Previous Crypto Policy News

Previous Crypto Policy News

• EPIC, Coalition Ask Australia to Amend "Assistance and Access" Law: EPIC and a coalition of civil society organizations told the Australian Parliament that a law allowing police to require weak security for tech products should be amended. The Parliament reopened debate over the "Assistance and Access" law, broadly denounced as a threat to security and freedom of expression. Following earlier comments, the coalition has now called on the Australian Parliament to narrow the law. EPIC has long advocated for strong encryption, led the campaign against the Clipper Chip, and published the first global survey on Cryptography and Liberty. And when the FBI sued Apple in 2016 for refusing to allow law enforcement access to iPhones, EPIC filed an amicus brief in support of Apple arguing the FBI's demand "places at risk millions of cell phone users across the United States." (Feb. 25, 2019)
• EPIC Supports NIST Cryptographic Standards Process: In comments to the National Institute of Standards and Technology, EPIC backed NIST's efforts to coordinate "lightweight" crypto standards. EPIC took no position on the specific proposal, but expressed support for the NIST standard-setting process. EPIC said, "NIST's expertise in cryptography, its authority to accept public comment, and its ability to bring together leading experts to evaluate proposals is critical to the adoption of trustworthy computer standards in the United States and around the world." EPIC helped establish the freedom to use encryption in the United States with the "Clipper Chip" petition and has pursued many efforts to safeguard this right. Last week, EPIC advised NIST to revise the Risk Management Framework to make clear that federal agencies are required to conduct privacy impact assessments. (Jun. 29, 2018)
• Apple Will Bolster Encryption Of Devices, Prevent Apps From Selling Contact Lists: Apple announced two measures to strengthen the privacy and security of its devices: it will close a loophole that allowed law enforcement to access devices and it will prevent apps from secretly selling contact lists. In 2016, Apple refused a demand by the FBI to build backdoor access to iPhones to allow the FBI to unlock the phone of a criminal suspect. The FBI sued Apple, and EPIC filed an amicus brief in support of Apple, arguing that the FBI's demand "places at risk millions of cell phone users across the United States." The FBI eventually dropped the case. In a privacy complaint to the FTC, EPIC also opposed Google's plan to launch "Buzz," a social networking service, with private address book information. Google later backed off the plan and shuttered Buzz. In 2015, EPIC gave the Champion of Freedom Award to Apple CEO, Tim Cook, for his work protecting privacy and promoting encryption. (Jun. 14, 2018)
• EPIC, Coalition Condemn Russia Ban on Encrypted Messaging App: EPIC joined dozens of human rights organizations condemning Russia's attempt to block encrypted messaging app Telegram. In an open letter, the coalition states Russia's attempts to block the app have "resulted in extensive violations of freedom of expression and access to information, including mass collateral website blocking." The groups call on international organizations and governments to challenge Russia's actions, and on tech companies to resist government attempts to compromise fundamental rights. EPIC has historically campaigned in support of strong encryption. In April 1994, EPIC initiated the campaign to stop the Clipper Chip, a key escrow encryption scheme developed by the NSA. (Apr. 30, 2018)
• Obama Drops Plan to Regulate Crypto: According to the New York Times, President Obama has concluded that "it is not possible to give American law enforcement and intelligence agencies access to that information without also creating an opening that China, Russia, cybercriminals and terrorists could exploit." Earlier this year Apple CEO Tim Cook said at the EPIC Champions of Freedom dinner, "Criminals are using every technology tool at their disposal to hack into people's accounts. If they know there's a key hidden somewhere, they won't stop until they find it." EPIC launched the public campaign for the freedom to use encryption in 1994 and several of the world's leading cryptographers are members of the EPIC Advisory Board. Tim Cook received the 2015 EPIC Champion of Freedom Award. Past recipients include Max Schrems and Edward Snowden. (Oct. 11, 2015)
