From: bart@netcom.com (Harry Bartholomew)
To: cypherpunks@toad.com
Message Hash: 4afbbf0731f8ea4fa87a90f07c289b840d9568d85b96ffc31c53a99706158367
Message ID: <199509111247.FAA00620@netcom16.netcom.com>
Reply To: N/A
UTC Datetime: 1995-09-11 12:50:46 UTC
Raw Date: Mon, 11 Sep 95 05:50:46 PDT
From: bart@netcom.com (Harry Bartholomew)
Date: Mon, 11 Sep 95 05:50:46 PDT
To: cypherpunks@toad.com
Subject: Information Security and Privacy in Network Environments (fwd)
Message-ID: <199509111247.FAA00620@netcom16.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
This was posted to another list today. It purports to be fresh
although the file at the Web site is dated 11 August.
Hope this is not redundant.
> *
> U.S. CONGRESS
> OFFICE OF TECHNOLOGY ASSESSMENT
> Washington, DC 20510
> *
>
> *
> ISSUE UPDATE ON INFORMATION SECURITY AND
> PRIVACY IN NETWORK ENVIRONMENTS
> *
>
> The OTA background paper "Issue Update on Information
> Security and Privacy in Network Environments" is now
> available. Ordering information and details about
> electronic access are at the end of this file.
>
> INFORMATION SECURITY AND PRIVACY ISSUES IN NETWORK
> ENVIRONMENTS REQUIRE CONGRESSIONAL ATTENTION
>
> Transition to a society that depends on electronic
> information and network connectivity brings new concerns for
> information security and effective protection of privacy.
> The new focus must be on safeguarding information as it is
> processed, stored, and transmitted, rather than on
> "document" security or "computer" security. In the
> networked society, responsibility for information security
> is shifting to the end users.
>
> In a background paper released today the congressional
> Office of Technology Assessment (OTA) finds an increasingly
> urgent need for timely congressional attention to these
> concerns.
>
> OTA has updated, at the request of the Senate Committee on
> Governmental Affairs, some key issues identified in its 1994
> report on information security and privacy. OTA found that
> recent and ongoing events are relevant to congressional
> consideration of national cryptography policy and
> government-wide guidance on safeguarding unclassified
> information in federal agencies.
>
> OTA stresses the need for openness, oversight, and public
> accountability--given the broad public and business impacts
> of these policies--throughout the discussion of possible
> congressional actions. In OTA's view, two key questions
> underlie consideration of policy options. The first is: How
> will the nation develop and maintain the balance among
> traditional "national security" and law-enforcement
> objectives and other aspects of the public interest, such as
> economic vitality, civil liberties, and open government?
> The second is: What are the costs of government efforts to
> control cryptography and who will bear them?
>
> None of the cost estimates will be easy to make, warns OTA.
> Ultimately, however, these costs are all borne by the
> public, whether in the form of taxes, product prices, or
> foregone economic opportunities and earnings.
>
> OTA emphasizes that congressional oversight of government
> information security and privacy protection is of utmost
> importance in the present time of government reform and
> organizational streamlining. The security of unclassified
> information has not been a top management priority;
> downsizing can incur additional information security and
> privacy risks. Similarly, says OTA, management must ensure
> integration of safeguards when streamlining agency
> operations and modernizing information systems
>
> OTA finds momentum building for government-wide consolidation
> of information-security responsibilities. Congress must
> resolve the overarching issue of where federal authority for
> safeguarding unclassified information in the civilian
> agencies should reside and, therefore, what needs
> to be done concerning the substance and implementation of
> the Computer Security Act of 1987, says OTA. If Congress retains the
> general premise of the act--that responsibility for
> unclassified information security in the civilian agencies
> should not reside within the defense/intelligence
> community--then vigilant oversight and clear direction will
> be needed, says OTA.
