January 27, 1994 Washington, DC More than three dozen of the nation's leading cryptographers, computer security specialists and privacy experts today urged President Clinton to abandon the controversial Clipper encryption proposal. The letter was coordinated by Computer Professionals for Social Responsibility (CPSR), which has long sought to open the issue of cryptography policy to public debate The group cited the secrecy surrounding the proposal, widespread public opposition to the plan and privacy concerns as reasons why the initiative should not go forward. The letter comes at a crucial point in the debate on cryptography policy. An internal Administration review of the issue is nearing completion and the National Security Agency (NSA) is moving forward with efforts to deploy Clipper technology in civilian agencies, including the Internal Revenue Service. CPSR has sponsored several public conferences on cryptography and privacy and has litigated Freedom of Informa- tion Act cases seeking the disclosure of relevant government documents. In one pending FOIA case, CPSR is challenging the secrecy of the Skipjack algorithm which underlies the Clipper proposal.
January 24, 1994 The President The White House Washington, DC 20500 Dear Mr. President, We are writing to you regarding the "Clipper" escrowed encryption proposal now under consideration by the White House. We wish to express our concern about this plan and similar technical standards that may be proposed for the nation's communications infrastructure. The current proposal was developed in secret by federal agencies primarily concerned about electronic surveillance, not privacy protection. Critical aspects of the plan remain classified and thus beyond public review. The private sector and the public have expressed nearly unanimous opposition to Clipper. In the formal request for comments conducted by the Department of Commerce last year, less than a handful of respondents supported the plan. Several hundred opposed it. If the plan goes forward, commercial firms that hope to develop new products will face extensive government obstacles. Cryptographers who wish to develop new privacy enhancing technologies will be discouraged. Citizens who anticipate that the progress of technology will enhance personal privacy will find their expectations unfulfilled. Some have proposed that Clipper be adopted on a voluntary basis and suggest that other technical approaches will remain viable. The government, however, exerts enormous influence in the marketplace, and the likelihood that competing standards would survive is small. Few in the user community believe that the proposal would be truly voluntary. The Clipper proposal should not be adopted. We believe that if this proposal and the associated standards go forward, even on a voluntary basis, privacy protection will be diminished, innovation will be slowed, government accountability will be lessened, and the openness necessary to ensure the successful development of the nation's communications infrastructure will be threatened. We respectfully ask the White House to withdraw the Clipper proposal. Sincerely, Public Interest and Civil Liberties Organizations Marc Rotenberg, CPSR Conrad Martin, Fund for Constitutional Government William Caming, privacy consultant Simon Davies, Privacy International Evan Hendricks, US Privacy Council Simona Nass, Society for Electronic Access Robert Ellis Smith, Privacy Journal Jerry Berman, Electronic Frontier Foundation Cryptographers and Security Experts Bob Bales, National Computer Security Association Jim Bidzos, RSA Data Security Inc. G. Robert Blakley, Texas A&M University Stephen Bryen, Secured Communications Technologies, Inc. David Chaum, Digicash George Davida, University of Wisconsin Whitfield Diffie, Sun Microsystems Martin Hellman, Stanford University Ingemar Ingemarsson, Universitetet i Linkvping Ralph C. Merkle, Xerox PARC William Hugh Murray, security consultant Peter G. Neumann, SRI International Bart Preneel, Katolieke Universiteit Ronald Rivest, MIT Bruce Schneier, Applied Cryptography (1993) Richard Schroeppel, University of Arizona Stephen Walker, Trusted Information Systems Philip Zimmermann, Boulder Software Engineering Industry and Academia Andrew Scott Beals, Telebit International Mikki Barry, InterCon Systems Corporation David Bellin, North Carolina A&T University Margaret Chon, Syracuse University College of Law Laura Fillmore, Online BookStore Scott Fritchie, Twin-Cities Free Net Gary Marx, University of Colorado Ronald B. Natalie, Jr, Sensor Systems Inc. Harold Joseph Highland, Computers & Security Doug Humphrey, Digital Express Group, Inc Carl Pomerance, University of Georgia Eric Roberts, Stanford University Jonathan Rosenoer, CyberLaw & CyberLex Alexis Rosen, Public Access Networks Corp. Steven Zorn, Pace University Law School (affiliations are for identification purposes only)