Copy Link
Add to Bookmark
Report
Legal Net Newsletter Volume 1 Issue 16
±±Ü ±±±±±±Ü ±±±±±±Ü ±±±±±±Ü ±±Ü ±±±ÜÜ ±±Ü ±±±±±±Ü ±±±±±±Ü
±±Û ±±Ûßßßß ±±Ûßßßß ±±Ûß±±Û ±±Û ±±Û±±Û±±Û ±±Ûßßßß ß±±Ûßß
±±Û ±±±±±Ü ±±Û±±±Ü ±±±±±±Û ±±Û ±±Û ß±±±Û ±±±±±Ü ±±Û
±±Û ±±Ûßßß ±±Û ±±Û ±±Û ±±Û ±±Û ±±Û ±±Û ±±Ûßßß ±±Û
±±±±±±Ü ±±±±±±Ü ±±±±±±Û ±±Û ±±Û ±±±±±±Ü ±±Û ±±Û ±±±±±±Ü ±±Û
ßßßßßß ßßßßßß ßßßßßß ßß ßß ßßßßßß ßß ßß ßßßßßß ßß
±±±ÜÜ ±±Ü ±±±±±±Ü ±±Ü ±±Ü ±±±±±±Ü
±±Û±±Û±±Û ±±Ûßßßß ±±Û ±±Û ±±Ûßßßß
±±Û ß±±±Û ±±±±±Ü ±±Û ±±Û ±±±±±±Ü
±±Û ±±Û ±±Ûßßß ±±Û±±Ü±±Û ßßß±±Û
±±Û ±±Û ±±±±±±Ü ß±±±±Ûßß ±±±±±±Û
ßß ßß ßßßßßß ßßßß ßßßßßß
Legal Net Newsletter
Volume 1, Issue 16 -- August 17, 1993
Legal Net Newsletter is dedicated to providing information
on the legal issues of computing and networking in the 1990's
and into the future.
The information contained in this newsletter is not to be
misconstrued as a bona fide legal document, nor is it to be taken
as an advocacy forum for topics discussed and presented herein.
The information contained within this newsletter has been
collected from several governmental institutions, computer
professionals and third party sources.
"Legal Net News", "Legal Net Newsletter"
and the Legal Net News logo are
Copyright (c) 1993 Paul Ferguson -- All rights reserved.
This newsletter may be freely copied and distributed in its entirety.
Legal Net News can be found at the following locations:
Publicly Accessible BBS's
-------------------------
The SENTRY Net BBS Arlington Software Exchange
Centreville, Virginia USA Arlington, Virginia USA
+1-703-815-3244 +1-703-532-7143
To 9,600 bps To 14,400 bps
The Internet
------------
tstc.edu (161.109.128.2) Directory: /pub/legal-net-news
Login as ANONYMOUS and use your net ID (for example: fergp@sytex.com)
as the password. Or send e-mail to
postmaster@tstc.edu
E-mail submissions, comments and editorials to: fergp@sytex.com
- --
In this issue -
o Legal News by subscription servives now available
o NSA Seeks Delay in Clipper
o Computer Professionals Add Social Conscience to National Network
Debate
o Clinton proposes national IDs be considered
o NIST call for comments on "Key-Escrow"
- --
Legal Net News is now available via e-mail subscription.
How to get it-
To subscribe, send a message to <maiser@ins.tstc.edu>, with the
following text in the body of the message:
SUBSCRIBE LNN
To unsubscribe send the message text:
UNSUBSCRIBE LNN
Or subsitute "UNSUB LNN" or "SIGNOFF LNN" instead of "UNSUBSCRIBE"
if you like.
The mail server has no facility for requesting help at this time,
however, when you join the list you will be sent a "WELCOME"
message describing Legal Net News in more detail, i.e. what Legal
Net News is about, and how to handle unsubscribing from the list.
Please send any admin mail (problems with the mailserver, etc.) to:
postmaster@tstc.edu
Back issues of Legal Net News can be obtained by anonymous FTP at:
tstc.edu (161.109.128.2)
Directory: /pub/legal-net-news
Also, an index of back issues is availble as <lnn.ndx> and is
updated with each newsletter release. It is availbale on the tstc
FTP site. Follow the anonymous instructions to obtain it.
- --
Date: Wed, 11 Aug 1993 16:05:14 EST
Sender: Computer Professionals for Social Responsibility
<uunet!VTVM1.CC.VT.EDU!CPSR%GWUVM.BITNET>
From: David Sobel <uunet!washofc.cpsr.org!dsobel>
Organization: CPSR Washington Office
Subject: NSA Seeks Delay in Clipper
NSA Seeks Delay in Clipper Case
The National Security Agency (NSA) has asked a federal court
for a one-year delay in a lawsuit challenging the secrecy of the
government's "Clipper Chip" encryption proposal. The suit was
filed by Computer Professionals for Social Responsibility (CPSR)
on May 28 and seeks the disclosure of all information concerning
the controversial plan.
