I'm finding myself, unfortunately, needing to respond to a widely distributed article of sorts from the 3.05 issue of CSPR Alert. The article was unsigned, so I can't address it to anyone by name. The article states:

Some people have been given the impression that the Cantwell bill is a response to the Administration's Clipper initiative and that passage of the legislation would effectively put the Clipper issue to rest. Because of the confusion surrounding this proposed legislation, we think it's important to provide some clarifying information.

Avoiding the passive verb structures, this can better be rephrased as "Some people have assumed that..." People are not given impressions, they _form_ impressions themselves. It is indeed important to clarify information. However the attempt to do so that I see here does not in fact clarify. To wit:

Indeed, there is no provision in H.R. 3627 that would in any way rescind the Administration's recent decision to adopt key-escrow Clipper technology as the government encryption standard. The legislation would do precisely what Rep. Cantwell said it would do -- relax restrictions on the export of strong encryption products outside of the United States.

To my knowledge, no one in the know has suggested that the purpose of the Cantwell bill is to "recind" the Clipper EES. It is plain from a reading of EFF's material on the subject, Cantwell's own commentary on the bill, and, of course, the bill itself, that HR 3627 is not intended to directly challenge Clipper (unlike Senator Leahy's proposed hearings, also supported by EFF), but is intended to liberalize export restrictions, pulling an important rug out from under Clipper/Skipjack's metaphoric feet. If one cares to read the mass of Feb. 4 documents issued by the White House, Dept. of State, and other agencies, it is abundantly clear that clamping down export restrictions on all cryptographic products, except those supporting the Administration's EES, is a major part of the proposed Clipper deployment plan. It's been more than adequately debated over the last several months that the such a clampdown is necessary if Clipper is to be a so-called success. The measure is aimed at making it difficult for any non-EES crypto application to compete with Clipper, thereby establishing Clipper as a de facto standard. Given this, _any_ attempt to reduce export restrictions is a positive move for privacy-advocates to support, and serves as a strong, though indirect, countermeasure against Clipper.

Some have suggested that passage of the Cantwell bill would create an environment in which it is less likely that Clipper will become the de facto encryption standard within the United States. This view was expressed by the Electronic Frontier Foundation (EFF) and several large corporations in a letter to the President last December which expressed "tentative" support for Clipper on a "voluntary" basis.

The writer of the message I am replying to here is well aware that this entire matter has been thoroughly dealt with and fully explained. I've done this so many times, I am hesitant to do so again, but these recurring misinterpretations leave me little choice but to clarify one more time:

From EFF's Dec. 8 Cryptography and Policy Statement:

...

[There] was a misunderstanding of what the DPSWG offered the administration in this proposal [the letter referred to above], leading to the belief that both the DPSWG (a coalition of over 50 computer, communications, and privacy organizations and associations) and it's principal coordinating organization, the Electronic Frontier Foundation, have offered to ease their opposition to Clipper.

We see it as a pragmatic effort to get the government to wiggle on these issues: one step in the right direction, with many more to follow. This step is that we insist that use of Clipper and key escrow must be completely voluntary. It's not voluntary if users of the Skipjack algorithm are forced to use key escrow. It's not voluntary if users who do choose escrow are forced to use the government's choice of escrow agents. It's not voluntary if manufacturers such as AT&T are pressured into withdrawing competing products. It's not voluntary when competing products can't be sold in a worldwide market. It's not voluntary if the public can't see the algorithm they are "volunteering" to use. It's not voluntary if the government will require anyone to use Skipjack or escrow, even when communicating with the government. ... But NSA is digging in, and a legislative fight looks more likely. If diplomacy fails, EFF must fight for our rights. Thus, we are going to need all the allies we can find, from IBM, Apple, Lotus, and Sun, to cryptographers, cypherpunks, and folks on the net.

EFF wants the public and the Administration to know (as we have frequently stated to them face to face) that the Electronic Frontier Foundation would fight to the end any attempt by the Administration to do any more than let companies use Clipper if they want and to let people buy it if they want -- and only in a market which has other strong encryption schemes available because export controls have been lifted.

