From: "Dave Banisar" <banisar@epic.org>
Date: Fri, 18 Aug 95 07:26:45 PDT
To: "Cypherpunks List" <cypherpunks@toad.com>
Subject: NIST Release on Key Escrow
Message-ID: <n1403380943.31911@epic.org>
MIME-Version: 1.0
Content-Type: text/plain



EMBARGOED FOR RELEASE:                  NIST 95-24
3 p.m. EDT, Thursday, Aug. 17, 1995

Contact:  Anne Enright Shepherd         COMMERCE'S NIST ANNOUNCES
          (301) 975-4858                PROCESS FOR DIALOGUE ON
                                        KEY ESCROW ISSUES

     Furthering the Administration's commitment to defining a
workable key escrow encryption strategy that would satisfy
government and be acceptable to business and private users of
cryptography, the Commerce Department's National Institute of
Standards and Technology announced today renewed dialogue on key
escrow issues.

     A Sept. 6-7 workshop will convene industry and government
officials to discuss key escrow issues, including proposed
liberalization of export control procedures for key escrow
software products with key lengths up to 64 bits, which would
benefit software manufacturers interested in building secure
encryption products that can be used both domestically and
abroad.

     Key escrow encryption is part of the Administration's
initiative to promote the use of strong techniques to protect the
privacy of data and voice transmissions by companies, government
agencies and others without compromising the government's ability
to carry out lawful wiretaps.

     In a July 1994 letter to former Rep. Maria Cantwell, Vice
President Gore said that the government would work on developing
exportable key escrow encryption systems that would allow escrow
agents outside the government, not rely on classified algorithms,
be implementable in hardware or software, and meet the needs of
industry as well as law enforcement and national security.  Since
that time, discussions with industry have provided valuable
guidance to the Administration in the development of this policy.
For example, many companies are interested in using a corporate
key escrow system to ensure reliable back-up access to encrypted
information, and the renewed commitment should foster the
development of such services.

     Consideration of additional implementations of key escrow
comes in response to concerns expressed by software industry
representatives that the Administration's key escrow policies did
not provide for a software implementation of key escrow and in
light of the needs of federal agencies for commercial encryption
products in hardware and software to protect unclassified
information on computer and data networks.

     Officials also announced a second workshop at which industry
is invited to help develop additional Federal Information
Processing Standards for key escrow encryption, specifically to
include software implementations.  This standards activity would
provide federal government agencies with wider choices among
approved key escrow encryption products using either hardware or
software.  Federal Information Processing Standards provide
guidance to agencies of the federal government in their
procurement and use of computer systems and equipment.

     Industry representatives and others interested in joining
this standards-development effort are invited to a key escrow
standards exploratory workshop on Sept. 15 in Gaithersburg, Md.
This workshop is an outgrowth of last year's meetings in which
government and industry officials discussed possible technical
approaches to software key escrow encryption.

     The Escrowed Encryption Standard, a Federal Information
Processing Standard for use by federal agencies and available for
use by others, specifies use of a Key Escrow chip (once referred
to as "Clipper chip") to provide strong encryption protection for
sensitive but unclassified voice, fax and modem communications
over telephone lines.  Currently, this hardware-based standard is
the only FIPS-approved key escrow technique.  NIST officials
anticipate proposing a revision to the Escrowed Encryption
Standard to allow it to cover electronic data transmitted over
computer networks.  Under this revised federal standard, the
Capstone chip and other hardware-based key escrow techniques
developed for use in protecting such electronic data also will be
approved for use by federal agencies.

     As a non-regulatory agency of the Commerce Department's
Technology Administration, NIST promotes U.S. economic growth by
working with industry to develop and apply technology,
measurements and standards.

                                 - 30 -

Note to editors:  Readers who are interested in obtaining more
information about the workshops can contact Arlene Carlton,
(301) 975-3240, fax: (301) 948-1784, e-mail: carlton@micf.nist.gov.