ALERT - Protect Privacy Online. Be a Part of Crypto Action Week (fwd)

VAUGHAN RAYMOND SANDERSON (skater1@deakin.edu.au)
Fri, 23 Aug 1996 17:12:29 +1000 (EST)


---------- Forwarded message ----------
Date: Thu, 22 Aug 1996 10:21:27 -0400
From: Jonah Seiger <jseiger@cdt.org>
To: policy-posts@cdt.org
Subject: ALERT - Protect Privacy Online. Be a Part of Crypto Action Week

Friends:

As you are aware, Congress and the Clinton Administration are locked in a
struggle over the future of privacy and security on the Internet. As
Congress moves closer passing serious Encryption policy reforms, they need
to hear from you.

To help focus public attention on the need for privacy and security on the
Net, CDT has joined forces with the Voters Telecommunications Watch (VTW),
the Electronic Frontier Foundation (EFF), the Electronic Privacy
Information Center (EPIC), and Wired Magazine to coordinate "CRYPTO ACTION
WEEK". Details are attached below.

Please take a moment to read the attached alert and forward it to your
friends. There are two ways you can help this effort:

* Sign the Petition in support of Encryption Policy Reform by visiting
http://www.crypto.com/petition

* Make an appointment with your legislators local office to discuss the
importance of Encryption. Instructions and helpful hints are included below.

In early September, the Senate Commerce Committee may vote to send the
Burns/Leahy Pro-CODE bill to the Senate Floor. The House Judiciary
Committee is also planning to hold a hearing on the Goodlatte bill (HR
3011). The FBI and the Clinton Administration are gearing up for an all out
push to defeat these bills. We must act now to show Congress that there is
strong public support for these bills.

The debate over encryption policy is one of the most critical issues facing
the Net.community today. Without strong privacy and security protections,
the Net cannot develop into the secure and trusted platform for free
expression, education, and commerce it must become in order to flourish.
With your help, we can take a major step towards achieving this goal.

Thanks for your support!

Jonah Seiger
CDT Policy Analyst

===========================================================================
___ _____ _____ _____ ___
/ __| _ \ \ / / _ \_ _/ _ \ JOIN THOUSANDS OF OTHER NET.AMERICANS AS
| (__| /\ V /| _/ | || (_) | THEY WORK FOR BETTER PRIVACY AND ENCRYPTION
\___|_|_\ |_| |_| |_| \___/ September 3-10, 1996
___ ___ _____ ___ ___ _ _ __ _____ ___ _ __
/ _ \ / __|_ _|_ _/ _ \| \| | \ \ / / __| __| |/ /
| _ | (__ | | | | (_) | .` | \ \/\/ /| _|| _|| ' <
|_| |_|\___| |_| |___\___/|_|\_| \_/\_/ |___|___|_|\_\

SENATE PRO-CRYPTO PRO-CODE BILL COULD BE VOTED OUT OF COMMITTEE
YOUR HELP IS NEEDED TO PREPARE CONGRESS FOR THE DEBATE!
http://www.crypto.com/caw/

Reproduce this where appropriate until September 15, 1996
---------------------------------------------------------------------------
Table of Contents
News from the frontlines
What you must do
Concluding the meeting
Tips on how to conduct your visit
Angles on encryption
Questions about encryption you might be asked
Participating Organizations / More Information

---------------------------------------------------------------------------
NEWS FROM THE FRONTLINES

Congress as a whole is beginning to focus on encryption - bills moving
through both House and Senate would improve availability of privacy and
security for the Net. With three hearings in the Senate and one
scheduled in House Judiciary Committee for early September -
pro-encryption bills have a chance of passing, or at least helping to
lay the groundwork for the next Congress.

Recently in a live chat from the Republican Convention in San Diego,
Senator Conrad Burns (R-MT) said he believed he had enough votes to
pass Pro-CODE out of the Senate Sub-Committee and Committee. This
is the farthest encryption activists will have come in the crypto fight
in years.

