Secure Privacy Networks Act LetterDownload PDF
The Institute of Electrical and Electronics Engineers-
United States Activities
1828 L Street, NW, Suite 1202
Washington, DC 20036
T: (202) 785-0017; F: (202) 785-0835
The Association for Computing
U.S. Public Policy Office
666 Pennsylvania Ave., SE
Suite 302 B
Washington, DC 20003
T: (202) 544-4859
F: (202) 547-5482
July 3, 1997
The Honorable John McCain
Senate Commerce, Science & Transportation Committee
241 Russell Senate Office Bldg.
Washington, DC 20510
Dear Mr. Chairman:
The U.S. Public Policy Office for the Association for Computing (USACM) and The Institute of Electrical and Electronics Engineers-United States Activities (IEEE-USA) note with considerable dismay the Senate Commerce, Science and Transportation Committee's recent approval of S. 909, the "Secure Public Networks Act."
We share many of the concerns of the Committee members regarding problems of
national security and law enforcement. However, we believe that the
"Secure Public Networks Act," as approved by the Committee, leads
In what follows, we briefly outline some of the reasons why so many experts believe such a bill is harmful if it became law.
First, the bill is economically harmful. Voting to restrict strong
cryptography would damage
Secure software and hardware is available overseas. Mathematical acumen
exists around the world; the
Second, this bill threatens cherished civil freedoms. Information technologies make data surveillance possible and increasingly affordable. The best technical protections available to the individual depend upon cryptography. There is also an unfortunate history of a few law enforcement agents and government officials using their positions and access to violate the law and the rights of citizens. Strong encryption is the only practicial means available to law-abiding citizens to defend themselves against these infrequent, but all-too-real abuses.
The wording in the proposed bill for organizations with Federal funding to rely on a mandated form of encryption will be burdensome and may lead to severe invasions of privacy. For instance, if a library or university were forced to implement such encryption, how could the organization ensure that its users were actually employing the system? The only sure method would be to "snoop" on the messages to see if they were breakable under the mandated scheme. Otherwise, users would be able to substitute their own encryption instead of, or in addition to, the mandated form, thus rendering this bill meaningless but still costly to implement. This raises serious questions about privacy -- and more importantly -- First Amendment considerations.
Third, the criminal element will not be hindered by any legislation similar to the one proposed. The referenced bill provides no provisions that would actually deter criminals from employing strong encryption obtained from other sources. Drug cartels, terrorists, pornographers and others who might use encryption in criminal enterprises are already violating laws with penalties much more severe than any that might be imposed for using unauthorized encryption technologies. Meanwhile, law-abiding citizens would be forced to rely on technologies that might not protect their private information against "crackers" and potential blackmailers. As in the physical world, the best public safety results from crime prevented through good practices, rather than crimes solved. Without strong cryptography Americans cannot lock their electronic doors, but must instead remain vulnerable. Thus, constraining cryptography might help law enforcement solve a small number of crimes, but it will do nothing to prevent opportunities for even more crimes, thereby reducing overall public safety.
Fourth, constraints on strong cryptography will jeopardize national
security. Requiring or encouraging weakened technology leaves the
Fifth, information technologies change quickly. We don't want to require enabling legislation whenever advances in technology increase the vulnerability of current key lengths. The recent cracking of 56-bit DES in the RSA challenge shows that distributed computing power is now available to break this key length, thus identifying a need for larger keys. A breakthrough in mathematics, such as increasing the speed of factoring numbers, would require a prompt response, such as increasing key lengths or changing algorithms. The proposed legislation would severely discourage such changes. Additionally, by preventing the initial acquisition of strong encryption technology, the need for near-term upgrades to defeat improved cracking techniques is almost assured, as are the extra financial burdens.
As a last point, consider the implicit message sent by passage of this act
or any like it. The
In summary, our professional position is that passage of the "Secure Public Networks Act" or similar legislation is ill-advised; we urge you to defeat this bill. Instead, we encourage passage of legislation such as Senator Conrad Burns' Pro-CODE bill, or Representative Bob Goodlatte's SAFE bill as a better, more effective aid to national security, law enforcement and civil rights.
IEEE is the world's largest technical professional association with 320,000
members worldwide. IEEE-USA promotes the career and technology policy interests
of the more than 220,000 electrical, electronics and computer engineers who are
If you need additional information, please contact Deborah Rudolph in the IEEE-USA Washington office at (202) 785-0017 or Lauren Gelman in the USACM Public Policy office at (202) 544-4859 or (202) 298-0842.
Barbara Simons, Ph.D. Paul J. Kostek
Public Policy Vice Chair Chair, U.S.
Committee of ACM Board
Activities Board United States