ComputerWorld June 7, 1993 Vol. 27, No. 23 page 21 Fed officials pan ban of old encryption specs by Gary H. Anthes Gaithersburg, MD Federal officials responsible for shaping information security policy said last week that legislation mandating use of the government's recently proposed encryption technology -- and banning the use of older but popular techniques -- is neither wise nor legal. In April, the White House said it intended to establish as a federal standard an approach to encryption called "key-escrow." This method would require that the keys needed to unlock a coded conversation be kept by government-approved agencies and retrieved only for court-ordered wiretaps. Dubbed "Clipper" for voice communications and "Capstone" for data, the approach is intended to balance the conflicting objectives of users -- who demand absolute security and privacy -- and law enforcement agencies, which are looking for a legal "backdoor" into coded criminal communications. Protecting rights to privacy But the idea has been challenged by civil libertarians who fear abuses by a technologically empowered Big Brother, and by some users, especially those such as banks that have made large investments in cryptography based on the older Data Encryption Standard (DES), which some fear could be banned by the government. Protesters so far include the Computer and Business Equipment Manufacturers Association, Information Technology Association of America, Computer Professionals for Social Responsibility, Electronic Frontier Foundation, Business Software Alliance, Software Publishers Association and Information Systems Security Association. Raymond Kammer, acting director of the National Institute of Standards and Technology (NIST), acknowledged that a ban on existing techniques would be considered. "But my personal opinion is, I can't see doing anything that would take away any freedoms we now enjoy," Kammer said. "We tried to come up with a technique that would not require legislation," said Clint Brooks, advisor to the director of the National Security Agency, which developed and now strongly supports the key-escrow approach. Brooks predicted it would be years before criminal use of DES would be wide-spread enough to present obstacles to law enforcement agencies, which cannot crack DES codes. "Let's wait and see if legislation is needed," he said. While the majority of those attending a public hearing at the NIST last week spoke out against the government's proposal, a few strongly defended it saying criticisms are either misdirected or deal with fixable flaws. Donald Alvarez, national defense science and engineering graduate fellow at Princeton University, outlined six ways that Clipper could be breached but finished by saying, "I definitely believe it is possible to address the needs of both [users and law enforcers], even with the Clipper and Capstone chip sets." 8<---------- End of Article ------------- In a small, corner-page, footnote box on the same page -- "Keyed up In a statement filed with the Computer System and Privacy Advisory Board, Citicorp raised the following concerns about Clipper: o The private sector was not adequately consulted. o The algorithm used in Clipper/Capstone is not compatible with other commonly used encryption methods and will only cause costly disruptions for businesses. o The algorithm -- which is to be secret but will be examined by a handful of government-chosen experts -- "will undergo inadequate scrutiny and hurried review." o The databases and access systems associated with Clipper may be flawed and insecure." Paul Ferguson | The future is now. Network Integrator | History will tell the tale; Centreville, Virginia USA | We must endure and struggle fergp@sytex.com | to shape it. Stop the Wiretap (Clipper/Capstone) Chip.