Draft Minutes of the
Federal Networking Council
Advisory Committee (FNCAC) Meeting



April 8 & 9, 1996
National Science Foundation
4201 Wilson Blvd., Rm. 1235
Arlington, VA 22230




I. ATTENDEES

Attending FNCAC Members:
Henriette Avram, Library of Congress, Retired; Jim Beall, IBM; Alan Blatecky, MCNC; Matt Blaze, AT&T; George Brandenburg, Harvard University; Ken Flamm, Brookings Institution; Carol Henderson, American Library Association (Chairperson, FNCAC); Bob Heterick, Educom; Ken Klingenstein, University of Colorado; Stu Loken, LBL; Ed Oliver, ORNL; Stewart Personick, Bell Communications; Marc Rotenberg, EPIC; Connie Stout, TENET; Harold Thompson, ICN; and Stephen Wolff, CISCO

Attending Members of the FNC and FNC Working Groups:
Bruce Bottomley, NSA; John Cavallini, DOE; Tice DeYoung, NASA; Phil Dykstra, ARL; Frank Hartel, NIH; Jim Hott,USGS; Alfred Lee, DoC/NTIA; Mark Luker, NSF; Gary Minden, DARPA; Alex Poliakoff, Dept of Education; Nora Sabelli, NSF; Rob Rosenthal, DARPA; George Seweryniak, Dept. of Energy; Tom Shaver, DoD/NSA; Stephen L. Squires, DARPA; Mike St. Johns, ARPA; Dennis Steinauer, NIST; George Strawn, NSF; Walter Wiebe, FNC; Tony Villasenor, NASA

Invited Speakers:
Ed Appel, NSC; Hans-Werner Braun, SDSC/NLANR; Jane Caviness, Educom; Kimberly Claffy, SDSC/NLANR; Bob Collet, CIX; Adam Eisgrau, American Library Association; Mark Garrett, Bellcore; Wanda Kaye Jackson, Texas Education Network; Tom Kalil, White House; Dennis Kirchoff, Ford; and Ray Snouffer, NIST

Observers:
Eric Aupperle, Merit; Susan Bailey, BBN; Heather Boyles, FARNET; KimberlyClaffy, SDSC; Doug Carlson, CTC; Mary Dunham, CIA; David Gaon, DoD/DISA; Douglas Gatchell, NSF/CISE/NCRI; Robert Gillespie, NWACC; Jim Hott, USGS; Tracy Hughes, MCI; Paul Love, ICV; Ken McNulty, CERT; David Staudt, NSF; John Toole, NCO; Dan Van Belleghem, SURA; Von Welch, DOE; Jim Williams, FARNET; and Bill Yurick, U. of Pittsburgh

FNC Support Personnel:
Regina Colbert, DynCorp; Tracie Monk, DynCorp; Julie Walker, DynCorp; Bonnie Wilson, DynCorp

II. ACTION ITEMS

GENERAL TOPICS:

1. The FNCAC has requested that the FNC provide information on the status of the domain name and domain addressing issues. (This was a topic of discussion at the October 1995 FNCAC meeting.)

NETWORK TRANSITIONS & SCALABILITY:

2. The Network Transitions and Scalability Working Group will prepare a set of recommendations for consideration by the full FNCAC. Among other items, the recommendations will include statements: a) commending the FNC's efforts to promote collaborations related to Internet statistics/metrics, security, etc.; b) urging the Federal R&E networks to promote efforts related to research and demonstration of tools to enhance Internet quality of service; and c) encouraging measurements based on quality of service to be shared among Internet Service Providers. (FNCAC TSWG - resolution distributed 5/96)

3. The FNCAC suggests that the FNC explore options related to the Federal R&E networks "leading" through the development and utilization of model contracts with Internet service providers and through utilizing procurement vehicles to effect changes related to an improved Internet environment.

4. The White House welcomes FNCAC recommendations about how the Federal government can use its leverage as a major Internet user / R&D funder to directly address certain market requirements.

5. Kimberly Claffy (SDSC) was asked to take the lead in identifying critical networking metrics and tools which could be run over Federal R&E networks, including defining the characteristics of an "ideal" measurement tool which could gather data on both end-to-end performance and workflow characterization.

INTERNET SECURITY & PRIVACY:

6. The FNC Privacy and Security Working Group (PSWG) requests recommendations from the FNCAC about the potential roles that industry could and should play in the Collaborations in Internet Security (CIS) effort.

7. The FNCAC's Internet Security and Privacy Working Group (SPWG) will write a letter to the National Performance Review (NPR) indicating their approval of the decision to fund the multiagency CIS effort.

8. The FNCAC is invited to contact Ed Appel of the National Security Council (NSC) with comments and recommendations related to the Federal government's policies on encryption and on export control.

9. The FNCAC SPWG Security Co-Chair will draft a resolution, and timeline, for review by the FNCAC. It will include the following points:

10. The FNCAC SPWG Privacy Co-Chair will draft a resolution, and timeline, for review by the FNCAC. It will include the following points:

11. The FNC should increase its role as a catalyst in promoting research, testing, and deployment of Internet security technologies throughout the Federal government.

INTELLECTUAL PROPERTY ISSUES:

12. The FNCAC Intellectual Property Working Group will draft a resolutionurging the FNC to explore the possibility of the National Research Council (NRC) conducting a study on intellectual property issues, copyright concepts, andtheir intersection with network structure, efficiency, and use.

