tex version of USACM Crypto report. Note The IEEE US Activities committee also took a position. Sorr

[David Farber <>]

Capstone/Tessera would strongly suggest not, since this peripheral provides
workstation software with substantial opportunities to manipulate the
interface to escrowed encryption.


Perhaps somewhat surprisingly, some of the largest suppliers of
cryptographic equipment do not feel that their businesses are imperilled by
the government's adoption of EES.  Cylink, with \$30 million in annual
sales of link encryption equipment, says that for those customers who
choose escrowed encryption, replacing current cryptographic algorithms with
EES is simple; for overseas sales, they already substitute their own
propriety software for domestic DES encryption.  James Bidzos, President of
RSA Data Security Inc., agrees that a ``voluntary'' government standard
could lead to the inclusion of key escrow in computing equipment being the
norm, but he says that that situation would not hurt his company.
Corporations will want to transmit their communications in ways that are
truly private -- and Bidzos says that means using a cryptographic system in
which the keys are not registered with the government.


As with any other new technology, escrowed encryption creates complications
for the computer industry.  It does so for the larger society as well.  The
Escrowed Encryption Standard brings to the fore issues of policy and issues
of technology, issues of the public good and issues of private freedom.
Some aspects of the problem -- the cost of Clipper chip -- are easily
quantifiable. Others, from the potential dangers to
society of encrypted conversations to the loss of privacy (perceived and
actual) are not.  In the final chapter of this report, we raise further
questions about codes, keys, and the conflicts.


\newpage
\begin{center}
Notes
\end{center}
{\small
\begin{enumerate}




\item In recent years the IRS has experimented with electronic
filing, and this year the agency accepted electronic filing by individuals.
Compuserve Information Service offered the service, via the Internet.
Presently, transmissions travel unencrypted, in plaintext form [Lewi].


\item The failure of the GOSIP initiative, an attempt to
mandate procurement of computer communication protocols that conform to the
ISO OSI standards, is one such example.


\item Private communication with Miles Smid, June 3, 1994.
Smid is Manager, Security Technology Group, Computer Security Division, of
the Computer Systems Laboratory at NIST.


\item COCOM was comprised of NATO countries (except Iceland),
Australia, and Japan. It has recently been disbanded.


\item Private communication with Steven Lipner, May 17, 1994.
Lipner was Engineering Group Manager, Secure Systems Group, at Digital
Equipment Company.












\end{enumerate}}
\newpage
\chapter{                Codes, Keys, and Conflicts: The Questions}






In this report, we have discussed the various policy and technical concerns
surrounding cryptography. The problems of communications security and its
cryptographic solutions are technical ones, but the issues faced are much
broader.


They deserve careful and thoughtful public debate.  It took the Supreme
Court nearly forty years to expound on the privacy of telephone
communications.  In the Olmstead case in 1928, the Supreme Court held that
wiretapping evidence did not need court authorization. Over the next four
decades, the Court slowly created a penumbra of privacy for
telecommunications.  Finally, in 1967, in Katz versus the United States,
the Court held that a phone call in even so public a place as a phone booth
was deserving of privacy -- it could not be tapped without prior court
authorization. Computer communications differ from the telephone, but it is
likely that the public's embrace of the medium of computer communications
will be considerably more rapid than the acceptance of the earlier
technology.


As we face growing reliance on electronic communications systems for our
transactions, personal and professional, how do we want to build our
communications infrastructure?  Do we want protection of privacy to be
paramount?  The confidentiality of ``what is whispered in the
closet'' [Olm, pg 752]  cannot be the same if the message traverses an
electronic pathway filled with switches and gateways.  But the privacy of
the communication can be fully protected by cryptography.  Is that the
solution we want?  Justice Brandeis, in his famous dissent on the Olmstead
case, fervently argued for the protection of privacy of communications --
but his argument was constructed so that the protection lay within the
purview of the Fourth Amendment.  Brandeis did not argue that the privacy
of speech was absolute -- only that it had as full Constitutional
protection as any property of a person.


Do we believe there is an absolute right to communications privacy?  


Or do we believe that the freedom afforded to society by communications
technology must be kept in check?  Technology has given us unprecedented
freedom to travel, not only by various modes of transportation, but by
removing distance as a barrier to communications.  The same technology
which allows a home office in Hong Kong to be in instantaneous
communication with its branch office in London also affords this freedom to
enemies of society.  Use of encryption by criminals and terrorists will
make law enforcement's and national security's job more difficult.


Members of the law enforcement community believe that the widespread use of
encrypted telecommunications (especially phone calls) could interfere with
their ability to carry out authorized wiretaps.  Is this a problem that
needs a solution? Should cryptographic solutions for communications
security include authorized government access for law enforcement and
national security purposes?


