djallen at cts.com
Tue Sep 18 17:30:59 PDT 2001
Excellent letter. You might also want to emphasize another point which
perhaps is more likely to get their attention right now: If the
government can read that postcard, so can the enemy.
Such a policy would play right into the hands of the kinds of terrorists
who are most dangerous. The patterns, schedules, and plans of many
potentially vulnerable organizations would immediately be put in
jeopardy. And they would be just as helpless as all those now unarmed
passengers of commercial flights.
Neil Schneider wrote:
> I'm including a message I wrote for faxing to my congress critters. I'm
> going to fax it, because I read on /. that it is one of the most effective
> ways to get their attention.
> I would like some constructive criticism, before I send it out. If you
> want to do the same, I'm all for it.
> --- letter --
> To Whom It May Concern:
> As a the owner of a small business in the network consulting business, I
> am deeply concerned about what I have been reading about new laws covering
> the use of encryption. I use encryption on a daily basis as a part of my
> business. I use it to connect securely to servers I administer for my
> clients. I use it to conduct e-commerce through the internet. And I use it
> to protect my privacy when sending email to friends and associates.
> I have been reading that some members of Congress want to require a key
> escrow for all my encrypted traffic. Not only is this bad policy, from a
> purely constitutional perspective, it is impractical as well. Most of the
> encryption I use involve session keys, using public-private key pairs.
> The encrypted session keys are generated by the computers after
> authentication at the time of the connection, and then regenerated at
> regular intervals, perhaps every hour, if the connection is persistant.
> There are no permanent records of these keys. For security reasons they
> only exist in the memory of the two computers making the connection. To do
> otherwise would open the connection to attack and compromise. The same is
> true for connections between web browsers and secure web sites. If
> Congress succeeds in making these uses of encryption illegal, for supposed
> national security reasons, they will not only harm my business, they will
> endanger all Internet commerce. This has the potential to cause more
> financial hardship for the computer industry, already reeling from recent
> financial setbacks.
> Encryption is like the envelope I put my e-mail in to send it to a friend
> or business partner. Sending unencrypted email, is like sending a postcard
> through the mail. The proposed laws would have be equivelent of telling
> all US citizens that they can no longer send their mail in envelopes, but
> must use postcards for all correspondence. I find it hard to comprehend
> that members of Congress believe that making encryption, without key
> escrow, illegal for US citizens is going to prevent criminals from using
> it. I fail to see how this will increase national security, though I do
> see how it will curtail my rights to privacy.
> "They that give up essential liberty to obtain a little temporary safety
> deserve neither liberty nor safety" --Benjamin Franklin, 1759
> I know that some people in law enforcement are lobbying hard for this new
> law. However I think their efforts are misguided and I will fight with all
> my means to protect my right to privacy. I have every right to protect my
> private communications from the prying eyes of government agencies and
> others. If they want to read those communications, they have tools at
> their disposal, through the courts, to compel me to divulge the content of
> my encrypted traffic. Some proposals now before the Congress would make
> the use of encryption without key escrow criminal.
> I am a registered voter, and have failed only once to vote in an election
> where I was eligible. I am going to be watching this issue closely, and
> will be making voting decisions in future elections, based upon how
> members of Congress vote.
> --- end letter --
> Neil Schneider
More information about the KPLUG-List