Skip to main content
Podcast Episode: Building a Tactile Internet

EFFector - Volume 10, Issue 5 - Alert: Senate vote on mandatory key escrow as early as Thu June 19!


EFFector - Volume 10, Issue 5 - Alert: Senate vote on mandatory key escrow as early as Thu June 19!

    ________________          _______________        _______________
   /_______________/\        /_______________\      /\______________\
   \\\\\\\\\\\\\\\\\/        |||||||||||||||||     / ////////////////
    \\\\\________/\          |||||________\       / /////______\
     \\\\\\\\\\\\\/____      ||||||||||||||      / /////////////
      \\\\\___________/\     |||||              / ////
       \\\\\\\\\\\\\\\\/     |||||              \////   e  c  t  o  r
EFFector        Vol. 10, No. 05       June 18, 1997
A Publication of the Electronic Frontier Foundation        ISSN 1062-9424


ALERT: Senate vote on mandatory key escrow as early as Thu June 19!
  Intro - Bernstein Case News
  ALERT - Senate Committee Set to Vote on Key Escrow
  What's Happening Now
  Background On The Encryption Issue
  How to start or stop receiving crypto-news
  About This Alert
NICB Crime Database Raises Privacy Concerns & Congressional Hackles
  Congress Takes Action
  What YOU Can Do
Upcoming Events
Quote of the Day
What YOU Can Do

 * See for more information
   on current EFF activities and online activism alerts! *


Subject:  ALERT: Senate vote on mandatory key escrow; Bernstein crypto case

* Intro - Bernstein Case News

June 18, San Francisco:  The final District-level arguments were heard in
Bernstein v. Dept. of State, an EFF-sponsored case challenging the US
encryption export restrictions as unconstitutional.  As in previous
rounds, the government had a very difficult time attempting to justify
the ITAR restrictions on encryption software, which treat PGP, word
processors that protect confidentiality, and any other tools that protect
privacy as if they are weapons of war.  We expect a favorable order
from Judge Marilyn Hall Patel, against the ITAR crypto restrictions, very

Practially on the eve of this landmark court battle, Congress introduced
yet another piece of encryption legislation, this one aimed at making the
legal case moot (or at least weaker) and at generating a mood of
Congressional compromise.  We urge all EFF members to respond to the alert
below and urge defeat of this new anti-crypto, anti-privacy legislation.


[begin alert]


     Date: June 17, 1997                            Expires July 1, 1997

           Redistribution of crypto-news is allowed in its entirety.

Table of Contents

        ALERT - Senate Committee Set to Vote on Key Escrow
        What's Happening Now
        What YOU CAN DO NOW!
        Background On The Encryption Issue
        How to start or stop receiving crypto-news
        About This Alert


On Tuesday June 17, Senators John McCain (R-AZ) and Bob Kerrey (D-NE)
introduced legislation which would all but mandate that Americans provide
guaranteed government access to their private online communications and
stored files.

The bill, known as "The Secure Public Networks Act of 1997" (S.909)
represents a full scale assault on your right to protect the privacy and
confidentiality of your online communications. Please take a moment to read
the instructions below and, if your Senator is a member of the Commerce
Committee, please take a moment to call your Senator TODAY!

Though offered on Capitol Hill as a compromise, the McCain-Kerrey bill is
virtually identical to draft legislation proposed earlier this year by the
Clinton Administration while doing nothing to protect the privacy and
security of Internet users. The bill closely mirrors  draft legislation
proposed by the Clinton Administration earlier this Spring.

Specifically, the bill would:

 * Compel Americans to Use Government-Approved Key Recovery Systems
 * Make Key Recovery a Condition Of Participation in E-Commerce
 * Allow Government Carte Blanche Access to Sensitive Encryption Keys
   Without a Court Order
 * Create New Opportunities for Cybercrimes
 * Codify a low 56-bit Key Length Limit on Encryption Exports
 * Create Broad New Criminal Penalties for the Use of Encryption

The full text of the bill, along with a detailed analysis, is available
online at


On Thursday June 19, the Senate Commerce Committee is scheduled to hold a
vote on S. 377, the Promotion of Commerce Online in the Digital Era
(Pro-CODE) Act - an Internet-friendly encryption reform bill sponsored by
Senators Burns (R-MT) and Leahy (D-VT).

