1997-07-17 - Center for Security Policy calls for domestic key escrow (fwd)

Header Data

From: Declan McCullagh <declan@well.com>
To: cypherpunks@toad.com
Message Hash: 9ee7f887034c6f143dc9f61c6d25daa47437f40a0ca2a5443afd0931713a8746
Message ID: <Pine.GSO.3.95.970717160055.19394C-100000@well.com>
Reply To: N/A
UTC Datetime: 1997-07-17 23:21:54 UTC
Raw Date: Fri, 18 Jul 1997 07:21:54 +0800

Raw message

From: Declan McCullagh <declan@well.com>
Date: Fri, 18 Jul 1997 07:21:54 +0800
To: cypherpunks@toad.com
Subject: Center for Security Policy calls for domestic key escrow (fwd)
Message-ID: <Pine.GSO.3.95.970717160055.19394C-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain





---------- Forwarded message ----------
Date: Thu, 17 Jul 1997 16:00:27 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: fight-censorship-announce@vorlon.mit.edu
Subject: Center for Security Policy calls for domestic key escrow

In the boxing ring of Washington, the Center for
Security Policy packs a hefty punch. Its faxed alerts
appear once or twice a week on the desks of thousands of
key decisionmakers. They're predictably hawkish, with
titles like "The Nation Needs MORE B-2s."

A recent one focused on encryption. The message: The
Clinton administration isn't doing *enough* to control
crypto, especially domestically:

	But a national information infrastructure also needs
	selective transparency on call to support users'
	needs to get at their encrypted data... U.S. law
	enforcement agencies in carrying out criminal
	investigations also need to be able to access voice
	communications, data records and data transmissions
	consistent with constitutional protections. The loss
	of this investigative technique, which is subject
	to strict judicial scrutiny -- would be disastrous
	for law enforcement.

	Regrettably, the Clinton Administration has been
	unwilling to stand up and say, here is what needs
	to be done -- perhaps out of a fear of alienating
	a key constituency, the computer industry.

Read on for the full text of the alert and a
well-reasoned response by ATR's Jim Lucier.

-Declan

Additional articles on crypto:

  http://pathfinder.com/netly/editorial/0,1012,931,00.html

  http://pathfinder.com/netly/opinion/0,1042,1022,00.html

**************

No. 97-D 88

DECISION BRIEF
25 June 1997
For Immediate Release
(202) 466-0515

Breaking the Code on the Encryption Debate: National
Security Interests Are Being Jeopardized

(Washington, D.C.): With relatively little fanfare, a
truly momentous public policy debate is taking place
in Washington. Unfortunately, all other things being
equal, it seems likely that the outcome of this debate
concerning the domestic use, foreign export and
international regulation of encryption techniques will
do grievous harm to the national security interests of
the United States.

'You Can't Tell the Players...'

Such an extraordinary, and ominous, result is in
prospect due to several factors:

By its very nature, encryption -- a generic name for
numerous means of encoding computer, voice or other
transmissions of data so as to conceal the contents
from unauthorized access -- is one of the most complex
and obscure of sciences. Given its direct relevance
for the protection of classified U.S. government
information and for the penetration of foreign
governments and other entities' secure communications,
the U.S. National Security Agency (NSA) has jealously
tried to shield from public view as much as possible
about the technology and techniques involved in
encryption and code-breaking.

The necessary secretiveness associated with what NSA
does and how the spread of encryption systems might
affect the American ability to perform signals
intelligence (SIGINT) by intercepting and monitoring
foreign communications enormously complicates this
debate.

Robust encryption at home contributes to national
security as well as protecting American industry,
critical information networks and citizens' privacy.
But a national information infrastructure also needs
selective transparency on call to support users' needs
to get at their encrypted data.

U.S. law enforcement agencies in carrying out criminal
investigations also need to be able to access voice
communications, data records and data transmissions
consistent with constitutional protections. The loss
of this investigative technique, which is subject to
strict judicial scrutiny -- would be disastrous for
law enforcement.

