From: djw@eff.org (Daniel J. Weitzner)
To: cypherpunks@toad.com
Message Hash: a39ad47bcd8205214f1b463aead7cc76e47ea2d95ee8569ccaf28da0002b7e3c
Message ID: <199311111310.AA29819@eff.org>
Reply To: N/A
UTC Datetime: 1993-11-11 13:13:31 UTC
Raw Date: Thu, 11 Nov 93 05:13:31 PST
From: djw@eff.org (Daniel J. Weitzner)
Date: Thu, 11 Nov 93 05:13:31 PST
To: cypherpunks@toad.com
Subject: Government Accounting Office Report on Communications Privacy
Message-ID: <199311111310.AA29819@eff.org>
MIME-Version: 1.0
Content-Type: text/plain
A few days ago, the Government Accounting Office (GAO) -- a pretty sharp
internal gov't investigative organization that's about a lot more than
accounting -- issued a report on communications privacy. (Much of what's
in the report will probably raise of big "duh, we've been saying this for a
decade," from cypherpunks and other digerati, but it's still very important
to have the GAO saying this stuff.)
The report makes four very important findings:
1. Privacy-protecting technology (crytopgraphy) is increasingly important
for protecting the security of business communications and personal
information. But federal policy is getting in the way of this technology.
"Increased use of computer and communications networks, computer literacy,
and dependence on information technology heighten US industries risk of
losing proprietary information to economic espionage. In part to reduce
the risk, industry is more frequently using hardware and software with
encryption capabilities. However, federal policies and actions stemming
from national security and law enforcement concerns hinder the use and the
export of U.S. commercial encryption technology and may hinder its
development."
2. The NSA's role in this area is has been extensive, and possibly beyond
the spirit of the Computer Security Act.
"Although the Computer Security Act of 1987 reaffirmed NIST's reponsibility
for developing federal information-processing standards for security of
sensitive, unclassified information, NIST follows NSA's lead in developing
certain cryptographic standards"
3. Opportunity for public input in the standards process has been
insufficient, leading to proposals like Clipper which lack public support.
"These policy issues are formulated and announced to the public, however,
with very little input from directly affected business interests, academia,
and others."
The report draws no specific policy conclusions, but provides excellent
ammunition for those of us who are trying to open up the standards process
and get export controls lifted.
Full text of the report (GAO/OSI-94-2 Communications Privacy: Federal
Policy and Actions) is supposed to be made available by ftp from GAO. As
soon as it is, I'll let people know where it is.
......................................................................
Daniel J. Weitzner, Senior Staff Counsel <djw@eff.org>
Electronic Frontier Foundation 202-347-5400 (v)
1001 G St, NW Suite 950 East 202-393-5509 (f)
Washington, DC 20001
*** Join EFF!!! Send mail to membership@eff.org for information ***
Return to November 1993
Return to “ferguson@icm1.icp.net (Paul Ferguson x2044)”