Senator McCain, the Commerce Committee Chairman, is expected to try and
substitute his proposal for Pro-CODE - gutting the proposal and inserting
provisions which would all but mandate guaranteed government access to your
private communications.

Please take a few moments to help protect your privacy and security in the
Information Age by following the simple instructions below.



A list of Senate Commerce Committee members is printed below. If your
Senator is on the list, please call TODAY.

  NOTE - If your Senator is not on the list, please visit and ADOPT YOUR LEGISLATOR. You will
         receive targeted alerts next time your Representatives or
         Senators are poised to vote on this and other critical Internet
         Related issues.

1. If your Senator's name is on the list below, pick up the phone and
   call them at 202-224-3121.  Ask for your Senator's office.  

  Order: Frist, Abraham, Snowe, Stevens, Browe, Bryan.

  * = has publicly stated opposition to the McCain-Kerrey bill.
  + = has publicly stated support to the McCain-Kerrey bill.

   William Harrison Bill Frist, R-TN
   Spencer Abraham, R-MI                        ALL THESE SENATORS ARE
   Olympia Snowe, R-ME                       TELEPHONABLE AT 202-224-3121
   Ted Stevens, R-AK
   John B. Breaux, D-LA
   Richard H. Bryan, D-NV

   +John McCain, R-AZ, Chairman
   *Conrad R. Burns, R-MT
   Slade Gorton, R-WA
   *Trent Lott, R-MS
   Kay Bailey Hutchison, R-TX
   *John Ashcroft, R-MO
   *Sam Brownback, R-KS

   +Ernest F. Hollings, D-SC, Ranking minority member
   Daniel K. Inouye, D-HI
   Wendell H. Ford, D-KY
   +John D. Rockefeller, IV, D-WV
   +John F. Kerry, D-MA
   *Byron L. Dorgan, D-ND
   *Ron Wyden, D-OR

2. Ask for the staffer that handles the encryption issue

3. Urge your Senator to OPPOSE THE McCAIN-KERREY BILL (S. 909)
   at the Commerce Committee Markup on June 19:

THIS -> I am a constituent calling to urge the Senator to oppose the
        McCain-Kerrey "Secure Public Networks Act" at the Committee
        markup on June 19.

        The bill all but mandates key-recovery encryption and represents
        a grave threat to privacy and electronic commerce on the

        We need a solution to this issue that protects privacy and
        security on the Internet, and the solution being offered by
        Senators McCain and Kerrey isn't it. I hope you will take a
        strong stand on this important issue.


   Go to the feedback page for your member of Congress at and let us know how it went. This
   will help us coordinate our strategy on the ground in DC.

5. Please forward this alert to your friends and colleagues
   who live in your congressional district (do not forward after
   June 25)

6. Finally, relax! You have done more to help fight for privacy and
   security on the Internet in 5 minutes than most people do in a year!
   We appreciate your support!


Complete background information, including:

 * A down-to-earth explanation of why this debate is important to
   Internet users
 * Analysis and background on the issue
 * An analysis of the Risks of Key-Recovery by leading cryptographers
 * Text of the Administration draft legislation
 * Text of Congressional proposals to reform US encryption policy
 * Audio transcripts and written testimony from recent Congressional
   Hearings on encryption policy reform
 * And more!

are all available at


Encryption technologies are the locks and keys of the Information age,
enabling individuals and businesses to protect sensitive information
as it is transmitted over the Internet. As more and more individuals
and businesses come online, the need for strong, reliable, easy-to-use
encryption technologies has become a critical issue to the health and
viability of the Net.

Current US encryption policy, which limits the strength of encryption
products US companies can sell abroad, also limits the availability of
strong, easy-to-use encryption technologies in the United States. US
hardware and software manufacturers who wish to sell their products on
the global market must either conform to US encryption export limits or
produce two separate versions of the same product, a costly and
complicated alternative.

