Commerce Undersecretary William Reinsch defends the govern?==?iso-8859-1?Q?ments encryption policy
nospam at freedom.net
nospam at freedom.net
Thu Oct 15 10:19:43 PDT 1998
I especially like the part about DEEPCRACK and how because EFF knew that the
message was in English that it doesn't really prove that the FBI can break
56bit DES encryption.
---------------------------------------------------
http://www.infosecuritymag.com/sept/q%26a.htm
Q & A WITH WILLIAM REINSCH
Cryptos Key Man
Commerce Undersecretary William Reinsch defends the governments
encryption export
policyeven though it puts him "in the hot seat."
BY ANDY BRINEY
Q: How would you characterize current U.S. cryptographic export policies?
A: The President has consistently articulated a policy of balancebetween
privacy, electronic commerce, law
enforcement and national security. We believe all four elements are
important, and were trying to produce a policy
that takes all of them into account.
But is it really possible to balance all these issues at the same time?
We think so. Im not sure the industry agrees with us, and its not easy.
The privacy issues involved have been
discussed for 50 years in debates about wiretaps and law enforcement devices
for intercepting phone conversations.
Encryption poses some of the same issues: privacy vs. law enforcement. The
country has come to terms with
wiretaps over the years, and people still use phoneseven though, with
proper court orders, theres the possibility
that law enforcement could be listening in. We think well be able to arrive
at the same common public
understanding with encryption. But theres no question that getting there
will be difficult.
What kind of time frame are we looking at? Is the administration looking at
releasing a "final" crypto export policy
within the next three months? Six months? A year?
The policy I articulatedone of balanceis based on implementations in the
marketplace. We expect the market to
develop the products we like, and we expect that there will be a demand for
the products.
We want to work through the market. What that means is, if the market turns
in unexpected directions, we have to
be ready to re-evaluate our policy. So I dont think youre going to see a
"final" versionever. As long as the
market moves and changes, our policy will be tweaked to accommodate whats
happening.
In the short run, however, the policy we are currently operating under
expires January 1. Weve told industry we
expect to revisit that policy this fall, and make judgments about whats
going to happen after January 1. So weve
committed to trying to come out with the next update, hopefully by Labor
Day, although my expectation is it may
take a little longer than that.
Can you be more explicit about what this policy might entail?
No. Because were not there yet.
What has been the industrys reaction to current policy?
Industry has been quite active, particularly with submitting key-recovery
plans. We provide more liberalized export
controls for companies that provide plans by which they will build
key-recovery products. Weve approved some 55
plans nowwith a few more pending.
I dont think theyre doing it just because the government asked them to;
theyre doing it because they see a market.
In addition, in the spring the FBI and the Justice Department asked
companies to come in to see if a technical
solution could be found to deal with these issues. Companies have done that,
too.
At the same time, of all the economic sectors in the country, this ones
moving the fastest. Theres a real danger
that, if we cant get our policy together and out there in the marketplace
soon, we could be overtaken by events
overseas.
Recently, a panel was charged with developing a Federal Information
Processing Standard (FIPS). One of this
groups directives was to design a federal computer security system that
includes back doorswhich they failed to
do. Whats next for this panel, and for this issue?
My understanding is that, at the request of a majority of the panels
members, the Secretary [of Commerce] has
extended their charter to the end of the year. The Secretary received a
letter from the panel in which the majority
felt they would be able to complete their work with additional time.
However, they also said they werent entirely
confident that at the end of the day it would be unanimous product.
Even if it were possible to do key escrow on the scale the government is
asking, would anyone willingly buy such a
product knowing that stronger encryption products without back doors are
available? To prevent this, wouldnt it be
necessary to criminalize the domestic possession of stronger crypto?
First of all, we havent supported the latter. Second, I think you need to
look at this problem in pieces, not as a
unitary problem. The pieces are: stored data, data in transit (such as
e-mail) and voice communications. I would
argue that with the first two
of those pieces, theres going to be substantial demand in the market for
the kinds of products that are helpful from
our standpoint.
For stored data, we see a demand for key recoverywere not using the term
"key escrow" much anymore.