In an affidavit submitted to the United States District Court
for the District of Columbia on August 9, NSA Director of Policy
Michael A. Smith states that
NSA's search for records responsive to [CPSR's] request
is under way, but is not yet complete. Because the
Clipper Chip program is a significant one involving the
participation of organizations in four of NSA's five
Directorates and the Director's staff, the volume of
responsive documents is likely to be quite large.
Moreover, because the Clipper Chip program is highly
complex and technical and is, in substantial part,
classified for national security purposes, the review
process cannot be accomplished quickly.
CPSR called for the disclosure of all relevant information
and full public debate on the proposal on April 16, the day it was
announced. While NSA has insisted from the outset that the
"Skipjack" encryption algorithm, which underlies the Clipper
proposal, must remain secret, the Smith affidavit contains the
first suggestion that the entire federal program is classified "in
substantial part." In the interest of obtaining timely judicial
review of the agency's broad classification claim, CPSR intends to
oppose NSA's request for delay in the court proceedings.
In another case involving government cryptography policy,
CPSR has challenged NSA's classification of information concerning
the development of the Digital Signature Standard (DSS). The
court is currently considering the issue and a decision is
expected soon.
CPSR is a national public-interest alliance of computer
industry professionals dedicated to examining the impact of
technology on society. CPSR has 21 chapters in the U.S. and
maintains offices in Palo Alto, California, and Washington, DC.
For additional information on CPSR, call (415) 322-3778 or
e-mail <cpsr@cpsr.org>.
David L. Sobel
CPSR Legal Counsel
<sobel@washofc.cpsr.org>
- --
Date: Tue, 10 Aug 1993 09:43:40 PDT
Sender: Computer Professionals for Social Responsibility
<uunet!VTVM1.CC.VT.EDU!CPSR%GWUVM.BITNET>
From: Nikki Draper <uunet!CSLI.Stanford.EDU!draper>
Subject: CPSR and the NII
COMPUTER PROFESSIONALS ADD SOCIAL CONSCIENCE
TO NATIONAL NETWORK DEBATE
Palo Alto, Calif., August 6, 1993 -- At a recent meeting in
Washington D.C., board members from Computer Professionals for
Social Responsibility (CPSR) were challenged by top level
telecommunications policy experts to craft a public interest vision of
the National Information Infrastructure (NII). The experts at the
roundtable discussion included Mike Nelson from the President's
Office of Science and Technology, Vint Cerf from the Internet Society,
Jamie Love from the Taxpayer's Assets Project, Ken Kay from
Computer Systems Policy Project, and Laura Breeden from FARnet.
"We were excited to discover that CPSR is in a position to play a key
role in shaping NII policy," said CPSR Board President, Eric Roberts.
"The commercial sector is already in the thick of the debate, but
there has been little coordinated response from the noncommercial
constituencies. After talking about the issues and CPSR's role, the
Board committed to meeting this challenge."
So far, the debate about the NII has centered around fiber versus
ISDN, cable companies versus telephone companies, research versus
commercialization, and so on. These are real questions with
important implications. However, CPSR believes that a better
starting point is a set of guiding principles as the context for all these
more detailed questions about "architecture," technical standards,
and prime contractor. Before arguing over bits and bytes, it is crucial
to clarify the vision and values that underlie a major endeavor like
the NII.
As individuals in the computing profession, CPSR's membership
knows that new technologies bring enormous social change.
CPSR's goal is to help shape this change in an informed manner.
Key issues discussed in the paper will include:
o ensuring that the design remains both open and flexible so
that it can evolve with changing technology.
o ensuring that all citizens have affordable network access and
the training necessary to use these resources.
o ensuring that risks of network failure and the concomitant
social costs are carefully considered in the NII design.
o protecting privacy and First Amendment principles in
electronic communication.
o guaranteeing that the public sector, and particularly schools
and libraries, have access to public data at a reasonable cost.
o seeking ways in which the network can strengthen democratic
participation and community development at all levels.
o ensuring that the network continues to be a medium for
experimentation and non commercial sharing of resources,
where individual citizens are producers as well as consumers.
o extending the vision of an information infrastructure beyond
its current focus of a national network, to include a global
perspective.
The national membership of CPSR brings a unique perspective to the
overall conception of the NII. Throughout CPSR's history, the
organization has worked to encourage public discussion of decisions
involving the use of computers in systems critical to society and to
challenge the assumption that technology alone can solve political
and social problems. This past year, CPSR's staff, national and
chapter leadership have worked on privacy guidelines for the
National Research and Education Network (NREN), conducted a
successful conference on participatory design, created local
community networks, organized on-line discussion groups on
intellectual property, and much more.
To ensure that its position paper is broadly representative, CPSR will
work in concert with other public interest groups concerned about
the NII, such as the newly established coalition in Washington D.C.,
the Telecommunications Policy Roundtable. CPSR chapters are will
be conducting a broad based public campaign to reach out beyond
the technical experts and producers -- to people who will be affected
by the NII even if they never directly log on.
CPSR will begin distributing its completed paper to policy makers
on October 16th at its annual meeting in Seattle, Washington.
The meeting will bring together local, regional and national decision
makers to take a critical look at the NII.
Founded in 1981, CPSR is a national, non-profit, public interest
organization of computer scientists and other professionals concerned
with the impact of computer technology on society. With offices in
Palo Alto, California, and Washington D.C., CPSR works to dispel
popular myths about technological systems and to encourage the
use of computer technology to improve the quality of life.
