From hlin@nas.edu Fri Mar 3 14:56:51 1995
Return-Path:
Received: from darius.nas.edu by theory.lcs.mit.edu (5.65c/TOC-1.2S)
id AA20100; Fri, 03 Mar 95 14:56:47 EST
Received: from nas.edu (chariot.nas.edu) by darius.nas.edu with SMTP id AA19735
(5.67b/IDA-1.4.4 for ); Fri, 3 Mar 1995 14:57:35 -0500
Received: from cc:Mail by nas.edu
id AA794269975; Fri, 03 Mar 95 13:48:00 EST
Date: Fri, 03 Mar 95 13:48:00 EST
From: "Herb Lin"
Encoding: 341 Text
Message-Id: <9502037942.AA794269975@nas.edu>
To: tleng@theory.lcs.mit.edu (Tony Eng)
Subject: Re: crypto policy study
Status: RO
Nothing on the Web. Here's some stuff.
thanks for your interest.
herb lin
-----------------
National Policy and Cryptography:
A Call for Input and Public Meeting
Over the past few years, few topics have provoked as much debate
as the appropriate role of government as it relates to cryptography.
What is clear is that cryptography is critical to a wide range of
important civilian and military applications involving sensitive or
classified information that must be protected from unauthorized
disclosure and/or alteration. National cryptography policy --
however it is construed -- has important implications for future U.S.
economic competitiveness, national security, law enforcement
interests, and the protection of the rights of individual U.S. citizens.
In an attempt to clarify some of the issues involved, the U.S.
Congress asked the National Research Council to undertake a
comprehensive study on cryptographic technologies and national
cryptography policy. This study began in late 1994.
The study seeks broad input from stakeholders affected by national
cryptography policy. Thus, the study committee invites interested
parties to answer the following question:
How, if at all, will new telecommunications
technology, such as encryption, make it easier to
protect and/or compromise the interests of the
relevant constituencies? Some of the constituencies
might include individual citizens, organizations in
national security and law enforcement, high
technology businesses, business in general, and
non-profit and/or public service enterprises such as
health care and education.
Please use as the standard of comparison the ease
today of compromising or protecting these interests.
We are interested in scenarios involving both
individual users and large-scale impact. Please be
sure to tell us the interests you believe are at stake.
(If your input involves classified or sensitive
information, contact us to make appropriate
arrangements.)
All responses received by e-mail or U.S. mail prior to June 30,
1995 will be reviewed by the study committee. In addition, the
committee will sponsor a public session to receive oral input on
Friday, April 14, 1995, 8:30 AM to 12:30 PM, at the Lecture Room
of the National Academy of Sciences, 2101 Constitution Avenue
NW, Washington, DC 20418. (No public parking is available.) In
the interests of hearing the maximum number of people, speakers
will be limited to a statement of 6 minutes each. Anyone who
wishes to give oral testimony should submit their request
along with their response to the above question. (If you plan
only to attend, please inform us as well.) Ground rules for oral
presentation and/or a more detailed description of the study and its
charge is available upon request to CRYPTO@NAS.EDU.
This is your opportunity to make your voice heard on this important
subject. One way or another, cryptography policy does affect you.
This study is expected to help shape Congressional and
Administration views on national cryptography policy, and the
operative question to you is the following: Should this study take
your views into account? We hope you answer that question in the
affirmative.
Cryptography Project
Computer Science and Telecommunications Board
National Research Council
Mail Stop HA-560
2101 Constitution Avenue, NW
Washington, DC 20418
CRYPTO@NAS.EDU
------------------------------------------------
National Cryptography Policy
A Call for Input and Public Meeting
Ground rules for oral presentation
As noted in the Internet announcement posted in late February, 1995, the
National Research Council's Committee to Study National Cryptography
Policy will be holding a public session to receive testimony on this
subject on Friday, April 14, 1995, 8:30 AM to 12:30 PM, at the Lecture
Room of the National Academy of Sciences, 2101 Constitution Avenue NW,
Washington, DC 20418. No public parking is available.
These are the ground rules for oral presentation:
o Individuals should submit a written response to the question posed
in the public call for input. That question is repeated below:
How, if at all, will new telecommunications technology, such as
encryption, make it easier to protect and/or compromise the
interests of the relevant constituencies? Some of the
constituencies might include individual citizens, organizations
in national security and law enforcement, high technology
businesses, business in general, and non-profit and/or public
service enterprises such as health care and education.