EDUCATION:

13. Harold Thompson and Ed Oliver have requested that they be added to the Education Working Group membership.

14. This working group has requested that a mail list be established for future discussions (EDU@FNC.GOV).

15. The Education Working Group will work with the Department of Education (DoED) to develop materials to be posted on DoED's home page. The materials will include a message to the K-12 community conveying realistic expectations they can have of the Internet, how the Internet may affect them, and hints for getting around congestion and other identified problems.

16. NSF and DoED will work together to develop an education clearinghouse. The FNCAC Education Working Group will develop a preliminary list of items to be included in a clearinghouse of information (including administrative and policy information related to K-12 networking, schoolboard policies, student privacy rights, etc.), and a list of existing clearinghouses. The goal for having this clearinghouse operational is October 12, 1996.

17. The FNCAC Education Co-Chairs will work together to develop a framework for a "Universal Service" clearinghouse and to identify the topics that schools need to address in obtaining connectivity.

III. AGENDA AND PROCEEDINGS

1. Opening and Overview

Carol Henderson, FNCAC Chair, called the meeting to order, welcoming the three new members (Matt Blaze, AT&T; Ed Oliver, ORNL; and Harold Thompson, Iowa Communications Network), returning members of the FNCAC, and members of the FNC. The workplan for the year was reviewed, with a reminder that the FNCAC will focus on four issues this year: Network Transitions/Scalability;Security and Privacy; Intellectual Property; and Education. Working groups have beenestablished for each of these areas. Although these topics are potentially very broad,the focus of the working groups will be on internetworking considerations. The Committeeon Information and Communications (CIC) was briefed on these topics inDecember 1995, at which point they expressed their support for the FNCAC's1996 workplan.

The action items from the October 1995 meeting were reviewed. The minutesfrom this meeting were approved as written.

2. FNC Initiatives and Issues During 1996

Tony Villasenor, FNC Co-Chair / NASA, welcomed John Toole from the NationalCoordination Office (NCO), and described the current relationship between the FNC, the CIC and the subcommittee for High Performance Computing and Communications Information Technology (HPCCIT). He also described the FNC's current activities related to its mission of promoting interagency collaborations, including those related to Internet security; Internet performance (primarily caching and statistical measurements); and multicasttechnologies.

In February 1996, the FNC was awarded a grant under the National PerformanceReview's Innovation Fund to assist with a project entitled Collaborations inInternet Security (CIS). The CIS is coordinated by the Privacy and Securityworking group of the FNC. This effort is an attempt to explore issues in internet security and to work with agency and industry partners to create a better framework for managing internet security. Itwill include the development and testing of Internet security techniques,strategies, and products between nine Federal agencies. The CIS will alsoresult in the development of a laboratory accreditation program for testingand certifying Internet security software and systems. This process will be modeled on NIST's National Voluntary Laboratory Accreditation Program, which tests and accredits systems and products for private sector andFederal users. (see http://www.fnc.gov/cis_page.html)

The FNC is also participating in an NSF-supported project lead by theNational Laboratory for Advanced Networking Research (NLANR) to develop aglobal hierarchy of caches. This effort is aimed at improving the overallperformance of the Internet through the distribution and management of Internet traffic, while maintaining integrity and countingpackets. This project includes six root caches at key facilities throughoutthe U.S. and approximately two dozen international sites throughout Europe,Asia and South Africa. Other countries have placed a greater emphasis onthis activity out of necessity -- in order to minimize the cost ofintercontinental communications. The FNC and DOD's High PerformanceComputing Modernization Program/ARL are working with NLANR to establish oneof the first institutional level caches in the U.S. (For more informationsee: http://www.nlanr.net)

The collection of Internet statistics is also aimed at improving theoverall understanding and performance of the Internet. Currently, the FNCis supporting NLANR's efforts to gather and analyze statistics on trafficover the FIX-West facility. FIX-West is the only remaining Federally-support facility at which most Federal Research & Education (R&E) networksexchange traffic. NLANR and Bellcore co-hosted an NSF-supportedstatistics/metrics workshop in San Diego in February 1996 at which the FNCdelivered a paper.

The FNC is participating in issues related to ownership and administrationof DNS names and addresses. Two workshops have been held on the topic ofidentifying a long-term solution for administration of domainname/addressing responsibilities. A third is planned for the Fall. NSFhopes that the community will reach consensus on this issue in coming months,enabling the government to begin the process of transitioning out ofthese responsibilities. The FNC Executive Committee has also begun theprocess of identifying a long-term solution for management/administration ofthe ".GOV" domain. Responsibility for this domain is currently held by the FNC.

ACTION ITEM:



The FNC continues to encourage and support efforts that promoteinterconnection of high performance networks as part of its mission toenhance the effectiveness and capabilities of the national and globalinformation infrastructures (NII/GII). Along with the HPCCIT subcommittee, the FNC is very supportive of initiatives in this area, including: theInformation Wide Area Year (IWAY) project (http://www.iway.org) - anexperimental national testbed involving 17 sites at supercomputing centers and 60 technical applications projects; the Global Interoperability of Broadband Networks(GIBN) initiative (see http://info.ic.gc.ca/G7/themes.html) which can becharacterized as an international implementation of the IWAY; and theCollaborative Advanced Interagency Research Network (CAIRN) project, which isa DARPA-led effort to test advanced networking protocols and initiatives.

George Strawn (NSF / FNC Co-Chair) briefly reviewed NSF's new NSFnetConnections Solicitation which was released in March 1996. The solicitationprovides a major update of the connections program for institutions ofhigher learning, and includes a new innovative technologies portion to encourage Internet use within the K-12, museum, and library communities.The higher education component provides for high-performance connections ofuniversities to the high performance networking infrastructure of the vBNSat reasonable costs. For more information on this solicitation, seehttp://www.cise.nsf.gov/cise/ncri.

