NRC Cryptography Report: The Text of the Recommendations

[jim bell]

At 04:04 PM 5/30/96 -0700, Hal wrote:

>This is then followed with a couple of pages of justification for why
>this relaxation of the export policies should be allowed.  Much is made
>of the fact that people will be more likely to use 56 bit encryption than
>the 40 bit which is currently allowed.  (This is an example of the
>perspective issue I mentioned above.)  However, nowhere is it stated why
>more than 56 bits is not OK, and why it is necessary to forbid repeated
>use to increase confidentiality.  There is not one word of discussion of
>this proviso.

A very curious omission!  It seems to me that if they're trying to explain 
any sort of limits on encryption, they should focus carefully on WHY those 
limits should exist, and why, exactly, those limits should be selected at 
any particular level.

>Third, although in broad terms the report is supportive of the use of
>cryptography, the specific recommendations do very little to liberalize
>current policies.  Free domestic access to cryptography is already the
>law.  Raising the export size limit from 40 to 56 bits is a step
>forward, but a small one.  Beyond 56 bits they recommend the
>requirement of escrowed encryption.  Given current moves to standardize
>on triple DES, this is a retrenching action.  They recommend
>criminalizing the use of cryptography in committing crimes, admitting
>that this may be used in some cases (as comparable mail fraud statues
>have been) to bring prosecutions against people who cannot be proven to
>have committed any other crime.  "[T]he committee understands that it
>is largely the integrity of the judicial and criminal justice process
>that will be the ultimate check on preventing its use for such
>purposes."

I can think of a much better "ultimate check on preventing its use for such 
purposes."

Jim Bell
jimbell at pacifier.com