>
> Timely and continuing congressional oversight of
> cryptography policies is crucial, says OTA. Cryptography, a
> fundamental safeguard, can preserve the confidentiality of
> messages and files, or provide "digital signatures" that
> will help speed the way to electronic commerce. Non-
> governmental markets for cryptography-based safeguards have
> grown over the past two decades, but are still developing.
> Research is international; markets would be, says OTA,
> except for governmental restrictions, such as export
> controls that effectively create "domestic" and "export"
> market segments for strong encryption products.
>
> Cryptography policies affect technological developments in
> the field, as well as the health and economic vitality of
> companies that produce or use products incorporating
> cryptography, and consequently, the vitality of the
> information technology industries and the everyday lives of
> most Americans. But, business has strong and serious
> concerns that government interests, especially with respect
> to standards and export controls, could stifle commercial
> development and use of networks in the international arena.
> Given the broad public and business impacts, timely and
> continuing congressional oversight of these policies is
> crucial.
>
> Strong encryption is increasingly portrayed as a threat to
> domestic security (public safety) and a barrier to law
> enforcement if it is readily available for use by terrorists
> or criminals. Thus, export controls, intended to restrict
> the international availability of U.S. cryptography
> technology and products, are now being joined with domestic
> cryptography initiatives, like key-escrow encryption, that
> are intended to preserve U.S. law-enforcement and signals-
> intelligence capabilities.
>
> Public and business concerns surrounding the Clinton
> Administration's escrowed-encryption initiative have not
> been resolved, notes OTA. Many concerns focus on whether
> government-approved, key-escrow encryption will become
> mandatory for government agencies or the private sector, if
> non-escrowed encryption will be banned, and/or if these
> actions could be taken without legislation. Although the
> Clinton Administration has stated that it has no plans to
> make escrowed encryption mandatory, or to ban other forms of
> encryption, OTA points out that, absent legislation, these
> intentions are not binding. OTA concludes that escrowed-
> encryption initiatives warrant congressional attention
> because of the public funds that will be spent in deploying
> them, and also because negative public perceptions of the
> processes for developing and deploying encryption standards,
> and of the standards themselves, may erode public confidence
> and trust in government and the effectiveness of federal
> leadership in promoting responsible use of information
> safeguards.
>
> OTA is a nonpartisan analytical agency that serves the U.S.
> Congress. Its purpose is to aid Congress with the complex
> and often highly technical issues that increasingly affect
> our society.
>
> ORDERING INFORMATION
>
> For copies of the 142-page background paper "Issue Update on
> Information Security and Privacy in Network Environments"
> for congressional use, please call (202) 224-9241. To order
> copies for noncongressional use, call (202) 512-0132 (GPO's
> main bookstore) or (202) 512-1800 and indicate stock number
> 052-003-01416-5. Or send your check for $11.00 a copy or
> provide your VISA or MasterCard number and expiration date
> to Superintendent of Documents, P.O. Box 371954, Pittsburgh,
> PA 15250-7974, [FAX (202) 512-2250]. Free 8-page summaries
> are available electronically, and by calling (202) 224-8996.
>
> ELECTRONIC ACCESS
>
> Readers can access this background paper electronically
> through OTA Online via the following standard Internet
> tools:
>
> WWW: http://www.ota.gov
>
> FTP: otabbs.ota.gov; login as anonymous, password is your e-
> mail address; publications are in the /pub directory
>
> Telnet: otabbs.ota.gov; login as public, password is public
>
> Additional features of OTA Online are available through
> client software with a graphical user interface for
> Microsoft Windows. This software is available free through
> the WWW home page or by contacting the OTA
> Telecommunications and Information Systems Office, (202)
> 228-6000, or email sysop@ota.gov Direct questions or
> comments on Internet services by email to netsupport@ota.gov
>
>
Return to September 1995
Return to “bart@netcom.com (Harry Bartholomew)”
1995-09-11 (Mon, 11 Sep 95 05:50:46 PDT) - Information Security and Privacy in Network Environments (fwd) - bart@netcom.com (Harry Bartholomew)