[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Aaron on crypto

Hier der Kommentar von Marc Rotenberg zu 
den Krypto-Initiativen des Herrn David Aaron.

FiFF hat sich schon gešussert.



>Date: Sat, 17 Oct 1998 17:39:39 -0400
>From: Marc Rotenberg <rotenberg@epic.org>
>Subject: Aaron on crypto
>To: gilc-plan@gilc.org
>Reply-To: gilc-plan@gilc.org
>Well, this is my day to brush up on David Aaron.
>After reading the Brussels speech on data protection
>in Rigo's message, I looked at the speech he gave
>to the German chamber of industry on encryption.
>I hope this "reading between the lines" will
>help others understand more of what is really
>going on. If I get a moment, I will put together
>an article.
>A few general comments:
> - Aaron's push for "balance" and "lawful access"
>   based on "a variety of solutions" is the old-line
>   US position. In fact his call for "industry-led,
>   market-based solutions is the best approach to helping
>   law enforcement" is almost verbatim from the Vice
>   Presidents June 1994 letter on this topic.
> - Aaron's statement in Germany undercuts recent
>   assurances made by the Administration that it
>   was trying to move away from the key escrow
>   approach. US business people who see these
>   remarks will not be very pleased.
> - The timing is, of course, significant. Aaron hopes
>   that the change in government in Germany will
>   provide an opportunity to move German policy on
>   the encryption issue. Germany has literally been
>   the bulwark in Europe, opposing the US on lawful
>   access, and bringing along the other EU nations
>   and even some future EU nations, so that today
>   only the UK and France ar even close to the US
>   position. The timing is significant for another
>   reason. Germany assumes the Presidency of the
>   EC at the beginning of 1999. If the US is unable
>   to move the German government before then, it
>   may be too late to make any significant inroads
>   with the European governments. An effort earlier
>   this year to work with the UK on the encryption
>   issue when it headed the EC did not amount to
>   much.
> - Aaron is strangely silent on the OECD Cryptography
>   Guidelines. He and other US officials have claimed
>   that the Guidelines endorse lawful access. But there
>   is no mention here of the well known policy
>   statement as authority for the US position. The
>   answer is easy to understand: the OECD had rejected
>   lawful access which is why Aaron must avoid the
>   topics.
>I found a number of Aaron's statements to be simply
> For a country like Germany which is the target of
> foreign mafias and has been the site of numerous terrorist
> incidents, the  elimination of any possible use of lawful
> police surveillance poses obvious dangers.
>This is an absurd claim that even law enforcement is
>reluctant to make. Much of signals intelligence is
>traffic analysis, who talks to whom, when, how
>often, and in relation to what other events? Even
>without any access to the content of a communication,
>the range of data gathering techniques in digital
>networks has skyrocketed.
>  Our policy of encouraging this market is clearly
>  working; both U.S. and foreign companies are developing
>  key recovery and recoverable products in response to customer
>  demand. For example, no company wants to have its files
>  locked up permanently by a disgruntled employee.
>All indications are that the effort to jumpstart the market
>for key escrow have failed. The Key Recovery Alliance, the
>trade association created to support this effort, has collapsed.
>Companies that developed key escrow products, such as
>TIS, were unable to get contracts in the private sector.
>And even those systems that were tried in the US
>government, such as Fortezza, were later dropped because
>of technical problems, such as the overhead required
>to manage keys in an escrow system.
>  Aside from export controls, we will continue to use government
>  purchasing power. The U.S. government will use strong encryption
>  with key recovery for its own internal communications and with
>  the public.
>  To standardize government purchases, the Department of Commerce
>  has convened a technical, industry advisory committee to develop a
>  Federal standard for key recovery which should be completed soon.
>The original Escrowed Encryption Standard, EES 185, was opposed
>by virtually every non-government person who commented on the
>proposal. There is no consensus today in the Commerce Dept.
>Encryption Committee to go forward with key escrow in
>the federal government.