For more information on CPSR's position paper , contact
Todd Newman, CPSR board member, at 415-390-1614 .
For more information about CPSR, contact Nikki Draper,
Communications Director, at 415-322-3778 or
draper @csli.stanford.edu.
- --
FWD> Clinton and National ID
Copyright 1993 The Times Mirror Company
Los Angeles Times
August 15, 1993, Sunday, Home Edition
SECTION: Business; Part D; Page 1; Column 2; Financial Desk
LENGTH: 1025 words
HEADLINE: JAMES FLANIGAN: BLAMING IMMIGRANTS WON'T SOLVE ECONOMIC WOES
BYLINE: By JAMES FLANIGAN
BODY:
Immigration is a burning issue once again, with answers to perceived
problems coming thick and fast from public officials -- notably the
governor of California. But emotions outrun reason, and most people aren't
even asking the right questions.
Gov. Pete Wilson sent an open letter to President Clinton last week
demanding that the federal government control U.S. borders because
California is suffering the burden of illegal immigration.
Wilson also proposed tamper-proof identity cards for immigrants, denial
of health care, education and even citizenship to children of illegal
immigrants, and that Mexican soldiers join the U.S. Border Patrol in forcing
people back from the border at gunpoint.
Much of what he said, unfortunately, was demagoguery -- changing laws on
citizenship requires a Constitutional amendment, so lawyer Wilson's call was
political rhetoric.
But not everything Wilson said was grandstanding; on some matters, he had
a point, although like almost everybody involved in the new debate on
immigration, his complaints were misdirected.
There are problems and social changes occurring in the U.S. economy, but
immigrants, legal and illegal, are not the cause of them. Yet illegal
immigration -- however great or small its actual numbers -- is a problem
simply because it breaks the law.
So we should solve our problems, not avoid them by making scapegoats of
immigrants.
To begin with, estimates vary incredibly about how big a "problem"
illegal immigration is. The U.S. Immigration and Naturalization Service
estimates that 300,000 people enter the country illegally each year, but
don't remain here. Illegal aliens go back and forth between Mexico and
the United States, says the INS.
The Clinton White House recently estimated that 3 million people live
here illegally, from many nations -- China, Mexico, Ireland, Nigeria,
India -- and in many parts of the country. That's less than half the
widespread estimates, used by immigration critics, that more than 6 million
illegals live in America.
Legal immigration has risen in recent years thanks to a change in federal
law, but at 1.5 million immigrants a year, the rate is only half that of the
1900-1910 historic peak. In California, however, immigration is at peak
rates, which helps account for this state's anxious reactions.
The charge is that immigrants cost more in social services than they
contribute in economic benefit. But that's more an argument about taxation
than immigration. A study by Los Angeles County found that immigrants pay
billions annually to the federal and state governments but little to the
county, which provides hospital care and social services.
The county's point, and one reason for Wilson's outburst last week, is
that the federal government should pay more. "The federal government gets a
free ride," says Georges Vernez, an immigration expert at Rand Corp. the
research firm. Which is true, but that's not the immigrants' fault.
The fact is, immigration answers needs in American society. If you don't
believe that, ask yourself why immigrants keep coming to a slow U.S. economy
-- and particularly to recession-bound California.
The answer is they come for work. Skilled people the world over have an
open invitation. American hospitals are still recruiting nurses from the
Philippines, England and Ireland; draftsmen are brought from Europe, software
programmers from India.
Unskilled people too find work. Consider the growing number of elder care
facilities in the United States, particularly those for elderly people
disabled by Alzheimer's and other afflictions. They are staffed heavily by
recent immigrants who owe their unglamorous jobs to social changes in American
life.
"We do not live in extended families, three generations in one house, as
people in poorer countries do," explains Professor Leo Chavez of UC Irvine.
We may be close as families but geographically separate, and so there is a
growing need for elder care facilities and staff to work in them.
Couldn't low-skilled people from America's inner cities do such jobs?
Sure they could, so why doesn't U.S. society train and educate people in its
inner cities and make sure they get such jobs? The answer is America's
inner-city problem is a complex one of social neglect. But making scapegoats
of immigrants won't solve it.
Make no mistake, "America should control its borders, because lawlessness
is always a problem," says Julian Simon, of the University of Maryland, a
leading authority on immigration.
Trouble is, most suggestions for controlling the border are unacceptable.
Guns won't do it -- can you imagine the public outcry the first time U.S. or
Mexican troops shoot down defenseless migrants?
We could try an identity card, but surely our laws would demand that
everyone carry such a card. And a country that has a hard time imposing
minimal gun control won't soon have a national ID card.
One way to gain border control and economic benefit would be to set up a
system of flexible legal immigration that could bring people in when needed
for a variety of jobs. Immigration experts say this might be along the lines
of the bracero program that brought agricultural laborers from Mexico from
wartime 1942 to 1964. The bracero program had faults and was criticized as a
cheap-labor scheme, but a new system would have the advantage of being legal
and less exploitative.