We need your help to make the case to Congress that encryption is
important to privacy and security online, as well as the future potential
of the Internet to create jobs and promote US competitiveness. Here's what
you can do:

-sign the petition at http://www.crypto.com/petition/
-make an appointment with your legislator's local office

With the directions below, visit your Congressperson - urge them to
support the two bills: Pro-CODE "Promotion of Commerce Online in the
Digital Era" (S.1726) & SAFE "Security and Freedom Through Encryption"
(HR 3011).

Now is the time to tell your member of Congress that government
restrictions on encryption are unacceptable to the future of the
Internet. In recent months, the FBI and the White House have been
using local sheriffs to lobby members of Congress on this issue. If
you don't tell your member of Congress our side of the story, they
won't hear it from anyone.

---------------------------------------------------------------------------
WHAT YOU MUST DO

Here's what you need to do:

1. Sign the petition at http://www.crypto.com/petition/
A petition has been setup to help show Congress that encryption policy
must be driven by the market's concerns.

2. Make an appointment with your Senators'/Representative's local office.
It's probably best to make an appointment with the local office manager.
It's great if you can get an appointment with your legislator, but
don't worry if your legislator cannot be there.

If you don't know who your Representative and two Senators are, simply
call the local League of Women Voters office and ask! You might also
try using the Zipper at http://www.voxpop.org:80/zipper/

3. Setting up the meeting
When making the appointment, you should say that the topic is
privacy and encryption on the Internet. Ensure they know you are a
constituent. If possible, take a friend who owns a small Internet
business (web design, ISP, whatever) who also lives in the
district.

It's crucial that you do not wait to get someone to go before making the
appointment. Make the appointment, then go looking for someone to go
with you.

4. Carry the following message as a theme through your meeting.

Encryption is important to privacy - the Internet is vulnerable
and the future of American competitiveness is at stake. Encryption
is NOT a terrorist weapon any more than a hammer is a terrorist
weapon. While there are difficult national security issues,
these should not be the driving force of this debate.

The future of the Internet should not be held hostage by a cold-war
era world view.

5. Send us mail at vtw@vtw.org when you've made your appointment. Check
back at http://www.crypto.com/caw/ for progress and tips on Crypto Action
Week!

---------------------------------------------------------------------------
CONCLUDING THE MEETING

There are a few things you should remember as you finish your meeting.

If talking to a member, find out if we can count on his/her support for the
PRO-CODE/SAFE bill. If talking to a staffer, make it their mission to
find out the answer to this question.

As you leave the meeting, run, don't walk, to the nearest card shop and
buy a thank you card. Write a thank you and address it immediately.
Stick it in the nearest mailbox.

Send us mail at vtw@vtw.org, letting us know how it went.

----------------------------------------------------------------------------
TIPS ON HOW TO CONDUCT YOUR VISIT

Always be polite. Never threaten. Never lose your cool.

Many staffers have no idea what encryption is. Moreover, they might have
never used the Internet. You should view this as an opportunity:
you will get the chance to define the debate and educate them.
You may even want to bring a laptop with a modem and take the member/staff
on a breif Internet tour. (Be careful about what you show them.)

Remember we're all taxpayers, so the phrase "I'm a taxpayer" is
meaningless.

Be brief. If you're going in a group, plan out the topics each person
will hit. Appoint someone to act as a spokesperson for the group, so there
can be a central contact.

Remember the first law of Real Estate: LOCATION LOCATION LOCATION. It's
crucial that everyone at the meeting be a potential vote for the
legislator.

Remind yourself that your legislator probably hasn't yet made a decision
on this issue yet; you're there to educate as much as anything.

Go as *individuals* or *business owners* who have a stake in the debate
on encryption issue.

---------------------------------------------------------------------------
ANGLES ON ENCRYPTION

Internet business angle: When speaking from the point of view of an Internet
Service Provider or Web design firm, you have available several arguments,
such as:

"The popularity of the Net has created a gold rush which has
benefitted my business and the local voters I employ. Concerns
about security on the net could dampen that excitement, and
diminish the potential for industry"

"Many types of services that I would like to offer online cannot
be done without strong security. The current level of security
is too weak to engender public trust, and will diminish the
types of business people will put on the net."

