========================================================================= ________________ _______________ _______________ /_______________/\ /_______________\ /\______________\ \\\\\\\\\\\\\\\\\ \ ||||||||||||||||| / //////////////// \\\\\\\\\\\\\\\\\/ ||||||||||||||||| / //////////////// \\\\\\_______/\ ||||||_______\ / //////_____\ \\\\\\\\\\\\\ \ |||||||||||||| / ///////////// \\\\\\\\\\\\\/____ |||||||||||||| / ///////////// \\\\\___________/\ ||||| / //// \\\\\\\\\\\\\\\\ \ ||||| / //// \\\\\\\\\\\\\\\\/ ||||| \//// ========================================================================= EFFector Online Volume 07 No. 04 Feb. 24, 1994 editors@eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 In This Issue: Digital Telephony - FBI "Wiretap Bill" Resurrected EFF Statement on FBI Draft Digital Telephony Bill NIST Press Release on Clipper Decisions FCC ftp site now online Nat'l Symposium on Arts & Humanities Policies for NII What YOU Can Do ---------------------------------------------------------------------- Subject: Digital Telephony - FBI "Wiretap Bill" Resurrected ----------------------------------------------------------- The Clinton Administration is backing a proposal by law enforcement agencies that could make the entire communications infrastructure susceptible to surveillance. The Digital Telephony Proposal, reintroduced this year after being successfully thwarted last year, would require communications service providers to include "back doors" in their software through which "wiretapping" can be done. In addition, the proposal would give law enforcement officers access to records *about* communications, such as who you call and how long you talk. Such traffic analysis can can reveal vast amounts of information about you. EFF is extremely concerned about this proposal and has prepared the following summary to explain it and the harm it could do. More on what *you* can do to fight the Digital Telephony Proposal will be coming soon. ------------------------------ Subject: EFF Statement on FBI Draft Digital Telephony Bill ---------------------------------------------------------- EFF has received a draft of the FBI's new, proposed "Digital Telephony" bill. After initial analysis, we strongly condemn the bill, which would require all common carriers to construct their networks to deliver to law enforcement agencies, in real-time, both the contents of all communications on their networks and the "signalling" or transactional information. In short, the bill lays the groundwork for turning the National Information Infrastructure into a nation-wide surveillance system, to be used by law enforcement with few technical or legal safeguards. This image is not hyperbole, but a real assessment of the power of the technology and inadequacy of current legal and technical privacy protections for users of communications networks. Although the FBI suggests that the bill is primarily designed to maintain status quo wiretap capability in the face of technological changes, in fact, it seeks vast new surveillance and monitoring tools. Among the new powers given to law enforcement are: 1. Real-time access to transactional information creates the ability to monitor individuals "live". The bill would require common carrier networks (telephone companies and anyone who plans to get into the telephone business, such as cable TV companies) to deliver, in real-time, "call setup information." In the simplest case, call setup information is a list of phone numbers dialed by a given telephone currently under surveillance. As we all come to use electronic communications for more and more purposes, however, this simple call setup information could also reveal what movies we've ordered, which online information services we've connected to, which political bulletin boards we've dialed, etc. With increasing use of telecommunications, this simple transactional information reveals almost as much about our private lives as would be learned if someone literally followed us around on the street, watching our every move. We are all especially vulnerable to this kind of surveillance, because, unlike wiretapping the *content* of our communications, it is quite easy for law enforcement to get permission to obtain this transactional information. Whereas courts scrutinize wiretap requests very carefully, authorizations for access to call setup information are routinely granted with no substantive review. Some federal agencies, such as the IRS, even have the power to issue administrative subpoenas on their own, without appearing before a court. The real impact of the FBI proposal turns, in part, on the fact that it is easy to obtain court approval for seizing transactional data. The change from existing law contained in the FBI proposal is that carriers would have to deliver this call setup information *in real-time*, that is, "live", as the communication occurs, directly to a remote listening post designated by law enforcement. Today, the government can obtain this information, but generally has to install a device (called a 'pen register') which is monitored manually at the telephone company switching office. 