Another solution, for our southern border, would be to work through the
North American Free Trade Agreement to improve Mexico's economy and ease at
least the economic pressures driving Mexico's people north.
The ultimate point, though, is we'll get nowhere blaming our problems on
immigrants, who have always come to this country just because it offers more
opportunity for individual development than any other nation on earth.
"Only in America," President Clinton said last week as he nominated
Army Gen. John M. Shalikashvili, who came from Poland as a child, to be
chairman of the Joint Chiefs of Staff. Shalikashvili will succeed Colin
Powell, the son of immigrants from Jamaica. Only in America -- still true,
and hopefully always true.
Copyright 1993 Reuters, Limited
August 13, 1993, Friday, AM cycle
LENGTH: 329 words
HEADLINE: CLINTON REPORTED LOOKING AT NATIONAL ID CARD
DATELINE: LOS ANGELES
BODY:
President Clinton said in an interview published Friday that his
administration is studying the feasibility of creating a tamper-proof
national identity card aimed in part at preventing illegal immigrants
from using government benefit programs.
Though civil liberties groups have strongly opposed similar plans in the
past, Clinton told the Los Angeles Times he now believed the idea "ought
to be examined."
But Clinton said he disagreed with a proposal presented earlier this
week by California Gov. Pete Wilson for constitutional changes that would
deny citizenship to the U.S.-born children of illegal immigrants.
He said he was also against Wilson's recommendation that emergency
medical treatment should be shut off to undocumented residents. Such a
policy, he suggested, would create more problems than it solves.
"None of us would tolerate just letting people die on the streets if it
came to that," Clinton was quoted as saying.
In the midst of a growing anti-immigrant backlash nationwide, Wilson
Monday called for sweeping reforms in federal laws to help stem the flow
of illegal immigrants into the United States.
But immigrant rights advocates accused him of trying to make Mexican
immigrants a scapegoat for his own failure to solve the state's crushing
economic problems.
Wilson's package included a proposed tamper-proof identity card, and
Clinton's disclosure was the first indication that it was under
consideration.
Civil libertarians and even some conservatives have joined forces over
the years to block the development of such a card, arguing that it would
give the government too much control over individuals.
Clinton acknowledged that "a lot of immigration groups and advocates
have said that any kind of identification card like that sort of smacks
of Big Brotherism."
But he said the idea should be studied and that it is under discussion as
part of the health care reform effort being headed by First Lady Hillary
Rodham Clinton.
Copyright 1993 The Times Mirror Company
Los Angeles Times
August 13, 1993, Friday, Home Edition
SECTION: Part A; Page 1; Column 5; National Desk
LENGTH: 1013 words
HEADLINE: CLINTON DIFFERS WITH WILSON IDEAS ON IMMIGRATION;
POLICY: PRESIDENT SAYS HE 'SYMPATHIZES' WITH GOVERNOR BUT THAT HE FAVORS A
'DIFFERENT TACK.' HOWEVER, HE REVEALS THAT ADMINISTRATION IS LOOKING AT THE
USE OF ID CARDS.
BYLINE: By DAVID LAUTER and JOHN BRODER, TIMES STAFF WRITERS
DATELINE: OAKLAND
BODY:
Making his first public comments on Gov. Pete Wilson's calls for
fundamental changes in the nation's immigration policies, President
Clinton said Thursday that he "sympathizes" with Wilson's concerns about
the impact illegal immigration is having on California "but I believe we
ought to take a different tack."
The federal government must toughen its enforcement of immigration laws,
Clinton said, adding that his Administration is examining the feasibility
of creating a tamper-proof national identity card which would be aimed, in
part, at preventing illegal immigrants from taking advantage of government
benefit programs, something Wilson also has advocated.
Civil liberties groups have strongly opposed similar plans in the past.
Clinton said, however, that he now believes the idea "ought to be
examined."
But, he said, "I don't think we should change the Constitution," as
Wilson has suggested, to deny citizenship for children born here to
parents who are in the country illegally.
In addition, Clinton said, he disagrees with Wilson's suggestions to
shut off emergency medical treatment for illegal immigrants. Such a policy,
he suggested, would create more problems than it solves. He noted, for
example, that "it is probably very much in everyone else's interest" to
provide medical care to treat people who have communicable diseases.
Moreover, he added, "none of us would tolerate just letting people die on
the street if it came to that."
Clinton's statements, in an interview with The Times on Air Force One
as he traveled here after meeting with Pope John Paul II in Denver, marked
his most extensive public discussion so far of future policy options on
immigration -- an issue that White House advisers say they believe could
become one of the most politically difficult for his presidency.
His mention of a tamper-proof identification card was the first
suggestion of a potentially far-reaching policy change.
Groups advocating greater control of illegal immigration long have argued
that the flourishing market in phony documents allows widespread fraudulent
access to welfare and other government benefit programs.
But civil liberties groups, along with many conservatives, have joined
forces over the years to block any action toward developing a tamper-proof
identification card, arguing that it potentially would give the government
far too much control over individuals and likening such cards to the
internal passports once required in the former Soviet Union.
Clinton acknowledged those arguments. "I know that a lot of the
immigration groups and advocates have said that any kind of identification
card like that sort of smacks of Big Brotherism," he said.