The export controls, which the NSA and FBI argue help to keep strong
encryption out of the hands of foreign adversaries, are having the
opposite effect. Strong encryption is available abroad, but because of
the export limits and the confusion created by nearly four years of
debate over US encryption policy, strong, easy-to-use privacy and
security technologies are not widely available off the shelf or "on the
net" here in the US.

A recently discovered flaw in the security of the new digital telephone
network exposed the worst aspects of the Administration's encryption
policy.  Because the designers needed to be able to export their
products, the system's security was "dumbed down".  Researchers
subsequently discovered that it is quite easy to break the security of the
system and intrude on what should be private conversations.

This incident underscores the larger policy problem: US companies are
at a competitive disadvantage in the global marketplace when competing
against companies that do not have such hindrances.  And now, for the first
time in history, the Clinton Administration and members of the US Senate
have proposed DOMESTIC RESTRICTIONS on the ability of Americans to protect
their privacy and security online.

All of us care about our national security, and no one wants to make it
any easier for criminals and terrorists to commit criminal acts. But we
must also recognize encryption technologies can aid law enforcement
and protect national security by limiting the threat of industrial
espionage and foreign spying, promote electronic commerce and protecting

What's at stake in this debate is nothing less than the future of
privacy and the fate of the Internet as a secure and trusted medium for
commerce, education, and political discourse.


To subscribe to crypto-news, sign up from our WWW page (
or send mail to with "subscribe crypto-news" in the
body of the message.  To unsubscribe, send a letter to
with "unsubscribe crypto-news" in the body.

Requests to unsubscribe that are sent to will be ignored.


This message was brought to you by the Center for Democracy and
Technology ( and the Voters Telecommunications Watch
(, who have joined together to create the Adopt Your
Legislator Campaign - a unique and effective way of creating dialogue
between members of Congress and their Constituents on critical
Internet-related issues.

For more information on the Adopt Your Legislator Campaign, please visit

end alert 06.17.97


Subject: NICB Crime Database Raises Privacy Concerns & Congressional Hackles

*  Congress Takes Action
   This year, bi-partisan legislation has been introduced by Rep. Ed
   Towns (D-NY) to preclude a commercial insurance "crime bureau" from
   establishing an "all-claims" database to which law enforcement officers
   have easy access for privacy-invasive "fishing expeditions" in which
   data on all insurance claimants is treated as if it belonged to crime
   suspects. This legislation is H.R.1029, the Insurance Claims Privacy
   Protection Act (ICPPA).
   Bill text:

   Following Rep. Towns's invitation, 20 co-sponsors have signed up to
   back the legislation, and a Senate version of the bill is expected to
   be introduced soon.
   Towns and ICPPA co-sponsors Rep. John Duncan (R-TN) and Rep. John Mica
   (R-FL) have asked selected state insurance commissioners/superintendants
   for input, in several letters, available from the WWW version of this
   article at:
   EFF commends Rep. Towns and other other ICPPA co-sponsors for
   introducing such timely and well-considered legislation. Though EFF
   would prefer to see disclosure by data support organizations be
   permissible only in response to court orders, not subpoenas, we
   otherwise support this legislation as a much-needed loophole closure
   in American privacy law.
*  Background
   The National Insurance Crime Bureau (NICB) has started to build an
   "all-claims" database to hold all property and casualty insurance
   claims, without appropriate privacy protections.
   Originally, this NICB data base only held "suspicious" claims, to be
   examined closely for possible fraud. Because of this history, federal,
   state and local law enforcement officials have rapid, direct, and
   nearly unlimited access to the NICB database. This easy law
   enforcement access can lead to privacy-invasive "fishing expeditions"
   in the files of innocent policyholders, even where there is no
   suspicion of fraud or illegal activity.
   The federal Fair Credit Reporting Act (FCRA), Title 15 of the US Code
   (Chap. 41, Subchap. III) Sect. 1681, places strict limits on law
   enforcement access (in recently added Sect. 1681u), and requires
   procedures to be in place to permit persons to see their own files,
   and, if they are inaccurate, correct them.

