[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Aaron on crypto
- To: debate@fitug.de
- Subject: Aaron on crypto
- From: Rigo Wenning <wenning2@rz.uni-sb.de>
- Date: Sun, 18 Oct 1998 22:34:07 +0100
- Comment: This message comes from the debate mailing list.
- Sender: owner-debate@fitug.de
Hier der Kommentar von Marc Rotenberg zu
den Krypto-Initiativen des Herrn David Aaron.
FiFF hat sich schon geäussert.
Gruss
Rigo
>Date: Sat, 17 Oct 1998 17:39:39 -0400
>From: Marc Rotenberg <rotenberg@epic.org>
>Subject: Aaron on crypto
>To: gilc-plan@gilc.org
>Reply-To: gilc-plan@gilc.org
>
>
>Well, this is my day to brush up on David Aaron.
>After reading the Brussels speech on data protection
>in Rigo's message, I looked at the speech he gave
>to the German chamber of industry on encryption.
>I hope this "reading between the lines" will
>help others understand more of what is really
>going on. If I get a moment, I will put together
>an article.
>
>Marc.
>
>A few general comments:
>
> - Aaron's push for "balance" and "lawful access"
> based on "a variety of solutions" is the old-line
> US position. In fact his call for "industry-led,
> market-based solutions is the best approach to helping
> law enforcement" is almost verbatim from the Vice
> Presidents June 1994 letter on this topic.
>
> - Aaron's statement in Germany undercuts recent
> assurances made by the Administration that it
> was trying to move away from the key escrow
> approach. US business people who see these
> remarks will not be very pleased.
>
> - The timing is, of course, significant. Aaron hopes
> that the change in government in Germany will
> provide an opportunity to move German policy on
> the encryption issue. Germany has literally been
> the bulwark in Europe, opposing the US on lawful
> access, and bringing along the other EU nations
> and even some future EU nations, so that today
> only the UK and France ar even close to the US
> position. The timing is significant for another
> reason. Germany assumes the Presidency of the
> EC at the beginning of 1999. If the US is unable
> to move the German government before then, it
> may be too late to make any significant inroads
> with the European governments. An effort earlier
> this year to work with the UK on the encryption
> issue when it headed the EC did not amount to
> much.
>
> - Aaron is strangely silent on the OECD Cryptography
> Guidelines. He and other US officials have claimed
> that the Guidelines endorse lawful access. But there
> is no mention here of the well known policy
> statement as authority for the US position. The
> answer is easy to understand: the OECD had rejected
> lawful access which is why Aaron must avoid the
> topics.
>
>I found a number of Aaron's statements to be simply
>outrageous:
>
> For a country like Germany which is the target of
> foreign mafias and has been the site of numerous terrorist
> incidents, the elimination of any possible use of lawful
> police surveillance poses obvious dangers.
>
>This is an absurd claim that even law enforcement is
>reluctant to make. Much of signals intelligence is
>traffic analysis, who talks to whom, when, how
>often, and in relation to what other events? Even
>without any access to the content of a communication,
>the range of data gathering techniques in digital
>networks has skyrocketed.
>
> Our policy of encouraging this market is clearly
> working; both U.S. and foreign companies are developing
> key recovery and recoverable products in response to customer
> demand. For example, no company wants to have its files
> locked up permanently by a disgruntled employee.
>
>All indications are that the effort to jumpstart the market
>for key escrow have failed. The Key Recovery Alliance, the
>trade association created to support this effort, has collapsed.
>Companies that developed key escrow products, such as
>TIS, were unable to get contracts in the private sector.
>And even those systems that were tried in the US
>government, such as Fortezza, were later dropped because
>of technical problems, such as the overhead required
>to manage keys in an escrow system.
>
> Aside from export controls, we will continue to use government
> purchasing power. The U.S. government will use strong encryption
> with key recovery for its own internal communications and with
> the public.
>
> To standardize government purchases, the Department of Commerce
> has convened a technical, industry advisory committee to develop a
> Federal standard for key recovery which should be completed soon.
>
>The original Escrowed Encryption Standard, EES 185, was opposed
>by virtually every non-government person who commented on the
>proposal. There is no consensus today in the Commerce Dept.
>Encryption Committee to go forward with key escrow in
>the federal government.
>
>
>
>
>
>
>
>