But, he continued, he believes that the idea should be examined and that
it is under discussion as part of the health care reform effort being headed
by First Lady Hillary Rodham Clinton.
Health care task force aides have discussed the likelihood that a reform
program would provide all Americans with "health security" cards that
would guarantee health benefits to all. But so far, they have not widely
discussed the possibility that such a concept would be linked with the more
controversial issue of a tamper-proof identification card.
Both in the interview and in his past statements on immigration, Clinton
has tried to toe a careful line -- advocating a tougher set of policies to
handle illegal immigration while assuring the Democratic Party's base of
voters in minority communities that he remains committed to continuing legal
immigration and the cultural diversity it brings.
Over the long term, Clinton said, he continues to hope that the
proposed North American Free Trade Agreement with Mexico and Canada will
reduce immigration pressure by improving the standard of living in Mexico
and by improving development in that country so that fewer people feel
compelled to migrate to the maquiladora zone near the U.S. border, where
American-owned factories offer employment.
In the shorter term, the only way to avoid having the immigration debate
damage the nation's social fabric, Clinton argued, is for the government
to begin demonstrating to citizens that it is taking real action to enforce
the nation's immigration laws.
If the government can achieve that, he said, politicians will find that
"the rhetoric of calling for more extreme solutions may be of limited
usefulness" to them.
On the other hand, he warned, if the government is unable to "show some
more discipline" in its control of illegal immigration, "I'm afraid the
genie out of the bottle will be passion to shut off legal immigration.
"This country has greatly benefited from its immigrants for 200 years,"
Clinton said, and should not allow "aversion to illegal immigration" to
create an "aversion to legal immigration."
California, in particular, will continue to benefit from its large
immigrant population, he predicted.
"There's no question that California will have a rebound," he said, once
the state's huge defense and aerospace industries complete the economically
painful shrinkage brought on by the end of the Cold War.
Once that rebound begins, the President argued, the state will benefit by
"being able to interface with more societies" in Asia and Latin America by
virtue of its immigrant population.
But while he has been careful to praise legal immigration, Clinton has
been eager to portray his Administration as having "taken a much more
aggressive posture on (illegal immigration)" than his predecessors did.
Clinton noted, for example, that his budget included additional money
to strengthen the Border Patrol and to help California cope with the impact
of large numbers of illegal immigrants.
Although several border states are facing major immigration-related
problems, California clearly "is getting the biggest hit," he said.
The President also pointed to his announcement earlier this summer of
steps to control smuggling of illegal immigrants into the country by boat
and to revamp the nation's troubled system for judging requests for asylum.
- --
From: Dave Banisar <uunet!washofc.cpsr.org!banisar>
Date: Tue, 17 Aug 1993 14:23:16 EST
Subject: Call for Clipper Comments
Call for Clipper Comments
The National Institute of Standards and Technology (NIST) has
issued a request for public comments on its proposal to establish
the "Skipjack" key-escrow system as a Federal Information
Processing Standard (FIPS). The deadline for the submission of
comments is September 28, 1993. The full text of the NIST notice
follows.
CPSR is urging all interested individuals and organizations to
express their views on the proposal and to submit comments
directly to NIST. Comments need not be lengthy or very detailed;
all thoughtful statements addressing a particular concern will
likely contribute to NIST's evaluation of the key-escrow proposal.
The following points could be raised about the NIST proposal
(additional materials on Clipper and the key escrow proposal may
be found at the CPSR ftp site, cpsr.org):
* The potential risks of the proposal have not been assessed and
many questions about the implementation remain unanswered. The
NIST notice states that the current proposal "does not include
identification of key escrow agents who will hold the keys for the
key escrow microcircuits or the procedures for access to the
keys." The key escrow configuration may also create a dangerous
vulnerability in a communications network. The risks of misuse of
this feature should be weighed against any perceived benefit.
* The classification of the Skipjack algorithm as a "national
security" matter is inappropriate for technology that will be used
primarily in civilian and commercial applications. Classification
of technical information also limits the computing community's
ability to evaluate fully the proposal and the general public's
right to know about the activities of government.
* The proposal was not developed in response to a public concern
or a business request. It was put forward by the National
Security Agency and the Federal Bureau of Investigation so that
these two agencies could continue surveillance of electronic
communications. It has not been established that is necessary for
crime prevention. The number of arrests resulting from wiretaps
has remained essentially unchanged since the federal wiretap law
was enacted in 1968.
* The NIST proposal states that the escrow agents will provide the
key components to a government agency that "properly demonstrates
legal authorization to conduct electronic surveillance of
communications which are encrypted." The crucial term "legal
authorization" has not been defined. The vagueness of the term
"legal authorization" leaves open the possibility that court-
issued warrants may not be required in some circumstances. This
issue must be squarely addressed and clarified.
* Adoption of the proposed key escrow standard may have an adverse
impact upon the ability of U.S. manufacturers to market
cryptographic products abroad. It is unlikely that non-U.S. users
would purchase communication security products to which the U.S.
government holds keys.
