From: patrick@Verity.COM (Patrick Horgan)
To: nobody@REPLAY.COM
Message Hash: b8277381e91c86cb587714bac644ad80789e8ae34594e9146cedfd42086aba92
Message ID: <9509141525.AA21098@cantina.verity.com>
Reply To: N/A
UTC Datetime: 1995-09-14 15:28:51 UTC
Raw Date: Thu, 14 Sep 95 08:28:51 PDT
From: patrick@Verity.COM (Patrick Horgan)
Date: Thu, 14 Sep 95 08:28:51 PDT
To: nobody@REPLAY.COM
Subject: Re: NSA on GAK
Message-ID: <9509141525.AA21098@cantina.verity.com>
MIME-Version: 1.0
Content-Type: text/plain
I've reformatted this to make it easier to read...If you've already read it,
then just delete it:)
~~~~~~~ Included reformatted stuff starts here --\/ ~~~~~~~~~~~~~~~~~~~~~~
URL: http://csrc.ncsl.nist.gov/secnews/ees_q-a.txt
----------
Note: The following answers were provided by NSA to the Senate
Subcommittee on Technology and the Law in response to their follow-
up questions to the May 3, 1994 hearings.
---------------------------
Senate Subcommittee on Technology and the Law
Hearing on the Administration's Key Escrow Encryption Standard
Written Questions for Vice Admiral McConnell, NSA
*Questions for Senator Pressler:
Q: Admiral, as you are aware, critics of the Administration's
proposal argue that as a practical matter, no criminal, foreign
spy, or terrorist of any sophisticated would be foolish enough to
use an encryption device designed by the NSA and approved by the
FBI.
How do you respond? Why do[n't you] think the people whose
telecommunications the NSA and the FBI want most to decode will be
the very people most unlikely to use this technology?
Answer: From what we know today, the overriding requirement that
spies, terrorist, and criminals have is for readily available and
easy to use equipment that interoperates. Key escrow encryption is
not meant to be a tool to catch criminals. It will make excellent
encryption available to legitimate businesses and private citizens
without allowing criminals to use the telecommunications system to
plan and commit crimes with impunity. We believe it would be
irresponsible for government to make excellent encryption broadly
available knowing that its use by criminals would make it
impossible for law enforcement agencies to conduct lawful wiretaps
against them.
The Department of Justice credits information gleaned through
wiretaps as leading to more than 20,000 felony convictions since
the early 1980s. This would not have been possible if the
criminals had been using encryption systems the FBI could not
break.
Without government action, however, this fortunate situation
will change. At present most people, and most criminals, don't use
encryption. However, there is an increasing public awareness of
the value of encryption for protecting private personal and
business communications. Increasing demand for encryption by the
public will likely lead to the widespread use of some form of
standardized encryption on the public telecommunications
network.
This development would have great benefits for the country.
Legitimate businesses an private individuals could use the
telecommunications system secure in the knowledge that their
private information such as business records and credit card
numbers could not be intercepted by third parties.
But there is a down side. Criminals, terrorists, and others
could also use the system to plan crimes, launder money, and the
like, completely secure in the knowledge that law enforcement
agencies could not listen to those communications. Just as
legitimate businesses operate much more efficiently and effectively
using the telecommunications system than they could without it, so
will criminal enterprises be able to operate more efficiently and
effectively if they no longer have to avoid using the
telecommunications system.
The United States is faced with a choice. We can sit back and
watch as the emerging national information infrastructure becomes
a valuable tool for criminals and terrorists to use to plan and
carry out their activities with complete security, or we can take
steps to maintain the current ability of government to conduct
lawful wiretaps so that prudent criminals will have to find other
less efficient ways to operate and foolish ones may be caught. Key
escrow encryption is the later option.
Q: Would widespread use of the Skipjack algorithm harm U.S.
exports? Do you think it is unlikely foreign businesses will
purchase American encryption technology if the U.S. Government
holds a set of the decoding keys?
Answer: I do not believe that widespread use of key escrow
encryption in the United States will harm U.S. exports. If it has
any effect at all, it could increase exports somewhat. Key escrow
encryption products provide another option for foreign purchasers
that they have not had in the past; to the extent that foreigners
doe purchase key escrow encryption products, it will mean an
increase in exports. Meanwhile, U.S. exporters are free to
continue to sell the products they currently sell in foreign
markets and to seek license approvals for new products.
