~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SANDY SANDFORT Reply to: ssandfort(a)attmail.com
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
As requested by some of you, here is the encryption article that
appeared in the 19 June issue of SCIENCE NEWS. It's copied
without permission, for personal use of list members only, blah,
blah, blah.
S a n d y
* * * * * * *
ENCRYPTION CONTROVERSY
A fierce debate erupts over
cryptography and privacy
by Ivers Peterson
With a little encryption to hide their words, Prince Charles and
Princess Diana might never have suffered the embarrassing
spectacle of having transcripts of their private telephone
conversations splashed across the front pages of newspapers
around the world.
The royal couple has not been alone in learning the painful
lesson that modern technology has made eavesdropping -- whether
officially sanctioned, inadvertent, or illegal -- remarkably
easy. Today, cellular and cordless telephones transmit
conversations via radio waves that can be readily intercepted.
Electronic-mail messages pass openly from one computer to another
across a network accessible to innumerable people.
"We take for granted that by sealing the envelope or closing the
door, we can achieve privacy in our communications," says
Whitfield Diffie of Sun Microsystems in Mountain View, Calif.
"The challenge of modern security technology is to transplant
these familiar mechanisms from the traditional world of
face-to-face meetings and pen-and-ink communications to a world
in which digital electronic communications are the norm and the
luxury of personal encounters or handwritten messages [is] the
exception."
Modern technology has provided a solution in the form of
sophisticated schemes for encrypting digitized sounds and text.
Only a recipient with the proper key for unlocking the secret
code can hear or read the otherwise unintelligible, encrypted
string of digits.
Nonetheless, few telephones and computers used by the general
public come equipped with either software or micro-electronic
circuitry for encrypting speech or text. Indeed, some critics
charge that the U.S. government has actively discouraged wide
dissemination of cryptographic technology.
"Conflicting signals from a succession of administrations have
led many to be very confused as to what U.S. citizens have a
right to expect from cryptographic technologies and what
capabilities the U.S. government would prefer its citizens have
available," says Stephen T. Walker, president of Trusted
Information Systems, Inc., in Glenwood, Md.
. . .
In April, the Clinton administration added a new ingredient that
set the cryptographic-policy pot boiling. The White House
proposal called for the adoption of a novel encryption scheme as
a federal standard. It would incorporate a "front door" through
which properly authorized government officials could readily
decrypt intercepted messages for reasons of law enforcement or
national security.
the proposal ignited a firestorm of protest from large segments
of the computer community. Since then, angry debate over this
issue and the more general question of privacy in an electronic
age has dominated discourse on many electronic bulletin boards,
where individuals can post their queries and opinions on a
smorgasbord of concerns.
"Not everybody is saying this is terrible, terrible, terrible,
but nobody is happy about it," Walker says. The list of
dissatisfied parties ranges from major computer manufacturers and
telephone companies to privacy activists belonging to
organizations such as the Electronic Frontier Foundation and
Computer Professionals for Social Responsibility.
The administration's scheme has also attracted congressional
scrutiny and focused attention on the need to formulate a
coherent national cryptographic policy. Many see the resolution
of privacy issues as one of the key elements in developing a
national information infrastructure, which would allow anyone
using a networked computer unprecedented access to libraries,
data repositories, and other information sources throughout the
United States.
"Recent years have seen a succession of technological
developments that diminish the privacy available to the
individual," Diffie stated last month in testimony before the
House science subcommittee. "Cryptography is perhaps alone in
its promise to give us more privacy rather than less. But here
we are told that we should forgo this technical benefit and
accept a solution in which the government will retain the power
to intercept our ever more valuable and intimate communications."
. . .
For many decades, cryptography remained largely a government
matter -- an arcane discipline of interest to military
organizations and to the secretive National Security Agency
(NSA), which routinely monitors foreign communications. But the
subject also captured the attention of a few enthusiasts outside
government. In the 1970s, the development of electronic
communication via the first national computer networks spurred
these people to look for ways to protect information in this new,
wide-open environment.
In 1975, Diffie, working with computer scientist Martin E.