If one actually reads this, one finds that our definition of "voluntary", which has been made _very_ clear to the Administration in repeated face-to-face meetings, stipulates: 1) no forced key escrow, and no forcing of governmental-only escrow for even those that _want_ key escrow 2) no governmental pressure on the marketplace 3) no export restrictions 4) no classified algorithm 5) no FIPS standard, and no forcing _anyone_, even govt. agencies, to use it. In other words, if the entire Clipper scheme were reworked such that Clipper was nothing more than the open, _truly_ voluntary, publicly examinable successor to DES - a quite innocuous govt. crypto standard - then and only then would EFF and the Digital Privacy and Security Working Group offer it's "tentative" support. Please keep in mind that, barring secret NSA backdoors, there is nothing inherently "bad" or "wrong" about the Clipper/Skipjack encryption. Only the methodology involved is reprehensible and unAmerican.

CPSR dissented from this position in a subsequent letter to the President and expressed its opposition to the Clipper proposal under any circumstances.

Please note that EFF also signed this letter. Any opposition to CPSR being perceived here is 100% illusory. At any rate, I'd also like to point out that the DPSWG letter and the EFF '93 crypto-policy statement are at this point old history. They are no longer applicable (an example line: "It is December, the escrow system is still uncertain, and the Administration is still drafting a report which was due in July" - how timely does this sound?) Dragging such a dead horse out for another beating is quite unfathomable to me. I sincerely hope this will the very last time I have to clarify this matter, partly because I'm tired of repeating myself, but mostly because this sort of inter-organization baiting is counter-intuitive and counter-productive for all organizations and individuals involved, and could cost us (by which I mean those opposing Clipper, in general) a lot of credibility. To continue with the present matter, however:

While it is possible that the Cantwell legislation would make it less likely that Clipper will become the de facto privacy standard, such a result is by no means a certainty. It is, in fact, possible that passage of the legislation would provide better U.S. encryption products overseas than would be available within the United States -- particularly if, as many fear, Clipper eventually becomes a mandatory standard in this country.

This is false on its face. Please support the notion that crypto which, somehow, becomes illegalized in this country would be allowed to be manufactured for export purposes only. That's absurd; it's like imagining a "gun control" law that banned using firearms in the US, but encouraged everyone to buy guns and ship them to other countries. At any rate, EFF intends to help see to it that Clipper does _not_ become mandatory, nor that non-Clipper crypto is outlawed [pretty much the same in effect]. No ifs, ands or buts about it. Even beyond this, this scenario is completely unrealistic, not least because the best crypto in the world is _already_ available outside the US. No amount of lawmaking is going to stop it, short of destroying every computer, phone line, fax machine and printing press in the country. Even this will not put the crypto genie back in the bottle anyway. Fact is, some of the best crypto in the world wasn't even made in the US in the first place. Ever heard of IDEA?

We believe that the Cantwell bill is a step in the right direction, as it would remove current disincentives to the development of strong encryption products by U.S. companies.

On this much I think we can be in complete agreement.

But the proposed legislation is not a panacea --

Of course it isn't. Please quote anyone saying that it is.

it would not address the threat to privacy in the United States created by the Clipper initiative. Export controls on cryptography are a related issue, but they are not central to the Clipper controversy. The Administration's adoption of the key-escrow Clipper standard must be opposed and reversed.

Export control reform is indeed central to the issue. Without export controls, the major market-leverage crutch of the entire Clipper scheme is ripped away, revealing the "poor lame beggar" act to be a scam. Law enforcement doesn't "need" the "protection from terrorists, drug dealers and child pornographers" supposedly to be provided by Clipper, any more than the American people need another hole in their privacy. But you know that. If all you mean to say is that the Cantwell bill is not the only way fight Clipper, and will not solve all of the problems, you'd be right. But why don't you just say so, instead of taking this as yet another opportunity for grandstanding? It's unbecoming of an organization on the same side as the rest of us. In closing, I'd just like to say that everyone realizes that Cantwell is not the be-all and end-all of pro-privacy, anti-Clipper action. You can bet I added my signature to _your_ petition, and I hope everyone does, whether it will work or not. Better to have tried and failed that never to have lifted a finger. With that, I must ask you, have _you_ sent in your letter of support for the Cantwell bill yet? If not, it's real easy: State your reasons for supporting the bill, and send them to cantwell@eff.org. The results, already numbering in the thousands, are regularly printed out and delivered to Rep. Cantwell personally. With high regard, but a fair amount of exasperation, S.McC. "We must all hang together, or assuredly we shall all hang separately." - Benjamin Franklin, at signing of Declaration of Independence; July 4 1776 -- Stanton McCandlish * mech@eff.org * Electronic Frontier Found. OnlineActivist F O R M O R E I N F O, E - M A I L T O: I N F O @ E F F . O R G O P E N P L A T F O R M O N L I N E R I G H T S V I R T U A L C U L T U R E C R Y P T O