| "EPIC is a public interest research center in Washington, D.C. It was
established in 1994 to focus public attention on emerging civil liberties issues and to
protect privacy, the First Amendment, and constitutional values" (EPIC).
EPIC made the following policy recommendations on the export of cryptography: (http://www.epic.org/crypto/key_escrow/sobel_criteria.html)
At a presentation to the National Research Council earlier this year, EPIC made clear
the steps that must be taken to develop a sensible, forward-looking proposal for
encryption. The following seven principles should guide government consideration of this
issue.
- Relax export controls on encryption and permit the free flow of encryption products
across national borders
The Export Administration Act unnecessarily inhibits the exchange of techniques for
privacy and slows development of important tools for network users.
- Withdraw FIPS 185 (the Clipper standard for voice, fax, and
low speed data networks in the federal government)
Private industry, the technical community, and the public oppose the adoption of
Clipper. The deployment of Clipper-based schemes in the federal government should be
halted.
- Remove "cryptology" from items that may be classified under executive order
The classification of cryptology has frustrated open government, permitted the
development of sub-optimal technical standards, and slowed technological innovation.
- Do not fund the Telephone Carrier Compliance Program (the "Digital Telephony"
proposal)
The ill-considered proposal to mandate the development and use of technologies for the
surveillance of the nation's telecommunications systems calls for the expenditure of $500
million over the next four years. Given the likelihood that this program will increase
Internet vulnerabilities, all funding should be terminated. We are pleased to note that
the Congress has recently rejected funding for the Digital Telephony proposal. We urge
NIST to recommend against further support by the Administration for this effort.
- Do not permit the use of classified algorithms for public networks
Increasingly, commercial firms and individual developers are making the algorithms for
their program publicly reviewable. This practice promotes the development of better
software and more robust security systems. By refusing to disclose the SKIPJACK algorithm
the federal government not only undermines public confidence in encryption policy, it also
results in less secure networks.
- Assess carefully the impact of Commercial Key Escrow on:
- Communications integrity
- System vulnerability
- User privacy
Since the NRC meeting it has become clear that "Commercial Key Escrow" means,
in fact "Mandatory Key Escrow." It is, therefore, even more urgent that NIST
undertake a careful study of the three factors identified earlier by EPIC.
- Examine the activities of the National Security Agency since passage of the Computer
Security Act of 1987.
The National Security Agency continues to exert disproportionate influence in the
development of federal technology policy, in violation of the Computer Security Act of
1987 and against the better interests of American citizens and American business. It is
time for this to end.
Visit the EPIC website. |