From: schneier@chinet.chinet.com (Bruce Schneier)
Date: Wed, 21 Sep 94 14:35:42 PDT
To: cypherpunks@toad.com
Subject: National Research Council study of cryptography
Message-ID: <m0qnZLe-0002LpC@chinet>
MIME-Version: 1.0
Content-Type: text/plain



Subject:
The National Research Council study of National Cryptography Policy
  To interested parties:

  The committee membership for the NRC's study of national cryptography
  policy has been finalized, and the project description and final list of
  committee membership is attached.  I specifically call your attention to
  the part of the project description that invites members of the
  interested public to submit views on the questions the study will be
  addressing.

  The National Research Council appreciates your interest in this project.
  Please redistribute this message to anyone you think may be interested.



        A STUDY OF NATIONAL CRYPTOGRAPHY POLICY
        
                  September 14, 1994
                  
  Cryptographic technologies are critical to a wide variety of important
  military and civilian applications involving sensitive or classified
  information that must be protected from unauthorized disclosure.  In
  addition, cryptography is a key component of most authentication
  technologies, i.e., technologies to guarantee the identity of a message's
  sender.  National cryptography policy has important implications for
  U.S. economic competitiveness, national security, law enforcement
  interests, and protection of the rights of private U.S. citizens.
  
  In an attempt to clarify some of the relevant policy issues, Public Law
  103-160 (passed by the U.S. Congress in November 1993) called for a
  comprehensive study from the National Research Council on
  cryptographic technologies and national cryptography policy.  The study
  will commence in the first week of October 1994.  As this study
  proceeds, the committee will make all feasible attempts to solicit a wide
  range of input and commentary from interested parties.  Input will be
  presented to the committee through a mix of briefings, presentations,
  consultations, invited and contributed papers, and testimony at regional
  public hearings. In addition, members of the interested public are
  invited to submit input to the committee as described below.
  
  The study plans to address the following issues:
  
    * the impact of current and possible future restrictions and standards
      regarding cryptographic technology on
    
        - the availability of such technology to foreign and domestic
          parties with interests hostile to or competitive with the
          national security, economic, commercial, and privacy
          interests of the U.S. government, U.S. industry, and private
          U.S. citizens;
          
        - the competitiveness of U.S. manufacturers of such technology
          in the international market;
        
        - the competitiveness and performance of commercial U.S.
          users of such technology;
          
        - U.S. national security and law enforcement interests;
        
    * the strength of various cryptographic technologies known and
      anticipated that are relevant for commercial and private purposes;
    
    * current and anticipated demand for information systems security
      based on cryptography;
    
    * the impact of foreign restrictions on the use of, importation of, and
      the market for cryptographic technology;
    
    * the extent to which current cryptography policy is adequate for
      protecting U.S. interests in privacy, public safety, national
      security, and economic competitiveness;
    
    * strengths and weaknesses of current key escrow implementation
      schemes;
    
    * how technology now and in the future can affect the feasible policy
      options for balancing the national security and law enforcement
      interests of government and the privacy and commercial interests
      of U.S. industry and private U.S. citizens;
      
    * recommendations for the process through which national security,
      law enforcement, commercial, and privacy interests are balanced
      in the formulation of national cryptography policy.
    
  The study will be conducted by a 17-member committee (listed at the
  end of this document) that collectively has expertise in computer and
  communications technology; cryptographic technologies and
  cryptanalysis; foreign, national security, and intelligence affairs; law
  enforcement; science policy; trade policy; commercial and business
  dimensions of computer technology (hardware and software vendors,
  users of cryptographic technologies); and interests in privacy and civil
  liberties.  A subpanel of the full committee will be cleared at the SI
  level and have access to all relevant information to ensure that the
  findings, conclusions, and recommendations of the unclassified report
  are consistent with what is known in the classified world.
  
  The project plan calls for the study to be delivered approximately two
  years after full processing of all necessary security clearances.
  However, the NRC will make every attempt to deliver the study sooner,
  and it currently believes that the core work of the study will be
  completed about 18 to 20 months after funding for the study has been
  received.  Additional time will be devoted to dissemination of the study
  report and follow-up activities.
  
  The final report of the study committee is subject to NRC review
  procedures that ensure the objectivity and integrity of all NRC reports.
  The main text of the report will be unclassified; classified annexes (if
  any) will be made available only to those with the appropriate security
  clearances.
  
