As the broadcast message noted, the ground rules regarding classification were not established by the CSTB, but rather by the U.S. Congress. Note also that the final report is intended to be unclassified, though classified annexes may be necessary for completeness. Regarding the two-year time frame of the study: the premise of the study is that there are many perspectives on the issue and that the appropriate policy balance has not yet been established; surely you would acknowledge that both these statements are true. Thus, a serious study of the issue requires time to reflect, especially if different perspectives are to be reconciled. So, let me invite you folks to submit whatever materials you would like the study committee to consider (e.g., printed articles, written statements, etc), and what opportunity, if any, you would like to have to testify before the committee or its staff. Herb Lin ****
As part of the Defense Authorization Bill for FY 1994, the U.S. Congress has asked the Computer Science and Telecommunications Board (CSTB) of the National Research Council (NRC) to undertake a study of national policy with respect to the use and regulation of cryptography. [...]
A *two year*, *classified* study of national cryptography policy?? I suppose it's just as well. The closest thing we currently have to a "national cryptography policy" are some ineffective and pointless export controls that, if proposed legislation is adopted, may go away in a few months anyway. That would leave civilian cryptography pretty much unregulated -- exactly as it should be. So sure, take all the time you like to "study" the issue. The longer the better. The "cryptography genie" is already well out of its bottle; in two years, it will be everywhere. And yes, by all means, require security clearances of all the participants and classify all of the proceedings. That will exclude many of the biggest names in civilian cryptography -- those who are not US citizens, who will not submit themselves to government censorship, and who do not wish to lend any legitimacy to a government effort that will inevitably try to regulate what will (and should) be left alone. And it will stifle any embarassing public debates on minor issues like free speech, freedom of association and personal privacy, all of which are just annoying technicalities that keep law enforcement and intelligence agencies from doing their jobs more efficiently. Better yet, restrict membership to these loyal law enforcement and intelligence agencies, the same ones responsible for the silly current state of export controls on cryptography. That should eliminate what few shreds of credibility might remain in the Board's final report. Phil