Decoding encryption policy.
When security managers ask experts how best to protect a company's computerized information, especially when it is sent across open networks, they are likely to be told to encrypt it. But the need for security in the information age has run up against concerns for public safety and national security. Just as encryption can protect privacy and prevent the theft of proprietary data, it can be a powerful weapon in the hands of terrorists, drug dealers, and others who may use it to conceal their activities and thwart investigations.
For more than two years, the Years, The
the seven decades of Eleanor Pargiter’s life. [Br. Lit.: Benét, 1109]
See : Time government has been working with industry to hammer out an approach that would promote the use of strong encryption An encryption method that uses a very large number as its cryptographic key. The larger the key, the longer it takes to unlawfully break the code. Today, 256 bits is considered strong encryption. As computers become faster, the length of the key must be increased. without denying legitimate government access. While there are still unresolved issues, it now appears that progress is being made toward a policy that addresses the needs of both business and the government.
Current law defines encryption programs as munitions mu·ni·tion
War materiel, especially weapons and ammunition. Often used in the plural.
tr.v. mu·ni·tioned, mu·ni·tion·ing, mu·ni·tions
To supply with munitions. , which cannot be exported without a license. Businesses object that the rules make it more difficult for them to obtain strong encryption to protect international communications, and U.S. manufacturers of computer products say it puts them at a competitive disadvantage in the global marketplace. The government's Clipper Chip offered strong, exportable encryption, but it met with considerable opposition on three accounts: its encryption algorithm A formula used to turn ordinary data, or "plaintext," into a secret code known as "ciphertext." Each algorithm uses a string of bits known as a "key" to perform the calculations. The larger the key (the more bits), the greater the number of potential patterns can be created, thus making was classified, it required special hardware, and the government held a backdoor See trapdoor. key to every chip.
The most recent discussions center around a new proposal from the Clinton administration Noun 1. Clinton administration - the executive under President Clinton
executive - persons who administer the law . First issued on August 17, then refined and released for comment on November 6, the proposal is expected to be implemented in early 1996. It would allow the general export of software encryption products with unclassified un·clas·si·fied
1. Not placed or included in a class or category: unclassified mail.
2. algorithms provided the products meet two criteria: (1) the key size is no more than sixty-four-bit keys and (2) there is an acceptable key escrow In cryptography, placing a secret key into the hands of a trusted third party. See key management.
(security) key escrow - A controversial arrangement where the keys needed to decrypt encrypted data must be held in escrow by a third party so that government agencies can mechanism, including the use of approved key escrow agents.
According to according to
1. As stated or indicated by; on the authority of: according to historians.
2. In keeping with: according to instructions.
3. the proposal, encryption keys would be held by trusted parties within the private sector rather than by government agencies. While some private sector objections remain (based on opposition to the very idea of government access to an escrowed key as well as continued concerns over the restrictions on key length), the new proposal represents a major step forward in national encryption policy with potential benefits to businesses, individuals, and the government.
Key length. Under current export policy, software encryption products with keys longer than forty bits are not generally exportable and are considered on a case-by-case basis following review by the Department of State. The vendor must apply for a separate license for each customer. By comparison, products with key lengths not exceeding forty bits can be readily exported under general licenses administered by the Department of Commerce. Consequently, many products developed by U.S. companies for the international market use forty-bit keys.
The longer the key, the harder it is for a hacker to break the code. For many applications, forty-bit keys provide adequate protection. However, they are not foolproof. In the summer of 1995, a French student cracked a forty-bit key in eight days using 120 workstations and a few supercomputers. The key gave him access to a dummy purchase order that had been encrypted with the overseas version of a popular program for browsing the World Wide Web. Even though a substantial investment of resources was required just to crack a single message, many potential users regard the incident as indication that forty-bit keys are unacceptable.
As a result, some U.S. companies complain that they have lost sales to foreign competitors who are able to provide stronger encryption, including the Data Encryption Standard See DES.
