Skip to main content

EFFector - Volume 6, Issue 3 - Notes from House Hearing on Cryptography Export Controls

********************************************************************
           //////////////     //////////////     //////////////
         ///                ///                ///
       ///////            ///////            ///////
     ///                ///                ///
   //////////////     ///                ///
********************************************************************
EFFector Online Volume 6 No. 3.01    10/20/1993      editors@eff.org
A Publication of the Electronic Frontier Foundation   ISSN 1062-9424

                  -==--==--==-<>-==--==--==-

                        In This Issue:

EFF Changes: New Editor, Suns Move to DC!
EFF Elects Two New Members to Its Board of Directors
Notes from House Hearing on Cryptography Export Controls
Administration Expands FOIA Rights
UK Cryptoprivacy Association Meeting

                  -==--==--==-<>-==--==--==-

EFF Changes: New Editor, Suns Move to DC!

EFFector Online is now produced by Stanton "Mechanism" McCandlish, EFF's
Online Activist, mech@eff.org.  Besides UseNet ubiquity, Stanton has been
active in the BBS scene for some time, particularly in FidoNet, and is
the founder of IndraNet.  Mech hails from Albuquerque, New Mexico, and is
finding EFF and Washington DC to be a fascinating change of pace and
place.

Some new formatting: All articles are separated by the -==-==-==... line you 
see above, which should make it convenient to scan forward to a new article
quickly.

General comments about EFFector, EFF, and the issues raised should be
directed to editors@eff.org.

Other important addresses, one of which is new:
 eff@eff.org - to get on mailing lists, and other tech stuff.
 ask@eff.org - to ask questions about EFF or the issues we are involved in.

EFF's Sun Microsystems SPARCstations finally have been moved down to our
offices in DC.  Chris Davis and Helen Rose-Davis, EFF's former Systems
Administrators, journeyed with the machines and, with the help of new
Systems Administrator Dan Brown (brown@eff.org), had them up and running
within one hour of arrival onsite!  Chris and Helen now will be able to
devote their complete energies to KEI, which was kind enough to loan us
their talents.  We thank them for all they've done for us and wish them the
best of luck.

Note that EFF *is* still reachable at eff.org, the ftp site is still
ftp.eff.org, the gopher site is still gopher.eff.org, wais is wais.eff.org,
as always.  However, kragar.eff.org may not be a valid host domain name much
longer, so avoid using it and use ftp.eff.org instead.  

                  -==--==--==-<>-==--==--==-

EFF Elects Two New Members to Its Board of Directors

The Electronic Frontier Foundation (EFF) today announced the election of
two individuals to its Board of Directors:  David Johnson, a Washington,
D.C. attorney specializing in computer law, and Rob Glaser, a software
industry executive and multimedia pioneer.

David Johnson is counsel in the Washington, D.C. law firm of Wilmer,
Cutler & Pickering where his areas of practice include software and
systems contracting, electronic publishing and privacy issues, newspaper
distribution systems, litigation, property valuation and administrative
law.   He also serves as President and CEO of Counsel Connect, an
electronic mail and conferencing system that connects corporate counsel
and outside law firms, and has been instrumental in encouraging the use of
information technology in the legal profession.  Johnson serves on the
Board of Directors of the Center for Computer-Assisted Legal Instruction
(CALI) and is a Trustee of the National Center for Automated Information
Research (NCAIR). 

"EFF has provided unique leadership by helping everyone involved in
building and using the new electronic networks to understand the
importance of preserving core democratic values in this new medium," said
Johnson.  "The founders of EFF have pushed vigorously for networks that
preserve freedom of speech, privacy and enhanced opportunities for all.  I
am excited to have a chance to participate in EFF's continuing discussion
of these vital questions."