What will happen if criminals use cryptography other than EES?  The Digital
Telephony proposal involves investment in the telephone infrastructure in
order to ensure that court-authorized wiretaps can be carried out.  These
wiretap capabilities will be less useful if communications are encrypted in
ways that thwart law enforcement.  What is the relationship between EES and
Digital Telephony?  Will there be any future attempt to outlaw alternative
forms of cryptography?


What  constitutes  success of escrowed encryption? Would it simply mean
government use of EES-type products?  Or would it mean a much more
widespread use of EES products?  Would it mean the availability of EES-type
products to the exclusion of all else?


It is clear that communications technology has shrunk distances in a way
unimagined a generation ago. This country's technical innovations have had
enormous impact on the rest of the world.  The United States can legislate
policy only within its borders, but the global impact of our domestic
political decisions should not be underestimated.  The choices the United
States makes about escrowed encryption, confidentiality of communications,
and government access to encrypted communications will reverberate across
the globe.


We are experiencing fundamental transformations in the way that people and
organizations communicate.  What cryptography policy best accommodates our
national needs for secure communications and privacy, industry success,
effective law enforcement, and national security?  










\newpage
\begin{thebibliography}{99}


\bibitem[Abra]{Abra} Abrams, F., 1993,   Big Brother's Here and -- Alas --
We Embrace Him, {\it New York Times Magazine,} March 21, 1993, pp. 36-37.


\bibitem[ABA] {ABA} American Bankers Association, 1979, Management and Use
of Personal Identification Numbers, ABA Bank Card Statement, {\it Aids from
ABA,} Catalog No. 207213, 1979.


\bibitem[AG-FISA]{AG-FISA} As reported to the Congress by the Attorney
General pursuant to the Foreign Intelligence Surveillance Act.


\bibitem[AO-93]{AO-93} Administrative Office of the United States Courts,
1993, {\it Report on Applications for Orders Authorizing or Approving the
Interception of Wire, Oral, or Electronic Communications (Wiretap Report),}
1993.


\bibitem[Ban]{Ban} Banisar, D., 1993, Statistical Analysis of Electronic
Surveillance, presentation at the National Institute of Standards and
Technology, Computer System Security and Privacy Advisory Board, June 3, 1993.


\bibitem[BFS] {BFS} Beth, T.,  Frisch, M.  and Simmons, G. (Eds.),  1992,
{\it Public Key Cryptography: State of the Art and Future Directions,}
Lecture Notes in Computer Science, No. 578, Springer-Verlag, 1992.


\bibitem[BiSh]{BiSh}    Biham, E. and Shamir, A., 1993,  {\it Differential
Cryptanalysis of the Data Encryption Standard,} Springer-Verlag 1993.


\bibitem[Blaz]{Blaz} Blaze, M., 1994, ``Protocol Failure in the Escrowed
Encryption Standard,'' May 31, 1994.


\bibitem[Blum] {Blum} Blum, H., 1993, {\it Gangland: How the FBI Broke the
Mob,} Simon \& Schuster, New York 1993.


\bibitem[BDKMT]{BDKMT} Brickell, E., Denning, D., Kent, S., Maher, D. and
Tuchman, W., 1993,``SKIPJACK Review: Interim Report, The SKIPJACK
Algorithm,'' July 28, 1993, available electronically from cpsr.org.


\bibitem[Broa]{Broa} Broad, W., 1992, ``Evading the Soviet Ear at Glen
Cove,'' {\it Science}, Vol. 217 (3), September, 1982, pp 910-911.


\bibitem[Bupc]{Bupc} Burrows, J. (Director, National Computer and
Telecommunications Laboratory, National Institute of Standards and
Technology), 1994, private communication, March 11, 1994.


\bibitem[Caba]{Caba} Caba, S., 1994, ``FBI Nets Stanfa in Mob Sweep,'' {\it
Philadelphia Inquirer,} March 18, 1994, Sec. A.


\bibitem[Cinq]{Cinq} Cinquegrana, A., 1989,  ``The Walls (and Wires) Have
Ears: The Background and First Ten Years of the Foreign Intelligence
Surveillance Act of 1978,'' 137 {\it University of Pennsylvania Law Review}
793, 814-815 (1989).


\bibitem[DDKM]{DDKM} Delaney, D., Denning, D., Kaye, J. and  McDonald, A.,
1993, ``Wiretap Laws and Procedures: What Happens When the U.S. Government
Taps A Line,'' Sept. 23, 1993, available electronically from cpsr.org.


