The US General Accounting Office's report, "COMMUNICATIONS PRIVACY: Federal Policy and Actions" is now online at both the GAO and EFF ftp sites.
From EFF, you can get the document via anonymous ftp to ftp.eff.org. The document is ~pub/eff/papers/osi-94-2.txt.
The file is ~143K. Here's some info on the report from the latest EFFector Online (6.06): ____ begin fwd _____ Subject: Government Accounting Office Report on Communications Privacy A few days ago, the Government Accounting Office (GAO) -- an important internal government investigative organization that's about a lot more than accounting -- issued a report on communications privacy. The report makes four very important findings: 1. Privacy-protecting technology (crytopgraphy) is increasingly important for protecting the security of business communications and personal information. But federal policy is getting in the way of this technology. "Increased use of computer and communications networks, computer literacy, and dependence on information technology heighten US industries risk of losing proprietary information to economic espionage. In part to reduce the risk, industry is more frequently using hardware and software with encryption capabilities. However, federal policies and actions stemming from national security and law enforcement concerns hinder the use and the export of U.S. commercial encryption technology and may hinder its development." 2. The NSA's role in this area is has been extensive, and possibly beyond the spirit of the Computer Security Act. "Although the Computer Security Act of 1987 reaffirmed NIST's reponsibility for developing federal information-processing standards for security of sensitive, unclassified information, NIST follows NSA's lead in developing certain cryptographic standards" 3. Opportunity for public input in the standards process has been insufficient, leading to proposals like Clipper which lack public support. "These policy issues are formulated and announced to the public, however, with very little input from directly affected business interests, academia, and others." The report draws no specific policy conclusions, but provides excellent ammunition for those of us who are trying to open up the standards process and get export controls lifted. Full text of the report (GAO/OSI-94-2 Communications Privacy: Federal Policy and Actions) has been made available by ftp from GAO. The document can be obtained from EFF's FTP site as ~pub/eff/papers/osi-94-2.txt -- Stanton McCandlish mech@eff.org 1:109/1103 EFF Online Activist & SysOp O P E N P L A T F O R M C R Y P T O P O L I C Y O N L I N E R I G H T S N E T W O R K I N G V I R T U A L C U L T U R E I N F O : M E M B E R S H I P @ E F F . O R G