NRC Cryptography Report: The Text of the Recommendations

jim bell jimbell at pacifier.com
Thu May 30 22:38:46 PDT 1996


At 10:42 AM 5/30/96 -0700, John Gilmore wrote:
>Recommendation 2:  National cryptography policy should be developed by
>the executive and legislative branches on the basis of open public
>discussion and governed by the rule of law.

Why is it that we even need a "national cryptography policy"?  We don't have 
a "national beer policy," do we?  A "national furniture policy"?  A 
"national pencil policy"?  A "national movie policy"?

The very concept of a "national cryptography policy" implies a level of 
centrally-controlled interest that is unjustified given our constitutution and laws.

>Recommendation 3:  National cryptography policy affecting the
>development and use of commercial cryptography should be more closely
>aligned with market forces.

Does this mean, "Give people what they want," or merely "suck up to 
industry"?  There is a difference...

>Recommendation 4:  Export controls on cryptography should be
>progressively relaxed but not eliminated.
>
>	4.1 -- Products providing confidentiality at a level that
>	meets most general commercial requirements should be easily
>	exportable.  Today, products with encryption capabilities that
>	incorporate 56-bit DES provide this level of confidentiality
>	and should be easily exportable.

What if "commercial requirements" including security the NSA can't break?


>	4.2 -- Products providing stronger confidentiality should be
>	exportable on an expedited basis to a list of approved
>	companies if the proposed product user is willing to provide
>	access to decrypted information upon legally authorized request.

Where's the justification for any restrictions at all?  We all know that 
good encryption is going to get out, anyway.  No criminals are going to use 
escrowed encryption, which removes the justification for a restriction.

And what is a "legally authorized request"?  If a encryption user in another 
country is given a "legally authorized request" from a US court, in what way 
is it binding on HIM?

>	5.3 -- To better understand how escrowed encryption might

>	operate, the U.S. government should explore escrowed
>	encryption for its own uses.  To address the critical
>	international dimensions of escrowed communications, the U.S.
>	government should work with other nations on this topic.

Why are these "critical international dimensions"?  Why "critical"?  I don't 
see it as coming even close to being "critical."

>	5.4 -- Congress should seriously consider legislation that
>	would impose criminal penalties on the use of encrypted
>	communications in interstate commerce with the intent to
>	commit a federal crime.

Gee, I wonder who they're thinking of!

What's wrong with just punishing the underlying crime?  What about some day, 
when encrypted telephones are ubiquitous, and we use them without thought?  
Does that mean we're all guilty of an extra crime or two, just by using that 
crypto phone?

Jim Bell
jimbell at pacifier.com






More information about the cypherpunks-legacy mailing list