\bibitem[Denn]{Denn} Denning, D., 1994, ``Encryption and Law Enforcement,''
Feb. 21, 1994, available electronically from cpsr.org.


\bibitem[DGBBBRBM]{DGBBBRGM} Denning, D., Godwin, M., Bayse, W., Rotenberg,
M., Branscomb, L., Branscomb, A., Rivest, R., Grosso, A. and Marx, G.,
1993, ``To Tap or Not to Tap,'' {\it Communications of the ACM,} Vol. 36
(3), March 1993 , pp. 24-44.


\bibitem[DoCB]{DoCB} Department of Commerce Briefing re Escrowed Encryption
Standard, 1994, Department of Commerce, February, 4, 1994, Washington, DC.


\bibitem[DoJB] {DoJB}  Department of Justice Briefing re Escrowed
Encryption Standard, 1994, Department of Commerce, February, 4, 1994,
Washington, DC.


\bibitem[Diff-78]{Diff-78} Diffie, W., 1978, ``Data Security for EFT and
Automated Business,'' New Problems - New Solutions, San Jose, California,
SBS Publishing, 1978.


\bibitem[Diff-82]{Diff-82} Diffie, W., 1982, ``Cryptographic Technology:
Fifteen Year Forecast,'' in Gustavus J. Simmons, {\it Secure Communications
and Asymmetric Cryptosystems}, AAAS Selected Symposium No. 69, Westview
Press, 1982.


\bibitem[Diff-88]{Diff-88} Diffie, W., 1988, ``The First Ten Years of
Public Key Cryptography,'' {\it Proceedings of the IEEE}, Vol. 76 (5), May
1988, pp.  560-577.


\bibitem[DH]{DH} Diffie, W. and Hellman, M., 1976, ``New Directions in 
Cryptography,'' {\it IEEE Trans.  Informat. Theory,} Vol. IT-22, pp.
644-654, Nov. 1976.


\bibitem[DOW]{DOW} Diffie, W.,  van Oorschot, P. and   Wiener, M., 1992, 
``Authentication and Authenticated Key Exchanges,'' in {\it Designs, Codes,
and Cryptography}, Volume 2, Number 2, 1992, pp. 107--125.


\bibitem[ElGa]{ElGa}  ElGamal, T., 1985, ``A Public-Key Cryptosystem and a
Signature Scheme Based on Discrete Logarithms,'' {\it IEEE Trans.  Informat.
Theory}, IT-31 (1985), pp. 469-472.


\bibitem[FISA] {FISA} Foreign Intelligence Surveillance Act, 50 U.S.C. Sec.
1801 {\it et seq.}


\bibitem[Freeh]{Freeh} Freeh, L., 1994, Written Statement before the
Subcommittee on Technology and the Law of the Committee of the Judiciary,
United States Senate and the Subcommittee on Civil and Constitutional
Rights of the Committee on the Judiciary, House of Representatives, March
18, 1994, Washington, DC.


\bibitem[GSA]{GSA} General Services Administration, 1992, Offices of
Congressional Affairs, Memo of May 5, 1992, in {\it The Third CPSR
Cryptography and Privacy Conference Source Book,} June 7, 1993, Washington,
DC. 


\bibitem[Gold]{Gold} Goldman V. United States, 316 U.S. 129, 1942.


\bibitem[HEW]{HEW} HEW Advisory Committee on Automated Personnel Data
Systems, Records, Computers and the Rights of Citizens, 1973, Washington,
DC. 


\bibitem[Irvi]{Irvi} Irvine v. California, 347 U.S. 128, 1954.
                     
\bibitem[Katz]{Katz} Katz v United States, 389 U.S. 347, 1967.


\bibitem[Kent]{Kent} Kent, S., 1993, ``Internet Privacy Enhanced Mail,''
{\it Communications of the ACM,} Vol. 36 (8), pp. 48-59, August 1993.


\bibitem[Kinz]{Kinz} Kinzer, S., 1992, ``East Germans Face Their
Accusers,'' {\it New York Times Magazine}, April 12, 1992.


\bibitem[Krav]{Krav} Kravitz, D., Digital Signature Algorithm, U.S.
Patent Number 5231668, applied for July 26, 1991, received July 27, 1993.


\bibitem[Ladn]{Ladn} LADNER System, 1984, {\it Operation and Maintenance
Manual}, Part No. ON332500, Prepared for Maryland Procurement Office, Ft.
George G.  Meade, MD, December 1, 1984.


\bibitem[Land]{Land} Landau, S., 1988, ``Zero Knowledge and the Department
of Defense,'' {\it Notices of the American Mathematical Society (Special
Article Series)}, Vol. 35, No. 1 (1988), pp.5-12.