The FNC continues to provide a forum for interagency discussion andcommentary on issues affecting networking, including regulatory issues suchas those posed by the current ACTA petition to the Federal CommunicationsCommission (FCC) and new Federal initiatives such as the Post FTS2000strategy (see http://post.fts2k.gsa.gov).

Upcoming FNC events include:

FNCAC members applauded the FNC's dedication to collaborative efforts andencouraged the FNC to continue to expand these interagency initiatives.Participants discussed the need for an agency or organization to act as the"advocate" for issues relating to individual and organizational privacy,particularly privacy related to electronic communications.

Participants also discussed the CCIRN and its position as an internationalnetworking forum. Suggestions were made that since the commercial sectorsof other countries have much greater control/involvement in the evolution of the Internet than do theirgovernments, possibly the North American CCIRN should be expanded to includenon-Federal representatives. Participants also briefly discussed the legal,social, or technical roles of government in society, with respect to networking.

3. Session on Network Transitions and Scalability

a. Report on the Statistics / Metrics Workshop

As a follow-up to the statistics / metrics action item from the October 1995 FNCAC meeting, the National Science Foundation sponsored a workshop on Internet Statistics and Metrics Analysis (ISMA) at the San Diego Supercomputing center on February 19-20, 1996. The workshop hosts, Hans-Werner Braun and Kimberly Claffy (SDSC) and Mark Garrett (Bellcore), described the highlights of the meeting and the implications for future collection / analysis of statistics on the Internet.

The workshop was designed to examine both technical and policy issues related to Internet statistics, with approximately eight to ten workshop participants possessing extensive experience related to measuring statistics on the Net. Meeting participants were drawn from the ISP, vendor, research, and government communities. The discussions revealed that there is little commonality currently in the measurement approaches employed by the various individuals / communities. There appears to be a need for development of a common measurement methodology -- with consensus on what needs to be measured, why, how, etc. Workshop participants (and FNCAC participants) agreed that there needs to be a working group established on this subject. While the IPPM working group of the Internet Engineering Task Force (IETF) fills part ofthis need, its scope is not broad enough to fully address these issues.

The specific goals of the ISMA workshop were to: 1) establish on-going availability of traffic/performance data; 2) enable researchers to develop tools/methods using realistic data; 3) enable ISPs to (privately) optimize and improve their networks; and 4) enable users and ISPs to (publically) evaluate and establish service quality and reliability measures.

The workshop participants agreed that there is a significant need for a buy-in to the statistics issue from ISP business managers. There is also a need to distinguish between measures of reliability, availability, and serviceability (RAS) from those of quality of service (QOS), with calls for a RAS related service definition for ISPs. The initiative of the Automotive Network Exchange (ANX - see discussion below) which will set specifications for RAS was also discussed.

In terms of the role for the Federal government, Garrett suggested that the agencies concentrate their efforts on: 1) facilitating consensus on measurement methodology; 2) promoting research on new traffic models and derived control mechanisms; 3) encouraging cooperation among players; and 4) leading by example, e.g., deploying measurement tools across Federal R&E networks.

The speakers discussed the polarity of views expressed during the workshop. Of particular note were complications presented by the large, distributed environment facing the ISPs, where exponential demand growth and the lack of cooperation between ISPs complicates efforts to understand traffic workloads or work toward overall infrastructure improvements.

The conclusions emerging from the workshop include the fact that since there are no easy common solutions and that the issues are largely non-technical in nature, an evolution in the attitudes and understandings of both users and service providers is required. Incremental improvements are needed to achieve systemic solutions, including development of: 1) models, service metrics, and other tools to parameterize the situation; 2) common definitions related to QOS, RAS, and other terms; and 3) improved cooperation among service providers, which in turn needs to be promoted through the development of "business cases" illustrating the benefits accruing to ISPs through theircooperation.

Members of the FNCAC's Network Transitions and Scalability working group commended the ISMA co-chairs for their efforts related to the workshop and for the outstanding workshop report which summarized the meeting's presentations and conclusions. Members agreed with the presenters, that the issues related to Internet statistics and metrics cannot be resolved exclusively by the government, but rather the government's role is that of a catalyst in this process.

The legal and privacy issues related to statistics acquisition were discussed. Similar issues have arisen connected with earlier Federally-supported statistics acquisition efforts. Braun / Claffy explained that SDSC / National Laboratory for Applied Networking Research (NLANR) have developed tools to strip the header and address information from messages and mask the remaining data prior to making it available to researchers. Content data is not retained and is viewed as "off limits" by the research community.

The lack of coordination currently among ISPs was discussed. During (and since the workshop) there has been increased discussion about the possibility of ISPs joining together to improve their cooperation, facilitated by the presence of a neutral third party. FNCAC members also discussed the need for, and lack of, performance baselines and tools for users to gauge the actual performance of their providers. In addition to end-to-end performance measures, tools measuring que link are needed. Of critical importance, participants agreed, is the need to insert "economic rationality" in the Internet. The question of Federal leadership through employing model service contracts with providers was also discussed.

ACTION ITEM:



b. Requirements of Major Users -- Automotive Industry

Dennis Kirchoff (Ford Automotive Co.) described the current initiatives of the Automotive Industry Action Group (AIAG) related to the development of quality of service and metrics for inter-enterprise TCP/IP data communications known as the Automotive Network eXchange (ANX). The AIAG is tasked with improving automotive industry productivity through cooperation, communication and adoption of common business practices and standards.

