Cryptography's Role in Securing the Information Society (1996) / Chapter Skim
Currently Skimming:
Policy Options for the Future
Policy Options for the Future
Pages 249-292
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 249... ...
The committee's judgments about appropriate policy options are discussed in Chapter 8. 7.1 EXPORT CONTROL OPTIONS FOR CRYPTOGRAPHY 7.1.1 Dimensions of Choice for Controlling the Export of Cryptography An export control regime -- a set of laws and regulations governing what may or may not be exported under any specified set of circumstances -- has many dimensions that can be considered independently.
|
From page 250... ...
Many different types of products can incorporate encryption capabilities. Products can be distinguished by medium (e.g., hardware vs.
|
From page 251... ...
on cryptography is a proposal that goes beyond most made to date, although certainly such a position has advocates. If export controls on cryptography were completely eliminated, it is possible that within a short time most information technology products exported from the United States would have encryption capabilities.
|
From page 252... ...
operations and agree to cooperate on restrictions. Transactional Products with encryption capabilities require government agency licensing Appropriate when product is licensing for export to a particular country or country group.
|
From page 253... ...
Hypothetical example: requirement inappropriate export control imposed on vendors of products with encryption capabilities to notify the measure because exporter U.S. government prior to shipping product overseas.
|
From page 254... ...
and accepted by the committee, the complete elimination of export controls on products with encryption capabilities does not seem reasonable in the short term. Whether export controls will remain feasible and efficacious in the long term has yet to be seen, although clearly, maintaining even their current level of effectiveness will become increasingly difficult.
|
From page 255... ...
Compared to the USML, they argued that the CCL is a more balanced regime that still has considerable effectiveness in limiting exports to target destinations and end users. On the other hand, national security officials regard the broad authorities of the Arms Export Control Act (AECA)
|
From page 256... ...
7.1.5 Nation-by-Nation Relaxation of Controls and Harmonization of U.S. Export Control Policy on Cryptography with Export/Import Policies of Other Nations The United States could give liberal export consideration to products with encryption capabilities intended for sale to recipients in a select set of nations;7 exports to nations outside this set would be restricted.
|
From page 257... ...
vendors of information technology products with encryption capabilities might be faced with the need to conform to a multiplicity of import control regimes established by different nations. 7.1.6 Liberal Export for Strong Cryptography with Weak Defaults An export control regime could grant liberal export consideration to products with encryption capabilities designed in such a way that the defaults for usage result in weak or nonexistent encryption (Box 7.1)
|
From page 258... ...
. End users that obtain their products with encryption capabilities on the retail store market are the most likely to be affected by this proposal, but such users constitute a relatively small part of the overall market.
|
From page 259... ...
The reason is that strong cryptographic capabilities could be deployed on a vast scale if U.S. vendors exported applications supporting a common CAPI and a foreign vendor then marketed an add-in module with strong encryption capabilities.9 To meet the goals of less restrictive export controls, liberal export consideration could be given to products that incorporate a CAPI designed so that only "certified" cryptographic modules could be incorporated into and used by the application.
|
From page 260... ...
• Applications that use Windows NT or Windows '95 for cryptographic services should not be subject to export control regulations on cryptography. At the time of this writing, Microsoft is seeking an advisory opinion to this effect so that applications vendors do not need to submit a request for a CJ cryptography licensing decision.
|
From page 261... ...
The cryptography vendors would be responsible for dealing with the export and import controls of various countries, leaving e-mail application vendors to export freely anywhere in the world. Capabilities such as escrowed encryption could be supported within the cryptography module itself, freeing the applications or system vendor from most technical, operational, and political issues related to export control.
|
From page 262... ...
cryptography can be enabled, whereas an escrowable product is one that provides full cryptographic functionality that includes optional escrow features for the user. The user of an escrowable product can choose whether or not to escrow the relevant keys, but regardless of the choice, the product still provides its full suite of encryption capabilities.11 Liberal export consideration for escrowable products could be granted and incentives promulgated to encourage the use of escrow features.
|
From page 263... ...
escrowed encryption products to use U.S. escrow agents until formal agreements can be negotiated that specify the responsibilities of foreign escrow agents to the United States for law enforcement and national security purposes.
|
From page 264... ...
However, they are different in that differential work factor cryptography does not require user interaction with an escrow agent, and so it can offer strong cryptography "out of the box." Partial key escrow offers all of the strengths and weaknesses of escrowed encryption, including the requirement that the enabling of strong cryptography does require interaction with an escrow agent. 7.1.11 Separation of Cryptography from Other Items on the U.S.
|
From page 265... ...