\bibitem[LaOd]{LaOd} LaMacchia, B. and Odlyzko, A., 1991, Computation of
Discrete Logarithms in Prime Fields, in {\it Design, Codes, and
Cryptography,} Vol.  1, 1991, pp. 47-62.


\bibitem[Lewi]{Lewi} Lewis, P., 1994, ``IRS Tries On-Line Filing,'' {\it
New York Times,} February 19, 1994, Sec. D.


\bibitem[Link]{Link} M/A-COM LINKABIT Corporation, 1983, {\it LC76 DES Data
Encryption/Decryption Unit: Product Brochure,} August, 1983.


\bibitem[Mats]{Mats}    Matsui, M.,  1993, ``Linear Cryptanalysis of DES
Cipher,'' in {\it Proceedings Eurocrypt} 1993.


\bibitem[Mint]{Mint} Mintz, J., 1992, ``Intelligence Community in Breach
with Business,'' {\it Washington Post,} April 30, 1992, Sec. A.


\bibitem[Myer]{Myer} Myers, F., 1979,  ``A Data Link Encryption System,''
{\it National Telecommunications Conference}, Washington, D.C. November
27-29, 1979, pp. 43.5.1-43.5.8.


\bibitem[NBS]{NBS} National Bureau of Standards, 1977, Data Encryption
Standard, {\it Federal Information Processing Standard 46}, January 1977,
Washington, DC.


\bibitem[Neu]{Neu} Neumann, P., 1994, {\it Computer-Related Risks,} ACM
Press (Addison-Wesley), 1994. 


\bibitem[NIST-XX]{NIST-XX} National Institute of Standards and Technology,
1991, {\it Publication XX: Announcement and Specifications for a Digital
Signature Standard (DSS)}, August 19, 1991, Washington, DC.


\bibitem[NIST-185] {NIST-185} National Institute of Standards and
Technology, 1994, {\it Federal Information Processing Standards Publication
185, Escrowed Encryption Standard}, February 9, 1994, Washington, DC.


\bibitem[NIST-186]{NIST-186} National Institute of Standards and
Technology, 1994, {\it Federal Information Processing Standards Publication
186: Digital Signature Standard (DSS)}, May 19, 1994, Washington, DC.


\bibitem[NIST-94]{NIST-94} National Institute of Standards and Technology,
1994, Approval of Federal Information Processing Standards Publication 185,
Escrowed Encryption Standard, {\it Federal Register,} Vol. 59, No. 27,
February 9, 1994, Washington, DC.


\bibitem[NIST-NSA]{NIST-NSA} National Institute of Standards and Technology
and National Security Agency, 1989, Memorandum of Understanding between the
Director of the National Institute of Standards and Technology and the
Director of the National Security Agency concerning the Implementation of
Public Law 100-235, March 24, 1989, Washington, DC.


\bibitem[NWCCS]{NWCCS} National Commission for the Review of Federal and
State Laws relating to Wiretapping and Electronic Surveillance, 1976, {\it
Commission Studies,} Washington, 1976, Washington, DC.


\bibitem[Olm]{Olm} Olmstead v. United States, 277 U.S. 438, 1928.


\bibitem[OPS]{OPS} Office of the Press Secretary, The White House, 1993,
Statement on the Clipper Chip Initiative, April 16, 1993, Washington,
DC. 


\bibitem[Park]{Park} Parker, D., 1983, {\it Fighting Computer Crime,}
Charles Scribner's, New York, 1983.


\bibitem[Pil]{Pil} Piller, C., 1993, ``Privacy in Peril,'' {\it MacWorld,}
July 1993, pp. 8 - 14.


\bibitem[PCSG]{PCSG} Public Cryptography Study Group, 1981, {\it Report of
the Public Cryptography Study Group}, American Council on Education,
February 1981.


\bibitem[Rive]{Rive} Rivest, R., 1992, ``Responses to NIST's Proposal,''
{\it Communications of the ACM}, Vol. 35 (7), July 1992, pp. 41-47.


\bibitem[RSA]{RSA} Rivest, R. Shamir, A. and Adleman, L., 1978, ``A Method
for Obtaining Digital Signatures and Public Key Cryptosystems,'' {\it
Communications of the ACM,} Vol. 21 (2), pp. 120-126, Feb. 1978.


\bibitem[Rote-89]{Rote-89} Rotenberg, M., 1989, Testimony on Military and
Security Control of Computer Security, Before the Subcommittee on
Legislation and National Security of the House Committee on Government
Operations, 101st Congress, 1st Session 80, May 4, 1989, Washington, DC.