Widespread use of unbreakable encryption is exactly
what terrorists, drug lords, pedophiles and their ilk
want to see. But law enforcement needs a controlled
window into this encryption as part of its
responsibility to detect, prevent or prosecute
criminal behavior. Experience with court-ordered
wiretaps suggests that, by requiring judicial approval
of such electronic monitoring, this function critical
to the rule of law and a civil society can be
performed without risk of serious abuse.

Due to advances in information techniques, the
know-how and means for providing sophisticated
encryption capabilities has proliferated dramatically
in recent years. With the burgeoning use of the
Internet and other electronic devices for conducting
business, the demand for means to keep voice
communications, data records and data transfers
private has also grown tremendously.

U.S. manufacturers of computer software and hardware
-- many of whom have been key supporters of and enjoy
great influence with President Clinton and his
Administration -- are demanding an opportunity to meet
this demand with encryption products that will be
exceedingly robust, if not impenetrable. They
typically point not only to the trade benefits such
sales would represent but to the prospect that foreign
manufacturers of encryption technologies will gladly
supply products not available from American sources.
Similar arguments have proven effective in obtaining
Administration support for the wholesale elimination
of export controls on powerful computers -- even
supercomputers.

President Clinton has already issued an Executive
Order substantially liberalizing the export of
powerful encryption capabilities. Under its terms,
encryption programs involving up to 40-bit keys (in
layman's terms, the number of variables used in
combination to conceal a given piece of encrypted
message traffic, one of several factors determining
the robustness of an encryption program) can be
exported without a license. The Executive Order also
permits programs of any strength to be exported
provided they have a "key recovery" capability (i.e.,
a code-breaking spare key has been created) -- even if
that key resides with the purchaser of such
encryption.

Civil libertarians -- including some conservatives
with well-deserved reputations for concern about U.S.
national security -- have taken the position that
techniques which impede or preclude government
monitoring of electronic transmissions are highly
desirable. Their enthusiasm for the most widespread
proliferation of encryption techniques, both
domestically and internationally, provides tremendous
political cover for others with more suspect
motivations.

Counter-culture opponents of U.S. government power,
including some holding high office in the Clinton
Administration, appear untroubled by the diminution of
American capabilities to perform signals intelligence
-- historically an area of decisive and strategically
vital advantage for the United States.(1) Evidently,
they are no more concerned by the other side of this
coin: Thanks to the Clinton-approved transfer of
American supercomputers and other powerful data
processing systems, foreign governments are likely to
have much enhanced capabilities to perform their own
code-breaking operations, further reducing U.S.
dominance in the field.

The Legislative Context

Against this backdrop, several bills have been
introduced reflecting two basic approaches. The first
sponsored by Senators Conrad Burns (R-MT) and Patrick
Leahy (D-VT) in the Senate and by Rep. Robert
Goodlatte (R-VA) in the House would essentially
eliminate controls on the export of encryption. This
legislation is favored by the computer software and
hardware industries and a number of civil
libertarians. Senate Majority Leader Trent Lott has
thrown his support behind the Burns-Leahy bill.

A bill recently introduced by Senator John McCain,
chairman of the Senate Commerce Committee, presents an
alternative approach. It attempts to "split the
difference," addressing domestic law enforcement
concerns by way of creating incentives for U.S.
manufacturers to participate in a key management
infrastructure (i.e., establishing means whereby
federal agencies, with appropriate court orders, can
obtain the ability to read encrypted communications).
While the incentives to do so are significant, the
companies would be under no requirement to take part
in this arrangement.

As a sop to the encryption industry, however, the
McCain legislation would make several concessions that
could be injurious to the national security. First, it
would raise the threshold for unlicenced exports from
40 bits to 56 bits. This represents a dramatic
increase in the power of encryption programs that will
find their way into the hands of hostile powers,
international terrorists and other foreign criminal
elements -- and will add dramatically to the time and
computing power required by U.S. intelligence to
monitor their activities.

