[Report Cover] [Header all pages] May 30, 1996, Prepublication Copy Subject to Further Editorial Correction Cryptography's Role in Securing the Information Society Kenneth Dam and Herbert Lin, Editors Committee to Study National Cryptography Policy Computer Science and Telecommunications Board Commission on Physical Sciences, Mathematics, and Applications National Research Council National Academy Press Washington, D.C. 1996 ____________________________________________________________ Contents PREFACE Introduction Charge of the Committee to Study National Cryptography Policy What This Report Is Not On Secrecy and Report Time Line A Note from the Chair Acknowledgments EXECUTIVE SUMMARY A ROAD MAP THROUGH THIS REPORT PART I -- FRAMING THE POLICY ISSUES 1 GROWING VULNERABILITY IN THE INFORMATION AGE 1.1 The Technology Context of the Information Age 1.2 Transitions to an Information Society -- Increasing Interconnections and Interdependence 1.3 Coping with Information Vulnerability 1.4 The Business and Economic Perspective 1.4.1 Protecting Important Business Information 1.4.2 Ensuring the Nation's Ability to Exploit Global Markets 1.5 Individual and Personal Interests in Privacy 1.5.1 Privacy in an Information Economy 1.5.2 Privacy for Citizens 1.6 Special Needs of Government 1.7 Recap 2 CRYPTOGRAPHY: ROLES, MARKET, AND INFRASTRUCTURE 2.1 Cryptography in Context 2.2 What Is Cryptography and What Can It Do? 2.3 How Cryptography Fits into the Big Security Picture 2.3.1 Technical Factors Inhibiting Access to Information 2.3.2 Factors Facilitating Access to Information 2.4 The Market for Cryptography 2.4.1 The Demand Side of the Cryptography Market 2.4.2 The Supply Side of the Cryptography Market 2.5 Infrastructure for Widespread Use of Cryptography 2.5.1 Key Management Infrastructure 2.5.2 Certificate Infrastructures 2.6 Recap 3 NEEDS FOR ACCESS TO ENCRYPTED INFORMATION 3.1 Terminology 3.2 Law Enforcement: Investigation and Prosecution 3.2.1 The Value of Access to Information for Law Enforcement 3.2.2 The Legal Framework Governing Surveillance 3.2.3 The Nature of Surveillance Needs of Law Enforcement 3.2.4 The Impact of Cryptography and New Media on Law Enforcement (Stored and Communicated Data) 3.3 National Security and Signals Intelligence 3.3.1 The Value of Signals Intelligence 3.3.2 The Impact of Cryptography on SIGINT 3.4 Similarities and Differences Between Foreign Policy/National Security and Law Enforcement Needs for Communications Monitoring 3.4.1 Similarities 3.4.2 Differenees 3.5 Business and Individual Needs for Exceptional Access to Protected Information 3.6 Other Types of Exceptional Access to Protected Information 3.7 Recap PART II -- POLICY INSTRUMENTS 4 EXPORT CONTROLS 4.1 Brief Description of Current Export Controls 4.1.1 The Rationale for Export Controls 4.1.2 General Description 4.1.3 Discussion of Current Licensing Practices 4.2 Effectiveness of Export Controls on Cryptography 4.3 The Impact of Export Controls on U.S. Information Technology Vendors 4.3.1 De Facto Restrictions on the Domestic Availability of Cryptography 4.3.2 Regulatory Uncertainty Related to Export Controls 4.3.3 The Size of the Affected Market for Cryptography 4.3.4 Inhibiting Vendor Responses to User Needs 4.4 The Impact of Export Controls on U.S. Economic and National Security Interests 4.4.1 Direct Economic Harm to U.S. Businesses 4.4.2 Damage to U.S. Leadership in Information Technology 4.5 The Mismatch Between the Perceptions of Government/ National Security and Those of Vendors 4.6 Export of Technical Data 4.7 Foreign Policy Considerations 4.8 Technology-Policy Mismatches 4.9 Recap 5 ESCROWED ENCRYPTION AND RELATED ISSUES 5.1 What Is Escrowed Encryption? 5.2 Administration Initiatives Supporting Escrowed Encryption 5.2.1 The Clipper Initiative and the Escrowed Encryption Standard 5.2.2 The Capstone/Forteza (sic) Initiative 5.2.3 The Relaxation of Export Controls on Software Products Using "Properly Escrowed" 64-bit Encryption 5.2.4 Other Federal Initiatives in Escrowed Encryption 5.3 Other Approaches to Escrowed Encryption 5.4 The Impact of Escrowed Encryption on Information Security 5.5 The Impact of Escrowed Encryption on Law Enforcement 5.5.1 Balance of Crime Enabled vs. Crime Prosecuted 5.5.2 Impact on Law Enforcement Access to Information 5.6 Mandatory vs. Voluntary Use of Escrowed Encryption 5.7 Process Through Which Policy on Escrowed Encryption Was Developed 5.8 Affiliation and Number of Escrow Agents 5.9 Responsibilities and Obligations