   FCRA text:
   Sect. 1681u:   

   The American Insurance Services Group (AISG), which operates an
   "all-claims" property and casualty insurance claims database, and the
   Medical Information Bureau (MIB), which operates a large database of
   health and medical insurance information, both follow the requirements
   of the FCRA.
   The NICB claims that it is not subject to the FCRA, and does not
   follow its requirements.
   The new legislation's sponsors note also that NICB does not follow the
   requirements of the Insurance Information and Privacy Protection Model
   Act (IIPPMA) advanced by the National Association of Insurance
   Commissioners (NAIC), and adopted in only 15 states.
   A close examination of the IIPPMA, which was drafted ca. 1980, shows
   that, despite its name, its privacy protections are woefully
   inadequate. [Text of the IIPPMA not available online as of this

     * For instance, the requirements for law enforcement access to files
       are not very strict, and the NICB's interpretation of the IIPPMA
       permits too easy access to files by law enforcement authorities.

     * Further, the IIPPMA permits consumer access to "personal
       information that is not privileged"; however, "privileged
       information" is separately defined as "information supplied in
       relation to claims". Since most or all of the information
       collected by the NICB for their "all-claims" data base is in
       relation to claims, and therefore could be considered
       "privileged", the NICB could block consumer's access to their own
   NAIC has responded to queries from Rep. Towns regarding such matters,
   but not substantively.
   NAIC response:

   Finally, it is offensive to innocent policy holders to have routine
   claims made in good faith (i.e. in relation to losses incurred under
   the insurance policy for which they have made premium payments) to be
   placed in a "Crime Bureau" database.
*  What YOU Can Do
   If you are troubled by the NICB's "all-claims" database, please write
   to or email one or more of the following Senators and Representatives
   stating your concerns and supporting the Towns legislation:
   US Senators (Mailing Address: [Name], U.S. Senate, Washington, D.C.
     * Senator Orrin Hatch (R-UT), Chairman, Senate Judiciary Cmte.
     * Senator Patrick J. Leahy (D-VT), Ranking Member, Senate Judiciary
     * Senator John McCain (R-AZ), Chairman, Senate Commerce Cmte.
     * Senator Ernest F. Hollings (D-SC),Ranking Member, Senate Commerce
     * Senator Dianne Feinstein (D-CA),Member, Senate Judiciary Cmte.
     * Senator Barbara Boxer (D-CA), Member, Appropriations Cmte.
   US Representatives (Mailing Address: [Name], U.S. House of
   Representatives, Washington, D.C. 10515)
     * Representative Henry Hyde (R-IL) Chairman, House Judiciary
       Email: (not yet on system; use WriteRep)
     * Representative John Conyers, Jr. (D-MI) Ranking Member, House
       Judiciary Cmte.
     * Representative Thomas Bliley, Jr. (R-VA) Chairman, House Commerce
       Email: (not yet on system; use WriteRep)
     * Representative John Dingell (D- MI) Ranking Member, House Commerce
       Email: (not yet on system; use WriteRep)
     * Representative Ed Towns (D-NY), Member, Commerce Cmte. (Sponsor of
       H.R. 1029)
       Email: (not yet on system; use WriteRep)
     WriteRep System:   

  For an fully-linked HTML version of this article, see:


Subject: Upcoming Events

This schedule lists EFF events, and those we feel might be of interest to
our members.  EFF events (those sponsored by us or featuring an EFF speaker)
are marked with a "*" instead of a "-" after the date.  Simlarly, government
events (such as deadlines for comments on reports or testimony submission,
or conferences at which government representatives are speaking) are marked
with "!" in place of the "-" ("!?" means a govt. speaker may appear, but
we don't know for certain yet.)  And likewise, "+" in place of "-"
indicates a non-USA event.  If it's a foreign EFF event with govt. people,
it'll be "*!+" instead of "-".  You get the idea. To let us know about an
event, please send details to Dennis Derryberry,, with a
subject line containing "CALENDAR:" followed by the name of the event.