Hellman of Stanford University, invented a novel, revolutionary
cryptographic technique now know as public-key cryptography.
Developed entirely outside of government, it offered a high level
of security and privacy to any individual using the system.
In conventional cryptographic schemes, the user typically has a
"key" that changes all the digits of a message into an
unintelligible string. The recipient then uses the same key to
unscramble the code and read the message.
In a public-key system, the user has one key -- kept secret --
encrypting the message and the recipient has a different but
mathematically related key to decrypt the message. There's no
need to keep the second key secret because, in principle, there
should be no way to figure out the private key from knowledge of
the public key. This, everyone has a private key and a public
key, which they can then use to encrypt or decrypt messages.
Almost simultaneously, the U.S. government offered an
alternative, single-key method known as the Data Encryption
Standard (DES), for coding information. Although experts outside
of government initially harbored suspicions that the NSA had
deliberately weakened the scheme to make code-breaking easier, 15
years of concerted effort to find flaws have failed to turn up
any serious problems. Many banks and other institutions now
routinely use this technique to maintain the confidentiality and
integrity of communications involving financial transactions and
other matters.
. . .
One of the first hints of something new in the works came early
this year. Last fall, Walker heard about a new AT&T telephone
equipped with a lightweight electronic device, basd on DES, for
turning a telephone signal into a digital stream of encrypted
information. He ordered five of these secure telephones for his
business.
In January, AT&T representatives told Walker they could only loan
him the telephones he wanted; something better would become
available in April, they said. Walker noticed they no longer
mentioned DES as the encryption scheme.
"So I knew there was something coming," Walker says. "But I
didn't know what the details were." When the White House
announcement finally came, the details caught just about everyone
in the computer community by surprise.
In essence, the proposed "key-escrow" technology takes the form
of two specially fabricated, tamper-resistant integrated-circuit
chips -- one, known as Clipper, for encrypting digital telephone
signals and another, known as Capstone, for encrypting the output
of computers. Information from any telephone or computer would
pass through the chip to be encrypted, and a corresponding chip
attached to the recipient's telephone or computer would decipher
the message.
However, the scheme is designed to include another key, divided
into two parts, that when reconstituted will also unlock the
message. The administration's plan is to deposit these pieces
-- unique to each chip -- in two separate, secure databases. The
two pieces of a particular key would be released only to
officials at such agencies as the Federal Bureau of Investigation
who are authorized to tap a particular telephone line.
This technology improves "the security and privacy of telephone
communications while meeting the legitimate needs of law
enforcement," the White House stated in announcing the Clipper
chip.
"The effect," says Diffie, "is very much like that of the little
keyhole in the back of the combination locks used on the lockers
of schoolchildren. The children open the locks with the
combination, which is supposed to keep the other children out,
but the teachers can always look in the lockers by using the
key."
"Because the key-escrow chip enables lawful interceptions, the
government for the first time in history is in a position to
promote encryption without putting public safety at risk," says
Dorothy E. Denning, a cryptography expert at Georgetown
University in Washington, D.C. "As a result of the government's
efforts, I expect to see greater use of encryption and,
consequently, greater protection of sensitive communications."
Administration officials insist the Clipper-Capstone scheme is
voluntary. Initially, only certain departments and agencies of
the government will be required to use it. But clearly, the
administration hopes that various companies will start
incorporating this technology into commercial products, at first
to supply the government market and then to meet the security
needs of businesses and private individuals.
This approach puzzles many observers. "If you're not going to
force it on people, then it's going to be largely irrelevant for
the computer community," says Walker. "DES and RSA [a public-key
cryptosystem] are already so widely used in software versions
that most users will not even consider converting to Clipper or
Capstone, simply because of the additional hardware expense."
"Anyone who is seriously seeking to protect sensitive information
will use alternative methods, either instead of or in addition to
the Clipper-Capstone chips," he adds. That leaves the
possibility that the government may eventually ban the use of
certain types of cryptography, though officials presently deny
any such intent.
"Encryption is a technology that could be constrained legally in
the same way that other technologies are constrained," Denning
argues. "Congress should consider legislation that would impose
such constraints."
