As part of the Defense Authorization Bill for FY 1994, the U.S. Congress has asked the Computer Science and Telecommunications Board (CSTB) of the National Research Council (NRC) to undertake a study of national policy with respect to the use and regulation of cryptography. [...]
A *two year*, *classified* study of national cryptography policy?? I suppose it's just as well. The closest thing we currently have to a "national cryptography policy" are some ineffective and pointless export controls that, if proposed legislation is adopted, may go away in a few months anyway. That would leave civilian cryptography pretty much unregulated -- exactly as it should be. So sure, take all the time you like to "study" the issue. The longer the better. The "cryptography genie" is already well out of its bottle; in two years, it will be everywhere. And yes, by all means, require security clearances of all the participants and classify all of the proceedings. That will exclude many of the biggest names in civilian cryptography -- those who are not US citizens, who will not submit themselves to government censorship, and who do not wish to lend any legitimacy to a government effort that will inevitably try to regulate what will (and should) be left alone. And it will stifle any embarassing public debates on minor issues like free speech, freedom of association and personal privacy, all of which are just annoying technicalities that keep law enforcement and intelligence agencies from doing their jobs more efficiently. Better yet, restrict membership to these loyal law enforcement and intelligence agencies, the same ones responsible for the silly current state of export controls on cryptography. That should eliminate what few shreds of credibility might remain in the Board's final report. Phil