From: Dave Banisar <cpsr@access.digex.net>
Date: Fri, 1 Oct 93 09:23:20 PDT
To: cypherpunks@toad.com
Subject: CPSR Comments to NIST
Message-ID: <199310011619.AA02082@access.digex.net>
MIME-Version: 1.0
Content-Type: text/plain



>Path: digex.net!lynx.unm.edu!pacs.sunbelt.net!udel!wupost!howland.reston.ans.net!agate!ames!sgi!cdp!dsobel
>Newsgroups: alt.privacy.clipper
>Subject: CPSR Key Escrow Comments (long)
>Message-ID: <1838400007@igc.apc.org>
>From: David L. Sobel <dsobel@igc.apc.org>
>Date: 27 Sep 93 10:58 PDT
>Sender: Notesfile to Usenet Gateway <notes@igc.apc.org>
>Lines: 200



                                   September 27, 1993




Director, Computer Systems Laboratory
ATTN: Proposed FIPS for Escrowed Encryption Standard
Technology Building, Room B-154
National Institute of Standards and Technology
Gaithersburg, MD 20899

  Re: Request for Comments; Docket No. 930659-3159

     This letter constitutes the formal comments of Computer 
Professionals for Social Responsibility (CPSR) on the proposed 
Federal Information Processing Standard for an Escrowed Encryption 
Standard (EES), as described in the Federal Register on July 30, 
1993 (58 FR 40791).  CPSR, a national organization of 
professionals in the computing field, has a long-standing interest 
in government policies concerning cryptography and computer 
security.  During the past several years we have pursued an 
extensive study of cryptography policy in the United States.  We 
have organized several public conferences, conducted litigation 
under the Freedom of Information Act, and appeared on a number of 
panels to discuss the importance of cryptography for privacy 
protection and the need to scrutinize carefully government 
proposals designed to limit the use of this technology.  While we 
do not represent any particular computer company or trade 
association, we do speak for a great many people in the computer 
profession who value privacy and are concerned about the 
government's key escrow initiative.

     To properly evaluate the key escrow proposal, it is necessary 
to consider the Computer Security Act of 1987, which made clear 
Congress' intent that in the area of unclassified computing 
systems NIST -- and not the National Security Agency (NSA) -- 
would be responsible for the development of technical standards.  
The Act emphasizes public accountability and stresses open 
decision-making. 

     In the spirit of the Act, NIST set out in 1989 to develop a 
public key cryptography standard.  According to documents obtained 
by CPSR through the Freedom of Information Act (FOIA), NIST 
recommendFrom owner-cypherpunks  Fri Oct  1 10:30:15 1993
Received: by toad.com id AA09012; Fri, 1 Oct 93 10:28:09 PDT
Received: by toad.com id AA09009; Fri, 1 Oct 93 10:27:43 PDT
Return-Path: <msattler@netcom.com>
Received: from netcom.netcom.com ([192.100.81.100]) by toad.com id AA09005; Fri, 1 Oct 93 10:27:41 PDT
Received: from netcom2.netcom.com by netcom.netcom.com (5.65/SMI-4.1/Netcom)
	id AA01395; Fri, 1 Oct 93 10:27:53 -0700
Date: Fri, 1 Oct 93 10:27:53 -0700
Message-Id: <9310011727.AA01395@netcom.netcom.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
To: mgream@acacia.itd.uts.edu.au (Matthew Gream), cypherpunks@toad.com
From: msattler@netcom.com (Michael Sattler)
Subject: Re: POISON PILL :-)

At 10:35 10/1/93 -0500, Matthew Gream wrote:
>
>I have Australian Defence Security Clearance stickers on my computer,
>they are so cool, these little yellow and red stickers that authorise
>the computer for secure use (and something else I can't remember).

Any chance of getting a few sent to me in San Francisco?

-----------------------------------------------------------------------------
Michael S. Sattler         msattler@netcom.com        +1 (415) 358-3058
Digital Jungle Software    Encrypt now; ask me how.   (finger for PGP key)

  "Don't Panic!" -- Douglas Adams     "Don't Panic.  Stay Cool."  -- PRZ