At 10:42 AM 5/30/96 -0700, John Gilmore wrote:

Recommendation 2: National cryptography policy should be developed by the executive and legislative branches on the basis of open public discussion and governed by the rule of law.

Why is it that we even need a "national cryptography policy"? We don't have a "national beer policy," do we? A "national furniture policy"? A "national pencil policy"? A "national movie policy"? The very concept of a "national cryptography policy" implies a level of centrally-controlled interest that is unjustified given our constitutution and laws.

Recommendation 3: National cryptography policy affecting the development and use of commercial cryptography should be more closely aligned with market forces.

Does this mean, "Give people what they want," or merely "suck up to industry"? There is a difference...

Recommendation 4: Export controls on cryptography should be progressively relaxed but not eliminated.

4.1 -- Products providing confidentiality at a level that meets most general commercial requirements should be easily exportable. Today, products with encryption capabilities that incorporate 56-bit DES provide this level of confidentiality and should be easily exportable.

What if "commercial requirements" including security the NSA can't break?

4.2 -- Products providing stronger confidentiality should be exportable on an expedited basis to a list of approved companies if the proposed product user is willing to provide access to decrypted information upon legally authorized request.

Where's the justification for any restrictions at all? We all know that good encryption is going to get out, anyway. No criminals are going to use escrowed encryption, which removes the justification for a restriction. And what is a "legally authorized request"? If a encryption user in another country is given a "legally authorized request" from a US court, in what way is it binding on HIM?

5.3 -- To better understand how escrowed encryption might

operate, the U.S. government should explore escrowed encryption for its own uses. To address the critical international dimensions of escrowed communications, the U.S. government should work with other nations on this topic.

Why are these "critical international dimensions"? Why "critical"? I don't see it as coming even close to being "critical."

5.4 -- Congress should seriously consider legislation that would impose criminal penalties on the use of encrypted communications in interstate commerce with the intent to commit a federal crime.

Gee, I wonder who they're thinking of! What's wrong with just punishing the underlying crime? What about some day, when encrypted telephones are ubiquitous, and we use them without thought? Does that mean we're all guilty of an extra crime or two, just by using that crypto phone? Jim Bell jimbell@pacifier.com