From: djw@eff.org (Daniel J. Weitzner)
To: com-priv@psi.com
Message Hash: 705c9eda0dded3b08662670b135eea358d5f892923fa216d4600ccd94776e1ce
Message ID: <199310131504.AA14248@eff.org>
Reply To: N/A
UTC Datetime: 1993-10-13 15:06:39 UTC
Raw Date: Wed, 13 Oct 93 08:06:39 PDT
From: djw@eff.org (Daniel J. Weitzner)
Date: Wed, 13 Oct 93 08:06:39 PDT
To: com-priv@psi.com
Subject: Notes from House Hearing on Cryptography Export Controls
Message-ID: <199310131504.AA14248@eff.org>
MIME-Version: 1.0
Content-Type: text/plain
October 12, 1993
House Foreign Affairs Committee
Subcommittee on Economic Policy, Trade, and the Enviornment
Hearing on mass market cryptography and export controls
Rep. Sam Gejdenson (D-Conn.), Chair
[A hopefully informative and probably biased account of the hearing by EFF]
Committee Members present:
Gejdenson, Cantwell (D-Wash.), Fingerhut (D-Ohio), Rohrbacher (R-Calif.)
Manzullo (R-Ill.)
Witnesses:
PANEL 1 (Open)
J. Hendren, Arkansas Systems (A data security firm that does a lot of
international banking work)
Ray Ozzie, IRIS Associates for Business Software Alliance (Lotus Notes
developer)
Stephen Walker, Trusted Information Systems for Software Publishers Association
Philip Zimmermann, PGP developer
Don Harbert, Digital Eqiupment Corp.
PANEL 2 (Secret Session)
NSA representative
Opening Statement of Gejdenson:
"This hearing is about the well intentioned attempts of the National
Security Agency to try to control the uncontrollable.... The NSA itself
acknowledges that if you have a long distance telephone line and a modem,
you can send this software anywhere in the world. If you have a computer
and a modem you can take this software off of the Internet anywhere in the
world.... I do not question the value of the information sought by the
National Security Agency. But once it is determined that the dispersion of
this software cannot be controlled, then however much we might want to
protect our ability to obtain information, it is beyond our means to do so.
Just as in the case of telecommunications, the National Security Agency is
attempting to put the genie back in the bottle. It won't happen; and a
vibrant and productive sector of American indsutry may be sacrificed in the
process."
The main points raised by witnesses were these:
1. DES and other strong encryption which is barred by ITAR is in the public
domain and available on the global market from foreign software
manufacturers:
-Ray Ozzie used his laptop and a modem to show how to get a DES
implementation from ftp.germany.eu.net. The committee loved it and most of
them seemed to understand what was going on on the screen, even though they
had never heard of ftp.
-Stephen Walker described the results of an SPA study which uncovered over
250 cryptography packages which offer DES-based or stronger algorithms.
-Phil Zimmermann testified that he designed PGP from publicly available
information.
2. Foreign DES implementations are just as good as US versions.
Surprisingly enough, this is a contentious issue. Some members of the
committee seemed to have been told by someone or another that foreign
versions of DES may not be as strong as those that are made in the USA. If
this were true, then export controls might still be justified despite the
numerous foreign versions of DES on the market. In my view, this is a
pretty desperate argument.
-Steve Walker demonstrated that all DES works the same way by encrypting a
passage from Mozart's Eine Kleine Nachtmusik with several different foreign
DES packages, and then decrypting them. Surprise! They all sounded just
the same.
3. Lots of money is being lost by US software/hardware vendors:
-Don Harbert from DEC told of loses of over $70 Million in just the last
few months.
-BSA estimates that export controls exclude access to a global market the
is $6-9 Billion.
4. People want their privacy
-Phil Zimmermann told the committee about his experience with PGP users and
how badly people need and want to protect their privacy in electronic
environments
Committee Responses:
Overall, the committee was quite sympathetic to the witnesses. Chairman
Gejdenson seemed very supportive of changing export controls. Rep. Dana
Rohrbacher, no flaming liberal, said, "the cold war is over. I sympathize
with everything that has been said here."
...................................................................
Daniel J. Weitzner, Senior Staff Counsel <djw@eff.org>
Electronic Frontier Foundation
1001 G St, NW
Suite 950 East
Washington, DC 20001
202-347-5400 (v)
202-393-5509 (f)
Return to October 1993
Return to ““Perry E. Metzger” <pmetzger@lehman.com>”