Date: Thu, 02 Dec 93 08:45:28 EST
From: "Marjory Blumenthal" <mblument(_at_)nas(_dot_)edu>
Subject: A study of National Cryptography Policy
As part of the Defense Authorization Bill for FY 1994, the U.S. Congress has
asked the Computer Science and Telecommunications Board (CSTB) of the National
Research Council (NRC) to undertake a study of national policy with respect to
the use and regulation of cryptography. The report of the study committee is
due two years after all necessary security clearances have been processed,
probably sometime summer 1996, and is subject to NRC review procedures. The
legislation states that 120 days after the day on which the report is
submitted to the Secretary of Defense, the Secretary shall submit the report
to the Committees on Armed Services, Intelligence, Commerce, and the Judiciary
of the Senate and House of Representatives in unclassified form, with
classified annexes as necessary.
This study is expected to address the appropriate balance in cryptography
policy among various national interests (e.g., U.S. economic competitiveness
(especially with respect to export controls), national security, law
enforcement, and the protection of the privacy rights of individuals), and the
strength of various cryptographic technologies known today and anticipated in
the future that are relevant for commercial purposes. The federal process
through which national cryptography policy has been formulated is also
expected to be a topic of consideration, and, if appropriate, the project will
address recommendations for improving the formulation of national
cryptographic policy in the future.
This project, like other NRC projects, will depend heavily on input from
industry, academia, and other communities in the concerned public. Apart from
the study committee (described below), briefings and consultations from
interested parties will be arranged and others will be involved as anonymous
peer reviewers.
It is expected that the study committee will be a high-level group that will
command credibility and respect across the range of government, academic,
commercial, and private interests. The committee will include members with
expertise in areas such as:
- relevant computer and communications technology;
- cryptographic technologies and cryptanalysis;
- foreign, national security, and intelligence affairs;
- law enforcement;
- commercial interests; and
- privacy and consumer interests.
All committee members (and associated staff) will have to be cleared at the
"SI/TK" level; provisions have been made to expedite the processing of
security clearances for those who do not currently have them. Committee
members will be chosen for their stature, expertise, and seniority in their
fields; their willingness to listen and consider fairly other points of view;
and their ability to contribute to the formulation of consensus positions.
The committee as a whole will be chosen to reflect the range of judgment and
opinion on the subject under consideration.
The detailed composition of the committee has not yet been decided;
suggestions for committee members are sought from the community at large.
Note that NRC rules regarding conflict of interest forbid the selection as
committee members of individuals that have substantial personal financial
interests that might be significantly affected by the outcome of the study.
Please forward suggestions for people to participate in this project to
CSTB(_at_)NAS(_dot_)EDU by DECEMBER 17, 1993; please include their
institutional
affiliations, their field(s) of expertise, a note describing how the criteria
described above apply to them, and a way to contact them. For our
administrative convenience, please put in the "SUBJECT:" field of your message
the words "crypto person".
Finally, some people have expressed concern about the fact that the project
will involve consideration of classified material. Arguments can and have
been made on both sides of this point, but in any event this particular ground
rule was established by the U.S. Congress, not by the CSTB. Whether one
agrees or disagrees with the asserted need for classification, the task at
hand is to do the best possible job given this constraint.
On the National Research Council
The National Research Council (NRC) is the operating arm of the Academy
complex, which includes the National Academy of Sciences, the National Academy
of Engineering, and the Institute of Medicine. The NRC is a source of
impartial and independent advice to the federal government and other policy
makers that is able to bring to bear the best scientific and technical talent
in the nation to answer questions of national significance. In addition, it
often acts as a neutral party in convening meetings among multiple
stakeholders on any given issue, thereby facilitating the generation of
consensus on controversial issues.
The Computer Science and Telecommunications Board (CSTB) of the NRC considers
technical and policy issues pertaining to computer science,
telecommunications, and associated technologies. CSTB monitors the health of
the computer science, computing technology, and telecommunications fields,
including attention as appropriate to the issues of human resources and
information infrastructure and initiates studies involving computer science,
computing technology, and telecommunications as critical resources and sources
of national economic strength. A list of CSTB publications is available on
request.
Regards, -Rob- Robert W. Shirey SHIREY(_at_)MITRE(_dot_)ORG
tel 703.883.7210, sec 703.883.5749, fax 703.883.1397
Info. Security Div., The MITRE Corp., Mail Stop Z231
7525 Colshire Drive, McLean, Virginia 22102-3481 USA