Second, the McCain legislation calls for the creation
of an industry-government advisory board tasked to
consider and jointly develop recommendations
concerning future standards for encryption exports.
Such an arrangement would put those responsive to
multinational stockholders on an essentially equal
footing with government agencies responsible for the
national security. In addition, the bill would mandate
foreign-availability assessments -- a pretext
frequently used by industry to argue for even the most
irresponsible transfers of U.S. technology.(2)

Parsing Out the Issues

There are, in fact, three separate issues involved in
the present encryption debate -- issues that have, to
some extent, been commingled by the Clinton
Administration, it appears in an effort to obscure
what is at stake for a vital national security
capability.

1. Domestic Policy

Encryption products are the future for the privacy and
security of communications and information. Americans
have a right to be secure in the knowledge that their
private communications and information remain private,
and that they can conduct electronic commercial
transactions reasonably safe from fraud or compromise.
Security embedded in consumer goods (as well as in
information systems) needs to become a common part of
how business works in this country. There is today no
restriction on the use of encryption within the United
States. Americans may import any encryption devices
and software into the U.S. There are, however,
restrictions on the export of U.S. encryption items.

Unfortunately, encryption in the hands of domestic
criminals can be a menace to American business and
society, enabling them to hide illicit records and
transactions. For law enforcement today, encrypted
communications mean no electronic surveillance.
Court-ordered wiretaps may be unenforceable. Because
of the importance of court-ordered electronic
surveillance to law enforcement, law enforcement
agencies across the country believe the impact of
widely proliferating encryption will be disastrous for
them, unless they have a means of lawfully and
promptly decrypting communications and information of
criminal suspects.

Accordingly, the United States requires common
standards for accessing encrypted data and
communications (known as "key recovery"). Importantly,
such standards are required not only by law
enforcement but in order to support commercial needs
(for example, companies need to be able to get at
their electronic records if the person who encrypted
them dies or turns into a vindictive disgruntled
employee). Consumers also have a vested interest in
ensuring that standards exist whereby they can be
assured that encryption will be reliable and easily
interoperable (e.g., to manage interfaces between
various network systems). A domestic public key
recovery infrastructure is the answer to these
requirements,

A public key recovery infrastructure is, however,
particularly essential for law enforcement.
Increasingly, criminals are utilizing techniques to
encode their phone calls, concealing their computer
transmissions and keeping their records locked up in
encrypted computer disks or drives, rather than in
file cabinets. Subject to the limits of U.S.
constitutional guarantees, law enforcement needs to be
able to continue to do its job in the information age.
Law enforcement does not need more intrusive
authorities or abilities than it has now; it needs
merely to be able to continue to be able to make use
of the same investigative techniques presently
available with respect to wiretaps.

Alternatively, if the government does nothing but
passively watch as encryption proliferates with no
standards to guide it, law enforcement will lose
critical investigative capabilities. In all
likelihood, it will be forced to turn to more
intrusive techniques (microphones in the room or car
rather than taps on telephones), measures that are
more invasive of privacy and which put more police
officers' lives at risk. Criminals (drug dealers,
kidnappers, thieves) will enjoy safe havens they do
not presently have, and more good citizens will find
themselves victims of unsolved crimes.

Regrettably, the Clinton Administration has been
unwilling to stand up and say, here is what needs to
be done -- perhaps out of a fear of alienating a key
constituency, the computer industry. The
Administration clearly appreciates the need to support
law enforcement (law and order is, after all, good
politics). But when asked, its spokesmen say they are
afraid their endorsement of a domestic policy would
prejudice its chances of enactment, citing their
experience with the public relations disaster of an
earlier encryption management initiative known as the
"Clipper Chip." The truth is that there is no one
better positioned than President Clinton to provide
leadership, given his well known ties to the hardware
and software industries.

