1997-09-18 - New Computer Security Act

Header Data

From: John Young <jya@pipeline.com>
To: cypherpunks@toad.com
Message Hash: 39e8c3d35f41dbb67815a277a1e6f0d8cbe0ad2517803e439865d036c228c9e5
Message ID: <1.5.4.32.19970918020421.006952c4@pop.pipeline.com>
Reply To: N/A
UTC Datetime: 1997-09-18 06:24:07 UTC
Raw Date: Thu, 18 Sep 1997 14:24:07 +0800

Raw message

From: John Young <jya@pipeline.com>
Date: Thu, 18 Sep 1997 14:24:07 +0800
To: cypherpunks@toad.com
Subject: New Computer Security Act
Message-ID: <1.5.4.32.19970918020421.006952c4@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



The Computer Security Enhancement Act of 1997 (HR1903)
is intended to replace the Computer Security Act of 1987.
It redefines the role of NIST in meeting federal computer security 
and encryption requirements through cooperation of industry. 
Public use of encryption is also addressed in the bill.

Two lengthy reports on the bill have been issued recently, both
of which provide overviews of the current encryption debate.

House Report 105-243, published on September 3, provides a 
detailed analysis of the bill, hearings held, floor remarks and 
mark-ups since introduction:

   http://jya.com/hr105-243.txt  (115K)

And one published today includes recent floor remarks on 
encryption, mostly supportive of public use:

   http://jya.com/hr1903-floor.htm  (44K)

One point of contention is the evaluation of foreign encryption.
The original bill put that responsibility on NIST, but the latest version
deleted that and leaves the task to BXA (and unnamed others).
Moreover, there's dispute over committee jurisdiction for other 
provisions.

Information security now attracts the swarm, with encryption the 
moths' beacon.







Thread