Washington, D.C. — (May 12, 1998) The following statement was issued today by Americans for Computer Privacy (ACP) concerning the introduction of the E-PRIVACY Act by Senator John Ashcroft (R-MO) and Senator Patrick Leahy (D-VT):
- “ACP applauds Senators Ashcroft and Leahy for the introduction of thoughtful legislation that seeks to protect individual privacy, while at the same time addressing national security and law enforcement concerns and modernizing export controls on commercial encryption products. The E-PRIVACY Act is consistent with Constitutional protections and would enable American industry to fairly compete in the global encryption marketplace. Their leadership on this issue is sorely needed. Recent history makes this exceedingly clear, as example after example can be cited which point out the flaws in existing export controls and policies calling for government-compelled key escrow.”
Examples:
April 1998
- Commerce Secretary Bill Daley stated that the Administration’s attempts to control encryption technology are “a failure” and are forcing American software makers to concede ground to foreign competitors.
- University of California at Berkeley computer researchers announced successful cracking of a widely used encryption method designed to prevent the cloning of GSM digital phones, suggesting evidence that the system was deliberately weakened to permit government surveillance.
- Mozilla” Crypto Group announced the first production outside of the U.S. (Australia) of a Netscape browser with commercial strength, 128 bit, e-commerce encryption.
- The Pacific Research Institute released a study finding that encryption regulations threaten information security and won’t accomplish their goals-recommending that “the optimal policy would eliminate encryption regulations altogether.”
March 1998
- Electronic Privacy Information Center (EPIC) released November 1996 internal memo from Commerce Under-Secretary Reinsch asserting that “police forces are reluctant to use ‘escrowed’ encryption” — such as in radios and patrol cars — “because they are more costly and less-efficient than non-escrowed products .”
- Ronald Rivest of MIT announced a new security technique described as “winnowing” and “chaffing” digital information, hiding messages by breaking them into packets secretly identified as “wheat” — good information, and gibberish — “chaff” — such that an eavesdropper can’t distinguish between the two. Such a system would circumvent current encryption export restrictions.
- Network Associates’ source code text for Pretty Good Privacy (PGP) was transcribed abroad for its Dutch subsidiary to produce and market PGP — all within export control rules.
- The Economic Strategy Institute issued a report finding that the Administration’s encryption policy could cost the U.S. economy $96 billion dollars by 2002.
February 1998
- EPIC survey of 80 nations found that only 5 of them would adopt encryption restrictions such as those posed by the FBI.
- An NSA document on a “Threat and Vulnerability Model for Key Recovery” stated that “if the sender and receiver both collaborate to defeat key recovery, there is no technical method for preventing this.”
Americans for Computer Privacy (ACP) is a broad-based coalition that brings together more than 80 companies and 30 associations representing financial services, manufacturing, telecommunications, high-tech and transportation, as well as civil-liberty and pro-family groups. ACP supports policies that advance the rights of American citizens to encode information without fear of government intrusion, and advocates the lifting of current export restrictions on U.S.-made encryption.