Clipper angle: If someone brings up the issue of Clipper and the idea that
government should be trusted to hold your private encryption key, you have
several options available to you:

"It's not clear that the Administration can be trusted to hold
any information secret, after incidents like the FBI Filegate
scandal."

"Handing over one's encryption keys to the gov't is just like giving
the local police station a copy of your house key, just in case they
need to search your apartment. Of course they would promise never
to use it unless authorized."

---------------------------------------------------------------------------
QUESTIONS ABOUT ENCRYPTION YOU MIGHT BE ASKED

There are a number of questions you will probably be asked by the staff
or member that you should be prepared to answer. Here's a few of them
and some answers you should feel comfortable with.

WHAT IS ENCRYPTION?

Encryption is a method of scrambling information with one or more "keys"
so that only the sender and receiver can read it, and an eavesdropper
cannot. Your bank card PIN, telephone conversations, love letters, health
records, and business correspondence are all things that might need to
be encrypted.

WON'T TERRORISTS AND CRIMINALS USE ENCRYPTION?

Perhaps. But criminals and terrorists already have access to strong
encryption from overseas, and are unlikely to use encryption technologies
which they know are breakable by the US government. Would you send
sensitive information using a code that you knew your adversaries could
break?

Criminals and terrorists will, for better or worse, have access to strong
encryption regardless of U.S. efforts to restrict its availability.
Meanwhile, current U.S. policy leaves sensative personal and business
communications vulnerable and actually creates opportunities for crimes like
industrial espionage.

WHAT IS 40 BIT ENCRYPTION?

Quite often the strength of an encryption system is measured by the
size of the key. Forty bits is about the same as a five or six letter
word, such as "apple". The US government has stated that American
companies that wish to sell products with encryption can only implement
encryption whose keys are forty bits long.

At one time it was quite difficult to attack and recover messages that
were encrypted with 40 bit encryption. Because of advances in computer
power and research, it has become much easier to do this. As recently
as last year, a graduate student in France broke 40-bit encryption using
University resources he had available in his spare time.

DON'T EXPORT RESTRICTIONS PREVENT ENCRYPTION PRODUCTS FROM GOING ABROAD?

No. The idea that export restrictions actually keep encryption out of the
hands of non-U.S. citizens implies that all encryption products come
from the U.S. This is simply untrue, and the plethora of products
available from non-U.S. sources now shows how absurd it is to continue
to keep such regulations intact.

DO EXPORT RESTRICTIONS HURT U.S. COMPANIES IN THE GLOBAL MARKETPLACE?

Yes. American hardware and software companies compete globally with products
from around the world. For many companies, a majority of their business
comes from international sales. In the crowded marketplace of this fast-
paced business, developing a product with a single feature that outshines a
competitor's product can often be deciding factor in a consumer's mind.

Yet, American hardware and software businesses are at a disadvantage, as
many competing non-U.S. products can offer stronger encryption than they
can. This places American products at a distinct competitive disadvantage.

DO EXPORT RESTRICTIONS LIMIT AMERICANS' CHOICE OF SECURITY PRODUCTS?

Yes. Although it is possible to sell two versions of a product, one with
strong encryption for sale domestically and one with weak encryption
for sale abroad, most companies find this schizophrenic product
development approach to be too burdensome and risky. The result is that
companies that produce hardware and software products that require security
tend to omit such features entirely, or weaken them so that the same product
can be used for export as for domestic use.

The end result of this is that Americans end up with products that are
becoming increasingly incapable of protecting their privacy, hampered by
regulations that can longer accomplish their goal.

---------------------------------------------------------------------------
PARTICIPATING ORGANIZATIONS / MORE INFORMATION

For more information on the encryption issue, check these important
organizations' WWW sites:

Center for Democracy and Technology (CDT): http://www.cdt.org
Electronic Frontier Foundation (EFF): http://www.eff.org
Electronic Privacy Information Center (EPIC): http://www.epic.org
Voters Telecommunications Watch (VTW): http://www.vtw.org
Wired Ventures Ltd.: http://www.hotwired.com

Also check these great educational sites:
Encryption Policy Resource Page (http://www.crypto.com)
Internet Privacy Coalition (http://www.privacy.org)

========================================================================