Table of Contents
News from the frontlines
What you must do
Concluding the meeting
Tips on how to conduct your visit
Angles on encryption
Questions about encryption you might be asked
Participating Organizations / More Information
Congress as a whole is beginning to focus on encryption - bills moving through both House and Senate would improve availability of privacy and security for the Net. With three hearings in the Senate and one scheduled in House Judiciary Committee for early September - pro-encryption bills have a chance of passing, or at least helping to lay the groundwork for the next Congress.
Recently in a live chat from the Republican Convention in San Diego, Senator Conrad Burns (R-MT) said he believed he had enough votes to pass Pro-CODE out of the Senate Sub-Committee and Committee. This is the farthest encryption activists will have come in the crypto fight in years.
We need your help to make the case to Congress that encryption is important to privacy and security online, as well as the future potential of the Internet to create jobs and promote US competitiveness. Here's what you can do: -sign the petition at http://www.crypto.com/petition/ -make an appointment with your legislator's local office
With the directions below, visit your Congressperson - urge them to support the two bills: Pro-CODE "Promotion of Commerce Online in the Digital Era" (S.1726) & SAFE "Security and Freedom Through Encryption" (HR 3011).
Now is the time to tell your member of Congress that government restrictions on encryption are unacceptable to the future of the Internet. In recent months, the FBI and the White House have been using local sheriffs to lobby members of Congress on this issue. If you don't tell your member of Congress our side of the story, they won't hear it from anyone.
Here's what you need to do:
1. Make an appointment with your Senators'/Representative's local office. It's probably best to make an appointment with the local office manager. It's great if you can get an appointment with your legislator, but don't worry if your legislator cannot be there.
If you don't know who your Representative and two Senators are, simply call the local League of Women Voters office and ask! You might also try using the Zipper at http://www.voxpop.org:80/zipper/
2. Sign the petition at http://www.crypto.com/petition/ A petition has been setup to help show Congress that encryption policy must be driven by the market's concerns.
3. Setting up the meeting When making the appointment, you should say that the topic is privacy and encryption on the Internet. Ensure they know you are a constituent. If possible, take a friend who owns a small Internet business (web design, ISP, whatever) who also lives in the district.
It's crucial that you do not wait to get someone to go before making the appointment. Make the appointment, then go looking for someone to go with you.
4. Carry the following message as a theme through your meeting.
Encryption is important to privacy - the Internet is vulnerable and the future of American competitiveness is at stake. Encryption is NOT a terrorist weapon any more than a hammer is a terrorist weapon. While there are difficult national security issues, these should not be the driving force of this debate.
The future of the Internet should not be held hostage by a cold-war era world view.
There are a few things you should remember as you finish your meeting.
If talking to a member, find out if we can count on his/her support for the PRO-CODE/SAFE bill. If talking to a staffer, make it their mission to find out the answer to this question.
As you leave the meeting, run, don't walk, to the nearest card shop and buy a thank you card. Write a thank you and address it immediately. Stick it in the nearest mailbox.
TIPS ON HOW TO CONDUCT YOUR VISIT
Always be polite. Never threaten. Never lose your cool.
Many staffers have no idea what encryption is. Moreover, they might have never used the Internet. You should view this as an opportunity: you will get the chance to define the debate and educate them. You may even want to bring a laptop with a modem and take the member/staff on a breif Internet tour. (Be careful about what you show them.)
Remember we're all taxpayers, so the phrase "I'm a taxpayer" is meaningless.
Be brief. If you're going in a group, plan out the topics each person will hit. Appoint someone to act as a spokesperson for the group, so there can be a central contact.
Remember the first law of Real Estate: LOCATION LOCATION LOCATION. It's crucial that everyone at the meeting be a potential vote for the legislator.
Remind yourself that your legislator probably hasn't yet made a decision on this issue yet; you're there to educate as much as anything.
Go as *individuals* or *business owners* who have a stake in the debate on encryption issue.
Internet business angle: When speaking from the point of view of an Internet Service Provider or Web design firm, you have available several arguments, such as:
"The popularity of the Net has created a gold rush which has benefitted my business and the local voters I employ. Concerns about security on the net could dampen that excitement, and diminish the potential for industry"
"Many types of services that I would like to offer online cannot be done without strong security. The current level of security is too weak to engender public trust, and will diminish the types of business people will put on the net."