Data Encryption Standard - (DES) The NBS's popular, standard encryption algorithm. It is a product cipher that operates on 64-bit blocks of data, using a 56-bit key. It is defined in FIPS 46-1 (1988) (which supersedes FIPS 46 (1977)). CDES CDES CDS (Combat Direction System) Development & Evaluation Site
CDES Centre de Droit et d’Économie du Sport (French)
CDES Comité Départemental d'Éducation pour la Santé (French) ), which uses fifty-six-bit keys. They cite the widespread availability of products using DES and other encryption algorithms worldwide as evidence that export controls limit U.S. companies' competitiveness in the global market. As of June 1995, Trusted Information Systems Trusted Information Systems (TIS) was a computer security research and development organization during the 1980s and 1990s, performing computer security research for organizations such as NSA, DARPA, ARL, AFRL, SPAWAR, and others. of Glenwood, Maryland, had identified 455 encryption products from 27 countries, 179 of which used DES. In some cases, software vendors have built separate product lines for domestic and foreign sales to meet the demands of U.S. customers for DES or better encryption.
The proposed liberalization lib·er·al·ize
v. lib·er·al·ized, lib·er·al·iz·ing, lib·er·al·iz·es
To make liberal or more liberal: "Our standards of private conduct have been greatly liberalized . . . of export controls would allow a vendor to develop a single product line for both domestic and international sales, using software or hardware implementations of DES or stronger sixty-four-bit algorithms. This step should help integrate strong encryption into network and applications software, thereby making it cheaper and easier for businesses to encrypt their electronic transactions and proprietary data. If strong algorithms can be implemented in both domestic and international products, businesses will be able to communicate securely with customers, suppliers, partners, investors, and subsidiaries throughout the world.
Exportable products will be allowed to use keys up to sixty-four-bits long, but they must not provide multiple encryption modes that increase the key length. For example, the criteria will allow the use of DES, but not double or triple-DES, which uses two keys that equal 112 bits or three keys that equal 168 bits.
Sixty-four bits might not sound like much more than forty, but each bit doubles the number of possible keys and thus the effort required to crack a key. The additional twenty-four bits provides security that is about 17 million times stronger than a forty-bit key. It would have taken the French student 136 million days -- or about 2 billion computers in eight days -- to crack a single sixty-four-bit key. At the current rate of technological advancement, it will be several decades before the French student could break a sixty-four-bit key in eight days with updated computers. Sixty-four bits is likely to provide a high level of security for at least the next twenty years TWENTY YEARS. The lapse of twenty years raises a presumption of certain facts, and after such a time, the party against whom the presumption has been raised, will be required to prove a negative to establish his rights.
If a company sends out numerous messages per day, each encrypted with a different key, the task of an adversary who must attempt to break all keys with the hope of finding some message worth reading becomes all the more impractical. For the near term, DES combined with key escrow can provide strong security while being available in exportable software products. For the longer term, DES, which is now about twenty years old, can be replaced with a sixty-four-bit algorithm.
Algorithms. At the heart of any encryption scheme is the algorithm -- a sequence of mathematical steps that are used to s cramble the bits of information into gibberish. The government's Clipper Chip was criticized, in part, for using a classified algorithm (Skipjack skipjack: see herring.
(cryptography) SkipJack - An encryption algorithm created by the NSA (National Security Agency) which encrypts 64-bit blocks of data with an 80-bit key. ). The objections were twofold: the algorithm was not open to public scrutiny, and special hardware was required in order to protect the classified code.
The November proposal addresses these concerns by allowing for unclassified algorithms and software implementations. The proposal does not, however, prohibit the use of either hardware or classified algorithms in exportable products.
The advantage of hardware is that it generally offers greater security than software. In addition, it can better protect against tampering that would disable or circumvent the key escrow mechanism. For this reason, hardware devices that implement key escrow might be approved for export with even longer keys. The Fortezza Card (see box), for example, uses the Skipjack algorithm A symmetric cryptographic algorithm developed by the U.S. National Security Agency (NSA). It is used in the Department of Commerce's Escrowed Encryption Standard (EES), which was embodied in the CLIPPER chip. , which has eighty-bit keys.
Key escrow. The keys to the government's Clipper Chip are held by two government entities. Industry asked for private sector escrow agents, and the November proposal satisfies that request. The government is currently considering conditions under which some organizations could hold their own keys.