Its primary impact would be to eliminate the commercial supply of unescrowed products with encryption capabilities -- vendors without a market would most likely not produce or distribute such products, thus limiting access of criminals to unescrowed encryption and increasing the inconvenience of evading a prohibition on the use of unescrowed encryption. At the same time, such a prohibition would leave law-abiding users with strong concerns about the confidentiality of their information being subject to procedures beyond their control.
|
From page 266... ...
With such an infrastructure in place, critics argue that a simple policy change might be able to transform a comparatively benign deployment of technology into an oppressive one. For example, critics of the Clipper proposal were concerned about the possibility that a secure telephone system with government exceptional access capabilities could, under a strictly voluntary program to encourage its purchase and use, achieve moderate market penetration.
|
From page 267... ...
. Ironically, former NSA Director Bobby Inman's comments on scientific research appeared in an article that called for greater cooperation between academic scientists and national security authorities and used as a model of cooperation an arrangement, recommended by the Public Cryptography Study Group, that has worked generally well in balancing the needs of academic science and those of na
|
From page 268... ...
Technical Issues Even if a legislative prohibition on the use of unescrowed encryption were enacted, it would be technically easy for parties with special needs for security to circumvent such a ban. In some cases, circumvention would be explicitly illegal, while in others it might well be entirely legal.
|
From page 269... ...
Such remote storage could occur quite legally even with a ban on the use of unescrowed encryption. • Demonstrating that a given communication or data file is "encrypted" is fraught with ambiguities arising from the many different possibilities for sending information: -- An individual might use an obscure data format.
|
From page 270... ...
Given so many different ways to subvert a ban on the use of unescrowed cryptography, emergence of a dedicated subculture is likely in which the nonconformists would use coding schemes or unescrowed cryptography impenetrable to all outsiders. 21A discussion of using text compression for confidentiality purposes can be found in Ian Whitten and John Cleary, "On the Privacy Afforded by Adaptive Text Compression," Computers and Security, July 1988, Volume 7(4)
|
From page 271... ...
The government would have to show that the public interests were jeopardized by a world of unrestrained availability of encryption, and these interests would have to be weighed against the free speech interests sacrificed by the ban. It would also be significant to know what alternative 24Existing unescrowed encryption products could be kept in place if end users could be made to comply with a prohibition on the use of such products.
|
From page 272... ...
Only in a policy regime of voluntary compliance can users decide how to make that trade-off. A legislative prohibition on the use or sale of unescrowed encryption would be a clear statement that law enforcement needs for exceptional access to information clearly outweigh user interests in having maximum possible protection 25For a view arguing that relevant Fourth and Fifth Amendment issues would be resolved against a constitutionality of such a prohibition, see Michael Froomkin, "The Metaphor Is the Key: Cryptography, The Clipper Chip and the Constitution," University of Pennsylvania Law Review, Volume 143(3)
|
From page 273... ...
For example, if and when encryption capabilities are integrated seamlessly into applications and are invoked automatically without effort on the part
|
From page 274... ...
Agents should consider whether the suspect or someone else will provide the password if requested."27 Moreover, product designs intended to facilitate exceptional access can include alternatives with different strengths and weaknesses such as link encryption, weak encryption, hidden back doors, and translucent cryptography. Link Encryption With link encryption, which applies only to communications and stands in contrast to end-to-end encryption (Box 7.4)
|
From page 275... ...
TABLE 7.2 Comparison of End-to-End and Link Encryption End-to-End Encryption Link Encryption Controlling party User Link provider Suitable traffic Most suitable for encryption Facilitates bulk encryp of individual messages tion of data Potential leaks of Only at transmitting and At either end of the link, plaintext receiving stations which may not be within the user's secur ity perimeter Point of responsibility User must take responsibility Link provider takes re sponsibility end-to-end encryption, which protects sensitive information from the moment it leaves party A to the moment it arrives at party B However, from the standpoint of law enforcement, link encryption facilitates legally authorized intercepts, because the traffic of interest can always be obtained from one of the nodes in which the traffic is unencrypted.
|
From page 276... ...
Back doors may be open or hidden. An open back door is one whose existence is announced publicly; an example is an escrowed encryption system, which everyone knows is designed to allow exceptional access.29 By its 28Moore's law is an empirical observation that the cost of computation drops by a factor of two approximately every 18 months.
|
From page 277... ...
For example, a database application that provides strong access control and requires authorization for access to its data files but is implemented on an operating system that allows users to view those files without going through the database application does not provide strong confidentiality. Such an application may well have its data files encrypted for confidentiality.
|
From page 278... ...