Comments on the NIST proposal should be sent to:
Director, Computer Systems Laboratory
ATTN: Proposed FIPS for Escrowed Encryption Standard
Technology Building, Room B-154
National Institute of Standards and Technology
Gaithersburg, MD 20899
Submissions must be received by September 28, 1993. CPSR has
asked NIST that provisions be made to allow for electronic
submission of comments.
Please also send copies of your comments on the key escrow
proposal to CPSR for inclusion in the CPSR Internet Library, our
ftp site. Copies should be sent to <clipper@washofc.cpsr.org>.
=================================================================
FEDERAL REGISTER
VOL. 58, No. 145
DEPARTMENT OF COMMERCE (DOC)
National Institute of Standards and Technology (NIST)
Docket No. 930659-3159
RIN 0693-AB19
A Proposed Federal Information Processing Standard for an Escrowed
Encryption Standard (EES)
58 FR 40791
Friday, July 30, 1993
Notice; request for comments.
SUMMARY: A Federal Information Processing Standard (FIPS) for an
Escrowed Encryption Standard (EES) is being proposed. This
proposed standard specifies use of a symmetric-key
encryption/decryption algorithm and a key escrowing method which
are to be implemented in electronic devices and used for
protecting certain unclassified government communications when
such protection is required. The algorithm and the key escrowing
method are classified and are referenced, but not specified, in
the standard.
This proposed standard adopts encryption technology developed
by the Federal government to provide strong protection for
unclassified information and to enable the keys used in the
encryption and decryption processes to be escrowed. This latter
feature will assist law enforcement and other government agencies,
under the proper legal authority, in the collection and decryption
of electronically transmitted information. This proposed standard
does not include identification of key escrow agents who will
hold the keys for the key escrow microcircuits or the procedures
for access to the keys. These issues will be addressed by the
Department of Justice.
The purpose of this notice is to solicit views from the public,
manufacturers, and Federal, state, and local government users so
that their needs can be considered prior to submission of this
proposed standard to the Secretary of Commerce for review and
approval.
The proposed standard contains two sections: (1) An
announcement section, which provides information concerning the
applicability, implementation, and maintenance of the standard;
and (2) a specifications section which deals with the technical
aspects of the standard. Both sections are provided in this
notice.
DATES: Comments on this proposed standard must be received on or
before September 28, 1993.
ADDRESSES: Written comments concerning the proposed standard
should be sent to: Director, Computer Systems Laboratory, ATTN:
Proposed FIPS for Escrowed Encryption Standard, Technology
Building, room B-154, National Institute of Standards and
Technology, Gaithersburg, MD 20899.
Written comments received in response to this notice will be
made part of the public record and will be made available for
inspection and copying in the Central Reference and Records
Inspection Facility, room 6020, Herbert C. Hoover Building, 14th
Street between Pennsylvania and Constitution Avenues, NW.,
Washington, DC 20230.
FOR FURTHER INFORMATION CONTACT: Dr. Dennis Branstad, National
Institute of Standards and Technology, Gaithersburg, MD 20899,
telephone (301) 975-2913.
SUPPLEMENTARY INFORMATION: This proposed FIPS implements the
initiative announced by the White House Office of the Press
Secretary on April 16, 1993. The President of the U.S. approved a
Public Encryption Management directive, which among other actions,
called for standards to facilitate the procurement and use of
encryption devices fitted with key-escrow microcircuits in
Federal communication systems that process sensitive, but
unclassified information.
Dated: July 26, 1993.
Arati Prabhakar,
Director.(NIST)
----------------------------------------------------
Federal Information Processing Standards Publication XX
1993 XX
Announcing the Escrowed Encryption Standard (EES)
Federal Information Processing Standards Publications (FIPS
PUBS) are issued by the National Institute of Standards and
Technology (NIST) after approval by the Secretary of Commerce
pursuant to section 111(d) of the Federal Property and
Administrative Services Act of 1949 as amended by the Computer
Security Act of 1987, Public Law 100-235.
Name of Standard: Escrowed Encryption Standard (EES).
Category of Standard: Telecommunications Security.
Explanation: This Standard specifies use of a symmetric-key
encryption (and decryption) algorithm and a Law Enforcement Access
Field (LEAF) creation method (one part of a key escrow system)
which provide for decryption of encrypted telecommunications when
interception of the telecommunications is lawfully authorized.
Both the algorithm and the LEAF creation method are to be
implemented in electronic devices (e.g., very large scale
integration chips). The devices may be incorporated in security
equipment used to encrypt (and decrypt) sensitive unclassified
telecommunications data. Decryption of lawfully intercepted
telecommunications may be achieved through the acquisition and use
of the LEAF, the decryption algorithm and escrowed key components.
To escrow something (e.g., a document, an encryption key) means
that it is "delivered to a third person to be given to the grantee
only upon the fulfillment of a condition" (Webster's Seventh New
Collegiate Dictionary). A key escrow system is one that entrusts
components of a key used to encrypt telecommunications to third
persons, called key component escrow agents. In accordance with
the common definition of "escrow", the key component escrow agents
provide the key components to a "grantee" (i.e., a government
agency) only upon fulfillment of the condition that the grantee
properly demonstrates legal authorization to conduct electronic
surveillance of communications which are encrypted using the
specific device whose key component is requested. The key
components obtained through this process are then used by the
grantee to reconstruct the device unique key and obtain the
session key (contained in the LEAF) which is used to decrypt the
telecommunications that are encrypted with that device. The term,
"escrow", for purposes of this standard, is restricted to the
dictionary definition.
