From: Dave Banisar <banisar@washofc.cpsr.org>
Date: Thu, 10 Jun 93 05:09:23 PDT
To: CYPHERPUNKS@toad.com
Subject: Markey Clipper Hearing 6/9 and CPSR Testimony
Message-ID: <9306100817.AA34158@hacker2.eff.org>
MIME-Version: 1.0
Content-Type: text/plain


	On June 9, 1993, Congressman Edward Markey, Chairman of the House  
Subcommittee on Telecommunications and Finance held an oversight hearing on 
"encryption and telecommunications network security."  Panelists were 
Whitfield Diffie of Sun Microsystems, Dr. Dorothy Denning,  Steven Bryen of 
Secure Communications, Marc Rotenberg of the CPSR Washington Office and E.R. 
Kerkeslager of AT&T.
	Congressman Markey, after hearing the testimony presented, noted that 
the Clipper proposal had raised an "arched eyebrow among the whole committee" 
and that the committee viewed the proposal skeptically. This statement was 
the latest indication that the Clipper proposal has not been well recieved by 
policy makers.  Last Friday, the Computer Systems Security and Privacy 
Advisory Board of NIST issued two resolutions critical of the encryption 
plan, suggesting that further study was required and that implementation of 
the plan should be delayed until the review is completed.
	At the Third CPSR Cryptography and Privacy Conference on Monday, June 
7, the Acting Director of NIST, Raymond Kammer, announced that the 
implementation of the proposal will be delayed and that a more comprehensive 
review will be undertaken. The review is due in the fall. Kammer told the 
Washington Post that "maybe we won't continue in the direction we started 
out."
	
------------------------------------------------------------------------------

                              Prepared Testimony
                                     and
                             Statement for the Record
                                      of 
                           Marc Rotenberg, director
                            CPSR Washington Office
                                      on 
                       Encryption Technology and Policy
                                    Before
                 The Subcommittee on Telecommunications and Finance.
                        Committee on Energy and Commerce

                          U.S. House of Representatives
                                    June 9, 1993

SUMMARY

	The cryptography issue is of particular concern to CPSR.  During the 
past several years CPSR has pursued an extensive study of cryptography policy 
in the United States.  CPSR has organized public conferences, conducted 
litigation under the Freedom of Information Act, and has emphasized the 
importance of cryptography for privacy protection and the need to scrutinize 
carefully government proposals designed to limit the use of this technology.
	To evaluate the Clipper proposal it is necessary to look at a 1987 
law, the Computer Security Act, which made clear that in the area of 
unclassified computing systems, the National Institute of Standards and 
Technology (NIST) and not the National Security Agency (NSA), would be 
responsible for the development of technical standards.  The Act emphasized 
public accountability and stressed open decision-making. 
	In the spirit of the Act, in 1989 NIST set out to develop a public 
key cryptography standard.  According to documents obtained by CPSR through 
the Freedom of Information Act, NIST recommended that the algorithm be 
"public, unclassified, implementable in both hardware or software, usable by 
federal Agencies and U.S. based multi-national corporation." However, the 
Clipper proposal and the full-blown Capstone configuration that resulted is 
very different: the Clipper algorithm, Skipjack, is classified; public access 
to the reasons underlying the proposal is restricted; Skipjack can be 
implemented only in tamper-proof hardware; it is unlikely to be used by multi-
national corporations, and the security of Clipper remains unproven.
	The Clipper proposal undermines the central purpose of the Computer 
Security Act.  Although intended for broad use in commercial networks, it was 
not developed at the request of either U.S. business or the general public.  
It does not reflect public goals.
	The premise of the Clipper key escrow arrangement is that the 
government must have the ability to intercept electronic communications.  
However, there is no legal basis to support this premise. In law there is 
nothing inherently illegal or suspect about the use of a telephone.  The 
federal wiretap statute says only that communication service providers must 
assist law enforcement execute a lawful warrant.
	CPSR supports the review of cryptography policy currently underway at 
the Department of Commerce.  CPSR also supports the efforts undertaken by the 
Subcommittee on Telecommunications and Finance to study the full 
ramifications of the Clipper proposal.  However, we are not pleased about the 
review now being undertaken at the White House.  That effort has led to a 
series of secret meetings, has asked that scientists sign non-disclosure 
agreements and accept restrictions on publication, and has attempted to 
resolve public concerns through private channels.  This is not a good process 
for the evaluation of a technology that is proposed for the public switched 
network.
	Even if the issues regarding Clipper are resolved favorably, privacy 
concerns will not go away. Rules still need to be developed about the 
collection and use of transactional data generated by computer 
communications.  Several specific steps should be taken.  First, the FCC 
should be given a broad mandate to pursue privacy concerns.  Second, current 
gaps in the communications law should be filled.  The protection of 
transactional records is particularly important.  Third, telecommunications 
companies should be encouraged to explore innovative ways to protect privacy.  
"Telephone cards", widely available in other countries, are an ideal way to 
protect privacy.