Particularly in business and financial institutions, theres a demand for
recovery products, because people want to be
able to access employees data in the event of accidents or other such
things.
As for e-mail, the most significant development there was the announcement
nine companies made in early July.
Each of these companies submitted an application for a so-called "door bell"
technology, which connotes a variety of
means of recovery at the server level.
What we see developing here is growing use of network encryptionas opposed
to encryption at the PCfor
secure transmission of messages. Employers will want that, for employee
control purposes. From the standpoint of
law enforcement, thats a happy development, because it creates two "third
point" locationsthe senders server
and the recipients serverthat are physically separate from the sender and
recipient of the message. These points
are often controlled by third parties, namely contractors running the
system. So, with the proper court order, law
enforcement could go to those third points and obtain plain-text access.
What was your reaction to the Electronic Frontier Foundations cracking of
DES in July?
I think you have to contrast that situation, which was reasonably
artificial, with the reality of law enforcement. In
this case, it took a decent amount of resources to crack a specific message
that, I believe, the people doing the
crack knew was in English, and knew was one message.
Now, if youre the FBI, think about that. From their standpoint, were
talking about traffic that isnt so easily
identifiable. It might be a long stream of encrypted material that theyre
trying to intercept in real time; they dont
necessarily know what language its in; they dont necessarily know what
part of the message is of interest to them;
and they dont know whether its words or text or graphics or what it might
be. Telling the FBI that, under those
circumstances, you can buy an expensive computer and crack one message in 56
hoursthats not a lot of comfort
to the FBI. And it doesnt seem to me that it should make anybody in the
private sector nervous about the security
of 56-bit products. If thats the best were going to get56 hours for a
single message decrypted by equipment
most people dont have and arent ever going to havethat doesnt exactly
mean that its an unsecured product.
But it does illustrate a trend. As time passes, its taking fewer and fewer
resources and less and less time to crack
the same algorithm. In 1997, it took three months. In February, it took 39
days. Now, its one $250,000 computer and
56 hours. Whos to say in two more months it wont be cracked in an even
shorter amount of time with even fewer
resources?
You can project that curve, and maybe youll be right. The immediate effect
of that is that its going to accelerate a
trend thats already begun anyway, which is toward 128-bit products. I think
thats a trend that would have occurred
regardless of this particular event.
The technical people Ive talked to say that once you get beyond 90 or 100
bits, it doesnt make all that much
difference because youre talking about brute-force cracking times that are
beyond any real time that you can
imagine. Obviously, the faster you can crack 56 bits, the faster you can
crack 90 or 100. But since each successive
bit doubles your time, by the time you get to 90, I think youre into
thousands of years...
But the question is, assuming that 90 is safe, wouldnt it then be prudent
to have a policy that allows uniform export
of 90-bit products without special dispensation?
I dont think we expect to set bit-length requirements. We believe in the
marketplace deciding what is secure and
what is not. The government is not going to say that 90 is good or 128 is
good
But right now its saying 56 is sufficient.
No, the government is saying that 56 can be exported under certain
circumstances. What the government has also
said is that if its a key-recovery product, it can be exported with any bit
length without constraint. And thats what
we would prefer to focus onto tell people, if youre product has recovery
features, bit length doesnt matter.
Thats the incentive.
What happens if a key-recovery standard cannot be agreed upon? Is there a
fallback plan?
We are doing everything we can to encourage people to find it acceptable and
to get the market to move in that
direction. We think thats whats happening. So I dont think weve
developed a Plan B in that sense.
Can you discuss progress on the Advanced Encryption Standard (AES)?
No. Im not particularly involved in that. I think you need to talk to some
NIST or NSA people about that.
ALSO
Q: You seem to be the governments point man on encryption policy issues. Is
that a function of your office, your
background, or what?
A: "Designated victim" is the term we use [laughs]. Actually, its a
function of the office. An integral component of
our policy involves export controls, and the BXA [Bureau of Export
Administration] administers export controls of
dual-use items for the government. So I end up in the hot seat.
EDITORS NOTE: Next month, Bruce Schneier, author of the definitive text
Applied Cryptography, will respond to
Undersecretary Reinschs comments in a special Word in Edgewise article.
More information about the Testlist
mailing list