It is difficult to predict the foreign market for U.S. key
escrow encryption technology. Businesses that fear U.S. Government
interception of their communications presumably would avoid
products for which the U.S. Government hold keys. However, there
are a number of reasons why foreign businesses might purchase them.
One major reason would be to communicate securely with U.S.
businesses that use them. In addition, the superior level of
security provided by key escrow products (against all but lawful
U.S. Government access) may make them attractive to foreign
business that do not view U.S Government access as a major concern.
While some prospective users abroad may steer clear of key escrow
products because the United States will retain access, there may be
many who believe they are unlikely to be targeted by U.S.
intelligence in any case or for whom the superior security offered
by key escrow encryption products against threats of greater
concern may make key escrow products an attractive option. For
example, a distributor of pay-TV programming may depend on
encryption to ensure that only those viewers who pay for the
service can decrypt the TV signal. Such a distributor probably
would not be concerned about the threat of access by the United
States Government, and might favor suitable key escrow encryption
products over competing products that use weaker encryption
algorithms.
Q: You were present when the previous panelist, Stephen Walker,
described how present U.S. laws prohibit his company from exporting
encryption products. As I understand it, Senator Murray's bill
S.1846, attempts to relax these export controls somewhat.
Please give us your views on this legislation.
Answer: I support the Administration's position, as announced
by the White House on February 4, that current export controls must
remain in place and that regulatory changes should be implemented
to speed exports and reduce the licensing burden on exporters. The
bill you reference appears to be inconsistent with the
Administration position. I would be happy to provide you further
information on the Administration's reasons for maintaining the
current export controls in an appropriate setting.
*Questions from Senator Murray:
Q: In my office in the Hart building this February, I downloaded
from the Internet an Austrian program that uses DES encryption.
This was on a laptop computer, using a modem over a phone line.
The Software Publishers' Association says there are at least 120
DES or comparable programs world wide. However, U.S. export
control laws prohibit American exporters from selling comparable
DES programs abroad.
With at least 20 million people hooked up to the
Internet, how do U.S. export controls actually prevent criminals,
terrorists, or whoever from obtaining DES encryption software?
Answer: Serious users of encryption do not entrust their
security to software distributed via networks o bulletin boards.
There is simply too much risk that viruses, Trojan Horses,
programming errors, and other security flaws may exist in such
software which could not be detected by the user. Serious users of
encryption, those who depend on encryption to protect valuable data
and cannot afford to take such chances, instead turn to other
sources in which they can have greater confidence. Such serious
users include not only entitles which may threaten U.S. national
security interests, but also businesses and other major consumers
of encryption products. Encryption software distribution via
Internet, bulletin board, or modem does not undermine the
effectiveness of encryption export controls.
[Primary written questions for Admiral McConnell]
1. The Defense Authorization Bill for Fiscal Year 1994 has
authorized $800,000 to be spent by the National Research Council of
the National Academy of Sciences to conduct a study of federal
encryption policy. Can we wait to implement the key escrow
encryption program until we have the benefit of the NRC's study?
Do you think this study is necessary? Should this study be
expedited?
Answer: We do not believe that we can wait until after the
NRC study is completed in 1996 to begin implementation of the key
escrow initiative. The information technology industry is dynamic
and fast-moving, and to wait another two years or more would, we
believe, jeopardize the success of the initiative. Industry demand
for encryption products is growing, and the technology is available
now to meet that demand with encryption products that provide an
outstanding level of security to the user conduct lawful wiretaps.
To wait for the completion of the NRC study to other encryption
products which would defeat lawful wiretaps. We believe that such
a delay would not be in the best interest of the American
people.
Neither do we believe that the study should be expedited. For
our part, we will carefully consider the conclusions of the NRC
study. We expect that it will give very careful consideration to
the issues, and we would not want the pressure of an unnecessarily
short deadline to limit the study group's ability to produce the
best report possible.
2. The Administration has said that it is continuing to restrict
export of the most sophisticated encryption devices, in part,
"because of the concerns of our allies who fear that strong
encryption technology would inhibit their law enforcement
capabilities." Do we really need to help our allies by prohibiting
the export of strong American encryption products, since those same
countries can simply control the encryption bought within their
borders?
Answer: Exports of encryption products are subject to review
primarily to protect U.S. national interests, including national
security, law enforcement, foreign policy, and other important
interests. The law enforcement concerns of our allies are a
consideration, especially as the ability of our allies to combat
terrorism, drug trafficking, and other international law
enforcement problems can have direct benefits to the United States.
