[1134] in cryptography@c2.net mail archive
Re: White House White Paper: Encryption
daemon@ATHENA.MIT.EDU (Declan McCullagh)
Tue Jul 1 15:01:23 1997
Date: Tue, 1 Jul 1997 10:18:36 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: Donald Weightman <dweightman@Radix.Net>
cc: cryptography@c2.net
In-Reply-To: <3.0.16.19970701131130.093ff482@pop.radix.net>
Thanks for posting. I'm about to leave for the White House briefing and
formal unveiling of this paper.
It does basically everything industry wants except the "right thing" on
encryption. Had breakfast with Novell CEO Eric Schmidt this morning. He
played down the differences, endorsed the white paper, said (correctly)
that crypto was only one issue at stake. Tellingly, the Business Software
Alliance letter released today also endorsing the paper listed strong IP
protection as their #1 goal.
More on this later, probably, when I get back from the White House.
-Declan
On Tue, 1 Jul 1997, Donald Weightman wrote:
> Here is what the Administration White Paper on Net commerce released today
> (?) says about security and encryption.
>
> ==============
> The GII must be secure and reliable. If Internet users do not have
> confidence that their
> communications and data are safe from unauthorized access or modification,
> they will be unlikely to
> use the Internet on a routine basis for commerce.
>
> A secure GII requires:
>
> 1.secure and reliable telecommunications networks;
>
> 2.effective means for protecting the information systems attached to
> those networks;
>
> 3.effective means for authenticating and ensuring confidentiality of
> electronic information to
> protect data from unauthorized use; and
>
> 4.well trained GII users who understand how to protect their systems and
> their data.
>
> There is no single "magic" technology or technique that can ensure
> that the GII will be secure
> and reliable. Accomplishing that goal requires a range of technologies
> (encryption, authentication,
> password controls, firewalls, etc.) and effective, consistent use of those
> technologies, all supported
> globally by trustworthy key and security management infrastructures.
>
> Of particular importance is the development of trusted certification
> services that support the
> digital signatures that will permit users to know whom they are
> communicating with on the Internet.
> Both signatures and confidentiality rely on the use of cryptographic keys.
> To promote the growth of
> a trusted electronic commerce environment, the Administration is
> encouraging the development of a
> voluntary, market-driven key management infrastructure that will support
> authentication, integrity,
> and confidentiality.
>
> Encryption products protect the confidentiality of stored data and
> electronic communications
> by making them unreadable without a decryption key. But strong encryption
> is a double-edged
> sword. Law abiding citizens can use strong encryption to protect their
> trade secrets and personal
> records. But those trade secrets and personal records could be lost forever
> if the decrypt key is lost.
> Depending upon the value of the information, the loss could be quite
> substantial. Encryption can also
> be used by criminals and terrorists to reduce law enforcement capabilities
> to read their
> communications. Key recovery based encryption can help address some of
> these issues.
>
> In promoting robust security needed for electronic commerce, the
> Administration has already
> taken steps that will enable trust in encryption and provide the safeguards
> that users and society will
> need. The Administration, in partnership with industry, is taking steps to
> promote the development of
> market-driven standards, public-key management infrastructure services and
> key recoverable
> encryption products. Additionally, the Administration has liberalized
> export controls for commercial
> encryption products while protecting public safety and national security
> interests.
>
> The Administration is also working with Congress to ensure legislation
> is enacted that would
> facilitate development of voluntary key management infrastructures and
> would govern the release of
> recovery information to law enforcement officials pursuant to lawful
> authority.
>
> The U.S. government will work internationally to promote development
> of market- driven key
> management infrastructure with key recovery. Specifically, the U.S. has
> worked closely within the
> OECD to develop international guidelines for encryption policies and will
> continue to promote the
> development of policies to provide a predictable and secure environment for
> global electronic
> commerce.
>
> http://www.iitf.nist.gov/eleccomm/ecomm.htm
>
>
> cheers
>
> ..........................................
> Donald Weightman
> dweightman@radix.net
>
>
