From: Jim Gillogly <jim@ACM.ORG>
Date: Fri, 31 May 1996 10:20:02 +0800
To: cypherpunks@toad.com
Subject: NRC's CRISIS report: Chairman's opening statement
Message-ID: <199605301801.LAA25779@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



                             OPENING STATEMENT

                                KENNETH DAM

               Max Pam Professor of American and Foreign Law
                     University of Chicago Law School
                                    and
          Chair, Committee to Study National Cryptography Policy

    News Conference on Cryptography's Role in Securing the Information
                                  Society

                            National Press Club
                             Washington, D.C.
                               May 30, 1996

                                    ***

  Good morning.  In this age of telecommunications and lightning-speed
  advances in computing, keeping private information private gets tougher
  all the time.  Without proper safeguards, personal financial
  transactions, medical records, corporate secrets such as bidding
  information and proprietary research reports may be compromised by
  criminals and corporate spies.  Without proper safeguards, crucial
  information systems such as those of the banking system and the public
  switched telecommunications network may be vulnerable to intrusion by
  terrorists, curious computer hackers, and unfriendly foreign governments.

       One of the best ways to protect electronic information is through
  encryption, which is the use of mathematical formulas to scramble
  information into digital codes.  Once of concern only to spies and the
  military, cryptography has now become a vital tool for protecting the
  legitimate interests of  the nation's businesses and the privacy of its
  citizens.  This change has created a dilemma for the U.S. government
  because encryption also can be used in a wide range of illegitimate
  activities.  Drug dealers, terrorists, and other criminals can use
  cryptography to thwart even legally authorized search and surveillance by
  law enforcement officials; foreign governments can encrypt information
  that the U.S. needs to protect its national security.  Now the federal
  government -- which in the past has sought to restrict the spread of
  encryption --  must weigh the pros and cons of promoting broader use of
  cryptography.

       The National Research Council was asked by Congress to provide
  policy makers with guidance in making this assessment. Our study
  committee was made up of individuals with expertise in many relevant
  fields: technical expertise in computers, communications, and
  cryptography; policy experience in law enforcement, intelligence, civil
  liberties, national security, diplomacy, and international trade;
  business experience in telecommunications and computer hardware and
  software, as well as in protecting information in the for-profit and
  not-for-profit sectors.  It was formed to examine the appropriate balance
  among various national security, law enforcement, business, and privacy
  interests.

       Our committee's broad conclusion is that the advantages of
  cryptography in safeguarding information outweigh the possible
  disadvantages of making apprehension and prosecution of criminals more
  difficult.  Thus, we believe that federal policies should promote rather
  than discourage the use of encryption.  For example, current export
  controls impede the use of strong encryption by U.S. firms with foreign
  customers and suppliers as well as reducing the availability of strong
  encryption domestically. The government needs to make it easier for U.S.
  companies operating internationally to use strong encryption, and for
  U.S. technology vendors to develop and sell cryptography products both in
  this country and abroad.  Indeed, maintaining world leadership for U.S.
  information technology vendors is an important contribution to national
  security, as well as being important to the economy.

       Furthermore, the development of products with encryption should be
  driven largely by market forces rather than by government-imposed
  requirements or standards.  There are no legal limits on the kinds of
  encryption that presently can be sold in the United States and  we
  strongly endorse the idea that no law should bar the manufacture, sale,
  or use of any form of encryption within the United States.

       We do not believe that by adopting such a course the government
  would necessarily be choosing the interests of business and individuals
  over those of national security and law enforcement.  We say this for two
  reasons.  First, availability of encryption technologies will benefit law
  enforcement and national security.  Here's how: by making economic
  espionage more difficult, cryptography supports law enforcement.  By
  protecting elements of the civilian infrastructure such as banking,
  telecommunications, and air traffic control networks, cryptography
  safeguards national security.

       The second reason is that current national policy -- which
  discourages the use of cryptography despite its many valuable
  applications -- can at most delay encryption's spread.  Already, the use
  of such technologies is growing, and in the long run, we believe
  widespread non-governmental use of cryptography in the United States and
  abroad is inevitable.  The government should recognize this changing
  reality and help law enforcement and national security authorities
  develop the new technical capabilities they will need to conduct
  investigations and surveillance in a world in which information will be
  more protected and even unencrypted communications will be harder to
  read.

       Our report also urges that the government should explore escrowed
  encryption rather than the aggressive promotion that is the case today.
  Encrypted information is unintelligible to anyone lacking the keys to
  unlock the digital code.  In escrowed encryption, the decoding key would
  be held by a trusted third-party organization or institution.  This is
  attractive to law enforcement agencies because with a court order, they
  could obtain the key and unlock even the most unbreakable code.  However,
  escrowed encryption is relatively untried and many unresolved issues
  remain, ranging from the liability of these third parties to the
  magnitude of the risk incurred by companies trusting these third parties
  with the keys to their sensitive business plans and trade secrets.

       Rather than aggressively promoting escrowed encryption, our
  committee believes that the government should explore escrowed encryption
  for its own purposes as a way of gaining operational experience with this
  technology and making it more useful to the commercial sector.  Even when
  that occurs, we say that adoption of escrowed encryption or of any other
  specific technology or standard by the commercial sector should be
  voluntary and based on business needs, not government pressure.

            To make it easier for U.S. companies with foreign customers and
  suppliers to protect their information with the best encryption
  technologies, the committee believes that export controls should be
  progressively relaxed, though not eliminated. Right now federal law makes
  it hard to export strong encryption technology.  This helps protect the
  government's ability to gather foreign intelligence.  However, it also
  makes it more difficult for U.S. technology vendors to produce and sell
  cryptography products both here and overseas, and it limits what's
  available here because software companies are reluctant to develop
  different products for U.S. and foreign markets.

       And we call on the executive and legislative branches to develop
  national cryptography policy on the basis of open public discussion.  In
  the past, government officials have treated many aspects of cryptography
  policy as "top secret," to be discussed only behind closed doors.  This
  has led to considerable public distrust and resistance, which makes it
  impossible to achieve consensus.

       In our report we point to a number of specific areas such as
  telecommunications and banking where the government should actively
  promote the adoption of encryption. For example, the privacy of the
  cellular phone and the security of the nation's telecommunications
  networks should be enhanced through the use of cryptography.  In the case
  of the cellular phone many people have at home, the digital signals sent
  between the cell phone and the cell's ground station could be encrypted.
  This would prevent eavesdroppers from listening in on conversations.

       Overall, we believe that adoption of our recommendations would lead
  to enhanced protection and privacy for individuals and businesses in a
  many areas, while also bolstering the international competitiveness of
  U.S. companies.

       My colleagues and I will now entertain questions from the media.
  Before asking a question, please step to an aisle microphone and state
  your name and affiliation.

----------------------------------------------------------------------------