• EPIC Joins Call for Stronger Encryption Standards: EPIC, joined by several organizations, today urged the National Institute of Standards and Technology to adopt "secure and resilient encryption standards, free from back doors or other known vulnerabilities." The groups raised concerns that the National Security Agency would influence the standard-setting process to enable surveillance of private communications. EPIC previously advised NIST to remove its support for a random number generator algorithm that the NSA compromised. EPIC also recommended that NIST inform the public of the full extent of the NSA's involvement in the Cybersecurity Framework. EPIC President Marc Rotenberg first warned of the risk that the NSA would influence NIST encryption standards in testimony before Congress in 1989. For more information, see EPIC: Cryptography Policy. (Nov. 20, 2014)
• Court Orders Report on Use of Secret Keystroke Monitor. In the first case of its kind, a federal court in New Jersey has ordered the FBI to disclose information concerning the surreptitious installation of a keystroke monitor used to capture a suspect's PGP encryption passphrase. Judge Nicholas Politan directed the government to produce a report "detailing how the key logger device functions" by August 31. EPIC has made the case documents, including the Judge's order, available online. (August 14, 2001)
• BXA Issues Revised Encryption Export Regulations. On October 18, 2000, the U.S. Department of Commerce Bureau of Export Administration (BXA) announced further revisions to the export regulations on encryption products. The new rules amend the Export Administration Requirements (EAR) and liberalize the export and reexport of encryption products to the 15 European Union member states and Australia, the Czech Republic, Hungary, Japan, New Zealand, Norway, Poland and Switzerland. The Administration first stated its intention to update it's encryption policy on July 17, 2000 in response to the European Union's decision earlier that month to create a "license free zone" for most encryption technologies. (October 19, 2000)
• Court Rules that Crypto Source Code is Speech. The U.S. Court of Appeals for the Sixth Circuit ruled on April 4, 2000, that "because computer source code is an expressive means for the exchange of information and ideas about computer programming, . . . it is protected by the First Amendment." The court decision was issued in Junger v. Daley, a legal challenge to U.S. export controls on encryption software. The case, in which EPIC filed an amicus brief, will now return to a lower court for consideration of the impact of new U.S. export regulations issued in January 2000. (April 6, 2000)
• EPIC Releases International Crypto Survey. On April 3, 2000, the Electronic Privacy Information Center released a study on encryption policies in 135 countries. Cryptograpy and Liberty 2000 finds that that the trend toward relaxation of export controls is continuing, but also that law enforcement agencies are seeking new authority and new funding to gain access to private keys and personal communications.
• Revised Crypto Export Control Rules Released. The U.S. Commerce Department on January 12 announced the issuance of revised regulations governing the export of encryption products. While permitting the export of previously controlled items, the new rules maintain a complex and burdensome licensing scheme, and retain substantial restrictions on the ability to exchange information concerning encryption.
• Draft Crypto Regs Fall Short of Administration Promises. The Commerce Department has released draft regulations on encryption exports. The proposed revision would established a complex and burdensome regulatory regime that falls far short of the major liberalization promised by the Administration in its September announcement of a policy change.
• Administration Announces New Encryption Policy. On September 16, the White House announced revisions to U.S. export controls on encryption, the specific details of which have not yet been drafted. As part of its new initiative, the Administration released a final version of the Cyberspace Electronic Security Act (CESA), which addresses law enforcement access to decryption keys; funding for the Technical Support Center in the Federal Bureau of Investigation; and protecting the confidentiality of government techniques used to obtain access to plaintext. EPIC is questioning whether the privacy of average users will truly be enhanced under the new policy. A complete archive of materials is available, including the text of CESA and a transcript of the White House press briefing.
• House Committees Gut SAFE Crypto Bill. Two House Committees have completely overhauled the Security and Freedom Through Encryption (SAFE) bill, which would relax export controls on encryption. The revised language and legislative reports issued by the House Armed Services Committee and the House Intelligence Committee are available online. The various versions of the SAFE bill will now go to the House Rules Committee, which will decide which language will be presented to the full House.
