From: schneier@chinet.chinet.com (Bruce Schneier)
To: cypherpunks@toad.com
Message Hash: 4fe3e5a41e337a5149b3d73615d5be6dabe4a0be5ebde97d0a552d15481e7a24
Message ID: <m0qnZLe-0002LpC@chinet>
Reply To: N/A
UTC Datetime: 1994-09-21 21:35:42 UTC
Raw Date: Wed, 21 Sep 94 14:35:42 PDT
From: schneier@chinet.chinet.com (Bruce Schneier)
Date: Wed, 21 Sep 94 14:35:42 PDT
To: cypherpunks@toad.com
Subject: National Research Council study of cryptography
Message-ID: <m0qnZLe-0002LpC@chinet>
MIME-Version: 1.0
Content-Type: text/plain
Subject:
The National Research Council study of National Cryptography Policy
To interested parties:
The committee membership for the NRC's study of national cryptography
policy has been finalized, and the project description and final list of
committee membership is attached. I specifically call your attention to
the part of the project description that invites members of the
interested public to submit views on the questions the study will be
addressing.
The National Research Council appreciates your interest in this project.
Please redistribute this message to anyone you think may be interested.
A STUDY OF NATIONAL CRYPTOGRAPHY POLICY
September 14, 1994
Cryptographic technologies are critical to a wide variety of important
military and civilian applications involving sensitive or classified
information that must be protected from unauthorized disclosure. In
addition, cryptography is a key component of most authentication
technologies, i.e., technologies to guarantee the identity of a message's
sender. National cryptography policy has important implications for
U.S. economic competitiveness, national security, law enforcement
interests, and protection of the rights of private U.S. citizens.
In an attempt to clarify some of the relevant policy issues, Public Law
103-160 (passed by the U.S. Congress in November 1993) called for a
comprehensive study from the National Research Council on
cryptographic technologies and national cryptography policy. The study
will commence in the first week of October 1994. As this study
proceeds, the committee will make all feasible attempts to solicit a wide
range of input and commentary from interested parties. Input will be
presented to the committee through a mix of briefings, presentations,
consultations, invited and contributed papers, and testimony at regional
public hearings. In addition, members of the interested public are
invited to submit input to the committee as described below.
The study plans to address the following issues:
* the impact of current and possible future restrictions and standards
regarding cryptographic technology on
- the availability of such technology to foreign and domestic
parties with interests hostile to or competitive with the
national security, economic, commercial, and privacy
interests of the U.S. government, U.S. industry, and private
U.S. citizens;
- the competitiveness of U.S. manufacturers of such technology
in the international market;
- the competitiveness and performance of commercial U.S.
users of such technology;
- U.S. national security and law enforcement interests;
* the strength of various cryptographic technologies known and
anticipated that are relevant for commercial and private purposes;
* current and anticipated demand for information systems security
based on cryptography;
* the impact of foreign restrictions on the use of, importation of, and
the market for cryptographic technology;
* the extent to which current cryptography policy is adequate for
protecting U.S. interests in privacy, public safety, national
security, and economic competitiveness;
* strengths and weaknesses of current key escrow implementation
schemes;
* how technology now and in the future can affect the feasible policy
options for balancing the national security and law enforcement
interests of government and the privacy and commercial interests
of U.S. industry and private U.S. citizens;
* recommendations for the process through which national security,
law enforcement, commercial, and privacy interests are balanced
in the formulation of national cryptography policy.
The study will be conducted by a 17-member committee (listed at the
end of this document) that collectively has expertise in computer and
communications technology; cryptographic technologies and
cryptanalysis; foreign, national security, and intelligence affairs; law
enforcement; science policy; trade policy; commercial and business
dimensions of computer technology (hardware and software vendors,
users of cryptographic technologies); and interests in privacy and civil
liberties. A subpanel of the full committee will be cleared at the SI
level and have access to all relevant information to ensure that the
findings, conclusions, and recommendations of the unclassified report
are consistent with what is known in the classified world.
The project plan calls for the study to be delivered approximately two
years after full processing of all necessary security clearances.
However, the NRC will make every attempt to deliver the study sooner,
and it currently believes that the core work of the study will be
completed about 18 to 20 months after funding for the study has been
received. Additional time will be devoted to dissemination of the study
report and follow-up activities.
The final report of the study committee is subject to NRC review
procedures that ensure the objectivity and integrity of all NRC reports.