AIAG's Telecom Project Team (consisting of Caterpillar, Chrysler, Dana, Ford, GM, John Deere, Robert Bosch, and United Technologies) is tasked with overseeing the design, implementation and operation of the ANX. Other foreign automotive companies are expressing interest in joining. Similar discussions are underway with firms representing the petroleum and aviation industries.

This AIAG team issued its first position statement in November 1994, advocating the adoption of TCP/IP as the standard for the industry. Since that time, the AIAG has agreed on the following features as those characterizing a desireable, common infrastructure:



To facilitate the development of this infrastructure, the ANX plans to:

  1. certify 10-12 highly competent Internet service providers to interconnect automotive trading partner's private networks and establish an interconnect point in southern Michigan which can act as a model for peering among these ISPs;

  2. monitor providers' ongoing compliance with performance standards that support business requirements -- for this ANX is in the process of looking for a neutral third party to act as "overseer";

  3. enforce strict security mechanisms to authenticate users and protect data, creating a "virtual private network" for the auto industry --end-to-end encryption will be available but not mandatory;

  4. function as an escalation point for problems involving multiple service providers; and

  5. publish price and performance information on service providers.


ANX has recently hired a business manager to shepherd this initiative forward. Plans entail moving toward a pilot stage by the 4th quarter of 1996. By late 1997, several hundred trading companies (and the major automotive companies) are expected to be on ANX. This will expand toseveral thousand by late 1998.

On the subject of performance metrics and requirements, ANX requires that there be minimal network congestion and efficient and predictable routings.Best effort services are not sufficient under this model. Pertinent metrics include those related to latency, packet/cell loss, link utilization, throughput, and BGP4 configuration and peering arrangements.

On the subject of Reliability Metrics and Requirements, ANX requires that there be high service availability. This availability will be supported by metrics related to: physical route diversity; routing protocol convergence times; disaster recovery plans; backbone, exchange point and access circuit availability; and speed of failed customer premise equipment replacement. As Kirchoff explained, the realm of metrics is an area of intersection between the interests of the auto industry and those of the FNC / FNCAC; the two groups should work closely together toward a common objective of developing and deploying tools in this sector. The AIAG also views government as a major user of ISP services -- thereby possessing leverage to drive positive developments in this sector (as opposed to passing regulation which the AIAG does not view as particularly helpful).

The incentive for the ISPs to become Certified Service Providers (CSPs) is both vision and professionalism as well as the fact that ANX is willing to pay for the higher QOS associated with CSPs. AIAG also hopes that this initiative will result in an overall improvement in the services offered by providers to the user community.

c. Telcom Bill -- Implications for the Future

Tom Kalil, Executive Office of the President, discussed the Telecommunications Act which was signed into law on February 8, 1996. The overall goals of this Act are to promote deregulation and competition in the telco industry, and to introduce universal service provisions. The Administration feels that this bill will provide an important regulatory framework which, in turn, will promote competition and reduce monopolies in this important and growing sector. Local competition provisions were among the most significant of the bill. There were also provisions for pre-empting state and local prohibitions regarding competition, including the elimination of 214 provisions which required that networks file before the FCC before building out their network. It also opened the door for utilities to offer services.

On the provisions related to universal service, the Act provides for "an evolving level of communications services which the commission will review periodically." The FCC has a responsibility to work with the states regarding the deployment of advanced telecommunication services.

Also included in the bill are measures such as the Exon Amendment, which regulates content by prohibiting anyone from using telecommunications services to make offensive content available to minors. Numerous organizations have challenged the constitutionality of this provision. The Exon Amendment also has privacy implications related to the requirement to authenticate identities for Web access. How to treat the Internet -- whether it is like the print media or like the telco media -- is another major constitutional issue currently under review.

Participants discussed the issue of privacy protection, and how it is handled elsewhere in the world, e.g., the European data protection directive. Companies are increasingly faced with the possibility of offering European and U.S. clients different levels of privacy protection due to the variance between the levels of privacy provided in Europe versus that in the U.S. Members discussed the absence in the Federal government of an entity vested with responsibilities related to protecting the privacy of U.S. citizens. What responsibilities that do exist are spread across multiple agencies.

Another Internet issue on which this Act will have an effect includesaccelerating the deployment of cheap, digital pipes to residential users -- the last mile. There is also a tremendous amount of innovation anticipated in the application area. At the same time, there are major infrastructure investment implications similar to those which faced AT&T years ago when it acted to write-off $9 billion in existing infrastructure against share-holder equity and make the investment in fiber following MCI and Sprint's similar announcements.

In the related area of Education, the President has four target areas: computers, network connection, teacher training and educational technology. The Administration is committed to changing the way teachers teach and students learn, thereby creating new relationships between students and teachers. A $2 billion, 5-year Technology Literacy Fund has recently been announced. Criteria for awards include commitments from the states to address equity issues; the availability of matching funds from the private sector; and the assurance from states that they are willing to accept a set of metrics on which performance data will be reported.

A recent success was Netday, where 20,000 volunteers participated in the wiring of California classrooms. A conference on lessons learned will be held in June.

The National Information Infrastructure (NII) Advisory Council met for the last time in February. Its publication, entitled "Kick Start", is now available and provides guidance for local communities interested in getting connected to the NII.