The latest version of the full EFF calendar is available from:

ftp:, /pub/EFF/calendar.eff
gopher:, 1/EFF, calendar.eff

See also our new Now-Up-to-Date HTML calendar at:


June 19-
     20 - WASHINGTON, DC - CyberPayments '97
	  Conference will investigate issues of online commerce including
	  electronic cash and checks, credit cards, encryption systems 
	  and security products; Sheraton Washington Hotel, Washington, DC
	  For more information contact:
	  tel: +1 216 464 2618 x228
	       +1 800 529 7375

June 20-
     21 + GLASGOW, SCOTLAND - International Symposium on Technology and 
	  Society 1997 (ISTAS'97): Technology and Society at a Time of 
	  Sweeping Change; University of Strathclyde in Glasgow, Scotland
	  ISTAS '97 aims to tackle questions of how advancements in 
	  technology are affecting the social and natural landscape;
	  ISTAS '97 Secretariat
	  Conference Services Department
	  The Institution of Electrical Engineers
	  Savoy Place
	  London WC2R 0BL
	  Tel: + 44(0)171 344 5469/8425
	  Fax: +44 (0)171 240 8830

June 22-
     25 + TORONTO - GLOBAL KNOWLEDGE '97; given the vital role of
          knowledge in economic and social development, and the
          opportunities and challenges posed by new information
          and communication technologies, how can developing countries,
          and particularly the world's poor, access and harness knowledge
          for development, so as to promote empowerment, enable life-long
          learning, and reduce poverty?
          Conference Secretariat
          The World Bank Economic Development Institute
          1818 H Street, NW, M7-075
          Washington, DC 20433 USA
          Tel: 202-473-6442
          Fax: 202-676-0858
          Alain Brousseau
          Phone: (819) 997-6849
          Fax: (819) 953-6356

July 13-
     17 - ACUTA 26th Annual Conference; Atlanta, Georgia.
          Contact: +1 606 278 3338 (voice)

Aug. 24 + NAGOYA, JAPAN - IJCAI-97 Workshop on AI in Digital Libraries: 
	  Moving From Chaos to (More) Order; Nagoya Congress Center, 
	  Nagoya, Japan;

Sep. 7 -
     11 + LANCASTER, UK - ECSCW'97, the Fifth European Conference on 
	  Computer Supported Cooperative Work; deadline for paper 
	  submissions is January 13, 1997; papers must contain an abstract 
	  of not more than 100 words and not exceed 16 pages in length; full 
	  formatting instructions are available from
	  for more information:
	  snail mail: ECSCW'97 Conference Office
		      Computing Department
		      Lancaster University
		      Lancaster  LA1 4YR  UK

Sep. 12-
     14   SAN DIEGO - Association of Online Professionals Annual 
	  Conference; sysop trade association's yearly gathering to 
	  discuss issues of relevance to the industry

Sep. 25-
     27 + PRAGUE, CZECHOSLOVAKIA - RUFIS'97: Role of Universities in the
          Future Information Society; Czech Technical University, Prague,
          Czechoslovakia; to obtain a registration form, please, send an
          empty e-mail message to:

          Karel Kveton
          UNESCO International Centre for Scientific Computing
          Czech Technical University - Prague
          Computing Centre
          Zikova 4, 166 35 Prague 6
          Phone: + 42 2 2431 0369, fax: + 42 2 311 7529

Oct. 7-
     10 + BEIJING, CHINA - '97 China Database: Electronic Publications 
	  & Software Exhibition; Beijing International Convention Center
	  Contact: Mr. Cheng Bin and Ms. Hu Yongning
	  Beijing Evertrust Exposition Co. Ltd.
	  15 Fuxing Road, Beijing, China
	  Post code: 100038
	  Tel: +86-10-68514007
	  Fax: +86-10-68537092
	  URL: http: // cn/Exhibition/ invi.htm

Oct. 28-
     31 - EDUCOM '97; Minneapolis-St. Paul, Minnesota.
          Contact: +1 202 872 4200 (voice)