\bibitem[Rote-93]{Rote-93} Rotenberg, M., 1993, ``Communications Privacy:
Implications for Network Design,'' {\it Communications of the ACM,} Vol. 36 (8), August 1993, pp. 61- 68.


\bibitem[Schn-89]{Schn-89} Schnorr, C., Procedures for the Identification
of Participants as well as the Generation and Verification of Electronic
Signatures in a Digital Exchange System, German Patent Number 9010348.1,
patent applied for February 24, 1989, patent received August 29, 1990.


\bibitem[Schn-90a]{Schn-90a} Schnorr, C., 1989, ``Efficient Identification
and Signatures for Smart Cards,'' {\it Advances in Cryptology -- Crypto
'89}, Springer-Verlag, New York, 1990, pp. 239-251.


\bibitem[Schn-90b]{Schn-90b} Schnorr, C., Method for Identifying
Subscribers and for Generating and Verifying Electronic Signatures in a
Data Exchange System, U.S. Patent Number 4995082, patent applied for
February 23, 1990, patent received February 19, 1991.


\bibitem[Silv]{Silv} Silverman v. United States, 365 U.S. 505, 1961.


\bibitem[SmBr]{SmBr} Smid, M. and Branstad, D., 1988, ``The Data Encryption
Standard: Past and Future,'' {\it Proceedings of the IEEE}, Vol. 76 (5),
pp.  550-559, May, 1988.


\bibitem[SPA-94]{SPA-94} Software Publishers Association, Trusted
Information Systems and Hoffman Business Associates, 1994, {\it Encryption
Products Database Statistics,} March 1994.


\bibitem[SPA-93]{SPA-93} Software Publishers Association, 1993, {\it
Foreign Text, File, Data Encryption Programs and Products Identified by the
SPA,} October 9, 1993.


\bibitem[SSSC]{SSSC} System Security Study Committee, 1991, {\it Computers
at Risk: Safe Computing in the Information Age}, National Academy Press,
1991.


\bibitem[Stev]{Stev} Stevenson, R., 1993, ``British Airways Tells Virgin
Atlantic It's Sorry and Pays \$945,000,'' {\it New York Times}, January 12,
1993, Sec. D.


\bibitem[Tuer]{Tuer} Tuerkheimer, F., 1993, ``The Underpinnings of Privacy
Protection,'' {\it Communications of the ACM,} Vol. 36 (8), August 1993, pp.
69-73.


\bibitem[TIII]{TIII} Title III of the Omnibus Crime Control and Safe
Streets Act, 18 U.S.C. Sec. 2510 {\it et seq.}


\bibitem[USDoT]{USDoT} U.S. Department of Treasury, 1985, {\it Criteria and
Procedures for Testing, Evaluating, and Certifying Message Authentication
Devices for Electronic Funds Transfer Use,} May, 1, 1985, Washington,
DC. 


\bibitem[USC]{USC} U.S. Congress, Office of Technology Assessment, 1987,
{\it Defending Secrets, Sharing Data: New Locks and Keys for Electronic
Information,} OTA-CIT-310, Washington, D.C: Government Printing Office,
October, 1987, Washington, DC.


\bibitem[USGAO-92]{USGAO-92} United States General Accounting Office, 1992, 
``Advanced Communications Technologies Pose Wiretapping Challenges,'' {\it
Briefing Report to the Chairman, Subcommittee on Telecommunications and
Finance, Committee on Energy and Commerce,} House of Representatives, July
1992, Washington, DC.


\bibitem[USS]{USS} United States Senate, 1974, {\it Final Report of the
Select Committee to Study Governmental Operations with respect to
Intelligence Activities,} April, 26, 1974, Washington, DC.


\bibitem[USHR-87]{USHR-87} House Report 100-153, 1987, Part 2, the
Committee on Government Operations' Report on the Computer Security Act of
1987, Washington, DC.


\bibitem[USHR-92]{USHR-92} Hearing before the House Judiciary Subcommittee
on Economic and Commercial Law, May 7, 1992, Washington, DC.


\bibitem[Walk]{Walk} Walker, S., 1993, Testimony for Subcommitte on Economic
Policy, Trade and Environment, Committee on Foreign Affairs, U.S. House of
Representatives, October 12, 1993, Washington, DC.


\bibitem[Wie]{Wie} Wiener, M., 1993, ``Efficient DES Key Search,''
presentation at Rump Session of Crypto (August, 1993), Santa Barbara, CA.
Available as TR-244, School of Computer Science, Carleton University,
Ottawa, Canada, May 1994.


\end{thebibliography}




\addtocontents{toc}{Bibliography}{}
\end{document}