mrotenberg%cdp.UUCP@labrea.stanford.edu (06/14/91)
STATEMENT IN SUPPORT OF COMMUNICATIONS PRIVACY
Washington, DC June 10, 1991
As representatives of leading computer and telecommunications
companies, as members of national privacy and civil liberties
organizations, as academics and researchers across the country, as
computer users, as corporate users of computer networks, and as
individuals interested in the protection of privacy and the promotion
of liberty, we have joined together for the purpose of recommending
that the United States government undertake a new approach to support
communications privacy and to promote the availability of
privacy-enhancing technologies. We believe that our effort will
strengthen economic competitiveness, encourage technological
innovation, and ensure that communications privacy will be carried
forward into the next decade.
In the past several months we have become aware that the
federal government has failed to take advantage of opportunities to
promote communications privacy. In some areas, it has considered
proposals that would actually be a step backward. The area of
cryptography is a prime example.
Cryptography is the process of translating a communication
into a code so that it can be understood only by the person who
prepares the message and the person who is intended to receive the
message. In the communications world, it is the technological
equivalent of the seal on an envelope. In the security world, it is
like a lock on a door. Cryptography also helps to ensure the
authenticity of messages and promotes new forms of business in
electronic environments. Cryptography makes possible the secure
exchange of information through complex computer networks, and helps
to prevent fraud and industrial espionage.
For many years, the United States has sought to restrict the
use of encryption technology, expressing concern that such
restrictions were necessary for national security purposes. For the
most part, computer systems were used by large organizations and
military contractors. Computer policy was largely determined by the
Department of Defense. Companies that tried to develop new encryption
products confronted export control licensing, funding restrictions,
and classification review. Little attention was paid to the
importance of communications privacy for the general public.
It is clear that our national needs are changing. Computers
are ubiquitous. We also rely on communication networks to exchange
messages daily. The national telephone system is in fact a large
computer network.
We have opportunities to reconsider and redirect our current
policy on cryptography. Regrettably, our government has failed to
move thus far in a direction that would make the benefits of
cryptography available to a wider public.
In late May, representatives of the State Department met in
Europe with the leaders of the Committee for Multilateral Export
Controls ("COCOM"). At the urging of the National Security Agency,
our delegates blocked efforts to relax restrictions on cryptography
and telecommunications technology, despite dramatic changes in Eastern
Europe. Instead of focusing on specific national security needs, our
delegates continued a blanket opposition to secure network
communication technologies.
While the State Department opposed efforts to promote
technology overseas, the Department of Justice sought to restrict its
use in the United States. A proposal was put forward by the Justice
Department that would require telecommunications providers and
manufacturers to redesign their services and products with weakened
security. In effect, the proposal would have made communications
networks less well protected so that the government could obtain
access to all telephone communications. A Senate Committee Task Force
Report on Privacy and Technology established by Senator Patrick Leahy
noted that this proposal could undermine communications privacy.
The public opposition to S. 266 was far-reaching. Many
individuals wrote to Senator Biden and expressed their concern that
cryptographic equipment and standards should not be designed to
include a "trapdoor" to facilitate government eavesdropping.
Designing in such trapdoors, they noted, is no more appropriate than
giving the government the combination to every safe and a master key
to every lock.
We are pleased that the provision in S. 266 regarding
government surveillance was withdrawn. We look forward to Senator
Leahy's hearing on cryptography and communications privacy later this
year. At the same time, we are aware that proposals like S. 266 may
reemerge and that we will need to continue to oppose such efforts. We
also hope that the export control issue will be revisited and the
State Department will take advantage of the recent changes in
East-West relations and relax the restrictions on cryptography and
network communications technology.
We believe that the government should promote communications
privacy. We therefore recommend that the following steps be taken.
First, proposals regarding cryptography should be moved beyond
the domain of the intelligence and national security community.
Today, we are growing increasingly dependent on computer communica-
tions. Policies regarding the appropriate use of cryptography should
be subject to public review and public debate.
Second, any proposal to facilitate government eavesdropping
should be critically reviewed. Asking manufacturers and service
providers to make their services less secure will ultimately undermine
efforts to strengthen communications privacy across the country.
While these proposals may be based on sound concerns, there are less
invasive ways to pursue legitimate government goals.
Third, government agencies with appropriate expertise should
work free of NSA influence to promote the availability of cryptography
so as to ensure communications privacy for the general public. The
National Academy of Science has recently completed two important
studies on export controls and computer security. The Academy should
now undertake a study specifically on the use of cryptography and
communications privacy, and should also evaluate current obstacles to
the widespread adoption of cryptographic protection.
Fourth, the export control restrictions for computer network
technology and cryptography should be substantially relaxed. The cost
of export control restrictions are enormous. Moreover, foreign
companies are often able to obtain these products from other sources.
And one result of export restrictions is that US manufacturers are
less likely to develop privacy-protecting products for the domestic
market.
As our country becomes increasingly dependent on computer
communications for all forms of business and personal communication,
the need to ensure the privacy and security of these messages that
travel along the networks grows. Cryptography is the most important
technological safeguard for ensuring privacy and security. We believe
that the general public should be able to make use of this technology
free of government restrictions.
There is a great opportunity today for the United States to
play a leadership role in promoting communications privacy. We hope
to begin this process by this call for a reevaluation of our national
interest in cryptography and privacy.
Mitchell Kapor, Electronic Frontier Foundation
Marc Rotenberg, CPSR
John Gilmore, EFF
D. James Bidzos, RSA
Phil Karn, BellCore
Ron Rivest, MIT
Jerry Berman, ACLU
Whitfield Diffie, Northern Telecom
David Peyton, ADAPSO
Ronald Plesser, Information Industry Association
Dorothy Denning, Georgetown University
David Kahn, author *The Codebreakers*
Ray Ozzie, IRIS Associates
Evan D. Hendricks, US Privacy Council
Priscella M. Regan, George Mason University
Lance J. Hoffman, George Washington University
David Bellin, Pratt University
(affiliations are for identification purposes only)