The encryption/decryption algorithm has been approved for
government applications requiring encryption of sensitive
unclassified telecommunications of data as defined herein. The
specific operations of the algorithm and the LEAF creation method
are classified and hence are referenced, but not specified, in
this standard.
Data, for purposes of this standard, includes voice, facsimile
and computer information communicated in a telephone system.
Telephone system, for purposes of this standard, is limited to
systems circuit-switched up to no more than 14.4 kbs or which use
basic-rate ISDN, or to a similar grade wireless service.
Data that is considered sensitive by a responsible authority
should be encrypted if it is vulnerable to unauthorized disclosure
during telecommunications. A risk analysis should be performed
under the direction of a responsible authority to determine
potential threats and risks. The costs of providing encryption
using this standard as well as alternative methods and their
respective costs should be projected. A responsible authority
should then make a decision, based on the risk and cost analyses,
whether or not to use encryption and then whether or not to use
this standard.
Approving Authority: Secretary of Commerce.
Maintenance Agency: Department of Commerce, National Institute of
Standards and Technology.
Applicability: This standard is applicable to all Federal
departments and agencies and their contractors under the
conditions specified below. This standard may be used in designing
and implementing security products and systems which Federal
departments and agencies use or operate or which are operated for
them under contract. These products may be used when replacing
Type II and Type III (DES) encryption devices and products owned
by the government and government contractors.
This standard may be used when the following conditions apply:
1. An authorized official or manager responsible for data
security or the security of a computer system decides that
encryption is required and cost justified as per OMB Circular A-
130; and
2. The data is not classified according to the National
Security Act of 1947, as amended, or the Atomic Energy Act of
1954, as amended.
However, Federal departments or agencies which use encryption
devices for protecting data that is classified according to either
of these acts may use those devices also for protecting
unclassified data in lieu of this standard.
In addition, this standard may be adopted and used by non-
Federal Government organizations. Such use is encouraged when it
provides the desired security.
Applications: Devices conforming to this standard may be used for
protecting unclassified communications.
Implementations: The encryption/decryption algorithm and the LEAF
creation method shall be implemented in electronic devices (e.g.,
electronic chip packages) that can be physically protected against
unauthorized entry, modification and reverse engineering.
Implementations which are tested and validated by NIST will be
considered as complying with this standard. An electronic device
shall be incorporated into a cyptographic module in accordance
with FIPS 140-1. NIST will test for conformance with FIPS 140-1.
Cryptographic modules can then be integrated into security
equipment for sale and use in an application. Information about
devices that have been validated, procedures for testing equipment
for conformance with NIST standards, and information about
obtaining approval of security equipment are available from the
Computer Systems Laboratory, NIST, Gaithersburg, MD 20899.
Export Control: Implementations of this standard are subject to
Federal Government export controls as specified in title 22, Code
of Federal Regulations, parts 120 through 131 (International
Traffic of Arms Regulations -ITAR). Exporters of encryption
devices, equipment and technical data are advised to contact the
U.S. Department of State, Office of Defense Trade Controls for
more information. Patents: Implementations of this standard may
be covered by U.S. and foreign patents.
Implementation Schedule: This standard becomes effective thirty
days following publication of this FIPS PUB.
Specifications: Federal Information Processing Standard (FIPS
XXX)(affixed).
Cross Index:
a. FIPS PUB 46-2, Data Encryption Standard.
b. FIPS PUB 81, Modes of Operation of the DES
c. FIPS PUB 140-1, Security Requirements for Cryptographic
Modules.
Glossary:
The following terms are used as defined below for purposes of
this standard:
Data-Voice, facsimile and computer information communicated in
a telephone system.
Decryption-Conversion of ciphertext to plaintext through the
use of a cryptographic algorithm.
Device (cryptographic)-An electronic implementation of the
encryption/decryption algorithm and the LEAF creation method as
specified in this standard.
Digital data-Data that have been converted to a binary
representation.
Encryption-Conversion of plaintext to ciphertext through the
use of a cryptographic algorithm.
Key components-The values from which a key can be derived
(e.g., KU sub 1 + KU sub 2).
Key escrow -A process involving transferring one or more
components of a cryptographic key to one or more trusted key
component escrow agents for storage and later use by government
agencies to decrypt ciphertext if access to the plaintext is
lawfully authorized.
LEAF Creation Method 1-A part of a key escrow system that is
implemented in a cryptographic device and creates a Law
Enforcement Access Field.
Type I cryptography-A cryptographic algorithm or device
approved by the National Security Agency for protecting classified
information.
Type II cryptography-A cryptographic algorithm or device
approved by the National Security Agency for protecting sensitive
unclassified information in systems as specified in section 2315
of Title 10 United State Code, or section 3502(2) of Title 44,
United States Code.
Type III cryptography-A cryptographic algorithm or device
approved as a Federal Information Processing Standard.
