WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1997 >> [1997] EPICAlert 15

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 4.15 [1997] EPICAlert 15







EPIC ALERT




Volume 4.15 November 10, 1997

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

http://www.epic.org/



Table of Contents



[1] Amicus Brief Filed in Landmark Encryption Case
[2] Infowar Report Released
[3] EC Rejects Key Escrow Encryption
[4] Congress Critical of FBI Wiretap Proposals
[5] FCC Proposes Requiring V-chips for Computers
[6] Update on Open Government Cases
[7] Congressional Action and New Bills
[8] Upcoming Conferences and Events


[1] Amicus Brief Filed in Landmark Encryption Case


A diverse coalition of organizations, joined by three of the world'sbest-known experts on communication security, has lent its supportto a constitutional challenge to U.S. encryption export controls. Ina friend-of-the-court brief filed today in the Ninth Circuit U.S.
Court of Appeals in San Francisco, the groups argued that the ExportAdministration Regulations' encryption provisions constitute a priorrestraint on speech in violation of the First Amendment and pose asignificant threat to both electronic commerce and personal privacy.

The brief was coordinated by EPIC and endorsed by 15 organizationsincluding the American Civil Liberties Union, National Associationof Manufacturers, Association for Computing, Human Rights Watch andthe Internet Society. The submission was also signed by Dr.
Whitfield Diffie of Sun Microsystems, Dr. Peter Neumann of SRIInternational and Dr. Ronald Rivest of the Massachusetts Instituteof Technology.

The judicial challenge to the export control regulations wasinitiated by Daniel Bernstein, a computer science professor at theUniversity of Illinois, who unsuccessfully sought U.S. governmentapproval to publish source code and related information about his"Snuffle" encryption technique. The prohibited "export" includedany posting on the Internet using a computer in the United Statesand any disclosure to foreign nationals in the United States. InAugust, the U.S. District Court for the Northern District ofCalifornia granted partial summary judgment for Professor Bernstein,
holding that the export regulations impose a prior restraint onspeech and enjoining the government from enforcing the EARencryption regulations. The government quickly appealed thatdecision to the Ninth Circuit.

The EPIC-led coalition was represented on a pro bono basis by theWashington law firm of Covington & Burling, which was primarilyresponsible for the preparation of the brief. The complete text isavailable at:

http://www.epic.org/crypto/export_controls/bernstein_brief.html


[2] Infowar Report Released


The report of the President's Commission on Critical InfrastructureProtection released last week would establish sweeping new authorityfor the National Security Council to limit public debate about threatsto the nation's infrastructure and to establish and manage a newfederal bureaucracy, including a proposed Office of NationalInfrastructure Assurance.

The report recommends that the Freedom of Information Act be suspendedso that information collected by the proposed ONIA not be subject topublic scrutiny. The report also proposes expanding governmentclassification authority. It also recommends the preemption of stateprivacy laws and limitations on the federal polygraph statute for thepurpose of permitting more extensive background investigations.

Most surprisingly, the Commission's report backs key escrowencryption, even though technical experts and early proponents of theplan have all pointed to vulnerabilities that would result from anarchitecture that would permit third party access to encodedcommunication.

At a hearing before the House Science Committee last week,
Representative Connie Morella (R-MD) asked Commission chair GeneralRobert Marsh (ret.) about the cryptography issue. He responded curtlythat strong cryptography was vital for the nation's infrastructure andthen said that the he backed key recovery encryption. Other witnessesat the hearing said that the proposal would make criticalinfrastructures more vulnerable to attack.

The report is available at:

http://www.pccip.org/



[3] EC Rejects Key Escrow Encryption


The European Commission released a report in October recommendingagainst restrictions on cryptography and criticizing key escrow/
recovery encryption proposals. The paper, entitled "Towards anEuropean Framework for Digital Signatures and Encryption," examinesthe policy issues surrounding digital signatures and the use ofencryption for confidentiality.

The EC report recognizes the importance of encryption, describing itas "the essential tool for security and trust in electroniccommunications." It notes that "it can be expected that encryptionwill remain the cornerstone for most confidentiality services on opennetworks for the foreseeable future."

The report recommends against restricting the use of encryption:
"restricting the use of encryption could well prevent law-abidingcompanies and citizens from protecting themselves against criminalattacks. It would not however prevent totally criminals from usingthese technologies."