ACTION ITEM:

d. Industry Initiatives, including Quality of Service

Bob Collet, CIX/Teleglobe, described the Commercial Internet eXchange as aforum for approximately 150 Internet service providers (ISPs) to cooperatively work through political, legal and business issues affecting their industry. As they attempt to keep pace with the rapid growth of customers and Internet usage, ISPs are increasingly focusing on concerns of maintaining andimproving their infrastructure and equipment. In addition to these pressures, ISPs face complex financial issues relating to stockholder demands and/or the requirements of anticipated initial public offerings (IPOs).

Interest in topics of quality of service (QOS) is growing among ISPs. At the CIX membership meeting in Montreal (prior to INET '96), the CIX QOS working group will meet to discuss QOS issues and refine their initiative in this important area.

Fundamental to any attempts to implement QOS is the ability to collect and analyze comparative statistics on factors such as packet loss, availability, latency, etc. The CIX is willing to work with other organizations,including the government, to promote basic capabilities and tools in this area.

Currently, traffic on the Internet is increasing faster than is the economic incentive to increase bandwidth. However, Collet expressed the opinion that if the ISP industry does not act soon to solve problems related to QOS and the infrastructure, that the government might feel compelled to impose a regulatory solution. In CIX's view, such a result would not be optimum for ISPs nor, ultimately, for the user community.

At its October meeting, the FNCAC agreed to work toward promoting a meeting of major ISPs and users during which topics related to improved cooperation and collaboration in enhancing Internet operations and infrastructure would be discussed. Stewart Personick described recent discussions aimed at planningfor such an event in the Fall time frame.

An associated goal is the idea of promoting the establishment of a neutral third party responsible for facilitating this process and providing a catalytic function with respect to industry cooperation. Thetelecommunication industry analog to such a group is the Network Reliability Council which isrun by Bellcore.

Other topics discussed by participants included the importance of solving the data collection issues in the near term and dealing with an environment wherein there is a finite number of qualified technical personnel. Later collaborative problems include coordinating ISP traffic in a multivendor RSVP-type environment.

e. Discussion and Working Group Resolutions / Statement

Initial discussions focused on the need for multiple Internet service levels, differentiated by a scalable price structure and supported by reliablemeasurement tools and Internet-wide statistics. Economic models, according toparticipants, are needed to support the future growth of the Internet.

Participants agreed that implementation of QOS by a few key ISPs might be sufficient to start the process of change. FNCAC members urged the Federal networks to lead by example, implementing some of the measurement tools which could lead to a QOS capability. The Collaborations in Internet Security (CIS) initiative was also suggested as a possible vehicle for collaboration in this area. It was also suggested that personnel at the National Laboratory for Advanced Networking Research (NLANR) could take the lead in identifying critical metrics and necessary tools for implementation on the Federal networks.

George Brandenburg summarized key points of the morning's Transitions and Scalability Working Group discussions. Draft language has been prepared on the various subjects and will be fine tuned over the next two-three weeks.

ACTION ITEMS:

4. Session on Internet Privacy and Security

a. Collaborations in Internet Security

Phil Dykstra, ARL, Technical Lead for the CIS project, and Dennis Steinauer, NIST, co-chair of the FNC working group on Privacy and Security (PSWG), provided a brief history of the development of the Federal Internet Security Plan (FISP). The FISP, drafted by the PSWG, is oriented toward a scalable, continual improvement process,based on common principles and mechanisms compatible with Internet community values and needs (see http://www. fnc.gov/SWG.html). The plan addresses Internet security requirements, including interoperability, from the perspective of the goals and objectives outlined in the National Performance Review (NPR) (see http://www.npr.gov). The FNC developed this framework in conjunction with the FNCAC (see previous FNCAC meeting minutes at http://www.fnc.gov/FNCAC.html).In February of 1996 the PSWG initiated their Collaborations in Internet Security (CIS) effort, which is being facilitated by a grant by the National Performance Review Innovation Fund. This project unites the efforts of seven Federal agencies in a collaborative partnership to develop security techniques and strategies that are interoperable across government agencies and among the commercial and academic sectors. The CIS will also result in thedevelopment of a laboratory accreditation program for testing and certifying Internet security software and systems. This program will be modeled on NIST's National Voluntary Laboratory Accreditation Program, which tests and accredits systems and products for private sector and Federal users.

Among the CIS's governing principles are the employment of an open process(with the activities and results open to participation and comment by both public and private sector participants); a focus on multivendor technologies; an emphasis on testing and experimentally deploying security technologies emerging from research and private sectors as well as security technologies currently in use in the commercial environment; and an underlying objective to ensure interoperability among the broad Internet community (Federal, private, and academic). CIS participants are also engaged in an on-going effort to integrate the IETF and other communities into this project. The PSWG has requested recommendations from the FNCAC concerning the potential roles industry could and should play in the CIS effort.

Because CIS is a collaborative effort, at least two agencies must be interested in a particular technology or security technique for it to be incorporated into the CIS project. Secure e-mail and secure web technologiesmight be areas in which all participants take part. FNCAC members stressed the importance of making this effort as collaborative as possible in order to maximize the potential benefits.

ACTION ITEMS:b. International Perspective of Internet Security

Ed Appel, Director of Counter Intelligence at the National Security Council (NSC) and Co-Chair of the Committee on Telecommunications and Encryption, briefed the FNCAC on the status of cryptography and related Federal policies. Encrypted communications are being increasingly encountered by lawenforcement both within the U.S. and internationally, complicating datarecovery in the event of a crime.

Other countries, such as France, Russia and Israel, have much more stringent controls on exporting cryptography. The U.S. is on the other side of thespectrum, with no controls domestically (nor are any anticipated). U.S.export policies, on the other hand, are collaboratively developed internationally. They determine who isallowed to receive exported cryptographic technologies (such as a branch ofa U.S. company located in a foreign country) and the strength of theexportable technology.

