At 04:04 PM 5/30/96 -0700, Hal wrote:

This is then followed with a couple of pages of justification for why this relaxation of the export policies should be allowed. Much is made of the fact that people will be more likely to use 56 bit encryption than the 40 bit which is currently allowed. (This is an example of the perspective issue I mentioned above.) However, nowhere is it stated why more than 56 bits is not OK, and why it is necessary to forbid repeated use to increase confidentiality. There is not one word of discussion of this proviso.

A very curious omission! It seems to me that if they're trying to explain any sort of limits on encryption, they should focus carefully on WHY those limits should exist, and why, exactly, those limits should be selected at any particular level.

Third, although in broad terms the report is supportive of the use of cryptography, the specific recommendations do very little to liberalize current policies. Free domestic access to cryptography is already the law. Raising the export size limit from 40 to 56 bits is a step forward, but a small one. Beyond 56 bits they recommend the requirement of escrowed encryption. Given current moves to standardize on triple DES, this is a retrenching action. They recommend criminalizing the use of cryptography in committing crimes, admitting that this may be used in some cases (as comparable mail fraud statues have been) to bring prosecutions against people who cannot be proven to have committed any other crime. "[T]he committee understands that it is largely the integrity of the judicial and criminal justice process that will be the ultimate check on preventing its use for such purposes."

I can think of a much better "ultimate check on preventing its use for such purposes." Jim Bell jimbell@pacifier.com