Note that in contrast to escrowed encryption, translucent cryptography requires no permanent escrowing of unit keys, although it renders access indeterminate and probabilistic. 7.2.4 Network-based Encryption Security for Voice Communications In principle, secure telephony can be made the responsibility of telephone service providers.
|
From page 279... ...
. Link encryption would leave the user vulnerable to eavesdropping at a point between the end-user device and the first switching office.
|
From page 280... ...
The second is that digital communications are relatively easy to encrypt. Security for Data Communications The body responsible for determining technical standards for Internet communications, the Internet Engineering Task Force, has developed standards for the Internet Protocol (version 6, also known as IPv6)
|
From page 281... ...
Specifically, a proposal by the JASON study group suggests that efforts to install features for exceptional access should focus on secure voice communications, while leaving to market forces the evolution of secure data communications and storage.34 This proposal rests on the following propositions: • Telephony, as it is experienced by the end user, is a relatively mature and stable technology, compared to data communications services that evolve much more rapidly. Many people -- perhaps the majority of the population -- will continue to use devices that closely resemble the telephones of today, and many more people are familiar with telephones than are familiar with computers or the Internet.
|
From page 282... ...
A similar perception of Internet security does not obtain today, and thus the demand for highly secure data communications is likely to be relatively greater and should not be the subject of government interference. Under the JASON proposal, attempts to influence the inclusion of escrow features could affect only the hardware devices that characterize telephony today (e.g., a dedicated fax device, an ordinary telephone)
|
From page 283... ...
, but the technology used to handle the call is entirely different. Alternatively, a computer connected to a data network can be converted into the functional equivalent of a telephone.36 Some on-line service providers will be offering voice communications capability in the near future, and the Internet itself can be used today to transport realtime voice and even video communications, albeit with relatively low fidelity and reliability but also at very low cost.37 Before these modalities 35Note, however, that the difficulty of searching for a given piece of information does depend on whether it is voice or text.
|
From page 284... ...
, interactions at the physical layer can be quite naturally regarded as being in the domain of "voice." But interactions at higher layers in the stack are more commonly associated with "data." Acknowledging these difficulties, the JASON study concluded that limiting efforts to promote escrowed encryption products to those associated with voice communications had two important virtues. First, it would help to preserve law enforcement needs for access to a communications mode -- namely telephony -- that is widely regarded as important to law enforcement.
|
From page 285... ...
Such a facility would receive EES-encrypted traffic forwarded by law enforcement authorities and accompanied by appropriate legal authorization. Keys would be made available by the escrow agents to the facility rather than to the law enforcement authorities themselves, and the plaintext would be returned to the requesting authorities.
|
From page 286... ...
government for a society that will need better information security. Appendix M describes two other issues that relate but are not central to the current debate over cryptography policy: digital cash and the use of cryptography to protect intellectual property.
|
From page 287... ...
Under such circumstances, it makes no sense at all for the information security manager to choose weak encryption.
|
From page 288... ...
, the economic burden of building and using such a machine would be significant for most individuals and organizations. Criminal organizations would have to support an infrastructure for cracking DES through brute-force search clandestinely, to avoid being targeted and infiltrated by law enforcement officials.
|
From page 289... ...
Government for Better Information Security on a National Basis As noted in Chapter 6, no organization or entity within the federal government has the responsibility for promoting information security in the private sector or for coordinating information security efforts between government and nongovernment parties. NIST is responsible for setting Federal Information Processing Standards, and from time to time the private sector adopts these standards, but NIST has authority for information security only in unclassified government information systems.
|
From page 290... ...
• Setting de jure standards for information security. As noted above, the NIST charter prevents it from giving much weight to commercial or private sector needs in the formulation of Federal Information Processing Standards if those needs conflict with those of the federal government, even when such standards affect practice in the private sector.
|
From page 291... ...
It might also be desirable to give specific responsibility for the initiation and coordination of policy to a Counselor to the President for Domestic Informa 45Cross-Industry Working Team, A Process for Information Security Technology: An XIWT Report on Industry-Government Cooperation for Effective Public Policy, March 1995. Available from Corporation for National Research Initiatives, Reston, Va., or on-line at http:// www.cnri.reston.va.us.
|
From page 292... ...
. Operationally, a single agency could have responsibility for standards setting, certification of escrow agents, approval of certificate holders for authentication purposes, public education on information security, definition of "best practices," management of cryptography on the Commerce Control List, and so on.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.