2. Export Controls

In some respects, the Clinton Administration's policy
has been worse than doing nothing: It has tied the
domestic encryption issue to liberalizing export
controls on encryption techniques, ostensibly in the
hopes of buying the support of the producers of
encryption products for greater cooperation with
regard to domestic key management arrangements. This
is most regrettable since export controls are the
single most important tool the United States has for
protecting sensitive national security interests in
this arena.

The unavoidable reality is that U.S. national security
is heavily dependent on being able to collect
intelligence by listening in on what its adversaries
-- actual and potential -- are up to. This
intelligence saves lives, wins wars, and preserves the
peace. And in an era of information warfare, having
superior information systems may be determinative of
military power.

This reality was reflected until last year by treating
encryption technologies as part of the State
Department's Munitions Control List. President
Clinton's Executive Order, however, moved export
controls on such technology over to the much less
rigorous Commerce Department. It also further
adulterated the export controls regime by directing
that: 40-bit encryption programs may be exported
without a license; 56-bit encryption programs may be
exported without a license provided the exporter is
working on a public key recovery technology base; and
any product that is part of a public key recovery
system may be exported without a license.

American products should enjoy the lion's share of the
market (U.S. software has 75% of the global market
today), but U.S. exporters of highly capable "crypto"
-- 40-bit and above -- should be required to get a
license to minimize the likelihood that their products
will fall into the wrong hands. Any further weakening
of export controls would have a deeply debilitating
impact on national security. With all of the focus on
domestic encryption regime, and with no advocacy from
the Executive Branch, national security interests are
not being represented -- and are losing out.

3. International Dimension

To make matters worse, the Clinton Administration --
under the "leadership" of a controversial former
Carter Administration official, David Aaron, who has
been designated as its "Ambassador for Encryption" --
has come up with a curious and dangerous gimmick: It
proposes to "multilateralize" yet another area of
sovereign U.S. policy concern(3) by getting OECD
nations to take the lead in an area it is reluctant to
champion domestically, namely in implementing national
key recovery regimes.

As in other issues -- ranging from environmental
regulation to family planning -- the Administration
appears to hope that the creation of common
international practice and standards will provide a
basis for imposing arrangements domestically that
would otherwise be highly controversial, and perhaps
politically costly. Not surprisingly, the
Administration has come under some criticism from
allies for the hypocrisy of trying to make them go
first with respect to developing key recovery
infrastructures even as it declines to step up to the
issue at home.

But this is worse than simple hypocrisy. It is flatly
inconsistent with American values for U.S. officials
to argue that foreign governments -- many of which do
not recognize the basic individual rights of their
citizens -- should have unfettered access to their
private communications. Few of these governments
actually observe the strict limitations on electronic
surveillance which pertain in the United States. It is
one thing for the U.S. to have a domestic key recovery
regime which is subject to the rigorous and proper
constraints of its Constitution and system of justice.
It is quite another to say that, as a foreign policy
objective of this country, Washington wants to
guarantee the ability of foreign governments to spy on
their own citizens, or (worse) on Americans who may
communicate with those foreign citizens or travel
within those countries.


The Bottom Line

The Clinton Administration appears once again to have
gotten the answers exactly wrong. Their efforts have
confused the debate and helped to divide the ranks of
those who generally are concerned with national
security -- even as they are jeopardizing vital
national security interests, evidently out of a desire
to avoid antagonizing major political donors.

Domestic policy, export controls, and international
accords concerning encryption are different concerns,
each in need of understanding and debate on the
merits. And the vital American national security
requirement for electronic intelligence abroad must be
supported. On an even more fundamental level, those
who traditionally are sensitive to national security
concerns must not allow differing perceptions of
domestic law enforcement to translate into legislation
that may not only endanger the defense of the United
States but undermine its rule of law domestically. A
lawless society is no defender of American liberties.

