@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ From: "Craig A. Johnson" <•••@••.•••> To: Cyber.Rights.Co-Leaders Date: Wed, 7 Feb 1996 Subject: Press Conference and lost encryption file ~--<snip>--~ Do one of you guys have that encryption thing from that ex-NSA spook, Stewart Baker, that I was going to post, but never got around to it. I think we should post it. [Done, below -- rkm] The ACLU press release with information and bios of all the plaintiffs will be on their Web site. I don't yet have an online version of their press release, or I would have posted it. BTW, the press conference went well, I said my two bits worth, but I don't think any of the networks that were there ran my clip. You can see me on CNN on a segment in Bobby Batista's show on telecom and the Internet, standing next to the ACLU guy who is talking. It's about a two-minute clip and very easy to miss. CNBC, CNN, ABC, Fox, CNBC, and PBS were all there, but I think most of the other news eclipsed us. Anyway, it was an interesting experience, and I think we all complimented one another. The ACLU guys were happy about it. Now, let's see what the fallout is tomorrow, when the ACLU and Joe Shea both file complaints. Thanks for posting the CPSR press release Richard. Craig @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ From: "Craig A. Johnson" <•••@••.•••> Date: Sun, 4 Feb 1996 Subject: (Fwd) IP: Stewart Baker's Summary of the Paris Encryption Summ FYI. ~--<snip>--~ interesting in that it shows that the U.S. seems to be winning in its effort to ram key escrow down everyone else's throats. Craig ------- Forwarded Message Follows ------- Date: Sat, 03 Feb 1996 From: Dave Farber <•••@••.•••> Subject: IP: Stewart Baker's Summary of the Paris Encryption Summit To: •••@••.••• (interesting-people mailing list) Date: Sat, 03 Feb 96 From: "Stewart Baker" <•••@••.•••> To: •••@••.••• SUMMARY REPORT ON THE OECD AD HOC MEETING OF EXPERTS ON CRYPTOGRAPHY by Stewart A. Baker Steptoe & Johnson Washington, DC •••@••.••• The OECD's ad hoc meeting of experts on cryptography was the brainchild of U.S. policymakers. Export controls on encryption have increasingly been attacked as unworkable by U.S. software and hardware producers, who see a major market for security on the global information infrastructure. This need, they argue, will be met by foreign producers if U.S. export controls are kept in place. Many companies in the software business have also attacked the latest Administration proposal allowing the export of strong encryption only if it incorporates some form of key escrow. These companies question the international demand for key escrow. The likely U.S. purpose in calling for the OECD meeting was to show that other nations are or soon will be inclined to favor key escrow in order to avoid the problems that criminal use of encryption will pose. From the U.S. point of view, the meeting was an opportunity to raise the consciousness of other governments about the problem of uncontrolled encryption while at the same time demonstrating to U.S. industry that defeating U.S. export controls would not open the door to a vast market for unescrowed encryption but would instead spark new and perhaps inconsistent local regulation of encryption. If that was the purpose of the meeting, it was a qualified success. It was not a complete success, because several governments expressed grave doubts about the U.S. effort to control encryption technology. Most prominent among the doubters were the Scandinavian countries. Japan also showed little interest in controlling encryption; it seemed more concerned about catching up in this former defense technology now that its commercial possibilities were growing. Other governments, in contrast, were supportive of some kind of escrow, though they disliked that term and preferred to speak of "trusted third party" approaches to key storage and recovery. The European Union, the United Kingdom, and France clearly favor the development of trusted third party encryption systems. Other countries also said favorable things about trusted third parties. But that term is deliberately ambiguous. It mixes together a wide variety of "trust" services for users of computer networks. Some services, such as maintaining a register of digital signatures or providing digital timestamps, do indeed require trust but are quite uncontroversial. At its most minimalist, support for "trusted third party" encryption might simply mean that governments will set standards that allow companies performing uncontroversial "trust" services to also perform private key escrow when asked to do so by users of encryption systems. Such an approach is unlikely to make escrowed encryption the dominant form of secure computer network communication. But at least some European governments plainly mean to do more than that under the heading of trusted third party encryption. Both Italy and the Netherlands have recently considered legislation to regulate encryption directly in the fashion of the French. The UK is also disinclined to see the spread of uncontrolled encryption within its borders. While these governments now seem unlikely to adopt French-style encryption regimes, they are clearly intrigued at the thought that, with government's thumb on the scale, European telecom and computer companies might be willing to adopt trusted third party encryption even without a direct government mandate. The good news for U.S. policymakers is that many European governments are clearly interested in doing something to encourage key escrow encryption, and Australia and Canada are likely to follow if a consensus in favor of key escrow emerges. This proposal for international concensus is bound to cause some of the most vocally anti-escrow U.S. companies at least a moment of self-doubt. The bad news for U.S. policymakers is that there is little appetite in Europe (let alone Japan) for direct regulation of the encryption market (even the French are showing more flexibility in enforcing their law). And some European governments' commitment to trusted third party encryption may not go beyond saying nice things about it while waiting to see what the market does. For a variety of reasons, the OECD is likely to be drawn into the process of making international encryption policy. The U.S. was generally pleased with the warmth -- if not the ambiguity -- of the international praise for trusted third party encryption, and it hopes to build a stronger international consensus for such encryption. Industry, particularly U.S. industry, would rather see policy made in the OECD than in a (presumptively more protectionist) European forum. And the other OECD nations see that forum as a good place to moderate unilateral U.S. policies, such as the current requirement that keys be escrowed in the United States. Thus all of the participants have something to gain from continuing the dialogue in the OECD. ---------------------- A more detailed description of the conference will be posted shortly to my law firm's web page. To see if it's up, go to "http://www.us.net/~steptoe/welcome.htm" and look under "Law and the Net" @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~--~=-=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~ Posted by Richard K. Moore (•••@••.•••) Wexford, Ireland Cyber-Rights: http://www.cpsr.org/cpsr/nii/cyber-rights/ CyberLib: http://www.internet-eireann.ie/cyberlib Materials may be reposted in their entirety for non-commercial use. ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~--~=-=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~