Subject: Clipper news
To: None <current-users@sun-lamp.cs.berkeley.edu>
From: None <Mark_Weaver@brown.edu>
List: current-users
Date: 07/25/1994 16:00:36
Although this isn't NetBSD related, I thought many people here would be
interested.  This is a news flash only, please don't discuss this here.

	Mark
--------------------------------------------------------------------
Email: Mark_Weaver@brown.edu           | Brown University
PGP Key: finger mhw@cs.brown.edu       | Dept of Computer Science


From: mech@eff.org (Stanton McCandlish)
Newsgroups: alt.2600,alt.activism,alt.activism.d,alt.politics.datahighway,alt.politics.org.nsa,alt.privacy,alt.privacy.clipper,alt.security.pgp,alt.society.resistance,alt.wired,comp.org.cpsr.talk,comp.org.eff.news,comp.org.eff.talk,misc.legal,sci.crypt,talk.politics.crypto
Subject: White House retreats on Clipper
Date: 21 Jul 1994 13:04:03 -0500
Organization: UTexas Mail-to-News Gateway
Distribution: inet
NNTP-Posting-Host: news.cs.utexas.edu

Yesterday, the Clinton Administration announced that it is taking several
large, quick steps back in its efforts to push EES or Clipper
encryption technology.  Vice-President Gore stated in a letter to
Rep. Maria Cantwell, whose encryption export legislation is today being
debated on the House floor, that EES is being limited to voice
communications only.

The EES (Escrowed Encryption Standard using the Skipjack algorithm, and
including the Clipper and Capstone microchips) is a Federal Information
Processing Standard (FIPS) designed by the National Security Agency, and
approved, despite a stunningly high percentage anti-EES public comments on
the proposal) by the National Institute of Standards and Technology.  Since
the very day of the announcement of Clipper in 1993, public outcry against
the key "escrow" system has been strong, unwavering and growing rapidly.

What's changed?  The most immediate alteration in the White House's
previously hardline path is an expressed willingness to abandon the EES
for computer applications (the Capstone chip and Tessera card), and push
for its deployment only in telephone technology (Clipper).  The most
immediate effect this will have is a reduction in the threat to the
encryption software market that Skipjack/EES plans posed.  

Additionally, Gore's letter indicates that deployment for even the telephone
application of Clipper has been put off for months of studies, perhaps
partly in response to a draft bill from Sens. Patrick Leahy and Ernest
Hollings that would block appropriation for EES development until many
detailed conditions had been met.

And according to observers such as Brock Meeks (Cyberwire Dispatch) and
Mark Voorhees (Voorhees Reports/Information Law Alert), even Clipper is
headed for a fall, due to a variety of factors including failure in
attempts to get other countries to adopt the scheme, at least one state
bill banning use of EES for medical records, loss of NSA credibility after
a flaw in the "escrowed" key system was discovered by Dr. Matt Blaze of
Bell Labs, a patent infringement lawsuit threat (dealt with by buying off
the claimant), condemnation of the scheme by a former Canadian Defense
Minister, world wide opposition to Clipper and the presumptions behind it,
skeptical back-to-back House and Senate hearings on the details of the
Administration's plan, and pointed questions from lawmakers regarding
monopolism and accountability.

One of the most signigicant concessions in the letter is that upcoming
encryption standards will be "voluntary," unclassified, and exportable,
according to Gore, who also says there will be no moves to tighten export
controls.

Though Gore hints at private, rather than governmental, key "escrow," the
Administration does still maintain that key "escrow" is an important part of
its future cryptography policy.

EFF would like to extend thanks to all who've participated in our online
campaigns to sink Clipper.  This retreat on the part of the Executive
Branch is due not just to discussions with Congresspersons, or letters
from industry leaders, but in large measure to the overwhelming response from
users of computer-mediated communication - members of virtual communities
who stand a lot to gain or lose by the outcome of the interrelated
cryptography debates.  Your participation and activism has played a key
role, if not the key role, in the outcome thus far, and will be vitally
important to the end game!


Below is the public letter sent from VP Gore to Rep. Cantwell.

******

July 20, 1994

The Honorable Maria Cantwell
House of Representatives
Washington, D.C.,  20515

Dear Representative Cantwell:

        I write to express my sincere appreciation for your efforts to move
the national debate forward on the issue of information security and export
controls.  I share your strong conviction for the need to develop a
comprehensive policy regarding encryption, incorporating an export policy
that does not disadvantage American software companies in world markets
while preserving our law enforcement and national security goals.

        As you know, the Administration disagrees with you on the extent to
which existing controls are harming U.S. industry in the short run and the
extent to which their immediate relaxation would affect national security. 
For that reason we have supported a five-month Presidential study.  In
conducting this study, I want to assure you that the Administration will
use the best available resources of the federal government.  This will
include the active participation of the National Economic Council and the
Department of Commerce.  In addition, consistent with the Senate-passed
language, the first study will be completed within 150 days of passage of
the Export Administration Act reauthorization bill, with the second study
to be completed within one year after the completion of the first.  I want
to personally assure you that we will reassess our existing export controls
based on the results of these studies.  Moreover, all programs with
encryption that can be exported today will continue to be exportable.

        On the other hand, we agree that we need to take action this year
to assure that over time American companies are able to include information
security features in their programs in order to maintain their admirable
international competitiveness.  We can achieve this by entering into an new
phase of cooperation among government, industry representatives and privacy
advocates with a goal of trying to develop a key escrow encryption system
that will provide strong encryption, be acceptable to computer users
worldwide, and address our national needs as well.

        Key escrow encryption offers a very effective way to accomplish our
national goals,  That is why the Administration adopted key escrow
encryption in the "Clipper Chip" to provide very secure encryption for
telephone communications while preserving the ability for law enforcement
and national security.  But the Clipper Chip is an approved federal
standard for telephone communications and not for computer networks and
video networks.  For that reason, we are working with industry to
investigate other technologies for those applications.

        The Administration understands the concerns that industry has
regarding the Clipper Chip.  We welcome the opportunity to work with
industry to design a more versatile, less expensive system.  Such a key
escrow system would be implementable in software, firmware, hardware, or
any combination thereof, would not rely upon a classified algorithm, would
be voluntary, and would be exportable.  While there are many severe
challenges to developing such a system, we are committed to a diligent
effort with industry and academia to create such a system.  We welcome your
offer to assist us in furthering this effort.

        We also want to assure users of key escrow encryption products that
they will not be subject to unauthorized electronic surveillance.  As we
have done with the Clipper Chip, future key escrow systems must contain
safeguards to provide for key disclosure only under legal authorization and
should have audit procedures to ensure the integrity of the system.  Escrow
holders should be strictly liable for releasing keys without legal
authorization.

        We also recognize that a new key escrow encryption system must
permit the use of private-sector key escrow agents as one option.  It is
also possible that as key escrow encryption technology spreads, companies
may established layered escrowing services for their own products.  Having
a number of escrow agents would give individuals and businesses more
choices and flexibility in meeting their needs for secure communications.

        I assure you the President and I are acutely aware of the need to
balance economic an privacy needs with law enforcement and national
security.  This is not an easy task, but I think that our approach offers
the best opportunity to strike an appropriate balance.  I am looking
forward to working with you and others who share our interest in developing
a comprehensive national policy on encryption.  I am convinced that our
cooperative endeavors will open new creative solutions to this critical
problem.

Sincerely,

Al Gore

AG/gcs

******


-- 
Stanton McCandlish * mech@eff.org * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L    C  U   L   T   U   R   E     C  R   Y   P   T   O

------------------------------------------------------------------------------