Please use as the standard of comparison the ease today of
compromising or protecting these interests. We are interested
in scenarios involving both individual users and large-scale
impact. Please be sure to tell us the interests you believe are
at stake. (If your input involves classified or sensitive
information, contact us to make appropriate arrangements.)
THIS RESPONSE SHOULD ARRIVE AT THE NATIONAL RESEARCH COUNCIL BY THE
CLOSE OF BUSINESS ON FRIDAY, APRIL 7, 1994. E-MAIL (TO
CRYPTO@NAS.EDU) AND U.S. MAIL (TO THE ADDRESS BELOW) SUBMISSIONS ARE
ACCEPTABLE.
Attached to this note is a more detailed study description. A
respondent wishing to address other topics included in the detailed
description but not covered in the above question should feel free
to do so in the written statement and/or in the oral presentation.
o UNDER ALL CIRCUMSTANCES, SPEAKERS WILL BE LIMITED TO 6 MINUTES EACH.
THIS LIMIT WILL BE RIGOROUSLY ENFORCED.
Cryptography Project
Computer Science and Telecommunications Board
National Research Council
Mail Stop HA-560
2101 Constitution Avenue, NW
Washington, DC 20418
CRYPTO@NAS.EDU
*************************************
More detailed description below:
A STUDY OF NATIONAL CRYPTOGRAPHY POLICY
Cryptographic technologies are critical to a wide variety of important
military and civilian applications involving sensitive or classified
information that must be protected from unauthorized disclosure. In
addition, cryptography is a key component of most authentication
technologies, i.e., technologies to guarantee the identity of a message's
sender. National cryptography policy has important implications for
U.S. economic competitiveness, national security, law enforcement
interests, and protection of the rights of private U.S. citizens.
In an attempt to clarify some of the relevant policy issues, Public Law
103-160 (passed by the U.S. Congress in November 1993) called for a
comprehensive study from the National Research Council on
cryptographic technologies and national cryptography policy. The study
commenced in the first week of October 1994. As this study
proceeds, the committee will make all feasible attempts to solicit a wide
range of input and commentary from interested parties. Input will be
presented to the committee through a mix of briefings, presentations,
consultations, invited and contributed papers, and testimony at regional
public hearings. In addition, members of the interested public are
invited to submit input to the committee as described below.
The study plans to address the following issues:
* the impact of current and possible future restrictions and standards
regarding cryptographic technology on
- the availability of such technology to foreign and domestic
parties with interests hostile to or competitive with the
national security, economic, commercial, and privacy
interests of the U.S. government, U.S. industry, and private
U.S. citizens;
- the competitiveness of U.S. manufacturers of such technology
in the international market;
- the competitiveness and performance of commercial U.S.
users of such technology;
- U.S. national security and law enforcement interests;
* the strength of various cryptographic technologies known and
anticipated that are relevant for commercial and private purposes;
* current and anticipated demand for information systems security
based on cryptography;
* the impact of foreign restrictions on the use of, importation of, and
the market for cryptographic technology;
* the extent to which current cryptography policy is adequate for
protecting U.S. interests in privacy, public safety, national
security, and economic competitiveness;
* strengths and weaknesses of current key escrow implementation
schemes;
* how technology now and in the future can affect the feasible policy
options for balancing the national security and law enforcement
interests of government and the privacy and commercial interests
of U.S. industry and private U.S. citizens;
* recommendations for the process through which national security,
law enforcement, commercial, and privacy interests are balanced
in the formulation of national cryptography policy.
The study will be conducted by a 16-member committee (listed at the
end of this document) that collectively has expertise in computer and
communications technology; cryptographic technologies and
cryptanalysis; foreign, national security, and intelligence affairs; law
enforcement; science policy; trade policy; commercial and business
dimensions of computer technology (hardware and software vendors,
users of cryptographic technologies); and interests in privacy and civil
liberties. A subpanel of the full committee will be cleared at the SI
level and have access to all relevant information to ensure that the
findings, conclusions, and recommendations of the unclassified report
are consistent with what is known in the classified world.
The project plan calls for the study to be delivered approximately two
years after full processing of all necessary security clearances.
