My testimony to the House in 1994 on Calea

[Dave Farber <dave () farber net>]

Testimony before the
Committee on Science, Space and Technology
Subcommittee on Technology, Environment and Aviation
U.S. House of Representatives

Hearing on
Communications and Computer Surveillance, Privacy and Security

May 3, 1994

David J. Farber
The Alfred Fitler Moore Professor of Telecommunication Systems
University of Pennsylvania
200 S. 33 rd Street
Philadelphia PA 19104-6389
Net: farber () cis upenn edu


I.      Introduction

Good morning Mr. Chairman and members of the subcommittee. I want to thank
the Committee for inviting me to testify today.

I should start off by stating that the views I will give are my own, and
not necessarily those of any organizations that I am affiliated with --
although I hope they agree with my views. I am speaking merely as a
professional with long experience in the computer and communications
field.

My background has been focused on the understanding of and the development
of technology in the computer and communications area. I started my career
in 1956 with a BS in General Engineering from Stevens Institute of
Technology. Due to the influence of a friend, I interviewed Bell Telephone
Laboratories even though I was accepted into graduate school. I accepted a
very challenging job at Bell Labs helping design the worlds first
electronic switching system which was later installed at Morris,
Illinois. It was the ENIAC of the computer-based telephone systems we have
today. I later went on to do pioneer work in programming languages and
after a period at the RAND Corp. I left industry to join the University of
California at Irvine (UCI) as a faculty member. At UCI I was responsible
for the conceptualization of the first operational distributed computer
system sponsored by the NSF -- the DCS system which was the first use of
client-server ideas, along with the first micro kernel and the first
ring-type Local Area Network. On my journey to the University of
Pennsylvania where I hold the Chair of The Alfred Fitler Moore Professor
of Telecommunication Systems, I collaborated in the creation and operation
of CSNET and the NREN as well as co-authoring the  proposal for the
Gigabit Testbeds. I have served on more industrial and government advisory
committees than is reasonable and am a Fellow of the IEEE. I serve on the
Board of Trustees of both the Electronic Frontier Foundation and the
Internet Society.

My career has been focused on the understanding of, and the development
of, technology in the communications area. I have co-founded several of
the data networks which have led to the National Information
Infrastructure and have taken part in the creation of some of the
technology that makes it possible. For the last several years I have also
been increasingly involved with the policy problems and opportunities
that this technology has created. So while my remarks will focus largely
on the technical aspects of the Clipper and the Digital  Telephony
initiatives I would like to start out by expressing some of my views on
policy and also my views as a concerned citizen.

II.     Public Policy Challenges Posed By New Information & Communication
Technologies

We are at a critical stage in the evolution of a capability that could
rival the industrial revolution in bringing both  good and bad to the
citizens of this nation. The industrial revolution brought unheard of
prosperity to parts of the world and pain and suffering also. The
information revolution, and it is a revolution, can bring a burst of
prosperity and vigor to a world which is increasingly stuck in a morass of
slow growth, regionalization and trade conflicts.

The information revolution is a stew based on a blend made possible by
increasingly complex communications technology mixed with increasingly
more powerful computers. The National Information Infrastructure (NII) and
it's sister the Global Information  Infrastructure (GII) are among the
exciting developments arising out of this technology "stew". All in all,
we have an unprecedented transfer of power into the hands of the public
and the government that results from these technologies. Computer power
that served the entire technical staff of Bell Labs when I was there is
now available in my hand. Communications capabilities only dreamed of in
the Saturday movie serials is now readily available worldwide. This vastly
increased power in the hands of the public has created difficulties for
the policy makers. While technology increases in power at a rate of two
times per year, our ability to understand the policy  implications of
this, sadly, grows very slowly.

This has shown itself recently in the debate about the Clipper encryption
initiative and the Digital Telephony proposals both put forward by the
Clinton/Gore administration and backed heavily by the law enforcement
community. A careful look at each of these initiatives illuminates the
fundamental national issues that are being fought out.

It is critical that this discussion be brought out into that part of the
policymaking process which has always represented the citizens -- the
Congress.  I take as one of my guidelines in thinking about these issues,
a quote by Ben Franklin -- the Founder of the University I am at -- "They
that can give up essential liberty to obtain a little temporary safety
deserve neither liberty nor safety."

< I removed a section on Key Escrow djf>

III. Digital Telephony

I will enumerate my objections to the proposal from a technical/economic
point of view. I join others in attacking it from a
privacy/freedom/necessity standpoint.

In the Clipper controversy, one could find some benefits to the nation in
a properly designed system. In the case of the Digital Telephony proposal
it is difficult to see where there can be a silver lining.

The Digital Telephony proposal calls for the manufacturers of telephone
central office switches, tandom switches and SS7 signaling systems to make
major design changes to their software systems. These changes would
provide, to law enforcement at remote sites, electronic notification of
calls to and from selected numbers/individuals as the individuals wander
through the complex communications structure that has been created in the
United States.

I, and many others, expect that the law would have to be extended to cover
PBXs and even personal computers as they are used more and more as
personal communications devices.

As a colleague of mine has often said "What guarantees that the job of law
enforcement should be easy?". Yet law enforcement noting the increased
complexity of the telecommunications systems and maybe even noticing the
ability of all the components of the NII to carry such communications, has
demanded the right to peek into our minds and to easily find out whom we
call and who calls us.

I have often been credited with using the term "the Full Software
Employment Act of 1994" when I talk about the Digital Telephony proposal.
The proposers talk about costs in the multi hundreds of millions of
dollars to be borne by the Government for the first three years. After
that all is left open.

As one who has in his time designed and built complex systems and who
understands the structure of the current telecommunications structure my
reactions are as follows.

Rational estimates obtained from sources in the industry talk about
numbers from $1.5 to $3 billion  per year. I consider that low. The
complexity of just the Plain Old Telephone System software is enormous.
Re-designing large and often the most complex parts of it will not be easy
nor inexpensive. One must potentially re-engineer the cellular system with
its multiple manufacturers plus the local and toll and tandem switching
centers. The fact that they are programmed devices makes it feasible but
not cheap.  The potential for decreased reliability of the national
telephone grid caused by the large scale changes (presently undefined)  to
the software architecture could cause major dangers to the health and
economy of the country. If you watch the bugs (errors) that are
distributed in well tested and much similar systems (like DOS or MACOS)
you can appreciate the opportunities for chaos -- and it must be done in
three years.

One should carefully note that the national communications system is
marginally reliable at this time. A National Research Council report on it
cautioned that it was poorly equipped to survive in the event of
catastrophies. The recent set of fiber cuts and the resultant severe
disruption of the nation's business is a portent for the future. To spend
money that is in short supply satisfying a poorly articulated and poorly
justified "problem" with wire tapping is to place the nation's economic
health in danger, for communication is the veins that carry the nation's
economic blood -- information.

From the standpoint of the future evolution of our NII, the Digital
Telephony proposal presents a major drag. Whenever a new feature is being
considered for implementation and marketing, one very important issue will
be how much  it will cost to implement it in such a manner as to pass the
hurdles of the proposal. That could price many good ideas that would
improve the usefulness of our NII off the feasibility horizon. Not only
would our citizens not have access to these new and useful services but
they would not be implemented in US manufactured systems and thus could
make our systems less sellable in competition with those of foreign
manufacturers of communications equipment for off shore sales. Note that
off shore sales in the developing parts of the globe represent major
markets which we could lose.

IV. Summary

*       The Information Age poses hard problems for privacy protection,
security
and law enforcement

*       Increasing amounts of personally sensitive and proprietary information
on global, digital networks creates need for security through encryption.

*       Technical knowledge of how to create powerful and practically
unbreakable encryption technology is available throughout the world.

*       Powerful encryption poses real challenges for law enforcement and
national security efforts.

*       These challenges will not be solved by just a single chip such as
Clipper or even just a single legislative act such as the proposed Digital
Telephony bill.

*       As a closed, secret, inflexible standard, Clipper will not be widely
accepted by the market

*       Security systems must be trusted by the broad user community.  Clipper
will never be so trusted because the design of its internal algorithm is
secret

*       Open systems are the only lasting solution to hard technical problems

*       The history of the computer and communications industry has shown that
hard technical problems require open flexible solutions arrived at in an
open manner.

*       The federal government should lead the way toward an open solution,
rather than trying in vain to force a closed solution on the problem.

*       Real alternative to publicly revealed Clipper system design exist,
which
meet law enforcement goals while protecting privacy, civil liberties and
preserving technological flexibility.

V. Conclusion

        There should be no doubt that new computer and communciations
technologies pose challenges for the law enforcement and national security
communities.  By the same token, for the National Information
Infrastructure to succeed, and for US companies to be able to compete in
the world market -- the Global Information Infrastructure -- user security
and privacy must be protected through robust, open cryptography standards.
The Congress and the Administration should lead the way toward solutions
that are open, provide for flexibility in the future, and seek an
appropriate balance of individual privacy and the legitimate needs of law
enforcement. I thank this subcommittee again for its foresight and
guidance in holding this hearing and look forward to working with you in
the future.


FOOTNOTE

1 I would like to explicitly support an idea originated by Steve Walker of
Trusted Information Systems, who proposes the voluntary establishment of
software interface standards to crypto devices and crypto software so that
manufacturers around the world, but especially in the United States, can
create software systems that can be used with nationally required crypto
systems around the world. Such an initiative would greatly enhance the
privacy of individuals and the market for such systems. It would also
create a major opportunity for American companies to market to the world.
Such an initiative would assist in the creation of the GII supported by
the Vice President





-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/