=========================================================================== VTW BillWatch #33 VTW BillWatch: A weekly newsletter tracking US Federal legislation affecting civil liberties. BillWatch is published at the end of every week as long as Congress is in session. (Congress is in session) BillWatch is produced and published by the Voters Telecommunications Watch (vtw@vtw.org) (We're not the EFF :-) Issue #33, Date: Mon Jan 22 00:42:06 EST 1996 Do not remove this banner. See distribution instructions at the end. ___________________________________________________________________________ TABLE OF CONTENTS Announcements Oregon ISPs stand up for your rights Recap of ECHO Virtual Culture Event 1/21/96 Lotus blinks in industry/NSA crypt standoff Subscription Information (unchanged since 10/21/95) ___________________________________________________________________________ ANNOUNCEMENTS Each week never fails to bring us some interesting development in the world of telecommunications and civil liberties and this one is no different. Keep an eye on http://www.vtw.org/. We'll be posting an alert on the New York State cyberporn bill later tonight. Also, if you haven't yet scheduled a meeting with your legislator and your local ISP to talk about the Exon bill, you're wasting valuable time. Do so now! Shabbir J. Safdar Advisory Board Member Voters Telecommunications Watch This issue can be found in HTML form at URL:http://www.vtw.org/billwatch/issue.33.html ___________________________________________________________________________ [...] LOTUS BLINKS IN INDUSTRY/NSA CRYPT STANDOFF It's not clear why this hasn't made a larger impression on the net yet, because we think its of crucial importance in the ongoing debate about cryptography. For years since the original introduction of the Clipper Chip, the debate over cryptography has continued to gain momentum. Recently, the Administration, embarrassed by its defeat over the Clipper Chip proposal, put forth it's Commercial Key Escrow proposal. What is all the fuss about? It's about cryptography, and who has the right to encrypt information and who has the right to keep the key. Right now, you do, but that could all change. Think of cryptography as a really good front door on your house or apartment. The door key is yours to hold, isn't it? It's your right to give a copy to someone you trust, or if you choose, nobody at all. The Administration contends that this is not so. With their "commercial key escrow" scheme, they contend that you shouldn't be able to build a door they cannot break down, but they also contend that they should be able to order you to give a copy of the key to a government-approved individual, so that they can come enter your house (with a warrant, of course) when they wish. Industry, of course, panned this plan when it proposed late 1995, and continues to object to it. All the while, a standoff continues: the Administration refuses to allow cryptographic software with keys longer than 40 bits to be exported, and industry refuses to build Big Brother into their products. And this is where the standoff stayed until last Wednesday, when Lotus blinked. On Wed, Jan. 17th, 1996, Lotus announced that it had increased the key length of its International version of the Lotus Notes product to 64 bits. They did this by building in a back door for the Administration to use to decrypt any international traffic that it might desire to read. Although there are a lot of reasons why we think this is a terrible idea, the first one that springs to mind is the fact that the one public key that Lotus has embedded in all their software is a single point of failure for every International Lotus user throughout the world. Sure, this key is held with a high security clearance by the government, but then Aldritch Ames also had some of the most sensitive information available to him, and he proved untrustworthy. After all, if $1.5 million can buy a CIA counter-intelligence agent, I wonder how much a Lotus Notes key escrow holder goes for these days? You can find a copy of the Lotus press releases at http://www.lotus.com [...]