----------------------------------

TESTIMONY

	Mr. Chairman, members of the Subcommittee, thank you for the 
opportunity to testify today on encryption policy and the Clipper proposal.  
I especially wish to thank you Congressman Markey, on behalf of CPSR, for 
your ongoing efforts on the privacy front as well as your work to promote 
public access to electronic information.
	The cryptography issue is of particular concern to CPSR.  During the 
past several years we have pursued an extensive study of cryptography policy 
in the United States.  We have organized several public conferences, 
conducted litigation under the Freedom of Information Act, and appeared on a 
number of panels to discuss the importance of cryptography for privacy 
protection and the need to scrutinize carefully government proposals designed 
to limit the use of this technology.  
	While we do not represent any particular computer company or trade 
association we do speak for a great many people in the computer profession 
who value privacy and are concerned about the government's Clipper initiative.
	Today I will briefly summarize our assessment of the Clipper 
proposal.  Then I would like to say a few words about the current status of 
privacy protection.

CLIPPER
	To put the Clipper proposal in a policy context, I will need to 
briefly to describe a law passed in 1987 intended to address the roles of the 
Department of Commerce and the Department of Defense in the development of 
technical standards.  The Computer Security Act of 1987 was enacted to 
improve computer security in the federal government, to clarify the 
responsibilities of the National Institute of Standards and Technology (NIST) 
and the National Security Agency, and to ensure that technical standards 
would serve civilian and commercial needs.  
	The law made clear that in the area of unclassified computing 
systems, NIST and not NSA, would be responsible for the development of 
technical standards.  It emphasized public accountability and stressed open 
decision-making.  The Computer Security Act also established the Computer 
System Security and Privacy Advisory Board (CSSPAB), charged with reviewing 
the activities of NIST and ensuring that the mandate of the law was enforced.  

	The Computer Security Act grew out of a concern that classified 
standards and secret meetings would not serve the interests of the general 
public.  As the practical applications for cryptography have moved from the 
military and intelligence arenas to the commercial sphere, this point has 
become clear.  There is also clearly a conflict of interest when an agency 
tasked with signal interception is also given authority to develop standards 
for network security.  
	In the spirit of the Computer Security Act, NIST set out in 1989 to 
develop a public key standard FIPS (Federal Information Processing Standard).  
In a memo dated May 5, 1989, obtained by CPSR through the Freedom of 
Information Act, NIST said that it planned:

to develop the necessary public-key based security standards.  We require a 
public-key algorithm for calculating digital signatures and we also require a 
public-key algorithm for distributing secret keys.  

NIST then went on to define the requirements of the standard:

The algorithms that we use must be public, unclassified, implementable in 
both hardware or software, usable by federal Agencies and U.S. based multi-
national corporation, and must provide a level of security sufficient for the 
protection of unclassified, sensitive information and commercial propriety 
and/or valuable information.

