Leahy's Crypto Wake-up Call
Excerpt from Congressional Record, April 2, 1998: WAKE-UP CALL ON ENCRYPTION Mr. LEAHY. In my view, encryption legislation should promote the following goals: First, legislation should ensure the right of Americans to choose how to protect the privacy and security of their communications and information; Second, legislation should bar a government-mandated key escrow encryption system; Third, legislation should establish both procedures and standards for access by law enforcement to decryption keys or decryption assistance for both encrypted communications and stored electronic information and only permit such access upon court order authorization, with appropriate notice and other procedural safeguards; Fourth, legislation should establish both procedures and standards for access by foreign governments and foreign law enforcement agencies to the plaintext of encrypted communications and stored electronic information of United States persons; Fifth, legislation should modify the current export regime for encryption to promote the global competitiveness of American companies; Sixth, legislation should not link the use of certificate authorities with key recovery agents or, in other words, link the use of encryption for confidentiality purposes with use of encryption for authenticity and integrity purposes; Seventh, legislation should, consistent with these goals of promoting privacy and the global competitiveness of our high- tech industries, help our law enforcement agencies and national security agencies deal with the challenges posed by the use of encryption; and Eighth, legislation should protect the security and privacy of information provided by Americans to the government by ensuring that encryption products used by the government interoperate with commercial encryption products. Do you agree with these goals? Mr. ASHCROFT. Yes, I agree with these goals and will look to these same items as a reference point for the drafting, introducing and passage of encryption reform legislation. Mr. LEAHY. Would the Senator agree to work with me on encryption legislation that achieves these goals and that we could bring to the floor this Congress? Mr. ASHCROFT. Yes. I believe it is critical for us to address this issue and soon. I also believe that we should work together to produce a piece of legislation that demonstrates our position on encryption policy. ----- Full remarks: http://jya.com/wakeup-call.txt (18K)
In <199804060308.XAA25459@camel7.mindspring.com>, on 04/05/98 at 11:08 PM, John Young <jya@pipeline.com> said:
Third, legislation should establish both procedures and standards for access by law enforcement to decryption keys or decryption assistance for both encrypted communications and stored electronic information and only permit such access upon court order authorization, with appropriate notice and other procedural safeguards;
And just *how* do they plan on doing this without either backdoors or escrow??
Fourth, legislation should establish both procedures and standards for access by foreign governments and foreign law enforcement agencies to the plaintext of encrypted communications and stored electronic information of United States persons;
I think not. They just don't get it. -- --------------------------------------------------------------- William H. Geiger III http://users.invweb.net/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/esecure.html ---------------------------------------------------------------
At 09:37 PM 4/5/98 -0500, William H. Geiger III wrote:
In <199804060308.XAA25459@camel7.mindspring.com>, on 04/05/98 at 11:08 PM, John Young <jya@pipeline.com> said:
Third, legislation should establish both procedures and standards for access by law enforcement to decryption keys or decryption assistance for both encrypted communications and stored electronic information and only permit such access upon court order authorization, with appropriate notice and other procedural safeguards;
And just *how* do they plan on doing this without either backdoors or escrow??
Easy, Constitutional, and doesn't need any new legislation - all you need is a warrant or subpoena to tell anybody to produce those records and materials they have. If they didn't save a recording of their telephone call or email, or think the Fifth Amendment reasonably prohibits them from being compelled to incriminate themselves, then the prosecution doesn't get anything. No problem, and it's worked quite well for 200+ years.
Fourth, legislation should establish both procedures and standards for access by foreign governments and foreign law enforcement agencies to the plaintext of encrypted communications and stored electronic information of United States persons;
I think not. They just don't get it.
There may be cases where there's some foreign jurisdiction over communications with US persons, either travellers or emigrants to those governments' territories, and they can use whatever methods are locally popular; some of them, like torture, tend to require strongly worded notes from the State Department complaining about such behaviour. But as you say, I think not, and no, they don't get it. Just because Leahy is willing to allow businesses to export things doesn't mean he isn't a tool of Big Brother. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
In <3.0.5.32.19980405232651.0089bb10@popd.ix.netcom.com>, on 04/05/98 at 11:26 PM, Bill Stewart <bill.stewart@pobox.com> said:
Third, legislation should establish both procedures and standards for access by law enforcement to decryption keys or decryption assistance for both encrypted communications and stored electronic information and only permit such access upon court order authorization, with appropriate notice and other procedural safeguards;
And just *how* do they plan on doing this without either backdoors or escrow??
Easy, Constitutional, and doesn't need any new legislation - all you need is a warrant or subpoena to tell anybody to produce those records and materials they have. If they didn't save a recording of their telephone call or email, or think the Fifth Amendment reasonably prohibits them from being compelled to incriminate themselves, then the prosecution doesn't get anything. No problem, and it's worked quite well for 200+ years.
Well call me a cynic but in reading section #3 I take that as to mean access without the help or cooperation of the person(s) who did the encryption. If they are willing to rely on the Constitution then why push for new, and as you mentioned, unneeded legislation? I think the rest of this is just window dressing for organizations like the EFF, et al who are just bursting to make a deal. I smell a lawyer in the woodpile. -- --------------------------------------------------------------- William H. Geiger III http://users.invweb.net/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/esecure.html ---------------------------------------------------------------
participants (3)
-
Bill Stewart -
John Young -
William H. Geiger III