Type III(E) cryptography-A Type III algorithm or device that is
approved for export from the United States.
Qualifications. The protection provided by a security product or
system is dependent on several factors. The protection provided by
this standard against key search attacks is greater than that
provided by the DES (e.g., the cryptographic key is longer).
However, provisions of this standard are intended to ensure that
information encrypted through use of devices implementing this
standard can be decrypted by a legally authorized entity.
Where to Obtain Copies of the Standard: Copies of this
publication are for sale by the National Technical Information
Service, U.S. Department of Commerce, Springfield, VA 22161. When
ordering, refer to Federal Information Processing Standards
Publication XX (FIPS PUB XX), and identify the title. When
microfiche is desired, this should be specified. Prices are
published by NTIS in current catalogs and other issuances. Payment
may be made by check, money order, deposit account or charged to a
credit card accepted by NTIS.
Specifications for the Escrowed Encryption Standard
1. Introduction
This publication specifies Escrowed Encryption Standard (EES)
functions and parameters.
2. General
This standard specifies use of the SKIPJACK cryptographic
algorithm and the LEAF Creation Method 1 (LCM-1) to be implemented
in an approved electronic device (e.g., a very large scale
integration electronic chip). The device is contained in a logical
cryptographic module which is then integrated in a security
product for encrypting and decrypting telecommunications.
Approved implementations may be procured by authorized
organizations for integration into security equipment. Devices
must be tested and validated by NIST for conformance to this
standard. Cryptographic modules must be tested and validated by
NIST for conformance to FIPS 140-1.
3. Algorithm Specifications
The specifications of the encryption/decryption algorithm
(SKIPJACK) and the LEAF Creation Method 1 (LCM-1) are classified.
The National Security Agency maintains these classified
specifications and approves the manufacture of devices which
implement the specifications. NIST tests for conformance of the
devices implementing this standard in cryptographic modules to
FIPS 140-1 and FIPS 81.
4. Functions and Parameters
4.1 Functions
The following functions, at a minimum, shall be implemented:
1. Data Encryption: A session key (80 bits) shall be used to
encrypt plaintext information in one or more of the following
modes of operation as specified in FIPS 81: ECB, CBC, OFB (64) CFB
(1, 8, 16, 32, 64).
2. Data Decryption: The session key (80 bits) used to encrypt
the data shall be used to decrypt resulting ciphertext to obtain
the data.
3. Key Escrow: The Family Key (KF) shall be used to create
the Law Enforcement Access Field (LEAF) in accordance with the
LEAF Creation Method 1 (LCM-1). The Session Key shall be encrypted
with the Device Unique Key and transmitted as part of the LEAF.
The security equipment shall ensure that the LEAF is transmitted
in such a manner that the LEAF and ciphertext may be decrypted
with legal authorization. No additional encryption or modification
of the LEAF is permitted.
4.2 Parameters
The following parameters shall be used in performing the
prescribed functions:
1. Device Identifier (DID): The identifier unique to a
particular device and used by the Key Escrow System.
2. Device Unique Key (KU): The cryptographic key unique to a
particular device and used by the Key Escrow System.
3. Cryptographic Protocol Field (CPF): The field identifying
the registered cryptographic protocol used by a particular
application and used by the Key Escrow System (reserved for
future specification and use).
4. Escrow Authenticator (EA): A binary pattern that is inserted
in the LEAF to ensure that the LEAF is transmitted and received
properly and has not been modified, deleted or replaced in an
unauthorized manner.
5. Initialization Vector (IV): A mode and application dependent
vector of bytes used to initialize, synchronize and verify the
encryption, decryption and key escrow functions.
6. Family Key (KF): The cryptographic key stored in all devices
designated as a family that is used to create the LEAF.
7. Session Key (KS): The cryptographic key used by a device to
encrypt and decrypt data during a session.
8. Law Enforcement Access Field (LEAF): The field containing
the encrypted session key and the device identifier and the escrow
authenticator.
5. Implementation
The Cryptographic Algorithm and the LEAF Creation Method shall
be implemented in an electronic device (e.g., VLSI chip) which is
highly resistant to reverse engineering (destructive or non-
destructive) to obtain or modify the cryptographic algorithms, the
DID, the KF, the KU, the EA, the CPF, the operational KS, or any
other security or Key Escrow System relevant information. The
device shall be able to be programmed/personalized (i.e., made
unique) after mass production in such a manner that the DID, KU
(or its components), KF (or its components) and EA fixed pattern
can be entered once (and only once) and maintained without
external electrical power.
The LEAF and the IV shall be transmitted with the ciphertext.
The specifics of the protocols used to create and transmit the
LEAF, IV, and encrypted data shall be registered and a CPF
assigned. The CPF shall then be transmitted in accordance with the
registered specifications.
The specific electric, physical and logical interface will vary
with the implementation. Each approved, registered implementation
shall have an unclassified electrical, physical and logical
interface specification sufficient for an equipment manufacturer
to understand the general requirements for using the device. Some
of the requirements may be classified and therefore would not be
specified in the unclassified interface specification.
- --
End of Legal Net News, Volume 1, Issue 16