However, the NRC will make every attempt to deliver the study sooner,
and it currently believes that the core work of the study will be
completed about 18 to 20 months after funding for the study has been
received. Additional time will be devoted to dissemination of the study
report and follow-up activities.
The final report of the study committee is subject to NRC review
procedures that ensure the objectivity and integrity of all NRC reports.
The main text of the report will be unclassified; classified annexes (if
any) will be made available only to those with the appropriate security
clearances.
PROVIDING INPUT TO THE COMMITTEE
The questions that the study is expected to examine are provided above.
Members of the interested public are invited to submit their views on
these questions and any other questions that you believe the committee
should be addressing through either of the channels below. If desired,
requests for personal presentations to the committee should be submitted
through these channels as well; the committee will respond affirmatively
to as many such requests as possible, but time and resource constraints
will limit the number of such requests that can be honored.
Internet: send comments and other correspondence to
CRYPTO@NAS.EDU.
U.S. Mail:
Cryptography Project
Computer Science and Telecommunications Board
National Research Council
Mail Stop HA-560
2101 Constitution Avenue, NW
Washington, DC 20418
COMMITTEE TO STUDY
NATIONAL CRYPTOGRAPHY POLICY
Kenneth Dam, committee chair, was Deputy Secretary of State (1982-
1985) and is currently the Max Pam Professor of American and Foreign
Law at the University of Chicago Law School.
General W. Y. Smith, retired, committee vice-chair, is president
emeritus of the Institute for Defense Analyses, and has also served in a
number of military posts including that of deputy commander in chief of
the U.S. European Command in Germany.
Lee Bollinger, formerly dean of the University of Michigan Law School,
is currently provost of Dartmouth College and a constitutional scholar.
Ann Caracristi, retired, was Deputy Director of the National Security
Agency (1980-1982).
Benjamin Civiletti was U.S. Attorney General (1979-1981), and is
currently in private practice with the law firm Venable, Baetjer, Howard
and Civiletti.
Colin Crook is senior technology officer for Citicorp.
Samuel Fuller is vice president of corporate research at Digital
Equipment Corporation.
Leslie Gelb is president of the Council on Foreign Relations. He served
as Assistant Secretary of State for Politico-Military Affairs
(1977-1980).
Ronald Graham is a director of information sciences at AT&T Bell Labs
and a professor of mathematics at Rutgers University.
Martin Hellman is professor of electrical engineering at Stanford
University. Dr. Hellman was one of the inventors of public key
encryption.
Julius Katz is president of Hills & Company, and was deputy United
States trade representative (1989-1993).
Peter Neumann is principal scientist in the Computer Science Laboratory
at SRI International. He is the chairman of the ACM committee on
computers and public policy, and a member of the ACM study group on
cryptography policy.
Raymond Ozzie is president of Iris Associates, a wholly-owned
subsidiary of the Lotus Development Corporation. Iris Associates is the
developer of Lotus Notes.
Edward Schmults was Deputy Attorney General of the United States
(1981-1984) and is a former senior vice president for external relations
and general counsel for the GTE Corporation.
Elliot Stone is executive director of the Massachusetts Health Data
Consortium, which is responsible for the collection and analysis of the
state's large health care databases.
Willis Ware, retired, is with the RAND Corporation as senior computer
scientist emeritus. He chairs the Computer System Security and Privacy
Advisory Board which was established by the Computer Security Act of
1987.
STAFF AND ORGANIZATIONS
Marjory Blumenthal is director of the Computer Science and
Telecommunications Board (CSTB).
Herbert Lin is study director and senior staff officer of the CSTB.
Inquiries about this study should be directed to him at 202-334-3191 or
via Internet at HLIN@NAS.EDU.
The National Research Council (NRC) is the operating arm of the
Academy complex, which includes the National Academy of Sciences,
the National Academy of Engineering, and the Institute of Medicine.
The NRC provides impartial and independent advice to the federal
government and other policy makers, by applying top scientific and
technical talent to answer questions of national significance. In
addition, the NRC often acts as a neutral party in convening meetings
among multiple stakeholders on various controversial issues, thereby
facilitating the generation of consensus.
Within the NRC, the CSTB considers technical and policy issues
pertaining to computer science, telecommunications, and associated
technologies as critical resources and sources of national economic
strength. A list of CSTB publications is available on request to
CSTB@NAS.EDU or by calling 202-334-2605.