The EC paper also examined the problems of key escrow/key recoverysystems, including the additional risks of having the systemsimplemented, the costs involved and finally that possibility that thesystems can be "easily circumvented." The report notes that, "In anycase, restrictions imposed by national licensing schemes, particularlythose of a mandatory nature, could lead to Internal Market obstaclesand reduce the competitiveness of the European Industry." The reportalso notes that "Privacy considerations suggest not to limit the useof cryptography as a means to ensure data security andconfidentiality."

On digital signatures, the report separates out the role ofcertificate authorities (CAs) from Trusted Third Parties such as thoseproposed by the UK Government at the urging of the United States. Itrecommends that "CAs must therefore be forbidden to store privatekeys." It also suggests that digital signatures without identitiesattached can be used to conduct anonymous transactions.

The report is available from:

http://www.epic.org/crypto/



[4] Congress Critical of FBI Wiretap Proposals


The FBI has come under renewed criticism from Congress and industryrepresentatives on the implementation of the Communications Assistancefor Law Enforcement Act (CALEA). At a October 23 hearing, the CrimeSubcommittee of House Judiciary Committee heard from witnesses frommajor telecommunications industry associations and the Bureau onprogress in implementing the law, which was enacted on the last day ofthe Congressional session in 1994. The law requires that all newtelecommunications technologies have built in surveillancecapabilities. The law is scheduled to go into effect next year, butindustry and the FBI have been feuding over the development of the newstandards required by the law.

Many of the members of the Committee were critical of both the Act andthe FBI. Rep. Bob Barr (R-GA), who chaired part of the hearing,
bluntly stated that the legislation would not have passed in theRepublican 104th or 105th Congresses.

A major area of contention was the FBI's demand that the industry addnumerous features that were not required by the 1994 law. Theseinclude an enhanced ability to track geographical locations of cellphones, the ability to monitor conference calls when the targetedparty has left, and the ability to separate out content from signalingdata of packet-based communications. Thomas Wheeler, President of theCellular Telephone Industry Association (CTIA) described the FBI'sdemands as asking the for "the Apollo Program" for surveillance.

The FBI's efforts to lobby against the industry designed standardsduring a vote on the specifications also came under fire. The Bureauorganized a campaign to vote down the industry-developed standards,
which was described in the hearing as "ballot stuffing." Twenty-eightpolice agencies filed the same 74-page ballot comments, including asheriff in Florida who included the FBI's letter requesting that hefile the comments. CTIA's Wheeler described the FBI's actions as"rolling a hand grenade under the table."

Another controversial issue was the FBI's effort, during itsnegotiations with the Telecommunications Industry Association (TIA)
over the wiretap standard, to petition the American National StandardsInstitute (ANSI) to revoke the standards-settings authority of TIAafter 50 years. The FBI apparently withdrew the request after severalmonths.

Finally, questions still remain over the FBI's demands for the law's"capacity" requirements. The Bureau's current requirement still callsfor each switch in a geographic region to have the ability to monitorhundreds of lines simultaneously. This would result in the FBI havingthe capacity to conduct tens of thousands of interceptionssimultaneously nationwide.

More information on CALEA is available from:

http://www.epic.org/privacy/wiretap/



[5] FCC Proposes Requiring V-chips to be Included in Computers


On September 25, the Federal Communications Commission released aproposed rulemaking on V-chip technology recommending that the devicesalso be installed in every computer capable of receiving videosignals. The V-chip is required by the Telecommunications Act of 1996to be installed in every new television set.

The proposed rule applies "to any computer that is sold with TVreceiver capability and a monitor that has a viewable picture size of13 inches or larger." It applies "regardless of whether it isdesigned to receive video programming that is distributed only throughcable television systems, MDS, DBS, or by some other distributionsystem."

For future technologies such as Digital TV, the FCC proposalrecognizes that many will be built into computers:

[W]e propose that all DTV receiver boards themselves (regardless of whether they are sold with a computer and monitor with a viewable picture size of 13 inches or larger) be required to include program blocking capability.

Congress has been critical of the proposal. Rep. Edward Markey (D-MA)
told the Washington Times that the V-chip was not intended forcomputers and Rep. Billy Tauzin (R-LA) remarked, "Next, they'll tryand put V-chips in Gameboys." Comments on the proposal are due onNovember 24. Interested persons can email their comments tovchipfcc.gov.



[6] Update on Open Government Cases


A federal judge in Washington ruled on October 22 that the NationalArchives acted illegally when it issued a regulation authorizing allgovernment agencies to delete their electronic mail and othercomputerized records regardless of content. Judge Paul L. Friedmandeclared the controversial regulation "null and void" andcharacterized the government's position as "irrational on its face."
Government attorneys had argued that most federal agencies are not yetequipped to preserve records in electronic formats. Whileacknowledging that this was "an important concern," the court notedthat "computers have now become a significant part of the way thefederal government conducts its business" and agencies must now adaptto that reality.