The undeniable fact is that U.S. national security is
dependent upon our ability to collect intelligence in
peacetime on foreign threats, from terrorist groups to
the proliferation of "weapons of mass destruction" to
the status of thousands of nuclear-tipped missiles in
potentially unfriendly hands. Likewise, success in
foreign matters (from trade to diplomacy to support
for friends and allies) requires intelligence to
identify opportunities for the U.S. officials to act
in defense of our values and interests around the
world.

The U.S. ability to gather SIGINT therefore is not
something about which responsible Americans can afford
to be ambivalent. This is a vital national security
priority. And it is, to be sure, one that must take
precedence over the commercial advantages of selling
U.S. software abroad.

1. During both World War II and the half century of
the Cold War, SIGINT was far and away the most
important type of intelligence the U.S. gathered.
Without the ability to collect and read enemy codes
and ciphers, the U.S. might well have lost the Second
World War. Without SIGINT, the Cold War might have
ended far differently and might well have turned into
a hot war at critical junctures; certainly, the U.S.
would have been almost blind to many of the Soviet
Union's malevolent activities.

2. It is unclear on what basis other industries
selling sensitive products -- for example, the
supercomputer, chemical and biotechnology, machine
tool, chip manufacturers, etc. -- would be denied
similar vehicles for demanding the elimination of any
remaining export controls on the transfer of their
respective products. What is more, it not self-evident
that the national security will be well served by
advertising which foreign encryption products are of
concern to the U.S. government, let alone encouraging
American manufacturers to supply superior -- i.e.,
less breakable encoding techniques -- in place of such
products.

3. See in this connection, the Center's Decision Brief
entitled Truth or Consequences #9: C.W.C. Proponents
Dissemble About Treaty Arrangements Likely to Disserve
U.S. Interests (No. 97-D 46, 27 March 1997).

***************

Americans for Tax Reform

Memo To: Frank
From:    Jim Lucier
CC:	     Friends
Date:	 June 26, 1997

Re:	Encryption and National Security

Dear Frank:

I think we both agree that total U.S. dominance of all
technologies across the board is a vital guarantor of
national security.  We disagree on factual premises.

The powerful encryption methods under discussion are
universally published mathematical techniques taught
in universities everywhere to people like my brother
who studied them at the undergraduate level. I
particularly recommend the fine textbook by Bruce
Schneier, Applied Cryptography.

It is a mistake to assume this information, once
disseminated, can be controlled.  It is also incorrect
to assume there is only one type of encryption which
the U.S. could somehow keep secret.  In fact, there
are an infinite variety of techniques, some more
elegant than others and all with their quirks, but
many offering effective security.  Indeed, almost any
routine that manipulates data --including file
compression algorithms -- can be considered a type of
encryption.

The case of encryption is dramatically unlike that of
supercomputers, where one or two manufacturers in the
U.S. may be uniquely capable of producing cutting edge
equipment.

Bad actors will not voluntarily participate in a key
management system they can easily opt out of. The
impact on crime will be zero. Only law-abiding people
will be trapped in a system that opens them to maximal
violations of privacy by governments and technically
sophisticated rogue agents.

This is not a case of greedy software companies that
want to "sell encryption" overseas. In fact,
encryption software is a low-margin commodity product
that only a few specialists sell profitably.  U.S.
companies want to sell high-margin products like Lotus
Notes, cc:Mail, Domino, secure servers, and Oracle
databases, and sophisticated financial management
tools that operate in a networked environment. U.S.
companies dominate the market for these
enterprise-wide, mission-critical applications.  For
now.

The problem is that without encryption modules, the
American products are useless for conducting secure
business, and the power of networking, which gives
them their unique value-added quality, is eliminated.
U.S. regulations even prohibit American companies from
selling software with "hooks," where foreign-made
encryption products can be plugged in.  The result is
increasing inroads by foreign competitors.  The
German, Japanese, and Chinese governments are
pointedly encouraging their programmers to make hay
while they can. Dozens of companies around the world
explicitly advertise that they sell products not
subject to U.S. export restrictions.