The NSC is encouraging industry to take the lead on crypto policies andstandards -- with the proviso that government should be permitted to recoverkeys when necessary. According to Appel, the Fortezza family of cardsoffers one solution; smart cards should also be available in the near future.

There was discussion surrounding the strength of key escrow systems and whether they are adequately secure. Many industry and software groups arequestioning the strength and usefulness of government sponsored key escrowtechnology. Participants agreed that the CIS project may be a good forum inwhich to test these technologies.

Appel welcomes any comments or input FNCAC members may have concerning NSC's work with crypto policies, technologies, and standards.

ACTION ITEM:

c. Federal Key Escrow Programs

Ray Snouffer (NIST), National Program Manager for the Key Escrow Program, briefed the group on the background and reasons for key escrowing. Key escrow was developed under Presidential directives to provide strong cryptographic protection for unclassified data and to allow for data recovery and the decryption of encrypted telecommunications when lawfully authorized. It was proposed in April of 1993, and an escrowed encryption standard was established in February of 1994. A new policy was proposed in August of 1995, incorporating software export criteria, commercial escrow agenda, and a new key escrow FIPS called the Cryptographic Escrow System. At this point, only system testing and certification have been completed.

Key escrow has six functions: to generate random seeds at escrow agents, to generate key components and chip programming at programming sites, to transport and store key components, to control the release of key components, to decrypt communications, and finally, to destroy keys.

The operation of the key escrow system includes the involvement of the key escrow program manager, two key escrow agents, two family key agents, a programming facility representative, the Department of Justice, and law enforcement agencies. All participants must cooperate to operate the system. Five agencies (NIST, FBI, NSA and the Departments of Treasury and Justice) participate in the Key Escrow program. NIST performs as the program manager for the key escrow program, which involves overall development and day to day management. It also performs as the escrow agent for the key escrow system and generally supports the development of key escrow policy. The Justice Department is the system sponsor and the family key agent, along with the FBI (only one family key exists at this point, which is split half and half between Justice and the FBI). It also serves as the system security manager and the accrediting authority. The FBI is responsible for decrypting users, and the Treasury acts as the escrow agent. Finally, NSA is the Program Developer. The Budget is put together by all participating agencies and is currently at approximately $4.8 million this year.

With the family key being split between the Justice Department and the FBI, each must take their halves to the encryption site. Escrow officers actually witness the chip programming. The system is protected by the incorporation of split knowledge and two person control. Duties are separated, and audit logs are maintained, as are security clearances and physical security. Clipper andCapstone Chips are programmed in batches inside a secure facility. On April22, 1996 the programming of chips will move from a manual to a roboticfacility, where approximately 7500 chips will be completed every three weeks.

Some discussion was directed toward whether the key escrow facility would be open to others beside the law enforcement agencies, and what benefits end users, as opposed to corporations, would see in a key escrow systems.

d. External View of Federal Security/Privacy Policies

Marc Rotenberg of the Electronic Privacy Information center (EPIC) suggestedthat the FNCAC assume an advocacy role on the Internet privacy front. As we movecloser and closer to a global communications environment, he explained, harmonized andinternational approaches are required related to issues of privacy. The Organization forEconomic Co-operation and Development (OECD) policies provides a good model for the FNC/FNCAC in developing an agenda for Internet privacy and security.

The OECD is a 26-member, international, Paris-based organizationestablished in 1961 to promote economic growth, sustainable development, and expansion of world trade. In 1981, OECD developed guidelines providing uniform standardsfor privacy in information systems. These guidelines are now widely acceptedinternationally and form the basis for laws in several countries. Accordingto Rotenberg, they may also potentially be used as a framework for the NIIprivacy considerations. Principles incorporated in the privacy guidelinesinclude collection limitation, data quality, purpose specification, uselimitation, security safeguards, openness, individual participation, andaccountability. (For more information, see http://www.oecd.org/ dsti/iccp/legal/priv-en.html)

In 1992, the OECD also developed guidelines around information security. The Guidelines for the Security of Information Systems are "intended to provide a foundation from which countries and the private sector, acting singly and in concert, may construct a framework for security of information systems. The framework will include laws, codes of conduct, technical measures, management and use practices, and public education and awareness." These guidelines incorporate the principles of accountability, awareness, ethics,multidisciplinary, proportionality, integration, timeliness, reassessment,and democracy. (For more information, see http://www.oecd.org/dsti/iccp/legal/secur-en.html)

The OECD is currently developing an international framework forcryptography. Mike Nelson of the White House is the U.S. representative tothe OECD in the development of crypto guidelines.

e. Security & Privacy Working Group (SPWG) Resolutions

Regarding Internet privacy, Rotenberg (co-chair of the SPWG for privacy)urged participants to consider the significance of the OECD guidelines fortheir work. Members discussed the need to either establish or designate aFederal agency to address or coordinate privacy issues. Questions arose asto whether this entity should progressively collect data and make policies,or merely act as a repository for Internet privacy data.

  • ACTION ITEM:Regarding Internet security, Matt Blaze (co-chair of the SPWG for security)expressed the urgency to widely employ high quality security to theInternet. The OECD Security Guidelines were again recommended for adoptionin order to provide a framework for further discussion on an open andinternational level.

    Questions were raised about whether the FNCAC's cryptography discussionsshould target the Federal or national levels, based on the FNCAC's Charter.Participants agreed that it should address Federal policy, if it is coherentwith a national policy.