The main text of the report will be unclassified; classified annexes (if
any) will be made available only to those with the appropriate security
clearances.
PROVIDING INPUT TO THE COMMITTEE
The questions that the study is expected to examine are provided above.
Members of the interested public are invited to submit their views on
these questions and any other questions that you believe the committee
should be addressing through either of the channels below. If desired,
requests for personal presentations to the committee should be submitted
through these channels as well; the committee will respond affirmatively
to as many such requests as possible, but time and resource constraints
will limit the number of such requests that can be honored.
Internet: send comments and other correspondence to
CRYPTO@NAS.EDU.
U.S. Mail:
Cryptography Project
Computer Science and Telecommunications Board
National Research Council
Mail Stop HA-560
2101 Constitution Avenue, NW
Washington, DC 20418
COMMITTEE TO STUDY
NATIONAL CRYPTOGRAPHY POLICY
Kenneth Dam, committee chair, was Deputy Secretary of State (1982-
1985) and is currently the Max Pam Professor of American and Foreign
Law at the University of Chicago Law School.
General W. Y. Smith, retired, committee vice-chair, is president
emeritus of the Institute for Defense Analyses, and has also served in a
number of military posts including that of deputy commander in chief of
the U.S. European Command in Germany.
Lee Bollinger, formerly dean of the University of Michigan Law School,
is currently provost of Dartmouth College and a constitutional scholar.
Ann Caracristi, retired, was Deputy Director of the National Security
Agency (1980-1982).
Benjamin Civiletti was U.S. Attorney General (1979-1981), and is
currently in private practice with the law firm Venable, Baetjer, Howard
and Civiletti.
Colin Crook is senior technology officer for Citicorp.
Samuel Fuller is vice president of corporate research at Digital
Equipment Corporation.
Leslie Gelb is president of the Council on Foreign Relations. He served
as Assistant Secretary of State for Politico-Military Affairs
(1977-1980).
Ronald Graham is a director of information sciences at AT&T Bell Labs
and a professor of mathematics at Rutgers University.
Martin Hellman is professor of electrical engineering at Stanford
University. Dr. Hellman was one of the inventors of public key
encryption.
Julius Katz is president of Hills & Company, and was deputy United
States trade representative (1989-1993).
Peter Neumann is principal scientist in the Computer Science Laboratory
at SRI International. He is the chairman of the ACM committee on
computers and public policy, and a member of the ACM study group on
cryptography policy.
Raymond Ozzie is president of Iris Associates, a wholly-owned
subsidiary of the Lotus Development Corporation. Iris Associates is the
developer of Lotus Notes.
Kumar Patel is vice chancellor for research at UCLA.
Edward Schmults was Deputy Attorney General of the United States
(1981-1984) and is a former senior vice president for external relations
and general counsel for the GTE Corporation.
Elliot Stone is executive director of the Massachusetts Health Data
Consortium, which is responsible for the collection and analysis of the
state's large health care databases.
Willis Ware, retired, is with the RAND Corporation as senior computer
scientist emeritus. He chairs the Computer System Security and Privacy
Advisory Board which was established by the Computer Security Act of
1987.
STAFF AND ORGANIZATIONS
Marjory Blumenthal is director of the Computer Science and
Telecommunications Board (CSTB).
Herbert Lin is study director and senior staff officer of the CSTB.
Inquiries about this study should be directed to him at 202-334-3191 or
via Internet at HLIN@NAS.EDU.
The National Research Council (NRC) is the operating arm of the
Academy complex, which includes the National Academy of Sciences,
the National Academy of Engineering, and the Institute of Medicine.
The NRC provides impartial and independent advice to the federal
government and other policy makers, by applying top scientific and
technical talent to answer questions of national significance. In
addition, the NRC often acts as a neutral party in convening meetings
among multiple stakeholders on various controversial issues, thereby
facilitating the generation of consensus.
Within the NRC, the CSTB considers technical and policy issues
pertaining to computer science, telecommunications, and associated
technologies as critical resources and sources of national economic
strength. A list of CSTB publications is available on request to
CSTB@NAS.EDU or by calling 202-334-2605.
Return to September 1994
Return to “schneier@chinet.chinet.com (Bruce Schneier)”
1994-09-21 (Wed, 21 Sep 94 14:35:42 PDT) - National Research Council study of cryptography - schneier@chinet.chinet.com (Bruce Schneier)