"Did the NRC discuss the State Department's GROSS FAILURE to prosecute Phil Zimmermann? (PGP) is military strength, and it's out there!" -- Audience member at NRC crypto briefing Dr. Herb Lin <hlin@nas.edu> of the National Research Council's Computer Science and Tecommunications Board gave a briefing this afternoon to address the Council's recent report, Cryptography's Role in Securing the Information Society. The briefing was sponsored by the Georgia Institute of Technology in Atlanta. One of the most striking aspects of the briefing was the diversity of perspectives on the issue. Most of our discussions on cryptography have been with people in the cypherpunk community; this was the first time we had ever come face to face with people on the other side of the fence. It is quite obvious that there is much emotional intensity here and we do not feel that this issue is going to go away soon. However, the NRC seems to be a voice of reason. We are faced a policy problem: the developing information society is vulnerable to security threats. Cryptography can be a powerful tool to thwart these threats, but it is also a dangerous weapon in the hands of criminals. As a result of concentration on the above issues, the cryptography debate has often been framed as a conflict between privacy rights and law enforcement. The NRC feels that the current policy on cryptography discourages its use by the private sector. Lin states that cryptography is a very valuable tool for crime prevention and thus benefits Law Enforcement. Policy makers should promote cryptography because it can help legitimate businesses better secure themselves against would-be attackers. However, cryptography also assists criminals in circumventing surveillance. So there are both positive and negative impacts for Law Enforcement, but Dr. Lin notes an important statement made in the NRC report: "The benefits of the widespread use of cryptography far outweigh the risks." Dr. Lin and the NRC believe that there will be an explosion of interest in computer security in the coming years, and that government should provide guidance and technical input, both to industry and law enforcement. The upcoming debate can (and should) be carried out on an unclassified basis. He said that open standards should be promoted in an effort to reach consensus between government and industry interests. Interested parties should be encouraged to study and understand the algorithms employed by their cryptosystems so that market forces may drive crypto policy to that which best fulfills the needs of US industry. NRC promotes the growth and leadership in the private sector and encourages all organizations to invest in information security. In addition, the NRC supports the use of link-level encryption in public networks, especially the cellular network. In this mode, LEOs can still access plaintext, but it is much more difficult for unauthorized listeners to get it. It should be noted that Cryptography is just one part of a comprehensive information security program. While it is useful to prevent eavesdropping, provide user authentication, and ensure data integrity, it is not particularly effective in overcoming the problems of insecure operating systems, and corruptible employees. One of the more controversial points in the report is the recommendation for domestic cryptography policy. The NRC recommends that no restrictions be placed on the use of domestic cryptography, and that the market should be allowed to choose the best systems. This was met with incredulty by many members of the audience, particularly those representing the government. They seemed to feel that "the people" should not be allowed to make this decision and that many important aspects of cryptography policy are not necessarily reflected in market interests. While NRC recognizes Law Enforcement's growing problem in adapting to new technologies, Dr. Lin said that the FBI could provide not one example of a class three wiretap that had been thwarted by means of encryption. Access to encrypted files seemed to be a bigger issue for LEOs. This takes us naturally to the topic of key escrow. NRC cautions that key escrow is an unproven technology. Of particular concern is the integrity of escrow agents: how it is to be evaluated, and what level of integrity is sufficient in any particular instance? Who is liable if keys are incorrectly disclosed? What are the liability issues if the key escrow system fails to provide LEOs with access? There just isn't enough information at this time to make these judgments. Many audience members commented that the administration had rushed into key escrow without forethought or open discourse. The NRC discourages the hurried passage of new legislation without clear, thorough discussion of the issues involved by those who will be most directly affected by the law. Furthermore, any government supported cryptography system must provide additional value to the end users. The Clipper system does not do this. Dr. Lin mentioned that data recovery might be of significant value to most users. If encryption systems are too strong then users will have a bigger problem with lost keys than they ever had with stolen intellectual property. The NRC recommends that the US government act as a test market for key recovery rather than pushing it out to the public before it is fully developed. The NRC also recommends that Congress consider criminalizing the criminal use of cryptography. This issue has already been discussed at length in academic fora, and the general consensus is that this concept is much easier said than done. We feel that such a policy is not likely to be a serious deterrent unless the additional penalty outweighs the benefits of secure crypto. It is also worth noting that if crypto is the default in system people shouldn't be charged with additional crimes for not turning it off. As for export issues, the NRC recommends that the government allow export of 56-bit DES without special approval, effective immediately. The recommendation also suggested that the allowable key length should be increased over time in order to keep up with improvements in cryptanalysis and computing power. They feel that export controls should be lessened but not fully removed. Law Enforcement needs time to develop the skills and technology necessary to deal with new situations. We would take issue with the NRC's assertion that 56 bit DES is "good enough for most commercial applications," and that algorithms be designed to preclude multiple encryption. It certainly depends on the threat model involved. DES would be an improvement over plaintext networks, but it is certainly not strong enough to defend against industrial espionage efforts. We feel that strong cryptography should be exportable now to defend against such attacks. We feel that legitimate law enforcement interests can get access to the information they require in most cases without even having to employ cryptanalysis, especially if systems are secured at the link level as the NRC recommends. We would also point to the reality that wiretapping is not often used by Law Enforcement, and we don't feel that they have justified any increase in it's use. The NRC briefing was very helpful in understanding the meaning of the report and highlighted many important issues. NRC will have a number of briefings in major cities all over the US, in hopes that this will spark more debate over these issues. Attendance at this briefing was much smaller than we had expected. We would encourage anyone who is interested in cryptography to attend a future briefing. It is a very good opportunity to hear and meet people on all sides of this issue. We would also encourage the cyber-rights crowd to seriously consider the NRC's recommendations. It seems to be a realistic look at these issues, and there is plenty of room here to defend fundamental civil liberties. Tom Cross and Jeremy Mineweaser Electronic Frontiers Georgia