Under the November proposal, products must be designed to resist alterations that would circumvent or disable the key escrow mechanism. The escrowed encryption functions must operate only with escrowed functions in other products. They must not operate with products whose key escrow features have been altered or disabled.
To qualify for general export under the November proposal, an encryption product must also provide an acceptable key escrow mechanism. A vendor with a candidate product would submit the product to the Department of State for review. If it is determined that the product meets the criteria for export, it would be transferred to the Commodity Control List (CCL 1. CCL - Coral Common LISP.
2. CCL - Computer Control Language. English-like query language based on COLINGO, for IBM 1401 and IBM 1410. ), administered by the Department of Commerce, where it would be exportable under a general license.
The export criteria are intended to ensure that the government can, when lawfully authorized, readily access keys and decrypt To convert secretly coded data (encrypted data) back into its original form. Contrast with encrypt. See plaintext and cryptography. intercepted communications and stored information in a timely manner. Products must include information in the encrypted text that identifies the escrow agents and the particular keys needed for decryption (cryptography) decryption - Any procedure used in cryptography to convert ciphertext (encrypted data) into plaintext. . Keys must be held by escrow agents certified by the U.S. government or by foreign governments with which the U.S. government has formal agreements.
At a meeting held at the National Institute of Standards and Technology National Institute of Standards and Technology, governmental agency within the U.S. Dept. of Commerce with the mission of "working with industry to develop and apply technology, measurements, and standards" in the national interest. on December 5, the government distributed draft criteria for key escrow agents. These criteria address requirements for escrow system integrity and security and for key access.
Escrow agents will be required to ensure the confidentiality, integrity, and availability of key-escrow-related information and to ensure only authorized use of that information. They will need to respond to requests in a timely fashion and maintain audit records of all events related to the management and release of keys.
Key escrow is already a feature or option of Clipper, Fortezza, and several other commercial products. These include Fisher Watchdog, Nortel's Entrust, PC Security's Stoplock KE (used by Shell International), RSA (1) (Rural Service Area) See MSA.
(2) (Rivest-Shamir-Adleman) A highly secure cryptography method by RSA Security, Inc., Bedford, MA (www.rsa.com), a division of EMC Corporation since 2006. It uses a two-part key. Secure, and TECSEC Veil. With all of these products, escrowing can be done within the user's organization.
Bankers Trust The Bankers Trust is a historic American banking organisation that was acquired by Deutsche Bank in 1998.
It was originally set up when banks could not perform trust company services. is developing a commercial key escrow system in which the keys, which are stored on hardware cryptographic tokens, can be split among multiple third party escrow agents. Other proposals have come from researchers at AT&T, Bell Atlantic, Cylink, Fortress U&T, Karlsruhe University, Massachusetts Institute of Technology Massachusetts Institute of Technology, at Cambridge; coeducational; chartered 1861, opened 1865 in Boston, moved 1916. It has long been recognized as an outstanding technological institute and its Sloan School of Management has notable programs in business, , Royal Holloway, and the University of Wisconsin.
Several of the above products and proposals have come from outside the U.S. In addition, other governments have been considering encryption policies based on key escrow.
While not speaking on behalf of their governments, at the International Cryptography Institute, Peter Ford from the Australian Attorney General's Department and David Gould, formerly with the U.K. Cabinet Office, both expressed interest in the use of key escrow to resolve the dilemma posed by encryption. Gould commended the idea of a Europeanwide network of trust services, under the control of member states, accredited accredited
recognition by an appropriate authority that the performance of a particular institution has satisfied a prestated set of criteria.
cattle herds which have achieved a low level of reactors to, e.g. to offer digital signatures, confidentiality, data integrity, and other services. Such a network should operate with other international arrangements. The trusted parties, which could be commercial or private entities, would also serve as key escrow agents. The European Community European Community: see European Union.
European Community (EC)
Organization formed in 1967 with the merger of the European Economic Community, European Coal and Steel Community, and European Atomic Energy Community. is said to be considering an encryption policy based A decision made by any software application that is based on the policy (rules and regulations) of the organization. See policy and COPS. on key escrow and the use of trusted third parties.
