clipper_q-and-a.txt

[Dan Brown]

>From the White House   

*****************************************************************

Embargoed until 3:00 p.m. EST Feb. 4, 1994

QUESTIONS AND ANSWERS ABOUT THE
CLINTON ADMINISTRATION'S ENCRYPTION POLICY

Q. 	What were the findings of the encryption technology review?

A. 	The review confirmed that sound encryption technology is 
needed to help ensure that digital information in both computer 
and telecommunications systems is protected against unauthorized 
disclosure or tampering. It also verified the importance of 
preserving the ability of law enforcement to understand encrypted 
communications when conducting authorized wiretaps. Key escrow 
technology meets these objectives.

Specific decisions were made to enable federal agencies and the 
private sector to use the key escrow technology on a voluntary 
basis and to allow the export of key escrow encryption products.

In addition, the Department of State will streamline export 
licensing procedures for products that can be exported under 
current regulations in order to help U.S. companies to sell their 
products abroad.

To meet the critical need for ways to verify the author and sender 
of an electronic message -- something that is crucial to business 
applications for the National Information Infrastructure -- the 
federal government is committed to ensuring the availability of a 
royalty-free, public-domain Digital Signature Standard.

Finally, an interagency working group has been established to 
continue to address these issues and to maintain a dialogue with 
industry and public interest groups.

Q. 	 Who has been consulted during this review? The Congress? 
Industry? What mechanism is there for continuing consultation?

A.	 Following the President's directive announced on April 16, 
1993, extensive discussions have been held with Congress, 
industry, and privacy rights groups on encryption issues. Formal 
public comment was solicited on the Escrowed Encryption Standard 
and on a wide variety of issues related to the review through the 
Computer System Security and Privacy Advisory Board.

The White House Office of Science and Technology Policy and the 
National Security Council will chair the interagency working 
group. The group will seek input from the private sector both 
informally and through several existing advisory committees. It 
also will work closely with the Information Policy Committee of 
the Information Infrastructure Task Force, which is responsible 
for coordinating Administration telecommunications and information 
policy.

Q. 	If national security and law enforcement interests require 
continued export controls of encryption, what specific benefits 
can U.S. encryption manufacturers expect?

A.	The reforms will simplify encryption product export licensing 
and speed the review of encryption product exports. Among other 
benefits, manufacturers should see expedited delivery of products, 
reduced shipping and reporting costs, and fewer individual license 
requests -- especially for small businesses that cannot afford 
international distributors. A personal exemption for business 
travellers using encryption products will eliminate delays and 
inconvenience when they want to take encryption products out of 
the U.S. temporarily.

Q.	Why is the key escrow standard being adopted?

A.	The key escrow mechanism will provide Americans and 
government agencies with encryption products that are more secure, 
more convenient, and less expensive than others readily available 
today -- while at the same time meeting the legitimate needs of 
law enforcement.

Q. 	Will the standard be mandatory?

A. 	No. The Administration has repeatedly stressed that the key 
escrow technology, and this standard, is for voluntary use by 
federal and other government agencies and by the private sector. 
The standard that is being issued only applies to federal agencies 
-- and it is voluntary.

Does this approach expand the authority of government agencies to 
listen in on phone conversations?

No Key escrow technology provides government agencies with no 
[sic] new authorities to access the content of the private 
conversations of Americans.

Q.	Will the devices be exportable? Will other devices that use 
the government hardware?

A.	Yes. After an initial review of the product, the State 
Department will permit the export of devices incorporating key 
escrow technology to most end users. One of the attractions of 
this technology is the protection it can give to U.S. companies 
operating at home and abroad.

Q.	Suppose a law enforcement agency is conducting a wiretap on a 
drug smuggling ring and intercepts a conversation encrypted using 
the device. What would they have to do to decipher the message?

A.	They would have to obtain legal authorization, normally a 
court order, to do the wiretap in the first place. They would then 
present documentation, including a certification of this 
authorization, to the two entities responsible for safeguarding 
the keys. (The key is split into component parts, which are stored 
separately in order to ensure the security of the key escrow 
system.) They then obtain the components for the keys for the 
device being used by the drug smugglers. The components are then 
combined and the message can be read.

Q.	Who will hold the escrowed keys?

A.	The Attorney General has selected two U.S. agencies to hold 
the escrowed key components: the Treasury Department's Automated 
Systems Division and the Commerce Department's National Institute 
of Standards and Technology.

Q.	How strong is the security in the device? How can I be sure 
how strong the security is?

A.	This system is more secure than many other voice encryption 
system readily available today. While the algorithm upon which the 
Escrowed Encryption Standard is based will remain classified to 
protect the security of the system, an independent panel of 
cryptography experts found that the algorithm provides significant 
protection. In fact, the panel concluded that it will be 36 years 
until the cost of breaking the algorithm will be equal to the cost 
of breaking the current Data Encryption Standard now being used.

Q.	Is there a "trap door" that would allow unauthorized access 
to the keys?

A.	No. There is no trapdoor.

Q.	Whose decision was it to propose this product?

A.	The National Security Council, the Justice Department, the 
Commerce Department, and other key agencies were involved in this 
decision. The approach has been endorsed by the President, the 
Vice President, and appropriate Cabinet officials.