    It was also recommended that CERT-like entities be contacted to acquire an assessment of security risks at Federal sites, and to provide an analysis of how well Federal agencies are performing with respect to Internet securityand how they might improve in the future. A poor assessment report from CERT-like entities could act as a catalyst to Federal agencies to improve their security systems. CERT and other like groups should also be encouraged to act in a predictive, rather than reactive manner.

    Members agreed that the FNC is well placed to act as a catalyst as well forFederal agencies to improve their information security systems, and the FNCAC should assure thatthe FNC performs in that capacity.

    ACTION ITEMS: 5. Session on Intellectual Property Issues

    Adam Eisgrau, Legislative Counsel to the American Library Association's Washington Office, delivered a presentation on the pending copyright legislation as a representative of the Digital Futures Coalition (DFC). DFC was formed in the fall of 1995 to work towards a thorough, broad and balanced Congressional debate on U.S. copyright law and policy. Its 28 members represent a broad section of the "information economy" and include creators, consumers and distributors of information.

    On November 9th, the DFC submitted a letter to Congress stating their position on the proposed copyright legislation. Bills are now pending in both houses of Congress. These bills are intended to "update" the Copyright Act (Title 17 of the U.S. Code) and make it more responsive to the "digital age." The bills reflect many of the recommendations proposed in the 1995 White Paper by the National Information Infrastructure Task Force on IPR (which was critically reviewed during a presentation at the October 1995 FNCAC meeting). Lawful access to, and fair use of, copyrighted works is an integral part of the current copyright law.

    On Tuesday, May 7, 1996 the DFG and four other organizations will make a presentation to Congress concerning these bills. DFC's testimony will include a discussion about the potentially adverse consequences that this legislation could have on network communications. Caching -- even storing data in computers' RAM memory -- could be in violation of this legislation. The "Fair Use Doctrine" has significant application here, but its use might be undermined by classifying certain supporting technologies / uses illegal regardless of the intent of the user. Protections for on-line service providers from liability for users' infringements are not addressed in the bills.

    There was significant discussion about the FNCAC's role in making clear the potential technical ripple effects of policy decisions. FNCAC members urged other members and FNC members to participate in the task of "educating" legislators about the implications of their actions. As explained by several participants, the Internet and the information accessible on it have no parallels in existing technology, therefore policymakers have no clear models to follow. In particular, FNCAC members suggested that the underpinnings of Internet Protocol (IP) and the ability of this technology to create new opportunities and new forms of publishing have no precedence in existing copyright law.

    FNCAC members discussed a statement and two resolutions on the subject of Intellectual Property Issues which had been drafted by the FNCAC Intellectual Property Working Group. The text of the two draft recommendations is enclosed below.

    1. In an era of rapid change in communications and informationtechnologies, an increasing range of industries, constituencies, and stakeholders are affected by copyright policy. The developmental practices and requirements for innovation of some of these high-tech stakeholders maybe quite different from the traditional intellectual property stakeholders. TheFNCAC recommends that Federal Networking Council agencies address networking and copyright issues. The FNCAC recommends that policymakers at all levels include all major stakeholders in copyright policy discussions.

    2. The network itself, the way it is used, and the rapidly changing nature of information and communications technologies raise a number of issues that should be identified, framed as research questions or workshop topics, and supported by Federal Networking Council agencies.

      A major example of such a project: What are the implications of the changes described below?

      The nature of the network, the nature of the technologies involved,and the collaborative nature of the activities they facilitate --

      • change the nature of liability; and
      • change the nature of ownership of data and expression, especially of collaboratively developed data and expression."

    The IP Working Group explained that the proposed resolution has a very narrow scope, reflective of the urgings of the working group members and the CIC.

    Members discussed the wording of specific sections, including the occasional difficulty in differentiating between service providers and content providers (per the draft Action Item 1.) They also questioned whether ignorance is the driving factor behind the lack of technical foresight or whether it is in reality an attempt to protect traditional industries, e.g., the publishing industry. Eisgrau indicated that there are many Members of Congress, i.e., Leahy and Goodlatte, who sincerely desire to be educated on these issues.

    Participants suggested that when one is talking about a new medium, i.e., the Internet / electronic communications, it is the responsibility of government to develop an overarching policy framework as opposed to leaving it to the legal system to apply archaic legal models.

    The FNCAC, according to members, should not "weigh in" on this specific legislation but rather should institute a process which will help develop a vision and framework which can help define some of the technical implications of this new medium. Inherent in this exercise is the identification of key terms, e.g., copy, performance, etc., to which current legal concepts may / may not apply given the digital environment.

    Participants agreed that it would be appropriate for the FNCAC to call for a broad based study to be prepared by the National Academy of Sciences (NAS) which can look at some IP issues and impartially explore their implications for networking -- without direct comment on existing legislation.

    Other members urged the FNCAC to take a stand as an advocate of "Fair Use." This doctrine, according to participants, is fundamental to Federal R&D agencies and research itself. Science has been advanced through an "open" system of peer review.

    The original draft recommendations proposed by the working group were withdrawn in favor of an NAS study and a quick library search on existing studies (e.g., one by the Office of Technology Assessment, OTA). Of particular importance is the need for a "Vision" related to this technologyand to intellectual property, privacy and security, etc.