Rob Glaser is presently a consultant to Microsoft Corporation. He most
recently served as the company's Vice President for Multimedia and
Consumer Systems, where he led Microsoft's development of multimedia
technology and the company's strategy for entering the emerging market for
consumer digital appliances. Prior to that, Glaser held positions at 
Microsoft related to the development and marketing of networking systems
software and desktop applications such as Microsoft Word and Excel. Before
joining Microsoft in 1983, Glaser was founder and President of Ivy
Research, a PC software startup company. Glaser also is a minority owner of
the Seattle Mariners baseball team, and serves on the board of the Target
Margin Theater Company of New York, and Dwight Hall, the umbrella
organization for Yale University student social and political activism.

"I'm honored and excited to be joining the board," said Glaser about his
involvement in EFF.  "In its brief history EFF has established itself as
the leading organization working to ensure that the Electronic Frontier is
organized and run in accordance with fundamental American principles of
openness, democracy, and social justice. I hope to help EFF extend its
work into the arena of video and multimedia information."

Johnson and Glaser join with other members of the Foundation's Board of
Directors, including EFF co-founders Mitchell Kapor and John Perry
Barlow, Jerry Berman, John Gilmore, Stewart Brand, Esther Dyson, and David
Farber.

                  -==--==--==-<>-==--==--==-

Notes from House Hearing on Cryptography Export Controls
by Danny Weitzner, EFF Senior Staff Counsel

October 12, 1993
House Foreign Affairs Committee
Subcommittee on Economic Policy, Trade, and the Enviornment
Hearing on mass market cryptography and export controls
Rep. Sam Gejdenson (D-Conn.), Chair

Committee Members present:

Gejdenson, Cantwell (D-Wash.), Fingerhut (D-Ohio), Rohrbacher (R-Calif.)
Manzullo (R-Ill.) 

Witnesses:

PANEL 1 (Open)

J. Hendren, Arkansas Systems (A data security firm that does a lot of
international banking work)

Ray Ozzie, IRIS Associates for Business Software Alliance (Lotus Notes
developer)

Stephen Walker, Trusted Information Systems for Software Publishers Association

Philip Zimmermann, PGP developer

Don Harbert, Digital Eqiupment Corp.

PANEL 2 (Secret Session)

NSA representative


Opening Statement of Gejdenson: 

"This hearing is about the well intentioned attempts of the National
Security Agency to try to control the uncontrollable....  The NSA itself
acknowledges that if you have a long distance telephone line and a modem,
you can send this software anywhere in the world.  If you have a computer
and a modem you can take this software off of the Internet anywhere in the
world....  I do not question the value of the information sought by the
National Security Agency.  But once it is determined that the dispersion of
this software cannot be controlled, then however much we might want to
protect our ability to obtain information, it is beyond our means to do so.
 Just as in the case of telecommunications, the National Security Agency is
attempting to put the genie back in the bottle.  It won't happen; and a
vibrant and productive sector of American indsutry may be sacrificed in the
process."

The main points raised by witnesses were these:

1. DES and other strong encryption which is barred by ITAR is in the public
domain and available on the global market from foreign software
manufacturers:

-Ray Ozzie used his laptop and a modem to show how to get a DES
implementation from ftp.germany.eu.net.  The committee loved it and most of
them seemed to understand what was going on on the screen, even though they
had never heard of ftp.

-Stephen Walker described the results of an SPA study which uncovered over
250 cryptography packages which offer DES-based or stronger algorithms.

-Phil Zimmermann testified that he designed PGP from publicly available
information.

2. Foreign DES implementations are just as good as US versions. 
Surprisingly enough, this is a contentious issue.  Some members of the
committee seemed to have been told by someone or another that foreign
versions of DES may not be as strong as those that are made in the USA.  If
this were true, then export controls might still be justified despite the
numerous foreign versions of DES on the market.  In my view, this is a
pretty desperate argument.

-Steve Walker demonstrated that all DES works the same way by encrypting a
passage from Mozart's Eine Kleine Nachtmusik with several different foreign
DES packages, and then decrypting them.  Surprise!  They all sounded just
the same.