How it works. Escrowed encryption provides a backup decryption capabihty for emergency use. This capability makes use of special data recovery keys that are held by a trusted fiduciary. The data recovery keys need not be -- and typically are not -- the ones used for normal encryption and decryption, but they must provide access to those keys. They can be unique to individual users or products or shared by many users. Use of the backup capability is restricted to persons who have been authorized to access the information that has been encrypted. These individuals can include users, their organizations, and law enforcement officials.
Although there is no single approach to escrowed encryption, all methods follow a few general principles. The data recovery key for a particular encryption product is generated by or given to a trusted party sometime before the product is used. For example, it might be generated and escrowed during product manufacture or when the product is initialized and registered with an escrow agent. The key could be given to a single escrow agent or it could be split into several components, with each component held by a separate entity.
Whenever a document is encrypted by the product, the product attaches sufficient information to the encrypted data to allow backup decryption. If the user's everyday encryption key is later lost, then the user or an officer in the user's organization could give that information to the escrow agent and request assistance.
After determining that the request is authentic, the escrow agent either would release the data recovery key -- if it is unique to the user -- or use the key to determine and release the data encryption key Data Encryption Key - (DEK) Used for the encryption of message text and for the computation of message integrity checks (signatures).
See cryptography. . If an investigative or intelligence agency needs access to the key during an authorized search or communications intercept, the agency would present certification of the legal authority -- normally a court order -- to the escrow agents to access that information. Legitimate privacy interests can be protected through access procedures See: explosive ordnance disposal procedures. , auditing, and other technical, legal, and operational safeguards.
The administration's new software key escrow proposal responds to industry's request for a flexible approach to key escrow and liberalized export controls. The proposal accommodates industry's request to use unclassified algorithms, software, and private sector escrow agents that would support emergency decryption for both registered users and authorized government officials. While many issues remain to be resolved, this move toward a compromise with the private sector is a good first step toward a policy that meets the needs of both law enforcement and business.
The clipper chip is a scaled back version of a more advanced chip, called Capstone, which the National Security Agency (NSA NSA
National Security Agency
Noun 1. NSA - the United States cryptologic organization that coordinates and directs highly specialized activities to protect United States information systems and to produce foreign ) developed for use in the Fortezza PC card (also called a PCMCIA card See PC Card. ). The government's goal was a small, affordable, and secure hardware token that would provide cryptographic services for confidentiality protection, authentication, and digital signatures.
Capstone implements the Escrowed Encryption Standard (EES See Skipjack algorithm. ) -- also the Clipper standard -- plus public-key cryptographic algorithms for the Digital Signature Standard and for generating and establishing session keys. A Fortezza PCMCIA (Personal Computer Memory Card International Association, San Jose, CA, www.pcmcia.org) An international standards body and trade association that was founded in 1989 to establish a standard for connecting peripherals to portable computers. PCMCIA created the PC Card. See PC Card. modem card is also available so that encryption and decryption can be performed either as part of the transmission protocols or as independent service calls, for example, to encrypt or decrypt files and electronic mail messages. The government plans to extend the scope of the EES to cover high speed communications over computer networks so that Fortezza and other Capstone-based devices will meet approved standards for use by federal agencies.
Although Fortezza was developed as part of NSA's Multilevel mul·ti·lev·el
Having several levels: a multilevel parking garage.
Adj. 1. multilevel - of a building having more than one level Information Systems Security Initiative (MISSI MISSI Multilevel Information System Security Initiative
MISSI Multi-Level Information System Security Initiative
MISSI Multi-level Information Systems Security for the Internet (NSA) ), the technology is available commercially. What makes it attractive from a corporate standpoint is that it provides a full suite of cryptographic functions with strong security and a data recovery capability in a single package that can be integrated into commercial products. Support for Fortezza has already been added to AT&T SecureAgent, Netscape Navigator An earlier Web browser for Windows, Macintosh and X Windows from Netscape that provided secure transmission over the Internet. Soon after its introduction in 1994, Navigator, or just "Netscape," as it was commonly called, quickly became the leading browser on the Web. , Oracle's Secure Network Services, and other products.
