From: John Young <jya@pipeline.com>
Date: Fri, 18 Oct 1996 08:55:08 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Kantor Mischaracterizes
Message-ID: <1.5.4.32.19961018155418.006da56c@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The Washington Post, October 18, 1996, p. A26.


   The Administration's Encryption Plan


   I write in response to The Post's Oct. 4 editorial [below]
   that mischaracterizes the administration's recent
   encryption plan.

   The administration's encryption plan is reasonable,
   workable, fair and coherent. It addresses the critical
   issues of promoting the export of encryption products and
   protecting the public safety and our national security. The
   administration's objective is to put forth a balanced plan
   that promotes commerce and protects people. And that's
   exactly what we've done.

   The proof that our plan will work is with the critical mass
   of industry that has announced its intention to work with
   the administration to develop a key recovery system, which
   will allow law enforcement, under proper court order, to
   have access to encrypted data. In fact, many of these
   companies have products they will soon market that both
   safeguard information and protect society, and more are
   expected to follow.

   The National Research Council (NRC) report to which the
   editorial referred recommended allowing the export of
   encryption up to the strength of 56 bits. Contrary to the
   editorial, the president has not "embraced a looser form of
   licensure" than this report. Instead, this administration's
   plan allows the export of encryption up to 56 bits so long
   as industry commits to build and market products that
   support a key recovery system. This is, in fact, a stronger
   form of licensure not called for by the NRC report.

   The Post's editorial conveniently ignores the critical role
   encrypted products play in protecting businesses against
   illegal activity and the privacy rights of individuals.
   This is a disturbing omission that avoids critical concerns
   that can only be advanced by the administration's plan.

   Finally, this administration takes seriously its
   responsibility to protect its citizens and our national
   security. That's why we are not lifting all restrictions on
   the export of encryption products, and why there is a
   two-year deadline on the export of 56-bit encryption
   products. The administration's plan will accelerate the
   development of a market-driven, global key management
   system. That will provide the best security of all.

   Michael Kantor
   Secretary of Commerce
   Washington

   [End]

----------

   The Washington Post, October 4, 1996, p. A22.


   Crypto Politics [Editorial]


   The Clinton administration once had a coherent, if
   unpopular, position on encryption software, the stuff that
   allows you to encode your email messages or other data so
   that no one can read it en route without a key. Now, in the
   wake of word that the president will sign an executive
   order, the position is no longer coherent, nor discernibly
   more popular with the high-tech audience it attempts to
   mollify.

   People and companies doing international financial business
   are highly interested in this kind of software, the more
   powerfully "uncrackable" the better. The U.S. software
   industry thinks there's a lot of money in it, especially if
   encryption becomes routine.

   The administration position till recently was that, much as
   U.S. software companies might profit from being able to
   market "uncrackable" encryption software freely, national
   security and law enforcement considerations dictated that
   such exports be controlled by license. Powerful encryption,
   like arms, could be dangerous in the hands of terrorists,
   rogue governments or international criminals. The software
   was classed as a munition; software above a certain
   uncrackability level could not be exported unless law
   enforcement authorities could get access somehow to the
   "key" after obtaining the proper warrants.

   Unbreakable codes on the loose strike us as a real danger,
   a legitimate reason for tight export controls. But if the
   administration really believes this, you'd think it would
   stick with steps that can plausibly meet the goal of
   control.

   Instead, trying to please, it has been splitting and
   splitting the difference between itself and the largely
   unmoved industry, which argues that no one will buy an
   encryption product that a government can decrypt at will.
   As with arms sales, the companies also argue that if they
   don't sell it, somebody else will, and that anyway it's far
   too late to fence off rogues. The national security people
   respond that there is still a "window," perhaps two years,
   in which they can prevent, if not all leaks of unauthorized
   crypto technology, at least its off-the-shelf use and wide
   adoption as the international standard.

   The administration initially proposed, then repeatedly
   refined, the concept of key "escrow" -- depositing a copy
   of the code with trusted third parties -- but never came up
   with a version the industry would accept. It commissioned
   a National Research Council report, which recommended a
   significant easing of restrictions. Now the president
   appears to have embraced a yet looser form of licensure
   upon declaration by a company that it will develop a plan
   within two years for key recovery. Also, the technology no
   longer will be considered munitions.

   What kind of plan? Nobody can quite say. What if the plans
   aren't acceptable? Licensing will revert to the old rule in
   two years. Will the security issue be moot by then?
   Probably. Barring some burst of clarity, one is left
   wondering whether the administration has compromised or
   caved, and what it now believes about the dangers of
   exporting uncrackable software.

   [End]

   See the National Research Council report:

   http://jya.com/nrcindex.htm