. . .
Debating the technical merits of the administration's proposal
has proved tricky. Many of the details of the scheme's
implementation remain fuzzy, and the government has insisted on
keeping secret the actual mathematical recipe, or algorithm, for
generating the required keys.
"It's very hard to assess something when you don't know what
you're assessing," notes Lance J. Hoffman, a computer scientist
at George Washington University in Washington, D.C.
In contrast, the government made public the DES algorithm, giving
cryptography experts a chance to examine and test the scheme
thoroughly t vouch for its security. Developed secretly at the
NSA, the new algorithm use for the Clipper and Capstone chips
will receive no such scrutiny.
The government's reluctance to release the algorithm stems from
the possibility that some people might then use the algorithm
without its accompanying key-escrow provision to create a
formidable encryption scheme. "Tis is a powerful algorithm,"
says NSA's Clint Brooks. "You need some kind of control
mechanism . . . to ensure the law-enforcement capability is
preserved."
The Clipper and Capstone chips also represent only one possible
approach to achieving a reasonable balance between unconstrained
privacy and the needs of law enforcement and national security.
Silvio Micali of the Massachusetts Institute of Technology has
proposed an alternative scheme -- developed well before the
Clipper chip announcement -- that eschews complicated chips and
special hardware in favor of a considerably more flexible,
inexpensive software solution.
Like the administration, Micali favors an approach that includes
a cryptographic escape hatch in case of dire emergency.
"Scientists ought to be socially responsible," he argues. "We
have to ask ourselves what would be the social impact of
widespread cryptography."
Micali has demonstrated that it's possible with his technique to
transform any public-key cryptosystem into one that includes a
provision for third-party access to encrypted information, if a
court deems such access essential for reasons of law enforcement
or national security. He calls the transformed version a "fair"
public-key cryptosystem.
"The transformed systems preserve the security and efficiency of
the original ones," Micali says. "Thus, one can still use
whatever system [he or she] believes to be more secure and enjoy
the additional property of fairness."
. . .
But to many others, the real debate is not about the technical
merits of the Clipper and Capstone proposals. "The fundamental
issue that people are talking about is the question of whether
people have a right to have privacy in a conversation . . .
something that cryptography can provide," says Ronald L. Rivest,
a computer scientist at MIT.
Denning contends that it would be irresponsible for either
government or industry to promote the widespread use of strong
encryption. "I do not believe our laws grant an `absolute right'
to a private conversation," she says.
But Rivest and others reject the notion that the pubic should
have access only to cryptography that the U.S. government can
decipher. They feel shut out of the government decision-making
process that brought forth the Clipper chip.
"I don't know anyone inside the government who is fighting for
the average citizen's protection here," Walker says. "It's the
national security and law enforcement guys that are running the
show, and the administration has bought in to their side."
"I don't think we have a fair situation at all," he adds.
"That's why I keep insisting we've got to have a national review
involving . . . private citizens and private organizations."
The administration already has an internal review of
cryptographic policy under way. This task force is supposed to
have its final report ready by the end of the summer. In
addition, earlier this month, the Computer System Security and
Privacy Advisory Board, which advises the administration on
matters of security and privacy, held a three-day meeting to hear
public comments on a variety of cryptographic issues.
Many people question the sudden rush to implement
Clipper-Capstone, given the major ethical and constitutional
questions at issue. "There hasn't been a serious public
discussion," Hoffman says. "Nobody has been given enough time."
Faced with such criticisms, the government now shows signs of
slowing implementation of its key-escrow plan until the scheme's
ramifications have been studied further. At the same time,
computer users already have access to chips and software
incorporating DES or the RSA public-key cryptosystem.
"For the first time in history, we have a situation in which
individuals can use cryptography good enough that even
governments can't read [the encrypted messages]," Hoffman says.
"That is a big change. The administration is ultimately going to
have to address the issue of whether people can use their own
cryptography and keep the keys secret themselves."
* * * * * * *
>>>>>> Please send e-mail to: ssandfort(a)attmail.com <<<<<<
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~