Interesting People mailing list archives
IP: NRC's CRISIS report: Chairman's opening statement
From: Dave Farber <farber () central cis upenn edu>
Date: Thu, 30 May 1996 18:52:58 -0400
OPENING STATEMENT KENNETH DAM Max Pam Professor of American and Foreign Law University of Chicago Law School and Chair, Committee to Study National Cryptography Policy News Conference on Cryptography's Role in Securing the Information Society National Press Club Washington, D.C. May 30, 1996 *** Good morning. In this age of telecommunications and lightning-speed advances in computing, keeping private information private gets tougher all the time. Without proper safeguards, personal financial transactions, medical records, corporate secrets such as bidding information and proprietary research reports may be compromised by criminals and corporate spies. Without proper safeguards, crucial information systems such as those of the banking system and the public switched telecommunications network may be vulnerable to intrusion by terrorists, curious computer hackers, and unfriendly foreign governments. One of the best ways to protect electronic information is through encryption, which is the use of mathematical formulas to scramble information into digital codes. Once of concern only to spies and the military, cryptography has now become a vital tool for protecting the legitimate interests of the nation's businesses and the privacy of its citizens. This change has created a dilemma for the U.S. government because encryption also can be used in a wide range of illegitimate activities. Drug dealers, terrorists, and other criminals can use cryptography to thwart even legally authorized search and surveillance by law enforcement officials; foreign governments can encrypt information that the U.S. needs to protect its national security. Now the federal government -- which in the past has sought to restrict the spread of encryption -- must weigh the pros and cons of promoting broader use of cryptography. The National Research Council was asked by Congress to provide policy makers with guidance in making this assessment. Our study committee was made up of individuals with expertise in many relevant fields: technical expertise in computers, communications, and cryptography; policy experience in law enforcement, intelligence, civil liberties, national security, diplomacy, and international trade; business experience in telecommunications and computer hardware and software, as well as in protecting information in the for-profit and not-for-profit sectors. It was formed to examine the appropriate balance among various national security, law enforcement, business, and privacy interests. Our committee's broad conclusion is that the advantages of cryptography in safeguarding information outweigh the possible disadvantages of making apprehension and prosecution of criminals more difficult. Thus, we believe that federal policies should promote rather than discourage the use of encryption. For example, current export controls impede the use of strong encryption by U.S. firms with foreign customers and suppliers as well as reducing the availability of strong encryption domestically. The government needs to make it easier for U.S. companies operating internationally to use strong encryption, and for U.S. technology vendors to develop and sell cryptography products both in this country and abroad. Indeed, maintaining world leadership for U.S. information technology vendors is an important contribution to national security, as well as being important to the economy. Furthermore, the development of products with encryption should be driven largely by market forces rather than by government-imposed requirements or standards. There are no legal limits on the kinds of encryption that presently can be sold in the United States and we strongly endorse the idea that no law should bar the manufacture, sale, or use of any form of encryption within the United States. We do not believe that by adopting such a course the government would necessarily be choosing the interests of business and individuals over those of national security and law enforcement. We say this for two reasons. First, availability of encryption technologies will benefit law enforcement and national security. Here's how: by making economic espionage more difficult, cryptography supports law enforcement. By protecting elements of the civilian infrastructure such as banking, telecommunications, and air traffic control networks, cryptography safeguards national security. The second reason is that current national policy -- which discourages the use of cryptography despite its many valuable applications -- can at most delay encryption's spread. Already, the use of such technologies is growing, and in the long run, we believe widespread non-governmental use of cryptography in the United States and abroad is inevitable. The government should recognize this changing reality and help law enforcement and national security authorities develop the new technical capabilities they will need to conduct investigations and surveillance in a world in which information will be more protected and even unencrypted communications will be harder to read. Our report also urges that the government should explore escrowed encryption rather than the aggressive promotion that is the case today. Encrypted information is unintelligible to anyone lacking the keys to unlock the digital code. In escrowed encryption, the decoding key would be held by a trusted third-party organization or institution. This is attractive to law enforcement agencies because with a court order, they could obtain the key and unlock even the most unbreakable code. However, escrowed encryption is relatively untried and many unresolved issues remain, ranging from the liability of these third parties to the magnitude of the risk incurred by companies trusting these third parties with the keys to their sensitive business plans and trade secrets. Rather than aggressively promoting escrowed encryption, our committee believes that the government should explore escrowed encryption for its own purposes as a way of gaining operational experience with this technology and making it more useful to the commercial sector. Even when that occurs, we say that adoption of escrowed encryption or of any other specific technology or standard by the commercial sector should be voluntary and based on business needs, not government pressure. To make it easier for U.S. companies with foreign customers and suppliers to protect their information with the best encryption technologies, the committee believes that export controls should be progressively relaxed, though not eliminated. Right now federal law makes it hard to export strong encryption technology. This helps protect the government's ability to gather foreign intelligence. However, it also makes it more difficult for U.S. technology vendors to produce and sell cryptography products both here and overseas, and it limits what's available here because software companies are reluctant to develop different products for U.S. and foreign markets. And we call on the executive and legislative branches to develop national cryptography policy on the basis of open public discussion. In the past, government officials have treated many aspects of cryptography policy as "top secret," to be discussed only behind closed doors. This has led to considerable public distrust and resistance, which makes it impossible to achieve consensus. In our report we point to a number of specific areas such as telecommunications and banking where the government should actively promote the adoption of encryption. For example, the privacy of the cellular phone and the security of the nation's telecommunications networks should be enhanced through the use of cryptography. In the case of the cellular phone many people have at home, the digital signals sent between the cell phone and the cell's ground station could be encrypted. This would prevent eavesdroppers from listening in on conversations. Overall, we believe that adoption of our recommendations would lead to enhanced protection and privacy for individuals and businesses in a many areas, while also bolstering the international competitiveness of U.S. companies. My colleagues and I will now entertain questions from the media. Before asking a question, please step to an aisle microphone and state your name and affiliation.
Current thread:
- IP: NRC's CRISIS report: Chairman's opening statement Dave Farber (May 30)