	The Clipper proposal and the full-blown Capstone configuration, which 
incorporates the key management function NIST set out to develop in 1989, is 
very different from the one originally conceived by NIST. 

%	The Clipper algorithm, Skipjack, is classified,
%	Public access to the reasons underlying the proposal is restricted, 
%	Skipjack can be implemented only in tamper-proof hardware, 
%	It is unlikely to be used by multi-national corporations, and
%	The security of Clipper remains unproven.

	The Clipper proposal undermines the central purpose of the Computer 
Security Act.  Although intended for broad use in commercial networks, it was 
not developed at the request of either U.S. business or the general public.  
It does not reflect public goals.  Rather it reflects the interests of one 
secret agency with the authority to conduct foreign signal intelligence and 
another government agency  responsible for law enforcement investigations. 
	Documents obtained by CPSR through the Freedom of Information Act 
indicate that the National Security Agency dominated the meetings of the 
joint NIST/NSA Technical Working group which made recommendations to NIST 
regarding public key cryptography, and that a related technical standard for 
message authentication, the Digital Signature Standard, clearly reflected the 
interests of the NSA.
	We are still trying to determine the precise role of the NSA in the 
development of the Clipper proposal.  We would be pleased to provide to the 
Subcommittee whatever materials we obtain.

LEGAL AND POLICY ISSUES
	There are also several legal and constitutional issues raised by the 
government's key escrow proposal.  The premise of the Clipper key escrow 
arrangement is that the government must have the ability to intercept 
electronic communications, regardless of the economic or societal costs.  The 
FBI's Digital Telephony proposal, and the earlier Senate bill 266, were based 
on the same assumption.
	There are a number of arguments made in defense of this position: 
that privacy rights and law enforcement needs must be balanced, or that the 
government will be unable to conduct criminal investigations without this 
capability. 
	Regardless of how one views these various claims, there is one point 
about the law that should be made very clear: currently there is no legal 
basis -- in statute, the Constitution or anywhere else --  that supports the 
premise which underlies the Clipper proposal.  As the law currently stands, 
surveillance is not a design goal.  General Motors would have a stronger 
legal basis for building cars that could go no faster than 65 miles per hour 
than AT&T does in marketing a commercial telephone that has a built-in 
wiretap capability.  In law there is simply nothing about the use of a 
telephone that is inherently illegal or suspect.
	The federal wiretap statute says only that communication service 
providers must assist law enforcement in the execution of a lawful warrant.  
It does not say that anyone is obligated to design systems to facilitate 
future wire surveillance.  That distinction is the difference between 
countries that restrict wire surveillance to narrow circumstances defined in 
law and those that treat all users of the telephone network as potential 
criminals.  U.S. law takes the first approach.  Countries such as the former 
East Germany took the second approach.  The use of the phone system by 
citizens was considered inherently suspect and for that reason more than 
10,000 people were employed by the East German government to listen in on 
telephone calls.
	It is precisely because the wiretap statute does not contain the 
obligation to incorporate surveillance capability -- the design premise of 
the Clipper proposal -- that the Federal Bureau of Investigation introduced 
the Digital Telephony legislation.  But that legislation has not moved 
forward and the law has remained unchanged.  The Clipper proposal attempts to 
accomplish through the standard-setting and procurement process what the 
Congress has been unwilling to do through the legislative process.
	On legal grounds, adopting the Clipper would be a mistake.  There is 
an important policy goal underlying the wiretap law.  The Fourth Amendment 
and the federal wiretap statute do not so much balance competing interests as 
they erect barriers against government excess and define the proper scope of 
criminal investigation.  The purpose of the federal wiretap law is to 
restrict the government, it is not to coerce the public.
	Therefore, if the government endorses the Clipper proposal, it will 
undermine the basic philosophy of the federal wiretap law and the fundamental 
values embodied in the Constitution.  It will establish a technical mechanism 
for signal interception based on a premise that has no legal foundation.  The 
assumption underlying the Clipper proposal is more compatible with the 
practice of telephone surveillance in the former East Germany than it is with 
the narrowly limited circumstances that wire surveillance has been allowed in 
the United States.  

UNANSWERED QUESTIONS
	There are a number of other legal issues that have not been 
adequately considered by the proponents of the key escrow arrangement that 
the Subcommittee should examine.  First, not all lawful wiretaps follow a 
normal warrant process.  The proponents of Clipper should make clear how 
emergency wiretaps will be conducted before the proposal goes forward.  
Second, there may be civil liability issues for the escrow agents, if they 
are private parties, if there is abuse or compromise of the keys.  Third, 
there is a Fifth Amendment dimension to the proposed escrow key arrangement 
if a network user is compelled to disclose his or her key to the government 
in order to access a communications network. Each one of these issues should 
be examined carefully. 


CPSR CONFERENCE
	At a conference organized by CPSR this week at the Carnegie Endowment 
for International Peace we heard presentations from staff members at NIST, 
FBI, NSA and the White House about the Clipper proposal.  The participants at 
the meeting had the opportunity to ask questions and to exchange views.
	Certain points now seem clear:

%	The Clipper proposal was not developed in response to any perceived 
public or business need.  It was developed solely to address a law 
enforcement concern.
%	Wire surveillance remains a small part of law enforcement 
investigations.  The number of arrests resulting from wiretaps has remained 
essentially unchanged since the federal wiretap law was enacted in 1968.
%	The potential risks of the Clipper proposal have not been assessed 
and many questions about the implementation remain unanswered.
%	Clipper does not appear to have the support of the business or 
research community.

	Many comments on the Clipper proposal, both positive and negative as 
well the materials obtained by CPSR through the Freedom of Information Act, 
are contained in the Source book compiled by CPSR for the recent conference.  
I am please to make a copy of this available to the Subcommittee.


NETWORK PRIVACY PROTECTION
	Communications privacy remains a critical test for network 
development.  Networks that do not provide a high degree of privacy are 
clearly less useful to network users.  Given the choice between a 
cryptography product without a key escrow and one with a key escrow, it would 
be difficult to find a user who would prefer the key escrow requirement.  If 
this proposal does go forward, it will not be because network users or 
commercial service providers favored it.
	Even if the issues regarding the Clipper are resolved favorably, 
privacy concerns will not go away.  Cryptography is a part of communications 
privacy, but it is only a small part.  Rules still need to be developed about 
the collection and use of transactional data generated by computer 
communications.  While the federal wiretap law generally does a very good job 
of protecting the content of communications against interception by 
government agencies, large holes still remain.  The extensive use of 
subpoenas by the government to obtain toll records and the sale of telephone 
records by private companies are just two examples of gaps in current law.
	The enforcement of privacy laws is also a particularly serious 
concern in the United States.  Good laws without clear mechanisms for 
enforcement raise over-arching questions about the adequacy of legal 
protections in this country.  This problem is known to those who have 
followed developments with the Privacy Act since passage in 1974 and the more 
recent Video Privacy and Protection Act of 1988.  I make this point because 
it has been the experience in other countries that agencies charged with the 
responsibility for privacy protection can be effective advocates for the 
public in the protection of personal privacy.

RECOMMENDATIONS
	Regarding the Clipper proposal, we believe that the national review 
currently underway by the Computer Security and Privacy Advisory Board at the 
Department of Commerce will be extremely useful and we look forward to the 
results of that effort.  The Panel has already conducted a series of 
important open hearings and compiled useful materials on Clipper and 
cryptography policy for public review.
	We are also pleased that the Subcommittee on Telecommunications and 
Finance has undertaken this hearing.  This Subcommittee can play a 
particularly important role in the resolution of these issues.  We also 
appreciate the Chairman's efforts to ensure that the proper studies are 
undertaken, that the General Accounting Office fully explores these issues, 
and that the Secretary of Commerce carefully assesses the potential impact of 
the Clipper proposal on export policy.
	We are, however, less pleased about the White House study currently 
underway.  That effort, organized in large part by the National Security 
Council, has led to a series of secret meetings, has asked that scientists 
sign non-disclosure agreements and accept restrictions on publication, and 
has attempted to resolve public concerns through private channels.  This is 
not a good process for the evaluation of a technology that is proposed for 
the public switched network.  While we acknowledge that the White House has 
been reasonably forthcoming in explaining the current state of affairs, we do 
not think that this process is a good one.  
	For these reasons, we believe that the White House should properly 
defer to the recommendations of the Computer System Security and Privacy 
Advisory Board and the Subcommittee on Telecommunications and Finance.  We 
hope that no further steps in support of the Clipper initiative will be 
taken.  We specifically recommend that no further purchase of Clipper chips 
be approved. 
	Speaking more generally, we believe that a number of steps could be 
taken to ensure that future communications initiatives could properly be 
viewed as a boost to privacy and not a set-back.   

%	The FCC must be given a strong mandate to pursue privacy concerns.  
There should be an office specifically established to examine privacy issues 
and to prepare reports.  Similar efforts in other countries have been 
enormously successful.  The Japanese Ministry of Post and Telecommunications 
developed a set of privacy principles to ensure continued trade with Europe.  
The Canada Ministry of Communications developed a set of communications 
principles to address public concerns about the privacy of cellular 
communications.  In Europe, the EC put forward an important directive on 
privacy protection for the development of new network services.

%	Current gaps in the communications law should be filled.  The 
protection of transactional records is particularly important.  Legislation 
is needed to limit law enforcement access to toll record information and to 
restrict the sale of data generated by the use of telecommunication services.  
As the network becomes digital, the transaction records associated with a 
particular communication may become more valuable than the content of the 
communication itself.

%	Telecommunications companies should be encouraged to explore 
innovative ways to protect privacy.  Cryptography is a particular method to 
seal electronic communications, but far more important for routine 
communications could be anonymous telephone cards, similar to the metro cards 
here in the District of Columbia, that allow consumers to purchase services 
without establishing accounts, transferring personal data, or recording 
personal activities.  Such cards are widely available in Europe, Japan, and 
Australia.

	I thank you very much for the opportunity to appear before the 
Subcommittee and would be pleased to answer your questions
Computer Professionals for Social Responsibility

	CPSR is a national membership organization, established in 1982, to 
address the social impact of computer technology.  There are 2,500 members in 
20 chapters across the United States, and offices in Palo Alto, California, 
Cambridge, Massachusetts, and Washington DC. The organization is governed by 
a board of elected officers and meetings are open to the public.  CPSR 
sponsors an annual meeting and the biennial conference on Directions and 
Implications of Advanced Computing.  CPSR sponsored the first conference on 
Computers, Freedom, and Privacy in 1991.  CPSR also operates the Internet 
Library at cpsr.org.  The library contains documents from the White House on 
technology policy and a wide range of public laws covering privacy, access to 
information, and communications law and is available free of charge to all 
users of the Internet.

	Marc Rotenberg is the director of the CPSR Washington office and an 
adjunct professor at Georgetown University Law Center.  He is chairman of the 
ACM Committee on Scientific Freedom and Human Rights, an editor for the 
Computer Law and Security Report (London), and the secretary of Privacy 
International, an organization of human rights advocates and privacy scholars 
in forty countries.  He received an A.B. from Harvard College and a J.D. from 
Stanford Law School, and is a member of the bar of the United States Supreme 
Court.  His forthcoming article "Communications Privacy: Implications for 
Network Design" will appear in the August 1993 issue of Communications of the 
ACM.