However, foreign law enforcement concerns do not drive our export
control policy. We would continue to review encryption exports to
protect U.S. national interests even if foreign law enforcement
concerns disappeared.
3. Do you know whether foreign governments would be interested in
importing key escrow encryption products to which they hold the
decoding keys?
Answer: Several foreign governments have expressed interest
in key escrow encryption technology due to their own law
enforcement concerns. There have been some preliminary
discussions, but issues such as who would hold the escrowed keys
and the circumstances of government access to escrowed keys must be
fully vetted.
4. The Government wants the key escrow encryption standard to
become the de facto industry standard in the United States. Would
the Government abandon the Clipper Chip program if it is shown to
be unsuccessful beyond government use?
Answer: We do not expect the program to be unsuccessful
beyond government. We have developed a sound security product that
we expect will find many uses in government information systems and
further believe that government use will bring with it a commercial
market, particularly in the defense sector. We have developed a
sound security product that we expect will find many uses in
government information systems regardless of its success in
commercial markets.
5. Openly available devices, such as Intel-compatible
microprocessors, have seen dramatic gains, but only because
everyone was free to try to build a better version. Given the
restrictions on who can build devices with the classified skipjack
algorithm, how will key escrow chips keep up with advances in
semiconductor speed, power, capacity and integration?
Answer: Despite the requirements that a firm must meet to
produce key escrow encryption chips, we expect that there will be
a number of manufacturers competing against each other to produce
the best product, and that such competition will drive them to keep
up with the latest technological advances. It is worth noting that
only a few companies can produce the sophisticated microprocessors
you reference, yet the competition in that market has driven them
to achieve remarkable advances in that technology. NSA's STU-III
secure telephone program provides an example of a cryptographic
product line that keeps pace with technology.
The presence of a classified algorithm does not preclude
keeping pace with technology. Through NSA's use of a competitive,
multi-vendor approach, STU-III secure telephone products have
continued to evolve in response to user requirements and
technological advances despite their use of a classified encryption
algorithm and the consequent need for security restrictions on the
manufacturers.
6. How well does the Skipjack algorithm work on telecommunications
operating at very high speeds. Is NSA working on another algorithm,
called BATON, that could be used in high speeds with a key escrow
system? Will Capstone be compatible with BATON?
Answer: Using currently available microelectronics technology
the SKIPJACK algorithm could not be used for encryption at very
high speeds. BATON is the name of an algorithm developed by NSA
that could be used at higher rates of speed. We have no plans to
develop key escrow encryption devices using BATON, however.
Instead, we are considering another algorithm for use at high
speeds with a key escrow system.
A high-speed key escrow device based on an algorithm other
than SKIPJACK would not be "compatible with Capstone" in the sense
that traffic encrypted by such a device could not be decrypted by
Capstone, and vice versa. However, since such a device would be
used for much higher-speed applications than those for which
Capstone was designed, there would be no need for it to be
compatible with Capstone in that sense.
7. Can Capstone be used to encrypt video programming? If so,
have cable companies been approached by any government agency to
use Capstone to scramble or encrypt cable program?
Answer: Capstone could be used to encrypt any digital signal,
including video programming, operating at up to about 10 million
bits per second. It could be used for encrypting individual video
channels but not for bulk encryption of many channels multiplexed
together in a single link. NSA is not aware of any government
agency approaching cable companies to urge the use of Capstone.
Two manufacturers have asked us about the suitability of key escrow
devices for this purpose, however.
8. Encryption software is available that can be used with Clipper
to encrypt a message before after it has been encrypted with
Clipper. This "double encrypting" risks bypassing the key escrow
feature. If a sender first encrypts the message with software
using DES, and then transmits the message "double encrypted" with
Clipper, can tell you from looking at the cipher, or encrypted
text, that the underlying message was encrypted?
Answer: The only way to tell that a message has been "double
encrypted" in this way would be to decrypt the "outer layer" of
encryption, i.e. that done with Clipper. Only then would one be
able to tell that the message had first been encrypted with
something else.
----------
_______________________________________________________________________
/ These opinions are mine, and not Verity's (except by coincidence;). \
| (\ |
| Patrick J. Horgan Verity Inc. \\ Have |
| patrick@verity.com 1550 Plymouth Street \\ _ Sword |
| Phone : (415)960-7600 Mountain View \\/ Will |
| FAX : (415)960-7750 California 94303 _/\\ Travel |
\___________________________________________________________\)__________/
Return to September 1995
Return to “patrick@Verity.COM (Patrick Horgan)”