Clipper angle: If someone brings up the issue of Clipper and the idea that government should be trusted to hold your private encryption key, you have several options available to you:
"It's not clear that the Administration can be trusted to hold any information secret, after incidents like the FBI Filegate scandal."
"Handing over one's encryption keys to the gov't is just like giving the local police station a copy of your house key, just in case they need to search your apartment. Of course they would promise never to use it unless authorized."
QUESTIONS ABOUT ENCRYPTION YOU MIGHT BE ASKED
There are a number of questions you will probably be asked by the staff or member that you should be prepared to answer. Here's a few of them and some answers you should feel comfortable with.
WHAT IS ENCRYPTION?
Encryption is a method of scrambling information with one or more "keys" so that only the sender and receiver can read it, and an eavesdropper cannot. Your bank card PIN, telephone conversations, love letters, health records, and business correspondence are all things that might need to be encrypted.
WON'T TERRORISTS AND CRIMINALS USE ENCRYPTION?
Perhaps. But criminals and terrorists already have access to strong encryption from overseas, and are unlikely to use encryption technologies which they know are breakable by the US government. Would you send sensitive information using a code that you knew your adversaries could break?
Criminals and terrorists will, for better or worse, have access to strong encryption regardless of U.S. efforts to restrict its availability. Meanwhile, current U.S. policy leaves sensative personal and business communications vulnerable and actually creates opportunities for crimes like industrial espionage.
WHAT IS 40 BIT ENCRYPTION?
Quite often the strength of an encryption system is measured by the size of the key. Forty bits is about the same as a five or six letter word, such as "apple". The US government has stated that American companies that wish to sell products with encryption can only implement encryption whose keys are forty bits long.
At one time it was quite difficult to attack and recover messages that were encrypted with 40 bit encryption. Because of advances in computer power and research, it has become much easier to do this. As recently as last year, a graduate student in France broke 40-bit encryption using University resources he had available in his spare time.
DON'T EXPORT RESTRICTIONS PREVENT ENCRYPTION PRODUCTS FROM GOING ABROAD?
No. The idea that export restrictions actually keep encryption out of the hands of non-U.S. citizens implies that all encryption products come from the U.S. This is simply untrue, and the plethora of products available from non-U.S. sources now shows how absurd it is to continue to keep such regulations intact.
DO EXPORT RESTRICTIONS HURT U.S. COMPANIES IN THE GLOBAL MARKETPLACE?
Yes. American hardware and software companies compete globally with products from around the world. For many companies, a majority of their business comes from international sales. In the crowded marketplace of this fast- paced business, developing a product with a single feature that outshines a competitor's product can often be deciding factor in a consumer's mind.
Yet, American hardware and software businesses are at a disadvantage, as many competing non-U.S. products can offer stronger encryption than they can. This places American products at a distinct competitive disadvantage.
DO EXPORT RESTRICTIONS LIMIT AMERICANS' CHOICE OF SECURITY PRODUCTS?
Yes. Although it is possible to sell two versions of a product, one with strong encryption for sale domestically and one with weak encryption for sale abroad, most companies find this schizophrenic product development approach to be too burdensome and risky. The result is that companies that produce hardware and software products that require security tend to omit such features entirely, or weaken them so that the same product can be used for export as for domestic use.
The end result of this is that Americans end up with products that are becoming increasingly incapable of protecting their privacy, hampered by regulations that can longer accomplish their goal.
PARTICIPATING ORGANIZATIONS / MORE INFORMATION
For more information on the encryption issue, check these important organizations' WWW sites:
Center for Democracy and Technology (CDT): http://www.cdt.org
Electronic Frontier Foundation (EFF): http://www.eff.org
Electronic Privacy Information Center (EPIC): http://www.epic.org
Voters Telecommunications Watch (VTW): http://www.vtw.org
Wired Ventures Ltd.: http://www.hotwired.com
Also check these great educational sites:
Encryption Policy Resource Page: http://www.crypto.com
Internet Privacy Coalition: http://www.privacy.org
Return to the EPIC Crypto Page