From: “Herb Lin” <hlin@nas.edu>
To: karn@qualcomm.com (Phil Karn)
Message Hash: e7fd0526bf6e90839201abee0422a5399141f5a392e595c528be1399bd84e3d3
Message ID: <9311017548.AA754812061@nas.edu>
Reply To: N/A
UTC Datetime: 1993-12-02 03:02:24 UTC
Raw Date: Wed, 1 Dec 93 19:02:24 PST
From: "Herb Lin" <hlin@nas.edu>
Date: Wed, 1 Dec 93 19:02:24 PST
To: karn@qualcomm.com (Phil Karn)
Subject: Re: A study of National Cryptography Policy
Message-ID: <9311017548.AA754812061@nas.edu>
MIME-Version: 1.0
Content-Type: text/plain
As the broadcast message noted, the ground rules regarding
classification were not established by the CSTB, but rather by the U.S.
Congress. Note also that the final report is intended to be unclassified,
though classified annexes may be necessary for completeness.
Regarding the two-year time frame of the study: the premise of the study is
that there are many perspectives on the issue and that the appropriate policy
balance has not yet been established; surely you would acknowledge that
both these statements are true. Thus, a serious study of the issue requires
time to reflect, especially if different perspectives are to be reconciled.
So, let me invite you folks to submit whatever materials you would like the
study
committee to consider (e.g., printed articles, written statements, etc), and
what
opportunity, if any, you would like to have to testify before the committee or
its
staff.
Herb Lin
****
>As part of the Defense Authorization Bill for FY 1994, the U.S. Congress
>has asked the Computer Science and Telecommunications Board
>(CSTB) of the National Research Council (NRC) to undertake a study of
>national policy with respect to the use and regulation of cryptography.
[...]
A *two year*, *classified* study of national cryptography policy??
I suppose it's just as well. The closest thing we currently have to a
"national cryptography policy" are some ineffective and pointless
export controls that, if proposed legislation is adopted, may go away
in a few months anyway. That would leave civilian cryptography pretty
much unregulated -- exactly as it should be.
So sure, take all the time you like to "study" the issue. The longer
the better. The "cryptography genie" is already well out of its
bottle; in two years, it will be everywhere.
And yes, by all means, require security clearances of all the
participants and classify all of the proceedings. That will exclude
many of the biggest names in civilian cryptography -- those who are
not US citizens, who will not submit themselves to government
censorship, and who do not wish to lend any legitimacy to a government
effort that will inevitably try to regulate what will (and should) be
left alone. And it will stifle any embarassing public debates on minor
issues like free speech, freedom of association and personal privacy,
all of which are just annoying technicalities that keep law
enforcement and intelligence agencies from doing their jobs more
efficiently.
Better yet, restrict membership to these loyal law enforcement and
intelligence agencies, the same ones responsible for the silly current
state of export controls on cryptography. That should eliminate what
few shreds of credibility might remain in the Board's final report.
Phil
Return to December 1993
Return to ““Herb Lin” <hlin@nas.edu>”
1993-12-02 (Wed, 1 Dec 93 19:02:24 PST) - Re: A study of National Cryptography Policy - “Herb Lin” <hlin@nas.edu>