2. Access to communication and signalling information for any mobile communication, regardless of location allows tracking of an individual's movements. The bill requires that carriers be able to deliver either the contents or transactional information associated with any subscriber, even if that person is moving around from place to place with a cellular or PCS phone. It is conceivable that law enforcement could use the signalling information to identify that location of a target, whether that person is the subject of a wiretap order, or merely a subpoena for call setup information. This provision takes a major step beyond current law in that it allows for a tap and/or trace on a *person*, as opposed to mere surveillance of a telephone line. 3. Expanded access to electronic communications services, such as the Internet, online information services, and BBSs. The privacy of electronic communications services such as electronic mail is also put at grave risk. Today, a court order is required under the Electronic Communications Privacy Act to obtain the contents of electronic mail, for example. Those ECPA provisions would still apply for the contents of such messages, but the FBI bill suggests that common carriers might be responsible for delivering the addressing information associated with electronic mail and other electronic communications. For example, if a user connects to the Internet over local telephone lines, law enforcement might be able to demand from the telephone company information about where the user sent messages, and into which remote systems that user connects. All of this information could be obtained by law enforcement without ever receiving a wiretap order. 4. The power to shut down non-compliant networks Finally, the bill proposes that the Attorney General have the power to shut down any common carrier service that fails to comply with all of these requirements. Some have already called this the "war powers" provision. Granting the Department of Justice such control over our nation's communications infrastructure is a serious threat to our First Amendment right to send and receive information, free from undue government intrusion. ******************************** This posting represents EFF's initial response to the new FBI proposal. Several documents, including the full text of the proposed bill and a more detailed section-by-section analysis are available via anonymous ftp on EFF's ftp site, as well as an archived copy of this announcement, and FBI Director Louis Freeh's Digital Telephony speech from late 1993. This docuemnt is digtel94.announce The documents can be located via ftp, gopher, or www, as follows: ftp://ftp.eff.org/pub/EFF/Policy/Digital_Telephony/digtel94_bill.draft ftp://ftp.eff.org/pub/EFF/Policy/Digital_Telephony/digtel94_analysis.eff ftp://ftp.eff.org/pub/EFF/Policy/Digital_Telephony/digtel94.announce ftp://ftp.eff.org/pub/EFF/Policy/Digital_Telephony/digtel93_freeh.speech for gopher, same but replace first part with: gopher://gopher.eff.org/00/EFF/... for WWW, same but replace first part with: http:/www.eff.org/ftp/EFF/... The directory also contains older Digital Telephony materials from earlier incarnations of the FBI's wiretapping scheme; see digtel92* and digtel93* ******************************** Press inquiries, contact: Jerry Berman, Executive Director Daniel Weitzner, Senior Staff Counsel +1 202-347-5400 +1 202-393-5509 Basic EFF info: info@eff.org General queries: ask@eff.org Membership info: membership@eff.org ------------------------------ Subject: NIST Press Release on Clipper Decisions ------------------------------------------------ (EMBARGOED FOR RELEASE: 3:00 P.M., Friday, Feb. 4, 1994) Fact Sheet NIST Cryptography Activities Escrowed Encryption Standard On April 16, 1993, the White House announced that the President approved a directive on "Public Encryption Management." Among other items, the President directed the Secretary of Commerce, in consultation with other appropriate U.S. agencies, to initiate a process to write standards to facilitate the procurement and use of encryption devices fitted with key-escrow microcircuits in federal communications systems that process sensitive but unclassified information. In response to the President's directive, on July 30, 1993, the Department of Commerce's National Institute of Standards and Technology (NIST) announced the voluntary Escrowed Encryption Standard (EES) as a draft Federal Information Processing Standard (FIPS) for public comment. The FIPS would enable federal agencies to procure escrowed encryption technology when it meets their requirements; the standard is not to be mandatory for either federal agency or private sector use. During the public review of the draft standard, a group of independent cryptographers were provided the opportunity to examine the strength of the classified cryptographic algorithm upon which the EES is based. They found that the algorithm provides significant protection and that it will be 36 years until the cost of breaking the EES algorithm will be equal to the cost of breaking the current Data Encryption Standard. They also found that there is no significant risk that the algorithm can be broken through a shortcut method of attack. Public comments were received by NIST on a wide range of issues relevant to the EES. The written comments submitted by interested parties and other information available to the Department relevant to this standard were reviewed by NIST. Nearly all of the comments received from industry and individuals opposed the adoption of the standard. However, many of those comments reflected misunderstanding or skepticism about the Administration's statements that the EES would be a voluntary standard. The Administration has restated that the EES will be a strictly voluntary standard available for use as needed to provide more secure telecommunications. The standard was found to be technically sound and to meet federal agency requirements. NIST made technical and editorial changes and recommended the standard for approval by the Secretary of Commerce. The Secretary now has approved the EES as a FIPS voluntary standard. In a separate action, the Attorney General has now announced that NIST has been selected