From the White House
***************************************************************** Embargoed until 3:00 p.m. EST Feb. 4, 1994 QUESTIONS AND ANSWERS ABOUT THE CLINTON ADMINISTRATION'S ENCRYPTION POLICY Q. What were the findings of the encryption technology review? A. The review confirmed that sound encryption technology is needed to help ensure that digital information in both computer and telecommunications systems is protected against unauthorized disclosure or tampering. It also verified the importance of preserving the ability of law enforcement to understand encrypted communications when conducting authorized wiretaps. Key escrow technology meets these objectives. Specific decisions were made to enable federal agencies and the private sector to use the key escrow technology on a voluntary basis and to allow the export of key escrow encryption products. In addition, the Department of State will streamline export licensing procedures for products that can be exported under current regulations in order to help U.S. companies to sell their products abroad. To meet the critical need for ways to verify the author and sender of an electronic message -- something that is crucial to business applications for the National Information Infrastructure -- the federal government is committed to ensuring the availability of a royalty-free, public-domain Digital Signature Standard. Finally, an interagency working group has been established to continue to address these issues and to maintain a dialogue with industry and public interest groups. Q. Who has been consulted during this review? The Congress? Industry? What mechanism is there for continuing consultation? A. Following the President's directive announced on April 16, 1993, extensive discussions have been held with Congress, industry, and privacy rights groups on encryption issues. Formal public comment was solicited on the Escrowed Encryption Standard and on a wide variety of issues related to the review through the Computer System Security and Privacy Advisory Board. The White House Office of Science and Technology Policy and the National Security Council will chair the interagency working group. The group will seek input from the private sector both informally and through several existing advisory committees. It also will work closely with the Information Policy Committee of the Information Infrastructure Task Force, which is responsible for coordinating Administration telecommunications and information policy. Q. If national security and law enforcement interests require continued export controls of encryption, what specific benefits can U.S. encryption manufacturers expect? A. The reforms will simplify encryption product export licensing and speed the review of encryption product exports. Among other benefits, manufacturers should see expedited delivery of products, reduced shipping and reporting costs, and fewer individual license requests -- especially for small businesses that cannot afford international distributors. A personal exemption for business travellers using encryption products will eliminate delays and inconvenience when they want to take encryption products out of the U.S. temporarily. Q. Why is the key escrow standard being adopted? A. The key escrow mechanism will provide Americans and government agencies with encryption products that are more secure, more convenient, and less expensive than others readily available today -- while at the same time meeting the legitimate needs of law enforcement. Q. Will the standard be mandatory? A. No. The Administration has repeatedly stressed that the key escrow technology, and this standard, is for voluntary use by federal and other government agencies and by the private sector. The standard that is being issued only applies to federal agencies -- and it is voluntary. Does this approach expand the authority of government agencies to listen in on phone conversations? No Key escrow technology provides government agencies with no [sic] new authorities to access the content of the private conversations of Americans. Q. Will the devices be exportable? Will other devices that use the government hardware? A. Yes. After an initial review of the product, the State Department will permit the export of devices incorporating key escrow technology to most end users. One of the attractions of this technology is the protection it can give to U.S. companies operating at home and abroad. Q. Suppose a law enforcement agency is conducting a wiretap on a drug smuggling ring and intercepts a conversation encrypted using the device. What would they have to do to decipher the message? A. They would have to obtain legal authorization, normally a court order, to do the wiretap in the first place. They would then present documentation, including a certification of this authorization, to the two entities responsible for safeguarding the keys. (The key is split into component parts, which are stored separately in order to ensure the security of the key escrow system.) They then obtain the components for the keys for the device being used by the drug smugglers. The components are then combined and the message can be read. Q. Who will hold the escrowed keys? A. The Attorney General has selected two U.S. agencies to hold the escrowed key components: the Treasury Department's Automated Systems Division and the Commerce Department's National Institute of Standards and Technology. Q. How strong is the security in the device? How can I be sure how strong the security is? A. This system is more secure than many other voice encryption system readily available today. While the algorithm upon which the Escrowed Encryption Standard is based will remain classified to protect the security of the system, an independent panel of cryptography experts found that the algorithm provides significant protection. In fact, the panel concluded that it will be 36 years until the cost of breaking the algorithm will be equal to the cost of breaking the current Data Encryption Standard now being used. Q. Is there a "trap door" that would allow unauthorized access to the keys? A. No. There is no trapdoor. Q. Whose decision was it to propose this product? A. The National Security Council, the Justice Department, the Commerce Department, and other key agencies were involved in this decision. The approach has been endorsed by the President, the Vice President, and appropriate Cabinet officials.