Dec. 1  - Computer Security Day (started by Washington DC chapter of the
          Assoc. for Computing Machinery, to "draw attention to computer
          security during the holdiay season when it might otherwise become


July 12-
     16 - ACUTA 27th Annual Conference; San Diego, California.
          Contact: +1 606 278 3338 (voice)

Oct. 13-
     16 - EDUCOM '98; Orlando, Florida.
          Contact: +1 202 872 4200 (voice)

Dec. 1  - Computer Security Day (started by Washington DC chapter of the
          Assoc. for Computing Machinery, to "draw attention to computer
          security during the holdiay season when it might otherwise become


Subject: Quote of the Day

"There is nothing more frightful than ignorance in action."
  - Goethe

Find yourself wondering if your privacy and freedom of speech are safe 
when bills to censor the Internet are swimming about in a sea of of 
surveillance legislation and anti-terrorism hysteria?  Worried that in 
the rush to make us secure from ourselves that our government 
representatives may deprive us of our essential civil liberties? 
Concerned that legislative efforts nominally to "protect children" will 
actually censor all communications down to only content suitable for 
the playground?  Alarmed by commercial and religious organizations abusing
the judicial and legislative processes to stifle satire, dissent and 

Join EFF! (or send any message to

You *know* privacy, freedom of speech and ability to make your voice heard
in government are important. You have probably participated in our online
campaigns and forums.  Have you become a member of EFF yet?  The best way
to protect your online rights is to be fully informed and to make your
opinions heard.  EFF members are informed and are making a difference.
Join EFF today!

Even if you don't live in the U.S., the anti-Internet hysteria will soon 
be visiting a legislative body near you.  If it hasn't already.


Subject: What YOU Can Do

* Keep an eye on your local legislature/parliament!
All kinds of wacky censorious legislation is turning up at the US state 
and non-US national levels.  Don't let it sneak by you - or by the 
online activism community. Without locals on the look out, it's very 
difficult for the Net civil liberties community to keep track of what's 
happening locally as well as globally.

* Inform your corporate government affairs person or staff counsel
if you have one. Keep them up to speed on developments you learn of,
and let your company's management know if you spot an issue that warrants
your company's involvement.

* Find out who your legislators are

Writing letters to, faxing, and phoning your representatives in Congress
is one very important strategy of activism, and an essential way of
making sure YOUR voice is heard on vital issues.

If you are having difficulty determining who your US legislators are,
try contacting your local League of Women Voters, who maintain a great 
deal of legislator information, or consult the free ZIPPER service
that matches ZIP Codes to Congressional districts with about 85%
accuracy at:
This can be double-checked with the House's own lookup service, at:

Computer Currents Interactive has provided Congress contact info, sorted 
by who voted for and against the Communications Decency Act: (NB: Some of these folks have, 
fortunately, been voted out of office.)

We are not presently aware of servers that provide contact info for US
state-level legislators, or non-US lawmakers.



EFFector is published by:

The Electronic Frontier Foundation
1550 Bryant St., Suite 725
San Francisco CA 94103 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax)
Membership & donations:
Legal services:
General EFF, legal, policy or online resources queries:

Editor: Stanton McCandlish, Program Director/Webmaster (

This newsletter is printed on 100% recycled electrons.

Reproduction of this publication in electronic media is encouraged.  Signed
articles do not necessarily represent the views of EFF.  To reproduce
signed articles individually, please contact the authors for their express
permission. Press releases and EFF announcements may be reproduced individ-
ually at will.

To subscribe to EFFector via email, send message body of "subscribe
effector-online" (without the "quotes") to, which will add
you to a subscription list for EFFector.

Back issues are available at:, /pub/EFF/Newsletters/EFFector/

To get the latest issue, send any message to (or, and it will be mailed to you automagically.  You can also get
the file "current" from the EFFector directory at the above sites at any 
time for a copy of the current issue.  


End of EFFector Online v10 #05 Digest


Back to top

JavaScript license information