FC: DoJ says Fidnet will not monitor Internet; Armey's reply

[Declan McCullagh <declan () well com>]

[Here's my article on DoJ's response to Armey's first letter and his reply. I
assume DoJ will write another, but that it will be so vague and conditional it
will be meaningless. Note "as envisioned" caveat below. Visions can change
pretty quickly. I remember the FBI was doing some illegal wiretaps a few
decades back and they knew they'd be questioned about them at a Congressional
hearing. So they yanked the taps temporarily so they could testify under oath
that no such illegal activities were taking place. It's cute, maybe, like a
third-grader trying to lie creatively to his parents without getting caught.
--Declan]


http://www.wired.com/news/news/politics/story/22001.html

                     Fidnet Eases Up on Net Plan
                     by Declan McCullagh 

                     8:20 a.m.  29.Sep.99.PDT
                     The US Department of Justice says its
                     controversial Fidnet plan does not include
                     a proposal to conduct ongoing
                     surveillance of the Internet. 

                     "As envisioned, Fidnet is being designed
                     to monitor federal executive branch
                     computer networks for intrusions, not
                     private networks or the Internet in
                     general," Jon Jennings, acting assistant
                     attorney general, wrote in a letter to
                     Congressional leaders. 

                     He said that existing law allows the
                     government to protect itself from
                     malicious hackers or electronic vandals.
                     "Fidnet, as currently envisioned, is
                     entirely consistent with federal law in this
                     area and with constitutionally protected
                     expectations of privacy," Jennings said in
                     a letter dated 24 September. 

                     [...]


