We continue to 
> oppose the deployment of Skipjack family escrow encryption systems 
> both because they violate fundamental First, Fourth, and Fifth 
> amendment principles, and because they fail to offer users adequate 
> security and flexibility.
> 
> Despite overwhelming opposition from over 300 commenters, the 
> Department of Commerce recently approved FIPS 185.
> 
> *	Large-Scale Skipjack Deployment Announced
> -----------------------------------------------
> 
> At the December 9, 1993 meeting of the Computer Systems Security and 
> Privacy Advisory Board, an NSA official announced plans to deploy from 
> 10,000 to 70,000 Skipjack devices in the Defense Messaging System in 
> the near future.  The exact size of the order was said to be dependent 
> only on budget constraints.  The Administration is on record in the 
> national press promising that no large-scale Skipjack deployment would 
> occur until a final report of the Administration Task Force was 
> complete.  Ten thousand units was set as the upper limit of initial 
> deployment.  Skipjack deployment at the level planned in the Defense 
> Messaging System circumvents both the FIPS notice and comments process 
> which has been left in a state of limbo, as well as the Administration's 
> promise of a comprehensive policy framework. 
> 
> *	New FBI Digital Telephony Legislation Proposed
> ----------------------------------------------------
> 
> The FBI recently proposed a new "Digital Telephony" bill.  After initial 
> analysis, we strongly oppose the bill, which would require all common 
> carriers to construct their networks to deliver to law enforcement 
> agencies, in real time, both the contents of all communications on their 
> networks and the "signaling" or transactional information. 
> 
> 	In short, the bill lays the groundwork for turning the National 
> Information Infrastructure into a nation-wide surveillance system, to be 
> used by law enforcement with few technical or legal safeguards.  This 
> image is not hyperbole, but a real assessment of the power of the 
> technology and inadequacy of current legal and technical privacy 
> protections for users of communications networks. 
> 
> 	Although the FBI suggests that the bill is primarily designed to 
> maintain status quo wiretap capability in the face of technological 
> changes, in fact, it seeks vast new surveillance and monitoring tools. 
> 
> 	Lengthy delays on the promised policy report, along with these 
> unilateral steps toward Clipper/Skipjack deployment, lead us to believe 
> that Administration policy is stalled by the Cold War-era national 
> security concerns that have characterized cryptography policy for the 
> last several decades.
> 	EFF believes that it would be a disastrous error to allow national 
> information policy -- now a critical component of domestic policy -- to 
> be dictated solely by backward-looking national-security priorities and 
> unsubstantiated law-enforcement claims.  The directions set by this 
> Administration will have a major impact on privacy, information 
> security, and the fundamental relationship between the government and 
> individual autonomy.  This is why the Administration must take action--
> and do so before the aforementioned agencies proceed further--to ensure 
> that cryptography policy is restructured to serve the 
> interests of privacy and security in the National Information 
> Infrastructure. We still believe the Administration can play the 
> leadership role it was meant to play in shaping this policy. If it does 
> not, the potential of the NII, and of fundamental civil liberties in the 
> information age, will be threatened.
> 
> IV.	Congressional oversight of cryptography & privacy policy is 
> -----------------------------------------------------------------
>       urgently needed to right the balance between privacy, 
> -----------------------------------------------------------
>       competitiveness & law enforcement needs
> ---------------------------------------------
> 
> 	All participants in this debate recognize that the need for 
> privacy and security is real, and that new technologies pose real 
> challenges for law enforcement and national security operations.  
> However, the solutions now on the table cripple the NII, pose grave 
> threats to privacy, and fail to even meet law enforcement objectives.  
> In our judgment, the Administration has failed, thus far, to articulate 
> a comprehensive set of policies which will advance the goals upon 
> which we all agree.
> 	Congress must act now to ensure that cryptography policy is 
> developed in the context of the broader goal of promoting the 
> development of an advanced, interoperable, secure, information 
> infrastructure.  
> 	In order to meet the privacy and security needs of the growing 
> infrastructure, Congress should seek a set of public policies which 
> promote the widespread availability of cryptographic systems according 
> to the following criteria:
> 
> *	Use Voluntary Standards to Promote Innovation and Meet 
> ------------------------------------------------------------
>       Diverse Needs: 
> --------------------
> 
> The National Information Infrastructure stretches to 
> encompass devices as diverse as super computers, handheld personal 
> digital assistants and other wireless communications devices, and plain 
> old telephones.  Communication will be carried over copper wires, fiber 
> optic cables, and satellite links.  The users of the infrastructure will 
> range from elementary school children to federal agencies.  Encryption 
> standards must be allowed to develop flexibly to meet the wide-ranging 
> needs all components of the NII.  In its IITF Report, the Administration 
> finds that standards also must be compatible with the large installed 
> base of communications technologies, and flexible and adaptable enough 
> to meet user needs at affordable costs. [_AA_, 9]  The diverse uses of 
> the NII require that any standard which the government seeks to promote 
> as a broadly deployed solution should be implementable in software as 
> well as hardware and based on widely available algorithms.
> 
> *	Develop Trusted Algorithms and End-to-End Security:  
> ---------------------------------------------------------
> 
> Assuring current and future users of the NII that their communications 
> are 
> secure and their privacy is protected is a critical task.  This means 
> that the 
> underlying algorithms adopted must have a high level of public trust and 
> the overall systems put in place must be secure.
> 
> *	Encourage National and International Interoperability:  
> ------------------------------------------------------------
> 
> The promise of the NII is seamless national and international 
> communications of all types.  Any cryptographic standard offered for 
> widespread use must allow US corporations and individuals to function as 
> part of the global economy and global communications infrastructure.
> 
> *	Seek Reasonable Cooperation with Law Enforcement and National      
> -------------------------------------------------------------------
>       Security Needs:  
> ---------------------
> 
> New technologies pose new challenges to law enforcement and national 
> security surveillance activities.  American industry is committed to 
> working with law enforcement to help meet its legitimate surveillance 
> needs, but the development of the NII should not be stalled on this 
> account.
> 
> *	Promote Constitutional Rights of Privacy and Adhere to Traditional 
> ------------------------------------------------------------------------
> Fourth Amendment Search and Seizure Rules:  
> ------------------------------------------
> 
> New technology can either be a threat or an aid to protection of 
> fundamental privacy rights.  Government policy should promote 
> technologies which enable individuals to protect their privacy and be 
> sure that those technologies are governed by laws which respect the 
> long history of constitutional search and seizure restraints.
> 
> *	Maintain Civilian Control over Public Computer and 
> --------------------------------------------------------
>       Communications Security:  
> ------------------------------
> 
> In accordance with the Computer Security Act of 1987, development of 
> security and privacy standards should be directed by the civilian
> 
> V.	Conclusion
> ----------------
> 
> 	Among the most important roles that the federal government has in 
> NII deployment are setting standards and guaranteeing privacy and 
> security.  Without adequate security and privacy, the NII will never 
> realize it economic or social potential.  Cryptography policy must, of 
> course, take into account the needs of law enforcement and national 
> security agencies, but cannot be driven by these concerns alone.  The 
> Working Group, along with other industry and public interest 
> organizations, is committed to working with the Administration to 
> solving the privacy and security questions raised by the growing NII.  
> This must be done based on the principles of voluntary standards, 
> promotion of innovation, concern for law enforcement needs, and 
> protection of constitutional rights of privacy.
> 
>           ***************
> 
> 





Thread