Boosting cryptography's role in security.The U.S. State Department has regulations restricting the export of cryptographic software. Applying these rules, however, can lead to contradictory actions. In 1994, officials ruled that a cryptography textbook that contained complete computer programs for several strong cryptographic schemes was freely exportable. Yet, when the same programs were put on a computer diskette The official name for the floppy disk. See floppy disk. diskette - floppy disk , the department argued that the diskette qualified as a "defense article" and required a special license for export. These rulings were obtained by Philip R. Karn Jr., a network engineer who works for Qualcomm in San Diego, to test the regulations governing the export of cryptographic technology. Karn's appeal of the decisions remains mired mire n. 1. An area of wet, soggy, muddy ground; a bog. 2. Deep slimy soil or mud. 3. A disadvantageous or difficult condition or situation: the mire of poverty. v. in the courts. Last week, a panel of the National Research Council released a report, "Cryptography's Role in Securing the Information Society," to highlight the importance of cryptography for the future of information technology and to point out shortcomings A shortcoming is a character flaw. Shortcomings may also be:
Representing a wide range of interests, the 16-member panel recognized a tremendous and widespread need for technology to encrypt electronic information, making it easier to protect financial data, telecommunications networks, and other assets other assets Assets of relatively small value. For financial reporting purposes, firms frequently combine small assets into a single category rather than listing each item separately. from crime and terrorism. Such technology could also provide greater privacy for individuals and boost the competitiveness of U.S. companies in international markets, the panel argued. "Current [government] policy discourages the use of cryptography," says panel chair Kenneth W. Dam Kenneth W. Dam (born 1932) served as Deputy Secretary of the Treasury (the second highest official in the United States Department of the Treasury) from 2001 to 2003, where he specialized in international economic development. of the University of Chicago Law School The University of Chicago Law School, having recently celebrated its centennial in the 2002-2003 school year, has established itself as a high profile part of the University of Chicago. . The panel members strongly endorsed the idea that no law should restrict the manufacture, sale, or use of any form of encryption within the United States. It recommended progressively relaxing, though not eliminating, export controls on encryption technology. Products incorporating a highly regarded cryptographic scheme known as the Data Encryption Standard See DES. Data Encryption Standard - (DES) The NBS's popular, standard encryption algorithm. It is a product cipher that operates on 64-bit blocks of data, using a 56-bit key. It is defined in FIPS 46-1 (1988) (which supersedes FIPS 46 (1977)). should be easier to export, the panel suggested. One effect of such a change would be to encourage U.S. companies to include this high level of cryptographic security in their products. Congress is already considering legislation to relax export controls. Even if the U.S. government heeds the suggestion, however, it may still be too little, too late, says Jim Bidzos of RSA (1) (Rural Service Area) See MSA. (2) (Rivest-Shamir-Adleman) A highly secure cryptography method by RSA Security, Inc., Bedford, MA (www.rsa.com), a division of EMC Corporation since 2006. It uses a two-part key. Data Security in Redwood City, Calif. One Japanese company is already producing and selling throughout the world computer chips that offer considerably stronger cryptographic security than the Data Encryption Standard, he remarks. U.S. companies are currently shut out of this market. The panel also concluded that the government plan to introduce so-called escrowed encryption is "relatively untried and entails its own potential risks." In this scheme, a third party (in addition to the message recipient) holds the digital keys required to unlock encrypted information (SN: 8/28/93, p. 394; 2/12/94, p. 100). Such an approach is attractive to law enforcement and national security agencies because with a court order they could obtain the relevant key from the third party and decipher the otherwise incomprehensible data. "The NRC NRC abbr. 1. National Research Council 2. Nuclear Regulatory Commission Noun 1. NRC - an independent federal agency created in 1974 to license and regulate nuclear power plants report is a very valuable contribution to this debate," says Bruce McConnell of the Office of Management and Budget The Office of Management and Budget (OMB), formerly the Bureau of the Budget, is an agency of the federal government that evaluates, formulates, and coordinates management procedures and program objectives within and among departments and agencies of the Executive Branch. and cochair of the interagency working group on cryptography policy. The report recognizes that a balance must be struck between computer security and concerns about national security and law enforcement. "Where we differ is in exactly how you achieve that balance," he notes. "In the past, government officials have tended to treat many aspects of cryptography policy as top secret," Dam says. Most of the panel members had access to this classified information, and they concluded that such knowledge isn't essential for an informed public debate on cryptographic issues. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion