GAO's "Comm. Privacy: Federal Policy & Actions" now online!

Mon Dec 6 15:36:10 PST 1993

The US General Accounting Office's report, "COMMUNICATIONS PRIVACY:
Federal Policy and Actions" is now online at both the GAO and EFF ftp sites.

>From EFF, you can get the document via anonymous ftp to ftp.eff.org.  The
document is ~pub/eff/papers/osi-94-2.txt.

The file is ~143K.

Here's some info on the report from the latest EFFector Online (6.06):

____ begin fwd _____

Subject: Government Accounting Office Report on Communications Privacy

A few days ago, the Government Accounting Office (GAO) -- an important
internal government investigative organization that's about a lot more
than accounting -- issued a report on communications privacy.

The report makes four very important findings:

1. Privacy-protecting technology (crytopgraphy) is increasingly important
for protecting the security of business communications and personal
information.  But federal policy is getting in the way of this technology.

"Increased use of computer and communications networks, computer literacy,
and dependence on information technology heighten US industries risk of
losing proprietary information to economic espionage.  In part to reduce
the risk, industry is more frequently using hardware and software with
encryption capabilities.  However, federal policies and actions stemming
from national security and law enforcement concerns hinder the use and the
export of U.S. commercial encryption technology and may hinder its
development."

2. The NSA's role in this area is has been extensive, and possibly beyond
the spirit of the Computer Security Act.

"Although the Computer Security Act of 1987 reaffirmed NIST's reponsibility
for developing federal information-processing standards for security of
sensitive, unclassified information, NIST follows NSA's lead in developing
certain cryptographic standards"

3. Opportunity for public input in the standards process has been
insufficient, leading to proposals like Clipper which lack public support.

"These policy issues are formulated and announced to the public, however,
with very little input from directly affected business interests, academia,
and others."

The report draws no specific policy conclusions, but provides excellent
ammunition for those of us who are trying to open up the standards process
and get export controls lifted.

Full text of the report (GAO/OSI-94-2 Communications Privacy: Federal
Policy and Actions) has been made available by ftp from GAO.

The document can be obtained from EFF's FTP site as
~pub/eff/papers/osi-94-2.txt

-- 
Stanton  McCandlish  mech at eff.org  1:109/1103   EFF  Online  Activist & SysOp
O P E N  P L A T F O R M   C R Y P T O P O L I C Y   O N L I N E  R I G H T S
N  E  T  W  O  R  K  I  N  G      V  I  R  T  U  A  L     C  U  L  T  U  R  E
I   N   F  O :  M   E   M   B   E   R   S   H   I   P  @  E  F  F  .  O  R  G