as one of the two trusted agents who will safeguard components of the escrowed keys. Digital Signature Standard In 1991, NIST proposed a draft digital signature standard as a federal standard for publiccomment. Comments were received by NIST on both technical and patent issues. NIST has reviewed the technical comments and made appropriate changes to the draft. In order to resolve the patent issues, on June 3, 1993, NIST proposed a cross-licensing arrangement for a "Digital Signature Algorithm" for which NIST has received a patent application. The algorithm forms the basis of the proposed digital signature standard. Extensive public comments were received on the proposed arrangement, many of them negative and indicating the need for royalty-free availability of the algorithm. The Administration has now concluded that a royalty-free digital signature technique is necessary in order to promote widespread use of this important information security technique. NIST is continuing negotiations with the aim of obtaining a digital signature standard with royalty-free use worldwide. NIST also will pursue other technical and legal options to attain that goal. Cooperation with Industry During the government's review of cryptographic policies and regulations, NIST requested assistance from the Computer System Security and Privacy Advisory Board to obtain public input on a wide range of cryptographic-related issues, including the key escrow encryption proposal, legal and Constitutional issues, social and public policy issues, privacy, vendor and business perspectives, and users' perspectives. The Board held five days of public meetings. Comments obtained by the Board were useful during the government's review of these issues. In addition, NIST met directly with many industry and public interest organizations, including those on the Digital Privacy and Security Working Group and the Electronic Frontier Foundation. As directed by the President when the key escrow encryption initiative was announced, the government continues to be open to other approaches to key escrowing. On August 24, 1993, NIST also announced the opportunity to join a Cooperative Research and Development Agreement (CRADA) to develop secure software encryption with integrated cryptographic key escrowing techniques. Three industry participants have expressed their interest to NIST in this effort; however, the government still seeks fuller participation from the commercial software industry. NIST now is announcing an opportunity for industry to join in a CRADA to develop improved and alternative hardware technologies that contain key escrow encryption capabilities. Additionally, the Administration has decided to strengthen NIST's cryptographic capabilities in order to better meet the needs of U.S. industry and federal agencies. 2/4/94 ------------------------------ Subject: FCC ftp site now online -------------------------------- NEWS News media information Federal Communications Commission 202/632-5050 1919 M Street, N.W. Recorded listing of releases and texts Washington, D.C. 20554 202/632-0002 This is an unofficial announcement of Commission action. Release of the full text of a Commission order constitutes official action. See _MCI_v._ FCC_, 515 F.2d 385 (DC Circ 1974) February 22, 1994 FCC TO MAKE DOCUMENTS AVAILABLE ON INTERNET On February 22, the FCC will begin making some of its information available through Internet. Starting today, the FCC Daily Digest, the FCC News Releases, some Public Notices, and speeches by Commission officials will be accessible. The file name by which each document can be accessed will appear in the Daily Digest. In the future, the Commission will be making more of its documents available through Internet. The FCC's Internet address is ftp.fcc.gov - FCC - Office of Public Affairs contact: Rosa Prescott at (202) 632-5050. ------------------------------ Subject: Nat'l Symposium on Arts & Humanities Policies for NII -------------------------------------------------------------- CALL FOR PAPERS, PANELS, AND PRESENTATIONS On October 14th, 15th and 16th, the Center for Art Research in Boston will sponsor a National Symposium on Proposed Arts and Humanities Policies for the National Information Infrastructure. Participants will explore the impact of the Clinton Administration's AGENDA FOR ACTION and proposed NII (National Information Infrastructure) legislation on the future of the arts and the humanities in 21st Century America. The symposium, which will be held at the American Academy of Arts and Sciences in Cambridge, Massachusetts, will bring together government officials, academics, artists, writers, representatives of arts and cultural institutions and organizations, and other concerned individuals from many disciplines and areas of interest to discuss specific issues of policy which will effect the cultural life of *all* Americans during the coming decades. To participate, submit a 250-word abstract of your proposal for a paper, panel-discussion or presentation, accompanied by a one-page vitae, by March 15, 1994. Special consideration will be given to those efforts that take a critical perspective of the issues, and are concerned with offering specific alternatives to current administration and congressional agendas. Thank you, Jay Jaroslav NOTE: PLEASE FORWARD AND/OR RE-POST TO APPROPRIATE NEWSGROUPS AND MAILING LISTS. Jay Jaroslav, Director jaroslav@artdata.win.net CENTER FOR ART RESEARCH 241 A Street, Boston, MA 02210-1302 USA voice: (617) 451-8030 fax: (617) 451-1196 ------------------------------ Subject: What YOU Can Do ------------------------ "Relying on the government to protect your privacy is like asking a peeping tom to