3. Lots of money is being lost by US software/hardware vendors:

-Don Harbert from DEC told of loses of over $70 Million in just the last
few months.

-BSA estimates that export controls exclude access to a global market the
is $6-9 Billion.

4. People want their privacy

-Phil Zimmermann told the committee about his experience with PGP users and
how badly people need and want to protect their privacy in electronic
environments

Committee Responses:

Overall, the committee was quite sympathetic to the witnesses.  Chairman
Gejdenson seemed very supportive of changing export controls.  Rep. Dana
Rohrbacher, no flaming liberal, said, "the cold war is over.  I sympathize
with everything that has been said here."  

                  -==--==--==-<>-==--==--==-

Administration Expands FOIA Rights

In an announcement made on Monday, October 4, 1993, President Bill Clinton
has called on all federal departments and agencies "to renew their
commitment to the Freedom of Information Act (FOIA), to its underlying
principles of government openness, and to its sound administration."

Attorney General Janet Reno specified some changes the Administration will
be making in its enforcement of FOIA.  First, the Department of Justice
will no longer allow agencies the excuse that there MIGHT be a legal basis
for withholding information.  Instead, agencies will be encouraged to
disclose unless there is a clear legal reason that prevents disclosure. 
"In short, it shall be the policy of the U.S. Department of Justice to
defend the assertion of a FOIA exemption only in those cases where the
agency reasonably foresees that disclosure would be harmful to an interest
protected by that exemption."

Attorney General Reno also announced that the Department of Justice would
be reviewing regulations implementing FOIA and forms used in the process. 
DoJ will also strive to reduce the current FOIA backlogs over the coming
year.

The Electronic Frontier Foundation (EFF) was especially pleased that
President Clinton refered to enhancing "public access through the use of
electronic information systems."  EFF believes that electronic access to
information is critical, and EFF has been working with Congress (through
support of Senator Patrick Leahy's (D-VT) Electronic FOIA amendments and
other legislation) and members of the Administration to ensure that
electronically stored information is as easily obtainable as printed
documents.  EFF Director of Legal Services Shari Steele commented, "We are
encouraged that the Clinton Administration has recognized the importance of
this method of information dissemination.  In this electronic era, it is
critical that information be made available in a format that is most useful
to citizens as they inquire about the activities of their government."

After over a decade of government whittling away at citizen access to
public information, EFF is pleased to see this shift in priorities.  "We
applaud the Clinton Administration for taking this first step toward
restoring our vital right to access information," Ms. Steele continued,
"and we are hopeful that the Administration will take further steps in this
direction, particularly when it comes to information that is stored
electronically."

A copy of the Administration's memorandum is available for anonymous ftp at
/pub/EFF/legislation/freedom-info-act-10.4.93 on ftp.eff.org.



                  -==--==--==-<>-==--==--==-

UK Cryptoprivacy Association Meeting

Date:  Sunday, 31 October 1993
Time:  1430

At the offices of:

   FOREST
   4th floor
   2 Grosvenor Gardens
   London   SW1W 0DH

[ FOREST is located at the corner of Grosvenor Gardens and Hobart
  Place, a couple of blocks west of Victoria Station. There is a 
  taxi shelter across the street from the office. Those who have 
  trouble finding this location can page Russell Whitaker on  
  081-812-2661, and stand by the payphone or cellphone for a callback. ]

The UK Cryptoprivacy Association has its roots in the U.S. cypherpunk 
advocacy of strong personal cryptography.  The next UKCA meeting, to be 
held at the offices of FOREST (see the above), will feature roundtable 
discussion on such issues as:

