From: Stanton McCandlish <mech@eff.org>
To: eff-talk@eff.org
Message Hash: 3df231ea3ed2d47bbed7adebfdf82c979cde94d92b6c671d87e709bd5debdab9
Message ID: <199312082316.SAA12799@eff.org>
Reply To: N/A
UTC Datetime: 1993-12-08 23:23:44 UTC
Raw Date: Wed, 8 Dec 93 15:23:44 PST
From: Stanton McCandlish <mech@eff.org>
Date: Wed, 8 Dec 93 15:23:44 PST
To: eff-talk@eff.org
Subject: ANNOUNCEMENT: EFF Statement on Cryptography & Policy
Message-ID: <199312082316.SAA12799@eff.org>
MIME-Version: 1.0
Content-Type: text/plain
EFF ANNOUNCES ITS OFFICIAL POLICY ON CRYPTOGRAPHY AND PRIVACY
Strongly opposes original Clipper/Skipjack plan,
reiterates the need to lift restrictions on encryption
December 8, 1993
The Electronic Frontier Foundation is pleased to announce its
formal policy on encryption.
This is particularly timely, because yesterday the New York Times
announced that the Digital Privacy and Security Working Group had
proposed to trade support for the administration's proposed Clipper
Chip for a lifting of the long-standing export embargo on robust
domestic encryption.
This was a misunderstanding of what the DPSWG offered the
administration in this proposal, leading to the belief that both the
DPSWG (a coalition of over 50 computer, communications, and privacy
organizations and associations) and it's principal coordinating
organization, the Electronic Frontier Foundation, have offered to ease
their opposition to Clipper.
We see it as a pragmatic effort to get the government to wiggle on
these issues: one step in the right direction, with many more to
follow. This step is that we insist that use of Clipper and key
escrow must be completely voluntary. It's not voluntary if users of
the Skipjack algorithm are forced to use key escrow. It's not
voluntary if users who do choose escrow are forced to use the
government's choice of escrow agents. It's not voluntary if
manufacturers such as AT&T are pressured into withdrawing competing
products. It's not voluntary when competing products can't be sold in
a worldwide market. It's not voluntary if the public can't see the
algorithm they are "volunteering" to use. It's not voluntary if the
government will require anyone to use Skipjack or escrow, even when
communicating with the government.
The Working Group chose to state this in a diplomatic fashion by
applauding "repeated statements by Administration officials that there
is no intent to make the clipper chip mandatory". They were diplomatic
for two reasons. First, they believe the Administration has gotten this
message. Clipper was announced in April and was supposed to be
available in the Summer. It is December, the escrow system is still
uncertain, and the Administration is still drafting a report which was
due in July. If they still don't get it, the coalition has a 100 page
white paper documenting the case against clipper and the case for
lifting export controls, which they will release in response to any
Administration position favoring Clipper.
The second reason is that the coalition was trying to use the
introduction of the Rep. Cantwell's bill eliminating many export
controls on crypto to try, one more time, to urge the Administration
to make voluntariness meaningful by unilaterally lifting export
controls. Even if the Working Group and the Administration can't
agree on Clipper, EFF and the Working Group needed to continue
pressing the export issue.
But NSA is digging in, and a legislative fight looks more likely.
If diplomacy fails, EFF must fight for our rights. Thus, we are
going to need all the allies we can find, from IBM, Apple, Lotus,
and Sun, to cryptographers, cypherpunks, and folks on the net.
EFF wants the public and the Administration to know (as we have
frequently stated to them face to face) that the Electronic Frontier
Foundation would fight to the end any attempt by the Administration to
do any more than let companies use Clipper if they want and to let people
buy it if they want -- and only in a market which has other strong
encryption schemes available because export controls have been lifted.
Under truly voluntary conditions, the EFF would be proud to say, "We
have expressed ... tentative acceptance of the Clipper Chip's
encryption scheme ... only if it is available as a voluntary
alternative to widely-available, commercially-accepted encryption
programs and products." We would applaud the Government for employing
NSA's substantial expertise to devise improved encryption schemes --
like DES and Skipjack -- and deploying them to improve our society's
privacy and security.
We hope that the Clinton Administration can agree to take this single
step. Here is the whole journey we'd like to begin. If you share our
path, we need your help and support -- please join EFF. Send the end of
this document for details.
Electronic Frontier Foundation Policy on Cryptography & Privacy
(Approved November 11, 1993)
Digital technology is rapidly rendering our commercial activities and
communications -- indeed, much of our personal lives -- open to scrutiny by
strangers. Our medical records, political opinions, personal financial
transactions, and intimate affairs now pass over digital networks where
governments, employers, insurance companies, business competitors, and
others who might turn our private lives against us can examine them with
increasing ease and detail.
The Electronic Frontier Foundation believes that Americans must be allowed
access to the cryptographic tools necessary to protect their own privacy.
We will work toward making the following principles the official policies
of the U. S. Government:
1. Private access to cryptography must be unhindered:
* There must be no laws restricting domestic use of cryptography.
* There must be no restrictions on the export of products, services,
or information because they contain cryptographic algorithms.
2. Cryptography policy and technical standards must be set in open,
public forums:
* All participants in the policy debate on these issues, particularly
law enforcement and national security agencies, must submit their arguments
to public scrutiny.
* Any civilian encryption standard must be published and exposed to
rigorous public challenge.
3. Encryption must become a part of the information infrastructure to
provide security, to protect privacy, and to provide each individual
control over his or her own identity.
* Each user must be free to choose whether or not to use key escrow,
and who should have copies of their keys, if anyone.
* Government at all levels should explore cryptography's potential to
replace identity-based or dossier-based systems, such as driver's licenses,
credit cards, checks, and passports with less invasive technology.
4. New technologies must not erode constitutional protections,
particularly the right to speak, publish, and assemble, and to be free from
unreasonable searches and seizures .
* There must be no broadening of governmental access to private
communications and records, through wiretap law or otherwise, unless there
is a public consensus that the risks to safety outweigh the risks to
liberty and that our safety will actually be increased by the broadened
access.
***
The Electronic Frontier Foundation recognizes that the combination of
digital communications and encryption technology does indeed threaten
some of law enforcement's current investigative techniques.
We also recognize that encryption will prevent many of the online
crimes that will likely occur without it. We further believe that
these technologies will create new investigative tools for law
enforcement, even as they obsolete old ones. Entering this new
environment, private industry, law enforcement, and private citizens
must work together to balance the requirements of both liberty and
security. But technology halts for no one, not even the law.
***
For Electronic Frontier Foundation membership info, send email to
membership@eff.org. For basic EFF details, send email to info@eff.org.
Other queries should be sent to ask@eff.org.
Return to December 1993
Return to “Stanton McCandlish <mech@eff.org>”