of Escrow Agents and Users of Escrowed Encryption 5.9.1 Partitioning Escrowed Information 5.9.2 Operational Responsibilities of Escrow Agents 5.9.3 Liabilities of Escrow Agents 5.10 The Role of Secrecy in Ensuring Product Security 5.10.1 Algorithm Secrecy 5.10.2 Product Design and Implementation Secrecy 5.11 The Hardware/Software Choice in Product Implementation 5.12 Responsibility for Generation of Unit Keys 5.13 Issues Related to the Administration Proposal to Exempt 64-bit Escrowed Encryption in Software 5.13.1 The Definition of "Proper Escrowing" 5.13.2 The Proposed Limitation of Key Lengths to 64 Bits or Less 5.14 Recap 6 OTHER DIMENSIONS OF NATIONAL CRYPTOGRAPHY POLICY 6.1 The Communications Assistance for Law Enforcement Act 6.1.1 Brief Description of and Stated Rationale for the CALEA 6.1.2 Reducing Resource Requirements for Wiretaps 6.1.3 Obtaining Access to Digital Streams in the Future 6.1.4 The CALEA Exemption of Information Service Providers and Distinctions Between Voice and Data Services 6.2 Other Levers Used in National Cryptography Policy 6.2.1 Federal Information Processing Standards 6.2.2 The Government Procurement Process 6.2.3 Implementation of Policy: Fear, Uncertainty, Doubt, Delay, Complexity 6.2.4 R&D Funding 6.2.5 Patents and Intellectual Property 6.2.6 Formal and Informal Arrangements with Various Other Governments and Organizations 6.2.7 Certification and Evaluation 6.2.8 Nonstatutory Influence 6.2.9 Interagency Agreements Within the Executive Branch 6.3 Organization of the Federal Government with Respect to Information Security 6.3.1 Role of National Security vis-a-vis Civilian Information Infrastructures 6.3.2 Other Government Entities with Influence on Information Security 6.4 International Dimensions of Cryptography Policy 6.5 Recap PART III--POLICY OPTIONS, FINDINGS, AND RECOMMENDATIONS 7 POLICY OPTIONS FOR THE FUTURE 7.1 Export Control Options for Cryptography 7.1.1 Dimensions of Choice for Controlling the Exportof Cryptography 7.1.2 Complete Elimination of Export Controls on Cryptography 7.1.3 Transferral of All Cryptography Products to the Commerce Control List 7.1.4 End-use Certification 7.1.5 Nation-by-Nation Relaxation of Controls and Harmonization of U.S. Export Control Policy on Cryptography with Export/Import Policies of Other Nations 7.1.6 Liberal Export for Strong Cryptography with Weak Defaults 7.1.7 Liberal Export for Cryptographic Applications Programming Interfaces 7.1.8 Liberal Export for Escrowable Products with Encryption Capabilities 7.1.9 Alternatives to Government Certification of Escrow Agents Abroad 7.1.10 Use of Differential Work Factors in Cryptography 7.1.11 Separation of Cryptography from Other Items on the U.S. Munitions List 7.2 Alternatives for Providing Government Exceptional Access to Encrypted Data 7.2.1 A Prohibition of the Use and Sale of Cryptography Lacking Features for Exceptional Access 7.2.2 Criminalization of the Use of Cryptography in the Commission of a Crime 7.2.3 Technical Non-Escrow Approaches for Obtaining Access to Information 7.2.4 Network-based Encryption 7.2.5 Distinguishing Between Encrypted Voice and Data Communications Services for Exceptional Access 7.2.6 A Centralized Decryption Facility for Government Exceptional Access 7.3 Looming Issues 7.3.1 The Adequacy of Various Levels of Encryption Against High-Quality Attack 7.3.2 Organizing the U.S. Government for Better Information Security on a National Basis 7.4 Recap 8 SYNTHESIS, FINDINGS, AND RECOMMENDATIONS 8.1 Synthesis and Findings 8.1.1 The Problem of Information Vulnerability 8.1.2 Cryptographic Solutions to Information Vulnerabilities 8.1.3 The Policy Dilemma Posed by Cryptography 8.1.4 National Cryptography Policy for the Information Age 8.2 Recommendations 8.3 Additional Work Needed 8.4 Conclusion APPENDIXES A Contributors to the NRC Project on National Cryptography Policy B Glossary C A Brief Primer on Cryptography D An Overview of Electronic Surveillance: History and Current Status E A Brief History of Cryptography Policy F A Brief Primer on Intelligence G The International Scope of Cryptography Policy H Summary of Important Requirements for a Public-Key Infrastructure I Industry-Specific Dimensions of Security J Examples of Risks Posed by Unprotected Information K Cryptographic Applications Programming Interfaces L Laws, Regulations, and Documents Relevant to Cryptography M Other Looming Issues Related to Cryptography Policy N Federal Information Processing Standards [End Contents]