In another significant case, the Supreme Court has refused to review alower court ruling subjecting committees formed by the NationalAcademy of Sciences (NAS) to public scrutiny under the FederalAdvisory Committee Act (FACA). The NAS conducts research forgovernment agencies on a contract basis by establishing committees ofvolunteer experts that, with the assistance of NAS staff members,
prepare reports. A notable example was the NAS-sponsored report onencryption policy released last year.

One of the primary goals of FACA is to open to public view the processby which government agencies obtain advice from private individuals.
FACA's openness and conflict of interest requirements seek to ensurethat Executive branch advisory committees develop neutral, expertrecommendations. Many public interest groups, including EPIC, makefrequent use of the statute.

In the wake of the Court's action, legislation has already beenproposed to amend FACA to exempt NAS committees from the law'sopenness and conflict of interest provisions.

More information on FACA and FARA is available from
http://www.epic.org/open_government/



[7] Congressional Action and New Bills


APPROVED
H.R.2369. Wireless Privacy Enhancement Act of 1997. The bill bansmodifying scanners to intercept cellular phone calls and increasespenalties for intentional interception. The House Subcommittee onTelecommunications, Trade, and Consumer Protection of the HouseCommittee on Commerce approved a revised version of the bill onOctober 29.

INTRODUCED
HR 2563. Taxpayer Confidentiality Act of 1997. Introduced by Dunn(R-WA) on September 26. Amends IRS code to restrict the authority toexamine books and witnesses for purposes of tax administration.
Referred to the Committee on Ways and Means.

HR 2581. Social Security Privacy Act of 1997. Introduced by Campbell(R-CA). Limits use of Social Security number. Requires disclosure ofuses of SSN by businesses. Referred to the Committee on Ways andMeans.

S. 1223. Employee Information Protection Act of 1997. Introduced byBurns (R-MT) on September 26. Amends 1996 welfare bill to requirethat data collected for "new hires" database be deleted after sixmonths. Referred to the Committee on Finance.

S. 1356. To amend the Communications Act of 1934 to prohibit Internetservice providers from providing accounts to sexually violentpredators. Introduced by Faircloth (R-NC). Sets civil fines of$5,000 per day for providing an account to a "sexually violentpredator." Referred to the Committee on Commerce, Science, andTransportation.

S. 1368. Medical Information Privacy and Security Act. Introduced byLeahy (D-VT) and Kennedy (D-MA) on November 4. General medicalprivacy bill.



[8] Upcoming Conferences and Events


Education in Computer Security Workshop, January 19-21, 1998. PacificGrove, California. Sponsored by Naval Postgraduate School Center forINFOSEC. Contact:
http://www.cs.nps.navy.mil/research/cisr/events/wecs98_announce.html
RSA'98 -- The 1998 RSA Data Security Conference. January 12-16,
1998. San Francisco, CA. Contact kurtrsa.com orhttp://www.rsa.com/conf98/

Financial Cryptography '98. February 23-26, 1998. Anguilla, BWI.
http://www.cwi.nl/conferences/FC98
7th USENIX Security Symposium. January 26-29, 1998. San Antonio, TxSponsored by USENIX & CERT. http://www.usenix.org/sec/sec98.html
The Eighth Conference on Computers, Freedom & Privacy. February,
18-20, 1998. Austin, TX. Contact: mlemleymail.law.utexas.edu.

ACM Policy98. May 10-12, 1998. Washington, DC. Sponsored by ACM andUSACM.

(Send calendar submissions to alertepic.org)



The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe or unsubscribe, send email toepic-newsepic.org with the subject: "subscribe" (no quotes) or"unsubscribe" or use the Web form at:

http://www.epic.org/alert/subscribe.html
Back issues are available at:

http://www.epic.org/alert/




The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as theClipper Chip, the Digital Telephony proposal, national ID cards,
medical record privacy, and the collection and sale of personalinformation. EPIC is sponsored by the Fund for ConstitutionalGovernment, a non-profit organization established in 1974 to protectcivil liberties and constitutional rights. EPIC publishes the EPICAlert, pursues Freedom of Information Act litigation, and conductspolicy research. For more information, e-mail infoepic.org,
http://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482(fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "The Fund forConstitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003. Individuals with First Virtualaccounts can donate at http://www.epic.org/epic/support.html
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and funding of the National Wiretap Plan.

Thank you for your support.

END EPIC Alert 4.15














WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/1997/15.html