• House Committee Amends and Approves SAFE Crypto Bill. On June 23, the House Commerce Committee approved the Security and Freedom Through Encryption (SAFE) bill, which would relax export controls on encryption, with several amendments. One of the amendments (PDF format) would make it a crime to fail to decrypt encrypted information when ordered to do so.
• Government Seeks Review of Crypto Decision. The Department of Justice filed a petition for rehearing on June 21 seeking to overturn the Ninth Circuit Court of Appeal's opinion in the Bernstein case,which held that encryption source code is scientific expression protected by the First Amendment.
• Appeals Court Rules Crypto Controls Unconstitutional. In a long-awaited landmark decision, the U.S. Court of Appeals for the Ninth Circuit ruled on May 6 that U.S. controls on the export of encryption software violate the First Amendment. EPIC participated in the case -- Bernstein v. Department of Justice -- as a friend-of-the-court and filed an amicus brief opposing the controls.
• Encryption Export Bill Introduced in Senate. The PROTECT Act of 1999 (Promote Reliable On Line Transactions To Encourage Commerce and Trade) was introduced in the U.S. Senate on April 14. See the floor statements of the sponsors for details on the latest proposal to relax crypto export controls.
• House Judiciary Committee Approves SAFE Crypto Bill. The House Judiciary Committee approved the Safety and Freedom through Encryption (SAFE) Act of 1999 on March 24. The legislation would relax U.S. export controls on encryption, but contains a controversial provision that creates a new federal crime for the use of encryption to conceal criminal conduct. The bill will next be considered by the International Relations Committee.
• Groups Urge Court to Reject Crypto Controls. EPIC has coordinated the submission of a "friend-of-the-court" brief arguing that U.S. export controls on encryption violate the First Amendment. The brief, which was joined by a broad coalition of organizations and several noted security experts, supports the challenge of Prof. Peter Junger, whose case is now pending before the U.S. Court of Appeals for the Sixth Circuit.
• U.S. Official Says Key-Escrow Crypto is Inferior. In a government document obtained by EPIC, a high-ranking U.S. official acknowledges that "key-escrow" encryption is "more costly and less efficient" than non-escrowed products. See EPIC's press release for more details.
• Cyber-Rights Groups Welcome New Crypto Coalition. EPIC, the ACLU and EFF have issued a joint statement on encryption policy, welcoming the creation of the industry-led Americans for Computer Privacy. Meanwhile, Vice President Gore has sent a letter to Sen. Tom Daschle reiterated the Administration's commitment to preserving the ability of law enforcement to access the plaintext of communications and stored data.
• Crypto Survey Finds Little Global Support for Restrictions. The Global Internet Liberty Campaign released the first comprehensive review of cryptography policies around the world in February 1998. "Cryptography and Liberty: An International Survey of Encryption Policy" finds that few countries restrict technologies for online privacy.
• Bringing the Cold War Home. The President's Commission on Critical Infrastructure Protection calls for the establishment of a new national security bureacracy and recommends limitations on personal privacy and government accountability. Also endorses key escrow encryption (summary).
• Europe Rejects Key-Escrow. In a major blow to U.S. policy on encryption, the European Commission has issued a policy paper that is highly critical of key-escrow encryption proposals and crypto regulation generally.
• EPIC Testifies on Computer Security. EPIC recently testified before the House Science Committee in support of the Computer Security Enhancement Act of 1997, H.R. 1903. EPIC said the measure would help restore public confidence in decision-making on technical standards by federal agencies.
• EPIC Files Suit for Crypto Czar Travel Records. The Electronic Privacy Information Center filed a Freedom of Information Act lawsuit in federal district court, seeking the disclosure of the travel records of Ambassador David Aaron. The suit was filed on the eve of the G-7 summit where it is expected that the White House will be pushing for international acceptance of key escrow encryption. The multi-nation OECD earlier this year rejected a similar proposal.
• Schlafly on Crypto. In a column titled Encryption is Essential to Freedom, Phyllis Schlafly argues "it should be the policy of the United States to encourage wide dissemination of strong encryption technology."