From: Emily H. Lonsford (10/19/93) To: infsecur%smiley@mwunix.mitre.or, Mail*Link¨ SMTP more on the house crypto he Received: by iegate.mitre.org with SMTP;19 Oct 1993 09:52:44 U Received: from mwunix.mitre.org by mbunix.mitre.org (911016.SGI/4.7) id AA10803; Tue, 19 Oct 93 09:52:55 -0400 Received: by mwunix.mitre.org (5.65c/SMI-2.2) id AA29431; Tue, 19 Oct 1993 09:52:54 -0400 Received: from smiley.mitre.org.sit (smiley.mitre.org) by mwunix.mitre.org (5.65c/SMI-2.2) id AA29353; Tue, 19 Oct 1993 09:52:45 -0400 Organization: The MITRE Corp. Received: from mwunix.mitre.org by smiley.mitre.org.sit (4.1/SMI-4.1) id AA24590; Tue, 19 Oct 93 09:51:59 EDT Return-Path: Received: from mwvm.mitre.org by mwunix.mitre.org (5.65c/SMI-2.2) id AA29298; Tue, 19 Oct 1993 09:52:28 -0400 Message-Id: <199310191352.AA29298@mwunix.mitre.org> Received: from MWVM by mwvm.mitre.org (IBM VM SMTP V2R1) with BSMTP id 4830; Tue, 19 Oct 93 09:06:52 EDT Date: Tuesday, 19 Oct 1993 09:06:46 EDT From: m19940@mwvm.mitre.org (Emily H. Lonsford) To: infsecur%smiley@mwunix.mitre.org Subject: more on the house crypto hearings X-Mdf: fnc re-routed to "fnc@mbunix.mitre.org" Enclosed is a narrative of parts of the hearings as reported by members of the EFF. Note that live demos with notebook computers were done for the committee. Very effective. =================================== Subj: House Crypto Export Hearings From: kragar.eff.org From: farber@central.cis.upenn.edu (David Farber) Subject: Notes from House Hearing on Cryptography Export Controls From: djw@eff.org (Daniel J. Weitzner) Subject: Notes from House Hearing on Cryptography Export Controls House Foreign Affairs Committee Subcommittee on Economic Policy, Trade, and the Enviornment Hearing on mass market cryptography and export controls Rep. Sam Gejdenson (D-Conn.), Chair Committee Members present: Gejdenson, Cantwell (D-Wash.), Fingerhut (D-Ohio), Rohrbacher (R-Calif.) Manzullo (R-Ill.) Witnesses: PANEL 1 (Open) J. Hendren, Arkansas Systems (A data security firm that does a lot of international banking work) Ray Ozzie, IRIS Associates for Business Software Alliance (Lotus Notes developer) Stephen Walker, Trusted Information Systems for Software Publishers Association Philip Zimmermann, PGP developer Don Harbert, Digital Eqiupment Corp. PANEL 2 (Secret Session) NSA representative Opening Statement of Gejdenson: "This hearing is about the well intentioned attempts of the National Security Agency to try to control the uncontrollable.... The NSA itself acknowledges that if you have a long distance telephone line and a modem, you can send this software anywhere in the world. If you have a computer and a modem you can take this software off of the Internet anywhere in the world.... I do not question the value of the information sought by the National Security Agency. But once it is determined that the dispersion of this software cannot be controlled, then however much we might want to protect our ability to obtain information, it is beyond our means to do so. Just as in the case of telecommunications, the National Security Agency is attempting to put the genie back in the bottle. It won't happen; and a vibrant and productive sector of American indsutry may be sacrificed in the process." The main points raised by witnesses were these: 1. DES and other strong encryption which is barred by ITAR is in the public domain and available on the global market from foreign software manufacturers: -Ray Ozzie used his laptop and a modem to show how to get a DES implementation from ftp.germany.eu.net. The committee loved it and most of them seemed to understand what was going on on the screen, even though they had never heard of ftp. -Stephen Walker described the results of an SPA study which uncovered over 250 cryptography packages which offer DES-based or stronger algorithms. -Phil Zimmermann testified that he designed PGP from publicly available information. 2. Foreign DES implementations are just as good as US versions. Surprisingly enough, this is a contentious issue. Some members of the committee seemed to have been told by someone or another that foreign versions of DES may not be as strong as those that are made in the USA. If this were true, then export controls might still be justified despite the numerous foreign versions of DES on the market. In my view, this is a pretty desperate argument. -Steve Walker demonstrated that all DES works the same way by encrypting a passage from Mozart's Eine Kleine Nachtmusik with several different foreign DES packages, and then decrypting them. Surprise! They all sounded just the same. 3. Lots of money is being lost by US software/hardware vendors: -Don Harbert from DEC told of loses of over $70 Million in just the last few months. -BSA estimates that export controls exclude access to a global market the is $6-9 Billion. 4. People want their privacy -Phil Zimmermann told the committee about his experience with PGP users and how badly people need and want to protect their privacy in electronic environments Committee Responses: Overall, the committee was quite sympathetic to the witnesses. Chairman Gejdenson seemed very supportive of changing export controls. Rep. Dana Rohrbacher, no flaming liberal, said, "the cold war is over. I sympathize with everything that has been said here." ------- end of included report ---- ************************** * EMILY H. LONSFORD * MITRE - HOUSTON H123 (713) 333-0922 * EHL@MITRE.ORG ************************** ======================================================================