---------- Forwarded message begins here ---------- Date: Tue, 5 Mar 1996 23:12:49 +0100 To: "Declan B. McCullagh" <declan+@CMU.EDU> From: jseiger@cdt.org (Jonah Seiger) Subject: Re: NYT: Encryption compromise bill introduced Cc: Fight Censorship Mailing List <fight-censorship+@andrew.cmu.edu>, jim@RSA.COM If you read our statement, you will see that we agree completely with EFF & Jim that the new crime is unnecessary and needs to be addressed. As for the second issue, I understand EFF's concerns, and this is definitely an issue that needs further clarification and discussion. But you should note that the bills do not in any way impose key escrow (and only the Senate bill contains these provisions anyway). In fact,the legislation does precisely the opposite in two ways: 1. The bill explicitly affirms the rights of Americans to use any form of cryptography they choose domestically. 2. By directly attacking export controls, the legislation undermines the only lever the Administration has in imposing Clipper and Clipper II. The Clipper and Clipper II policies are based on the assumption that the market in most cases will support only one version of a particular crypto application. By encouraging only the export of cyrpto w/key escrow mechanisms, the Administration believes that they can force the domestic market to adopt escrow as well. This has not worked yet, but it *has* forced a stalemate that has led to a very little privacy and security for the Net. By undermining the only leverage the Administration has for left to impose key escrow domestically (beyond an explicit effort to ban it outright), these bills effectively remove the current threat of a government imposed domestic escrow crypto policy, and allow the market for strong cryptography to flourish. So again, CDT believes that this legislation represents the best opportunity we have had yet to provide the Internet with the privacy protections and security it desperately needs. There are most certainly areas that we would like to see changed and/or clarified, but that should not overshadow the important opportunity these bills represent. Jonah
Thanks for the clarification, Jonah. I agree the bill will undercut Clipper II, but I share the concerns outlined in the EFF statement, which says the bill:
* Makes it a new crime to "use encryption to obstruct justice", with 5-10 year sentences, plus fines. In plain language, this is a extra criminal charge that can be applied when police are frustrated in an investigation but happen to catch someone breaking the law in some other way.
* Provides a legal infrastructure for key escrow, a system in which all users' keys are copied to permit government access.
Jim Bidzos is the CEO of RSA Data Security, and he supports Leahy's bill. His mail is attached below.
-Declan
---------- Forwarded message begins here ----------
Date: Tue, 5 Mar 96 13:26:39 PST From: jim@RSA.COM (Jim Bidzos) Message-Id: <9603052126.AA19534@RSA.COM> Cc: cypherpunks@toad.com
I'm in favor of the Bill because it specifically prevents, by law, the US Govt from mandating key escrow. Also because it would, by law, force export control of crypto out of the Dept. of State and into the Dept. of Commerce, effectively allowing any crypto used in the US and "widely available" to be exported. (The bill does a few other things. One, it provides for criminal penalties for key holders who abuse their role as an escrow agent, assuming anyone *chose* to use key escrow. Second, it makes the use of encryption -any encryption- a crime if used in the commission of or support of any criminal activity. I think the bill would be better off without these provisions, but I suspect this is an attempt to give the administration something.)
I anticipate that the Administration, led by the intelligence and law enforcement interests, will vigorously lobby against this bill...
-- Jonah Seiger, Policy Analyst Center For Democracy and Technology <jseiger@cdt.org> 1634 Eye Street NW, Suite 1100 Washington, DC 20006 PGP key via finger (v) +1.202.637.9800 http://www.cdt.org/ (f) +1.202.637.0968 http://www.cdt.org/homes/jseiger.html