There is also the chance that the United States will
lose the opportunity to set and dominate standards in
vital areas such as digital currency, which involve
encryption now subject to control.  Currently,
Europeans lead in this field.

The use of telephone wiretaps has exploded under the
Clinton Administration, and under legislation passed
last year the number of people impacted by telephone
wiretaps is slated to grow still further. For many,
this gives ample ground to doubt that wiretaps are
used sparingly, or that cases of abuse are minimal.

The real restraint on the use of telephone wiretaps is
that they are very expensive, and they require human
intervention.  Technology does not yet allow machines
to monitor calls.  On the Internet, by contrast,
"packet sniffing" is virtually cost-free, and the
packets of data are machine readable. Thus there is
nothing to prevent widespread abuse of privacy.  The
single-sentence Frist Amendment to McCain-Kerrey which
purports to solve this problem is totally meaningless.

The claims of law enforcement are wildly exaggerated
and not offered in the context of any statistical
evidence to make serious risk assessment possible.
Strong encryption is dangerous?  Compared to what?  No
encryption? A government-sponsored system only
incompetent criminals will use?

For decades people have been predicting the death of
SIGINT.  It never happens. The reason is that as the
volume of communications goes up, the opportunities
for SIGINT also increase. In a networked environment,
virtually any interaction with legitimate businesses,
and even public infrastructure, can create a database
of transaction streams greatly useful to law
enforcement and intelligence agencies, who can examine
this data with powerful heuristic searching tools. The
information age will give, and is giving, law
enforcement officers and intelligence agencies
astonishing new powers. Law enforcement officials who
claim they will be powerless in the future are being
somewhat disingenuous. What really worries them is
missing the opportunity to gain powers they dont have
now, plus the stress of learning to operate in a
different environment.

The key management infrastructure (KMI) called for in
McCain-Kerrey is a fiction.  Detailed technical
standards for such an infrastructure do not exist and
may take several years to develop.  A recent technical
paper by leading private-sector cryptographers claims
that the requirements of building a KMI are beyond the
current expertise of the field.  A central problem is
that the Justice Department's insistence on real-time
access to data in transit is not consistent with
existing models of key recovery for stored data.

If KMI works, it offers no advantage and many grave
dangers.  If it doesn't work, it is a costly drain on
the economic sectors currently driving U.S. economic
growth. A global KMI in which the U.S. arbitrarily
limits its own information security and somehow
expects other countries to participate is an atrocious
idea.

Reasonable people can debate the issue of export
controls.  The weight of evidence suggests that
controls should be loosened, but there can be
legitimate argument  of how far and how quickly we
should go.  The McCain-Kerrey bill is by no means  a
"compromise" on export controls. It is legislation
totally different from the Burns, Goodlatte, and Leahy
proposals Congress has long been considering.  For the
first time, McCain-Kerrey would seek to impose
controls on U.S. domestic use of cryptography through
a combination of regulation, criminal penalties, civil
liability exposure, and taxpayer-financed industrial
policy.

It is highly significant that the Administration
forced this legislation through the Commerce Committee
without a single day's hearings. Senators were given
only three days to study the legislation and supplied
with misleading and incorrect information about who
supported it.  McCain-Kerrey probably could not have
withstood public scrutiny in the Commerce Committee.
As it is, the bill will very likely never move to the
Senate Floor, but the Administration now has
substantial leverage to pursue its regulatory agenda.

The relaxation of exportable key lengths from 40- to
56-bits is not a sop to industry but a pathetic
offering that raises the time-to-break for a foreign
intelligence agency stealing U.S. trade secrets from
..0002 seconds to 12 seconds.  McCain-Kerrey actually
represents a step backward from previous
Administration positions on the issue of export
controls and exemplifies the bad faith and
intransigence this Administration has consistently
shown.  Last year, for instance, the Administration
announced it was relaxing export controls from 40 to
56 bits and then reversed itself, saying the
relaxation, if offered, would only be temporary and
contingent on businesses developing plans to comply
with Administration key-recovery standards.  In short,
the Administration has been using export controls
solely as a club to get unprecedented domestic
regulation.

