FOR IMMEDIATE RELEASE Thursday, September 16, 1999 4:00 p.m. EPIC QUESTIONS IMPACT OF NEW CLINTON CRYPTO POLICY; SAYS EFFECT ON AVERAGE USERS REMAINS UNCLEAR WASHINGTON, DC - The Electronic Privacy Information Center (EPIC) today questioned whether the Clinton Administration's newly-announced encryption policy actually enhances the privacy of most computer users. Under the policy, the Administration will draft new encryption export regulations that will "strike a balance" between the needs of industry and law enforcement. It remains unclear whether the new rules -- due later this year -- will result in a meaningful liberalization of the export process. Coupled with the vague export revisions is new legislation that will provide a legal framework for law enforcement access to decryption keys; provide funding for an FBI Technical Support Center; and protect the confidentiality of decryption techniques developed cooperatively by government and industry. Under the latter provision, law enforcement agents would be exempted from routine requirements of criminal procedure that permit a defendant to explore the means by which evidence was obtained. The legislative vehicle for these initiatives -- the Cyberspace Electronic Security Act -- was unveiled today and will soon be transmitted to Congress. According to David Sobel, EPIC's General Counsel, more details of new policy must be released before its impact on user privacy can be assessed. "It appears that the FBI and large computer companies have reached an agreement on encryption, but that is not necessarily in the interest of the average computer user." He added that cooperation between industry and law enforcement could result in encryption products that provide "less security than advertised, with hidden vulnerabilities the government can exploit." EPIC will closely monitor the process of implementing the newly-announced policy, particularly the promulgation of the revised export control regulations and the development of special sensitive techniques to be used to extract plaintext from encryption products and services. The text of the Cyberspace Electronic Security Act, and other documents released by the White House today, are available at: http://www.epic.org/crypto/legislation/cesa/