    - The recent well-publicised discovery of a larger number of U.S. 
        National Security Agency (NSA) electronic listening posts 
        than had been previously suspected;
    - Further news on the spread of freely-available public key 
        cryptography software in Eastern Europe, Russia, and the 
        Transcaucasian states;
    - The status of the various UK and Moscow PGP public key servers and 
        software archive sites, with input from a couple of maintainers 
        of these services in the UK;
    - The implications of the legal controversy surrounding the 
        development and distribution of PGP encryption software in the 
        U.S., with further discussion on the possibility of volunteer 
        contributions to Phil Zimmermann's legal defence fund;
    - Introduction to public key cryptography for novices

Attendees are encouraged to bring and exchange diskettes with their 
PGP public keys.  A few of us will bring along our MS-DOS laptops, to 
sign public keys on site.  In the interest of speeding things along, it is 
recommended that all keys signed at the meeting be submitted later, with 
their newly appended signatures, to the PGP Key Server at Demon 
Internet Services.  Send a message with the subject line "help" to 
pgp-public-keys@demon.co.uk, for more information.  PGP (Phil 
Zimmermann's "Pretty Good Privacy") public key encryption software can 
be obtained by ftp from, among other places, ftp.demon.co.uk in the 
directory /pub/pgp.  Versions include, but are not limited to, Unix, 
MS-DOS, Archimedes, and MacOS.  Full source code is available.

This meeting will also feature discussion on the upcoming First European 
Conference on Computers, Freedom and Privacy (ECFP '93) to be held on 
20 November 1993, which will feature speakers including John Gilmore, 
David Chaum, and Duncan Frissell, as well as a representative of the 
UK's Data Protection Registry.

Russell Earl Whitaker
ECFP Ventures Ltd
russell@eternity.demon.co.uk

               -==--==--==-<>-==--==--==-

EFFector Online is published biweekly by:

     Electronic Frontier Foundation
     1001 G Street, N.W., Suite 950 East
     Washington, DC 20001, USA
     Phone: +1 202 347 5400,  FAX: +1 202 393 5509
     Internet Address:  eff@eff.org or ask@eff.org

     Coordination, production and shipping by: 
     Stanton McCandlish, Online Activist 

Reproduction of this publication in electronic media is encouraged.  Signed
articles do not necessarily represent the view of the EFF.  To reproduce 
signed articles individually, please contact the authors for their express
permission.

*This newsletter is printed on 100% recycled electrons.*

               -==--==--==-<>-==--==--==-
 
MEMBERSHIP IN THE ELECTRONIC FRONTIER FOUNDATION

In order to continue the work already begun and to expand our efforts and
activities into other realms of the electronic frontier, we need the
financial support of individuals and organizations.

If you support our goals and our work, you can show that support by
becoming a member now. Members receive our bi-weekly electronic
newsletter, EFFector Online (if you have an electronic address treached
through the Net), and special releases and other notices on our
activities. But because we believe that support should be freely given, you
can receive these things even if you do not elect to become a member.

Your membership/donation is fully tax deductible.
Our memberships are $20.00 per year for students and $40.00 per year for
regular members.  You may, of course, donate more if you wish.

               -==--==--==-<>-==--==--==-

Mail to:
         Membership Coordinator
         Electronic Frontier Foundation
         1001 G Street, N.W.
         Suite 950 East
         Washington, DC  20001  USA

Membership rates:
            $20.00 (student or low income membership)
            $40.00 (regular membership)


[   ]  I wish to become a member of the EFF.  I enclose: $_______
[   ]  I wish to renew my membership in the EFF.  I enclose: $_______
[   ]  I enclose an additional donation of $_______

Name:

Organization:

Address:

City or Town:

State:            Zip:           Phone: (      )                  (optional)

FAX: (      )                   (optional)

E-mail address:

I enclose a check [  ].
Please charge my membership in the amount of $
to my Mastercard [  ]  Visa [  ]  American Express [  ]

Number:

Expiration date:

Signature: ______________________________________________

Date:

Optional:
I hereby grant permission to the EFF to share my name with
other nonprofit groups from time to time as it deems
appropriate.                       Initials:______________________





JavaScript license information