In economic terms, McCain-Kerrey represents a stunning
arrogation of power by Congress to itself for the
purposes of regulating digital commerce which, as the
digital age begins, is probably at least as
significant as the Communications Act of 1934.  This
makes the "three days-no hearings" approval process in
committee all the more astonishing.

A vigorous national security debate is welcome on this
issue.  The issue of encryption involves profoundly
difficult choices and any decisions we make must be
taken with grave deliberation and great care.  We can
postpone these choices but we cannot put them off
forever. Ultimately, these decisions turn on findings
of fact as to whether control of encryption is still
possible. The Administration has made no effort to
show its entire proposal is not based on wishful
thinking and a regulatory mindset.

The United States does have enormous investment in its
SIGINT capabilities, which are many and varied.  These
will also not disappear overnight. But tomorrow will
not be like today.  Peter Drucker has written movingly
of the stress undergone by companies who feel they owe
their existence to a particular product but who
discover that markets have changed and they must do
something different.  Companies that succeed are the
ones that can innovate.  A similar mindset is in order
for national security policy. The United States has
always competed by out-innovating our adversaries, and
on this basis we have always won.

The risk to be avoided all costs is a Maginot Line
mentality. French planners obsessed with fighting the
first World War lavished untold fortunes and
considerable engineering brilliance on a structure
that was not only useless in the following conflict
but locked France into a defensive posture that
guaranteed France would be defeated in days by the
Germanys mechanized army.

The fundamental national security interest of the
United States is best served by total dominance of
world markets in information technology as well as
information technology products and services,
financial services, telecommunications and a host of
other fields.  Our goal should be raw commercial power
in all these areas -- especially information products
and information flows -- backed by impressive military
and intelligence capabilities. However, we do not reach
this goal by saddling U.S. business with irrational
regulation and ill-conceived industrial policy.

When U.S. companies dominate the world markets for
advanced management software which foreign businesses
must use to remain competitive and telecommunications
services which have no equal on the planet, there is
tremendous scope for the NSA to work productively with
U.S. business. Indeed, the national security community
has long enjoyed such a relationship, and law
enforcement agencies are well-advised to develop one.
The essence of such a relationship, however, is that
it must be maintained quietly.  We do not need to
advertise worldwide exactly how the United States
plans to conduct its foreign intelligence or how law
enforcement agencies, in truly exceptional and
Constitutionally permissible cases, plan to conduct
domestic surveillance.

Meanwhile, we must remember that the United States has
the most to protect in terms of intellectual property,
proprietary knowledge, global business dealings, and
critical information infrastructures that keep all
aspects of our societyincluding the military and
strategic onesrunning smoothly.  We should be the
worlds masters of encryption, the tools to break it,
and the ways of getting around it. We should protect
our information security by having a diversified
environment that relies on no one government-mandated
information standard.

It should be a stated goal of U.S. policy in the
Information Age and the global economy to force
totalitarian societies and welfare states to play by
our rules or collapse. Our friends in Europe need a
wakeup call.  Our trusted allies in Asia need
reassurance the United States can still exert powerful
influence in their region.  Developing nations need
the model of U.S. economic growth. Russia must see
unthreatening but overwhelming U.S. power.  The
Chinese regime should experience outright
destabilization when its totalitarian system breaks
down under a coordinated U.S. information technology
assault through peaceful means such as Radio Free Asia
and Internet communication. These are worthy goals,
and they are eminently attainable, as long as
technology boondoggles dont sidetrack us along the
way.

In short, I salute you for making the best possible
case for caution at a time when caution is due.
However, it is also a time to examine a changing world
carefully and prepare for the future as best we can.
Let's set our sights on a new American Century.



-------------------------
Declan McCullagh
Time Inc.
The Netly News Network
Washington Correspondent
http://netlynews.com/











Thread