  PROVIDING INPUT TO THE COMMITTEE
  
  The questions that the study is expected to examine are provided above.
  Members of the interested public are invited to submit their views on
  these questions and any other questions that you believe the committee
  should be addressing through either of the channels below.  If desired,
  requests for personal presentations to the committee should be submitted
  through these channels as well; the committee will respond affirmatively
  to as many such requests as possible, but time and resource constraints
  will limit the number of such requests that can be honored.
  
  Internet: send comments and other correspondence to
  CRYPTO@NAS.EDU.
  
  U.S. Mail:
      Cryptography Project
      Computer Science and Telecommunications Board
      National Research Council
      Mail Stop HA-560
      2101 Constitution Avenue, NW
      Washington, DC  20418
  
  
                  COMMITTEE TO STUDY
             NATIONAL CRYPTOGRAPHY POLICY
                  
  Kenneth Dam, committee chair, was Deputy Secretary of State (1982-
  1985) and is currently the Max Pam Professor of American and Foreign
  Law at the University of Chicago Law School.
  
  General W. Y. Smith, retired, committee vice-chair, is president
  emeritus of the Institute for Defense Analyses, and has also served in a
  number of military posts including that of deputy commander in chief of
  the U.S. European Command in Germany.
  
  Lee Bollinger, formerly dean of the University of Michigan Law School,
  is currently provost of Dartmouth College and a constitutional scholar.
  
  Ann Caracristi, retired, was Deputy Director of the National Security
  Agency (1980-1982).
  
  Benjamin Civiletti was U.S. Attorney General (1979-1981), and is
  currently in private practice with the law firm Venable, Baetjer, Howard
  and Civiletti.
  
  Colin Crook is senior technology officer for Citicorp.
  
  Samuel Fuller is vice president of corporate research at Digital
  Equipment Corporation.
  
  Leslie Gelb is president of the Council on Foreign Relations.  He served
  as Assistant Secretary of State for Politico-Military Affairs
  (1977-1980).
  
  Ronald Graham is a director of information sciences at AT&T Bell Labs
  and a professor of mathematics at Rutgers University.
  
  Martin Hellman is professor of electrical engineering at Stanford
  University.  Dr. Hellman was one of the inventors of public key
  encryption.
  
  Julius Katz is president of Hills & Company, and was deputy United
  States trade representative (1989-1993).
  
  Peter Neumann is principal scientist in the Computer Science Laboratory
  at SRI International.  He is the chairman of the ACM committee on
  computers and public policy, and a member of the ACM study group on
  cryptography policy.
  
  Raymond Ozzie is president of Iris Associates, a wholly-owned
  subsidiary of the Lotus Development Corporation.  Iris Associates is the
  developer of Lotus Notes.
  
  Kumar Patel is vice chancellor for research at UCLA.
  
  Edward Schmults was Deputy Attorney General of the United States
  (1981-1984) and is a former senior vice president for external relations
  and general counsel for the GTE Corporation.
  
  Elliot Stone is executive director of the Massachusetts Health Data
  Consortium, which is responsible for the collection and analysis of the
  state's large health care databases.
  
  Willis Ware, retired, is with the RAND Corporation as senior computer
  scientist emeritus.  He chairs the Computer System Security and Privacy
  Advisory Board which was established by the Computer Security Act of
  1987.
  
  
  
                STAFF AND ORGANIZATIONS
                
  Marjory Blumenthal is director of the Computer Science and
  Telecommunications Board (CSTB).
  
  Herbert Lin is study director and senior staff officer of the CSTB.
  Inquiries about this study should be directed to him at 202-334-3191 or
  via Internet at HLIN@NAS.EDU.
  
  The National Research Council (NRC) is the operating arm of the
  Academy complex, which includes the National Academy of Sciences,
  the National Academy of Engineering, and the Institute of Medicine.
  The NRC provides impartial and independent advice to the federal
  government and other policy makers, by applying top scientific and
  technical talent to answer questions of national significance.  In
  addition, the NRC often acts as a neutral party in convening meetings
  among multiple stakeholders on various controversial issues, thereby
  facilitating the generation of consensus.
  
  Within the NRC, the CSTB considers technical and policy issues
  pertaining to computer science, telecommunications, and associated
  technologies as critical resources and sources of national economic
  strength.  A list of CSTB publications is available on request to
  CSTB@NAS.EDU or by calling 202-334-2605.