The IT Law Wiki
Register
Advertisement

Citation[]

National Research Council, Computer Science and Telecommunications Board, Committee to Study National Cryptography Policy, Cryptography's Role in Securing the Information Society (Kenneth W. Dam & Herbert S. Lin, eds. 1996) (full-text).

Overview[]

In May 1996, the National Research Council (NRC) released this report, nicknamed "CRISIS". It stressed that national policy should make cryptography broadly available to all legitimate elements of society, promote continued economic growth and leadership of key U.S. industries, and ensure public safety and protection against foreign and domestic threats.

Products using unescrowed encryption are in use today by millions of users, and such products are available from many difficult-to-censor Internet sites abroad. Users could pre-encrypt their data, using whatever means were available, before their data were accepted by an escrowed encryption device or system. Users could store their data on remote computers, accessible through the click of a mouse but otherwise unknown to anyone but the data owner, such practices could occur quite legally even with a ban on the use of unescrowed encryption. Knowledge of strong encryption techniques is available from official U.S. government publications and other sources worldwide, and experts understanding how to use such knowledge might well be in high demand from criminal elements.[1]

Among the recommendations of this Report:

  • key escrow is an unproven technology and the government should experiment with it and work with other nations, but not aggressively promote it now;
  • export controls should be relaxed progressively, but not eliminated; and * encryption policy issues can be debated adequately in public without relying upon classified information.

The report also recommended that no law should bar the manufacture, sale or use of any form of encryption within the United States; and government should promote information security in the private sector. The report underscored that utilization of strong encryption and law enforcement objectives can be mutually compatible.

References[]

  1. Id. at 303.
Advertisement