Interesting People mailing list archives
"I support HR3627" -- privacy in communications
From: David Farber <farber () central cis upenn edu>
Date: Wed, 9 Feb 1994 08:48:13 -0500
Date: Wed, 9 Feb 94 07:37 EST From: "Robert G. Moskowitz" <0003858921 () mcimail com> To: cantwell <cantwell () eff org> To: US president <president () whitehouse gov> To: US vice-president <vice-president () whitehouse gov> Subject: I support HR3627 It seems to me that privacy in communications requires three things: - Authentication/non-reputiation - Guarantied data content - Encryption of data Authentication/non-reputiation is not only a security item, i.e. am I communicating with the person I want to, but also a legal issue. If someone says that they will do something in a non-reputiable message and doesn't, they later cannot deny that they made the statement as it is non-reputiable. The data content must be guarantied, as not only might it be maliciously corrupted, but computer programs that forward data have been known to do things wrong, and communication links have been known to alter a byte or two. Data encryption allows for private communications over public servers. The Clipper chip only addresses the last item. And then only over a private, point-to-point link. The Clipper chip on a third party provider's communication link is no assurance that one of the data forwarding systems on the data path has not been comprimised and my data is still being 'watched'. There is an INTERNATIONAL, GATT based standard for EMail that addresses this. It is called X.509. X.509 combines Public Key cryptography and message hashing to meet all three requirements. According to many people that know the legal side better than me, X.509 has been agreed to by the US government at a treaty level and thus needs to be supported and allowed by the US government. Thus the US government cannot take a unilateral position of saying that the Clipper Chip technology is the only communications security the public needs. It is also incumbant on the US government to encourage its citizens to produce the best X.509 products possible to maintain a competitive edge in the messaging software arena. Thus a bill like HR3627 is a key bill. I know that there are limitations and implementation issues to X.509. Also X.509 does not well address real time and interactive communications. There are other efforts in various standard bodies that are addressing this; Privacy Enhance Mail for INTERNET 822 mail, Kerberos (tm) security for the Distributed Computing Environment to name two. The US government needs to nuture technologies like these; they meet critical needs of corporate users of data communications. And again Clipper chip technology does nothing for them. To this end, I ask the US government to pass HR3627 and to scale back the Clipper Chip push. The Clipper chip should be relegated to voice and fax communication at best. There are better, more functional technologies for data communications. Robert G Moskowitz 15210 Sutherland Oak Park, MI 48237
Current thread:
- "I support HR3627" -- privacy in communications David Farber (Feb 09)