Interesting People mailing list archives
U.S. Council, Clipper Chip and export control meetings last week
From: David Farber <farber () central cis upenn edu>
Date: Wed, 4 May 1994 04:15:59 -0400
Date: Tue, 3 May 94 14:10 EST From: "Robert S. Powers" <0002728164 () mcimail com> Last Tuesday (26Ap94) I was part of a delegation of the U. S. Council for International Business, to address issues associated with the Clipper Chip proposal and export control rules and legislation. The delegation held separate meetings with: - Ray Kammer; Deputy Director, NIST Lynn McNulty; head of a cryptology group at NIST - Mike Nelson; OSTP, and VP Gore's chief technology advisor - Brad Gordon; Staff Director, Subcommittee on International Operations, Committee on Foreign Affairs, US House of Representatives The delegation included: Ed Regan, VP, Chemical Bank William Whitehurst, IBM Don Gilbert, American Petroleum Institute Jill Oliver, J.P. Morgan Nanette diTosto, U.S. Council on International Business Yours Truly In all the meetings, the delegation stressed that its focus was on the international impacts of the proposed Clipper Chip and the existing and proposed export policies, not on the privacy aspects of Clipper. NIST ---- My impression was that the NIST folks are truly interested in getting to reasonable answers/policies rather than taking absolute positions. They clearly recognize the potential opposition of foreign governments, to Clipper. Kammer stressed that Clipper is a *voluntary* Federal Information Processing Standard (FIPS), and is not mandatory even for federal agencies, let alone for the general public. Most people's understanding, based on previous hints from the FedGov, is that Clipper/Capstone would be mandatory for FedGov agencies. Kammer confirmed that this Administration, at least, has no intent to outlaw the use of other encryption algorithms in the United States. (But of course, who can speak for future Administrations?) Kammer expressed some interest in the idea of using escrow agents internal to U.S. corporations, for phones used by those corporations, on the generally accepted assumption that such escrow agents would cooperate with law enforcement agencies that came to them with court orders. But law enforcement agencies might not like this option. The current Administration position on export controls is that there should be no change in the current policy of strict control on encryption export, based on the conclusion that encryption is "weaponry." There is the possibility of creating an interagency working group to advise on how to keep up with technology. The possibility of working through ITU on international issues associated with Clipper was also discussed, as well as recognition that it would be useful to find ways for the government and private industry to work toward an agreed upon balance between individual privacy and the ability of law enforcement to intercept conversations. When the already wide availability of DES was pointed out, Kammer suggested that modern computers have the power to crack DES- encrypted messages too easily, and predicted that five years from now NIST will no longer be certifying DES. Also discussed was the Administration's interest in the Digital Signature Algorithm -- DSA. The major objection to DSA, as compared to the currently widely accepted RSA signature process, is that DSA can ONLY be used for the signature validation process; and some OTHER algorithm must be installed and used for encryption of the associated message. RSA can be used for both text and digital signatures, although because of RSA's high processing requirements other algorithms are typically used for encrypting very large text files. Kammer is not absolutely wedded to the DSA standard, provided some other proposal meets the performance requirements. Mike Nelson, OSTP ----------------- Ed Regan is the US Council's representative to the International Chamber of Commerce, which is working up a position paper on international encryption policy, to be completed this month (May). The need for the paper is based on the recognition, with which Mike agrees, that to make Clipper or a similar scheme viable, it must be made international. He wants a briefing on the ICC paper, when available. Mike plans an invitation-only conference on encryption issues, in about a month from now. He stressed that the Administration DOES want people and businesses to have encryption available, but with the proviso that law enforcement agencies can decrypt it. The Administration is willing to consider, and he says that it is considering, alternatives to the proposed escrow process, including the possibility of using escrow agents internal to U.S. corporations. His argument about controlling the export of DES and other encryption software is based on the observation that the U.S. controls about 90% (he says) of the world's software market. Forbidding exporting encryption in that mass of software is very effective in cutting down the use of encryption by criminals and terrorists around the world; and if we allowed export of the encryption it would be widely implemented in that 90% of the software market. And, he points out, it's not just the US government, but also foreign governments, that don't want that result. As to the digital signature algorithm: a major goal of the Administration is to develop and implement a royalty-free digital signature algorithm, which RSA is not. Brad Gordon ----------- This meeting focussed entirely on export controls, not on Clipper. The bill introduced by Maria Cantwell, which proposes relaxation of export controls on encryption, is very unlikely to pass, as drafted, Mr. Gordon believes. He stressed that what the NSA and Congress need from industry is a well-supported compromise position on encryption exports. For example, would industry be satisfied with the ability to export encryption hardware/software to OECD countries only? He suggested working closely with the intelligence community, while recognizing that the intelligence folks could not and would not expose many of their reasons for feeling so strongly about export controls. Bill Whitehurst outlined a "traffic light" proposal, from NSA. Red, yellow and green lights (for export authority) would be determined on the basis of both the country and the industry being considered for export permission. --- end ---
Current thread:
- U.S. Council, Clipper Chip and export control meetings last week David Farber (May 04)