install your window blinds." - John Perry Barlow, EFF co-founder, "Decrypting the Puzzle Palace" You've been following the newspapers and reading EFFector Online. You know that today there are several battles being fought over the future of personal privacy. The Clipper Chip, export restrictions, the Digital Telephony Proposal - the arguments are numerous and complex, but the principles are clear. Who will decide how much privacy is "enough"? The Electronic Frontier Foundation believes that individuals should be able to ensure the privacy of their personal communications through any technological means they choose. However, the government's current restrictions on the export of encrytion software have stifled the development and commercial availability of strong encryption in the U.S. Rep. Maria Cantwell has introduced a bill (H.R. 3627) in the House that would liberalize export controls on software that contains encryption, but needs vocal support if the bill is to make it out of the committee stage. The decisions that are made today will affect our futures indefinitely. EFF is a respected voice for the rights of users of online technologies and EFF members receive regular online updates on the issues that affect our online communications and particpate in shaping the future. Now, more than ever, EFF is working to make sure that you are the one that makes that decision for yourself. Our members are making themselves heard on the whole range of issues. To date, EFF has collected over 4100 letters of support for Rep. Cantwell's bill to liberalize restrictions on cryptography. We also have over 1000 letters asking Sen. Leahy to hold open hearings on the proposed Clipper encryption standard. If you'd like to add your voice in support of the Cantwell bill and the Leahy hearings, you can send your letters to: cantwell@eff.org, Subject: I support HR 3627 leahy@eff.org, Subject: I support hearings on Clipper Your letters will be printed out and hand delivered to Rep. Cantwell and Sen. Leahy by EFF. You KNOW privacy is important. You have probably participated in our online campaigns. Have you become a member of EFF yet? We feel that the best way to protect your online rights is to be fully informed and to make your opinions heard. EFF members are informed, and are making a difference. Join EFF today! ------------------------------ INTERNET CONTACT ADDRESSES -------------------------- Membership & donations: membership@eff.org Legal services: ssteele@eff.org Hardcopy publications: pubs@eff.org Online publications, conferences, & other resources: mech@eff.org Technical questions/problems, access to mailing lists: eff@eff.org General EFF, legal, or policy questions: ask@eff.org ------------------------------ MEMBERSHIP IN THE ELECTRONIC FRONTIER FOUNDATION ================================================ Print out in monospaced (non-proportional) font and mail to: Membership Coordinator Electronic Frontier Foundation 1001 G Street, NW, Suite 950 East, Washington, DC 20001 SIGN ME UP! ----------- I wish to become a member of the Electronic Frontier Foundation. I enclose: ___ Regular membership -- $40 ___ Student membership -- $20 Special Contribution I wish to make an additional tax-deductible donation in the amount of $__________ to further support the activities of EFF and to broaden participation in the organization. PAYMENT METHOD: --------------- ___ Enclosed is a check or money order payable to the Electronic Frontier Foundation. ___ Please charge my: ___ MasterCard ___ Visa ___ American Express Card Number: _____________________________________________ Expiration Date: _________________________________________ Signature: _______________________________________________ NOTE: We do not recommend sending credit card information via email! YOUR CONTACT INFORMATION: ------------------------- Name: __________________________________________________________ Organization: __________________________________________________ Address: _______________________________________________________ _______________________________________________________ Phone: _____________________ FAX: _____________________ BBS: _____________________ BBS Name: ____________________ E-mail addresses: ______________________________________________ ______________________________________________ PREFERRED CONTACT ___ Electronic: Please contact me via the Internet address listed above. I would like to receive the following at that address: ___ EFFector Online - EFF's biweekly electronic newsletter (back issues available from ftp.eff.org, pub/EFF/Newsletters/EFFector). ___ Online Bulletins - bulletins on key developments affecting online communications. NOTE: Traffic may be high. You may wish to browse these publications in the Usenet newsgroup comp.org.eff.news (also available in FidoNet, as EFF-NEWS). ___ Paper: Please contact me through the US Mail at the street address listed above. NOTE: Paper documents available upon request. "Networks & Policy" Newsletter automatically sent via US Mail. PRIVACY POLICY -------------- EFF occasionally shares our mailing list with other organizations promoting similar goals. However, we respect an individual's right to privacy and will not distribute your name without explicit permission. ___ I grant permission for the EFF to distribute my name and contact information to organizations sharing similar goals. This form came from EFFector Online (please leave this line on the form!) The Electronic Frontier Foundation is a nonprofit, 501(c)(3) organization supported by contributions from individual members, corporations and private foundations. Donations are tax-deductible. End of EFFector Online v07 #04 ****************************** $$