Data recovery is handled through the certificate authorities, which grant certificates for the public keys used for key establishment and digital signatures. Those same authorities escrow the user's corresponding private keys, which are stored on the Fortezza card; the keys can be recovered from the certificate authority in case the card is lost or the keys become corrupted. Without the key escrow system, encrypted messages and files would otherwise be inaccessible because the government key escrow system used with Clipper or Capstone does not provide services for user data recovery.
WHY KEY ESCROW
Although encryption is an essential tool for protecting communications and electronic commerce, it can also threaten public safety and national security. Powerful encryption methods can be used by organized crime, drug traffickers, and terrorist groups to facilitate their crimes and conceal their activities from lawful surveillance by governments. At the International Cryptography Institute held in Washington in September, FBI Director Louis Freeh reported that encryption had been encountered in a terrorism investigation in the Philippines involving an alleged plot to assassinate as·sas·si·nate
tr.v. as·sas·si·nat·ed, as·sas·si·nat·ing, as·sas·si·nates
1. To murder (a prominent person) by surprise attack, as for political reasons.
2. Pope John Paul Pope John Paul is the name of two Popes of the Roman Catholic Church:
As encryption becomes more available and easier to use, it will become routine to encounter it during an investigation. If law enforcement and intelligence agencies are effectively locked out of all communications and stored files, their ability to carry out their missions could be seriously impaired.
Key escrow encryption offers an alternative scenario that delivers the benefits of encryption without its harms. By adopting the key escrow standard for government computer systems and requiring that products with strong encryption be coupled with key escrow to qualify for general export, the administration's encryption policy will promote products that are safe for society.
Key escrow also benefits private organizations. It protects against the hazards of lost or damaged keys, whether caused by accident or by disgruntled dis·grun·tle
tr.v. dis·grun·tled, dis·grun·tling, dis·grun·tles
To make discontented.
[dis- + gruntle, to grumble (from Middle English gruntelen; see employees or former employees.
One company that provides software and services to help companies recover data hidden behind passwords and encryption schemes reports receiving approximately eighteen calls a day from companies that have encountered problems accessing their own encrypted information. Protection from these disasters will become even more critical as corporate strategies, secrets, and financial information are increasingly transmitted and stored electronically.
In addition, key escrow offers protection against employees using encryption to cover up fraud, espionage, and other crimes. If encryption prevents a law enforcement agency Noun 1. law enforcement agency - an agency responsible for insuring obedience to the laws
FBI, Federal Bureau of Investigation - a federal law enforcement agency that is the principal investigative arm of the Department of Justice from successfully investigating a case involving persons inside the organization, the organization could suffer huge financial losses and damage to its public image. Because such investigations can require access to communications as well as to stored files, key escrow is useful for both.
In recognition of these threats, some companies have adopted internal security policies requiring key escrow. At the International Cryptography Institute, Nick Mansfield of Shell International reported that key escrow is used in Shell Group enterprises. Keys are escrowed by a trusted Shell service company on behalf of the shareholders and businesses. This provides the shareholders with an independent ability to decrypt information should the need arise. Business continuity is supported by a fallback fall·back
a. Something to which one can resort or retreat.
b. A retreat.
2. Computer Science mechanism to recover encrypted data in the event of a disaster.
Key escrow thus offers a valuable service to individuals, organizations, and society. While benefiting law enforcement, it protects businesses from a host of problems -- from misplaced mis·place
tr.v. mis·placed, mis·plac·ing, mis·plac·es
a. To put into a wrong place: misplace punctuation in a sentence.
b. keys to espionage.
William E. Baugh, Jr., J.D., is vice president for corporate development, Science Applications International Corporation of McLean, Virginia McLean is an unincorporated community located in Fairfax County in Northern Virginia. A small geographic area along Chain Bridge Road in Arlington County has a 22101 zip code and is also part of McLean. . He recently retired from the FBI, where he was assistant director of the information resources division. Dorothy E. Denning Dorothy Elizabeth Denning (the daughter of C. Lowell and Helen Watson Robling on August 12, 1945) is an American information security researcher. She has published four books and 120 articles. , Ph.D., is professor of computer science at Georgetown University in Washington, D.C. She was chair of the International Cryptography Institute in 1995.