> Date: Fri, 01 Oct 1999 09:52:00 -0400 
> To: Declan McCullagh 
> From: Barry Steinhardt 
> Subject: Armey's Strong Lettert to Janet Reno on Encryption 
>
>
> Declan,
>
> House Majority Leader Dick Armey has posed a series of pointed questions to
> Janet Reno about the Aministration's crypto policy and FIDNET. The response,
> assuming there is one, should be very interesting.
>
> Barry Steinhardt
>
>
>
> This From: Hs Majority Leader Dick Armey, September 28, 1999 
> http://freedom.house.gov/
>
> Sept. 27, 1999 Armey Letter: 
> Encryption and Personal Privacy 
> http://freedom.house.gov/library/technology/reno2letter.asp
>
> Although the Administration has announced a positive 
> change in their policy toward encryption technology, 
> questions remain about how it will be implemented. 
> The followup letter to Attorney General Reno below 
> seeks clarification of the Administration stance toward 
> this important personal privacy issue.
> Read the original letter here: 
> http://freedom.house.gov/library/technology/renoletter.asp
>
>
> September 27, 1999 
> Janet Reno, Attorney General 
> US Department of Justice 
> 950 Pennsylvania Avenue, NW 
> Washington, DC 20530-0001
> Dear Attorney General Reno,
> There have been several developments since I last wrote to you on July 30
to 
> raise serious questions about Justice Department and Administration policy 
> regarding its stance on encryption policy and new proposals for federal 
> programs that some have seen as threats to personal privacy.
> I am cautiously optimistic about the Administration's recently announced 
> encryption export policy change. As one of the 258 bipartisan cosponsors of 
> H.R. 850, the SAFE Act, I was pleased by early reports that the 
> Administration was planning to implement many of the changes proposed in 
> that bill.
> As you may know, H.R. 850 was tentatively scheduled for floor consideration 
> in the House of Representatives this week. To determine how best to
proceed, 
> I believe it is important to get a more detailed response from you about
the 
> Administration's new position on encryption export controls. While I 
> understand that the new rules are not expected until December, Congress 
> needs more specific guidance from the Administration about how the new 
> encryption policy will be executed.
> Questions remain about the Administration's commitment to personal privacy. 
> I still have very serious concerns about the Justice Department's proposed 
> "Cyberspace Electronic Security Act of 1999 (CESA)." National Journal's 
> TechDaily had earlier reported that a previous draft of this legislation 
> would, "grant new authority to federal agents armed with search warrants to 
> break into homes and offices and secretly implant devices that could unlock 
> the passwords to encrypted information on suspects' computers." While I 
> understand that this provision has been dropped from the most recent draft, 
> the fact that it was ever proposed at all raises concerns in Congress.
> Similarly, while I was pleased to read in your response letter of September 
> 24 that the FIDNet program is currently "being designed to monitor federal 
> executive branch computers. not private networks or the Internet in 
> general," I would like to know why FIDNet was ever envisioned to cover 
> private networks. Page 58 of the draft copy of the FIDNet proposal clearly 
> states, "the Plan also calls for the creation of a three pillar system of 
> these netted and adaptive intrusion detection networks, covering critical 
> government and (ultimately) private sector information systems." Are you 
> willing now to state that neither FIDNet nor any similar Administration 
> program will ever be expanded to monitor private networks or the Internet
in 
> general?
> Answers to these questions would be very helpful in reassuring Americans 
> that their government will not engage in cybersnooping. The lack of public 
> discussion of these sweeping proposals has served only to foster these 
> suspicions. The Justice Department and Administration should act now to 
> clarify their intentions and restore the American people's confidence in
the 
> security of their personal communications.
> In addition, it would be quite helpful if you would clarify some issues 
> raised by the encryption press conference of September 16 and the proposed 
> "Cyberspace Electronic Security Act of 1999" :
> *After years of insisting on mandatory key escrow as necessary for law 
> enforcement, why has that view suddenly changed?
> *The latest White House proposal includes both administrative changes to
the 
> current export controls and legislative proposals to enhance the ability of 
> law enforcement to read encrypted materials when necessary. In fact, 
> Secretary Daley said "the export control liberalization is balanced by the 
> additional tools for law enforcement and additional resources devoted to 
> improving the privacy and security of government information services. As 
> you know, it will be difficult to pass new legislation as complex as CESA
in 
> the time remaining this session before December 15. Are the administrative 
> changes to current encryption export controls contingent on Congress
passing 
> CESA or are they separate proposals?
> *What specifically do you expect the one-time technical review of
encryption 
> products to entail? What distinction is there, in your view, between a 
> technical review process and the current licensing process?
> *How long do you envision these reviews taking and how extensive do you 
> expect them to be? What exactly is meant by the term "meaningful review"?
> *Despite early reports that the Administration proposal largely reflected 
> the reforms in the SAFE Act, it was clear from the press conference that
the 
> Administration still intends to veto the SAFE Act if passed as currently 
> written. In light of the announced changes in encryption policy, how do you 
> envision the December 15 regulations being different from the SAFE Act?
What 
> specifically are the remaining objections to HR 850?
> *In your prepared remarks, you stated that "Today's announcement 
> substantially relaxes export controls." Later, a reporter asked: "Would you 
> consider this a relaxing of restrictions on encryption?" and you answered 
> "No." Defense Deputy Secretary Hamre seemed to echo that answer, stating: 
> "It's not relaxation, it's really a very different approach." Could you 
> please explain the apparent contradiction between your prepared remarks and 
> your answer to questions about whether the new Administration policy 
> actually involves a relaxation of export controls?
> *With regard to the proposed "Cyberspace Electronic Security Act of 1999," 
> what exactly do you envision the role of the FBI's Technical Support Center 
> being? Research and development on ways to defeat encryption controls for 
> law enforcement purposes? How will the Technical Support Center be 
> coordinated with the enforcement arm of the agency?
> *You indicated that CESA will provide "special protections for decryption 
> keys stored with third-party recovery agents." Protection from whom?
> *When asked why the Administration dropped an earlier proposal to provide 
> new authority for search warrants for encryption keys without 
> contemporaneous notice to the subject, you answered "We have had further 
> discussion, and feel like, that under existing authorities, with the 
> technical support center funded by the existing authorities, that we can 
> address the issue, and ensure our abilities to continue our law enforcement 
> responsibilities." Does this mean that the Administration feels that it 
> already has the authority to search for encryption keys without notifying 
> the subject?
> *Does that answer mean that funding the Technical Support Center will give 
> you the ability to search for encryption keys without notifying the
subject, 
> or that it will enable you to read encrypted material without needing to 
> search for the encryption key first?
> *You further indicated that CESA will "protect the confidentiality of 
> government techniques used to obtain usable evidence such as techniques 
> developed by the Technical Support Center. Does that extend only to the 
> exact technological means of breaking the encryption product, or do you 
> envision confidentiality to include government efforts to search for 
> encryption keys without notifying the subject?
> *While not mentioning FIDNet specifically, there were several references to 
> the need to "improve the privacy and security of government information 
> services? In fact, Secretary Daley referred to that need as an important 
> balance to export control liberalization. Does the Administration consider 
> FIDNet a component of its new encryption policy?
> *If so, explain how FIDNet, supposedly a warning system against outside 
> hackers into government computers, is related to an export control policy
on 
> encryption products? Does this mean that the Administration is expecting 
> support from Congress and industry for FIDNet as a component of the new 
> encryption export control policy?
> *The Washington Post on September 22 reported that the Administration had 
> altered its original FIDNet proposal in response to criticism from civil 
> libertarians and Congress. Is this a fair characterization of your 
> motivations?
> *What changes, specifically, have you made to the proposal?
> *I was under the impression that FIDNet was not yet an official 
> Administration proposal - that it was only a draft and had not been cleared 
> by the White House. Have I been misinformed?
> *What role, if any, will the FBI's Technical Support Center have in FIDNet 
> and vice versa? If so, would that role also be covered by the 
> confidentiality language you have included in CESA?
> *In the press conference, you indicated that the Technical Support Center 
> was first proposed by the industry. Could you please elaborate on that 
> conversation? Did industry offer to support the creation of a Technical 
> Support Center at the FBI in exchange for a change in the Administration's 
> position on encryption export controls? If so, which industry 
> representatives?
>
>
> While recently announced changes to encryption export controls, CESA, and 
> FIDNet are welcome, the fact that it took intense pressure from Congress
and 
> the public to force those changes remains a concern. Protecting personal 
> privacy, especially from government cybersnooping, is too important to be 
> done in the dark. I hope you take this opportunity to enlighten us all
about 
> the Administration's plans in these areas.
> Given the short amount of time remaining in the legislative session, I
would 
> appreciate a response to this letter by October 15, 1999. If we are to help 
> implement the Administration's new encryption export control policy
Congress 
> will need much more specificity on what that policy is before we adjourn. 
> Thank you for your cooperation.
>
> Sincerely, 
> Dick Armey 
> House Majority Leader
> Cc: Secretary of Commerce, William M. Daley 
> Secretary of Defense, William S. Cohen 
> National Security Adviser, Samuel R. Berger 
> Chief Counselor for Privacy at OMB, Peter Swire
>
>
>
>
> --------------------------------------------------------------
> Barry Steinhardt 125 Broad Street
> Associate Director New York,NY 10004
> ACLU 212 549 -2508 (v)
> Barrys () aclu org 212 549-2656 (f)
>
>
> Are You a Card-Carrying Member of the ACLU? 
> Join us at: https://www.newmedium.com/aclulink/forms/join.shtml




--------------------------------------------------------------------------
POLITECH -- the moderated mailing list of politics and technology
To subscribe: send a message to majordomo () vorlon mit edu with this text:
subscribe politech
More information is at http://www.well.com/~declan/politech/
--------------------------------------------------------------------------