ComputerWorld Volume 27, Number 28 July 12, 1993 page 28 Advanced Technology The right to be secure Government-backed data security standard raises Big Brother issues By James Daly Two months ago, the Clinton administration dropped a bomb on the world of computer security. In an effort to assist law enforcement officers looking for a legal back door into coded criminal communications, officials from the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) said they intend to establish as a federal standard an approach to voice and data encryption called "key escrow." This method would require the technology needed to unlock a coded conversation to be kept by government-approved agencies and retrieved in the event of government-approved wiretaps. Data encryption would be done in silicon via a device called the "Clipper chip," which would be installed in machines needing its coding and decoding capabilities. To put it mildly, the Clipper chip proposal has generated a lot of excitement among privacy advocates who fear abuses by a technologically empowered Big Brother. Computerworld recently tried to talk with officials from both the NIST and the NSA to further explore the Clipper issue, but neither allowed a face-to-face interview with a staff member. Instead, we had to submit written questions. Here are the answers provided by officials from the NIST and the NSA. Q. The proposed Clipper chip technology has generated an awful lot of acrimony since it was announced in April. Has the government lessened its level of commitment to the chip? A. The administration remains committed too the initiative and is proceeding with the following actions: the acquisition of key escrow encryption devices by law enforcement agencies; the naming of key escrow agents to hold the keys for the key escrow microcircuits and the establishment of procedures by the attorney general for the access of the keys; the evaluation of the key escrow encryption algorithm by respected experts; the promulgation of a standard by the secretary of commerce to facilitate the procurement and use of key escrow encryption devices in federal communications systems; and the comprehensive review of encryption policy. In addition, discussions with industry and other concerned groups have proved very productive. The administration does not intend to arbitrarily end its study of the issue while helpful consultations are under way. It should also be understood that the use of products implementing the key escrow encryption microcircuit is voluntary. There has been no attempt to either mandate its use or to deny the entry of other encryption technologies into the marketplace. Q. Privacy advocates say that if the keys needed to de-crypt data are placed in the hands of government authorities, there is the potential for abuse. What kinds of safeguards would be implemented to prevent this? A. The government may conduct electronic surveillance only when lawfully authorized. Moreover, the key escrow procedures being developed provide that each key will be split into two parts, and different key escrow authorities will hold each part. Neither part alone can be used to decrypt messages. To obtain the key needed to unlock the encryption, law enforcement must present evidence of its authority for a key, typically a court order, to both key escrow authorities. Finally, the system will be designed to ensure that law enforcement destroys the keys it receives when its authority to conduct the electronic surveillance has expired. Q. Vendors who have extensive business overseas say they would not be able to sell Clipper-equipped machines on foreign shores. How do you respond? A. Key-escrowed products will be exportable to U.S. persons and companies operating overseas. One issue under consideration in the presidential review is whether a broader export policy is advisable. Should a broader export policy be adopted, we believe products implementing the key escrow technology will find favor among consumers who desire the superb encryption security offered. Q. If Clipper would be the standard, would the use of non-Clipper encryption devices be outlawed? If so, how would you find out who was using these non-Clipper devices? A. No. Use of key-escrowed products by the private sector would be entirely voluntary. Federal agencies will have the option of using this technology once it becomes a Federal Information Processing Standard. DES [Data Encryption Standard], the existing federal encryption standard, will still be available for use in federal systems. Q. Regarding DES, some security experts say that with powerful chips such as Pentium already on the market and the 686 and 786 in design stages, DES is getting near to being crackable. Is DES nearing the end of its useful life? A. NIST will recommend that DES be renewed for another five years as a Federal Information Processing Standard. We do recognize, however, that as computer technology advances, the expected effort needed to break DES-encrypted messages decreases. In time, DES will become less valuable for securing sensitive information. Q. What eventually made DES and other cryptosystems acceptable was their ease of use in software. Do you feel companies will be willing to go back to the hassle and additional expenses of hardware-based cryptography? A. Again, we must emphasize that use of this technology is voluntary. Software containing other cryptosystems is still available to consumers. As for use of this technology in hardware, new products are already being developed to lessen the "hassle" of hardware-based cryptography. One example would be its use of PCMCIA [Personal Computer Memory Card International Association] cards. Moreover, encryption implemented in software generally provides less security than hardware encryption. Q. What happens when the Clipper chip's technology cannot keep up with faster networks and becomes a bottleneck? Do we then have to have a multiyear review process wherein we select a Clipper-2 chip and retrofit all the devices across the country? A. We expect the key escrow microcircuits will be enhanced to keep pace with future data requirements. As with the introduction of any next-generation technology, consumers will decide the extent to which they require, and are willing to pat for, the new technology. We do not envision an "across the country" retrofit of all devices. Q. What should the role of the government, if any, in developing a nationwide computer security policy guideline? A. The government has a strong interest in computer security policies in light of the federal agencies' need to protect their own information: for law enforcement agencies to conduct lawfully authorized electronic intercepts in order to combat crime and terrorism; to protect national security through export controls of cryptographic technologies; and the growing U.S. economic interest in protecting corporations and citizens' information that is stored and transmitted electronically. That does not mean, however, that a government-imposed security policy is appropriate. Government must be actively involved in setting computer security standards for its own use and making its technology, expertise and guidance available to the private sector when requested and appropriate. Private sector organizations can then make appropriate risk-based, cost-effective decisions as to protecting their information assets. Paul Ferguson | "Confidence is the feeling you get Network Integrator | just before you fully understand Centreville, Virginia USA | the problem." fergp@sytex.com | - Murphy's 7th Law of Computing Quis Custodiet Ipsos Custodes?