    ACTION ITEM:

    6. Sesssion on Education

    a. Implications of Universal Service Provisions - Telcom Bill

    Adam Eisgrau (ALA) explained that the Telecommunications Act represents a fundamental change in UniversalService in the Telcom Act. The definition of Universal Service will evolve over time as determined by availabletechnology. The Act leaves open the identification of core services which will be provided under this provision. Oneimportant concern is institutional accessibility. ALA, Tenet and several other K-12 groups, recommend that libraries and schools should have access to core services at affordable rates, especially in rural and high cost areas. Specialservices and core services should be made available to schools at discounted rates, similar to the wholesale rate. The definition of special services would move forward as the market moves forward. Interested groups are currently working on a mechanism for this that is meaningful to institutions, but workable for carriers as well.

    Adam Eisgrau also briefly discussed the Communications Decency Act, which sets forth provisions for restricting the availability of "indecent" materials over the Internet. The Act states that it is illegal to send or make available indecentmaterial to individuals under 18 years of age. What constitutes "indecent" is not defined. Both the ACLU and the ALA (together with major online service providers) have filed suit against the Act, stating that indecency is protected speech both for adults and children. Limiting speech on the Internet to materials deemed appropriate for children would impede communications on the Internet. Another question is whether the Internet is to be treated as a broadcast medium or like the press İİ each having separatestandards and policies for the use of possibly indecent material. A court ruling on these issues is expected in late spring/early summer.b. K-12 Success Stories

    Wanda Jackson from the Texas Education Network (TENET) briefed the group on the results of the State Networking Project funded by NSF and the Departments of Education and Commerce. The State Networking Project evolved out of the understanding that public information networks are becoming a fixture of the American landscape, and are being implemented by numerous states. State officials are also increasingly recognizing the potential for applying telecommunications technology in education. Implementationof these technologies, however, is plagued by challenges related to wiring, planning, usage, interpretation, routing and policies.

    To address these challenges, the State Networking Project is recommending the development of a "Public Information Campaign" that will emphasize how information technologies will improve K-12 education and the creation of an indexing mechanism to determine what information resources are useful to the K-12 community. To address access issues, a goal has been established to first, ease tensions between universal access and the free market systemİİalternatives include preferential rates for schools and librariesİİand secondly, develop plans which would equitably address the need for bandwidth in both urban and rural areas. National interoperability standards for networks and networking guidelines for developing technical support services are also being recommended. Finally, the project supports the general goals to develop vehicles for collaborative efforts, to develop new tools for gathering and disseminating information, and to provide a safe environment to encourage publishing by industry and educators.

    Project Iliad, a joint project with NASA's Johnson Space Flight center and TENET, is one effort established to address some of the recommendations above by developing an intelligent searchagent for the K-12 community. This emailİbased system was originally used a WAIS format, but is now based on Web technology. Currently, Iliad is being heavily used by TENET members.

    The presentation was concluded with a video of students actually using the Internet in their classroom work.

    c. Follow-up To Monterrey Meeting

    Jane Caviness of Educom provided an update on the work accomplished since the October Educom meeting on Higher Education and the NII held in Monterrey, California. The Monterrey meeting focusedon three key areas: Scholarly Communication and Publishing, Networked (educational) Applications, and Broadband Network Technologies. Meeting participants found that all barriers and advantages that apply to the K-12 community also apply to higher education, with both being major players inthe networking revolution.

    Twelve conference recommendations were adopted at the Monterrey meeting, focusing on four areas: Social and Economic Context for NII; NII Design; Applications Development for Education; and the Electronic Information Infrastructure. These recommendations emphasized the need to harden and expand the Internet infrastructure, and began the process to define the networking requirements of the higher education community. The Monterrey participants also found that investments should be made in applications and open system development tools which are affordable and developed in partnerships with users.

    A follow up to the Monterrey meeting will be held by Educom and Farnet on April 15İ16, 1996 in Washington, DC.

    d. Discussions and Working Group Resolutions

    Given the FNCAC's Education Working Group's primary focus on the K-12 community, members expressedthe need that the K-12 community have a realistic understanding and expectation of the Internet. This includesan understanding of how the Internet may affect this community and hints for getting around congestion and otheridentified problems. For instance, network congestion is likely to be felt to a greater extent by this community due to the fact that classrooms tend to access the Internet during periods of peak use and that schools are faced with limited funds to buy high-speed lines and high performance equipment that would improve their access. Participants discussed the options that teachers may have to circumvent the congestion, such as incentives for off-time usage of the Internet by teachers while at home, caching of information to be used the next day in the classroom, and the development of less bandwidth-intensive software.

    In a brief discussion of ways in which to communicate a realistic understanding of the internet to the K-12 community, it was decided that because many schools with internet connections eventually access the Department of Education's home page, this page would be an excellent site on which to post information for schools nationwide.

    Another issue of concern was the development of a clearinghouse of information for the K-12 community. This site might include administrative and policy guidelines, schoolboard policies, student privacy rights information, etc. Participants agreed that the Federal agencies should move to support the development of such a clearinghouse.

    A second clearinghouse identified by the working group involves Universal Service and how states are responding to the universal service aspects of the TelecommunicationsAct as it applies to the K-12 community (including the requirements/obligations of students when they signİup for an Internet account through the school). Guidelines are generally state-based, but the Federal government can help to steer the process of guideline development. The FCC might also be involved in the process of guideline development, as might the NTIA. Other organizations have also addressed this subject, including the National Schoolboards Association (NSBA), the ALA and the NII Advisory Council.

    The FNCAC's Education Working Group agreed to assist in contacting various organizations involved in Kİ12 Internet issues to develop a list of appropriate topics, issues, and information areas that should be included in a clearinghouse.

    ACTION ITEMS: The next meeting of the FNCAC is scheduled for October 21 and 22, 1996.

    The meeting was adjourned.