tex version of USACM Crypto report. Note The IEEE US Activities committee also took a position. Sorr

[David Farber <>]

\documentstyle[12pt]{report}
\begin{document}
\thispagestyle{empty}
\begin{flushleft}
{\Huge \bf  Codes, Keys and Conflicts:\\
\makebox[\textwidth]{\huge \bf \hfill Issues~in~U.S.~Crypto~Policy}\\}
\rule{5in}{.01in}
{\Large\bf Report of a Special Panel of the {\it  ACM U.S. Public Policy
Committee (USACM) June 1994}}\\
\vspace{2.0in}
{\large
\hspace*{2.94in}{\it by\ } Susan Landau\\
\hspace*{3.2in} Stephen Kent, chair\\
\hspace*{3.2in} Clint Brooks\\
\hspace*{3.2in} Scott Charney\\
\hspace*{3.2in} Dorothy Denning\\
\hspace*{3.2in} Whitfield Diffie\\
\hspace*{3.2in} Anthony Lauck\\
\hspace*{3.2in} Doug Miller\\
\hspace*{3.2in} Peter Neumann\\
\hspace*{3.2in} David Sobel\\}
\vspace{.75in}
{\Large  \bf  Association for Computing Machinery, Inc.}
\end{flushleft}


\newpage
\thispagestyle{empty}
\bigskip


\begin{center}


\Large{          The Association for Computing Machinery, Inc.\\}
\large{                     1515 Broadway\\
                  New York, NY 10036}


\end{center}


\bigskip


\noindent Copyright \copyright 1994 by the Association for Computing
Machinery, Inc.  Copying without fee is permitted provided that the copies
are not made or distributed for direct commercial advantage and credit to
the source is given.  Abstracting with credit is permitted.  To copy
otherwise, or republish, requires a fee and/or specific permission.


\bigskip


\noindent ACM ISBN: 0-89791-677-8


\bigskip


\noindent Additional print copies of this report can be ordered prepaid
from the ACM Order Department, P.O. Box 12114, Church Street Station, New
York, NY 10257; Tel: 1-800-342-6626 (U.S.A. and Canada), 1-212-626-0500
(all other countries); Fax: 1-212-944-1318; E-mail: acmhelp () acm org; Price:
\$10.00 per copy; reference ACM Order Number 207940.


\medskip


\noindent The report can also be obtained in various electronic formats
from ACM's Internet host.  Internet users can access the report through any
of the following URLs:


\begin{verbatim}


http://Info.acm.org/reports/acm_crypto_study.html
ftp://Info.acm.org/reports/acm_crypto_study/
gopher://gopher.acm.org/11[the_files.reports.acm_crypto_study]




\end{verbatim}
\newpage
\noindent{\huge \bf Contents}


\thispagestyle{empty}
\vspace*{0.6in}
{\bf
\noindent\begin{tabular}{r l @{\hfill\hspace*{0.13in}}r}
  & Executive Summary & i\\[3ex]
  & Preface & iv\\[3ex]
  & About the Authors & vii\\[3ex]
1 & Information Protection in the Information Age & 1\\[3ex]
  & Diffie-Hellman Key Exchange & 8\\[3ex]
2 & Integrating Cryptography   & 9\\[3ex]
3 & A Law Enforcement View of Encryption: The Problems  & 14\\[3ex]
4 & A National Security View of Encryption: The Complexities & 22\\[3ex]
5 & The Privacy View: The Importance of Encryption& 30\\[3ex]
6 & Cryptography in Public: A Brief History& 36\\[3ex]
  & Using Clipper & 46\\[3ex]
7 & The Government Solution: The Escrowed Encryption &\\
  & Standard& 47\\[3ex]
8 & Issues Highlighted by the Escrowed Encryption Standard & 53\\[3ex]
9 & Codes, Keys, and Conflicts: The Questions& 64\\[3ex]
  & Bibliography & 67\\
\end{tabular}}


\newpage
\pagenumbering{roman}


\begin{center}


\noindent {\Large  \bf Executive Summary}


\end{center}


\medskip


\noindent On April 16, 1993, the White House announced the Escrowed
Encryption Initiative, ``a voluntary program to improve security and
privacy of telephone communications while meeting the legitimate needs of
law enforcement.'' The initiative included a chip for encryption (Clipper),
to be incorporated into telecommunications equipment, and a scheme under
which secret encryption keys are to be escrowed with the government; keys
will be available to law enforcement officers with legal authorization.
The National Security Agency (NSA) designed the system and the underlying
cryptographic algorithm SKIPJACK, which is classified.  Despite substantial
negative comment, ten months later the National Institute of Standards and
Technology approved the Escrowed Encryption Standard (EES) as a voluntary
Federal standard for encryption of voice, fax, and computer information
transmitted over circuit-switched telephone systems.


Underlying the debate on EES are significant issues of conflicting public
needs. Every day, millions of people use telephones, fax machines, and
computer networks for interactions that were once the province of written
exchanges or face-to-face meetings.  Private citizens may want to protect
their communications from electronic eavesdroppers.  Law enforcement seeks
continuation of its legally authorized access to communications of
suspected criminals.  In order to compete in the global marketplace, U.S.
manufacturers want to include strong cryptography in their products.  Yet
national security interests dictate continued access to foreign
intelligence.  Both the EES and the controversy surrounding it are but the
latest and most visible developments of a conflict inherent in the
Information Age.


The issues EES raises are fundamental.  When the Constitutional protections
of the Bill of Rights became law in 1791, speech took place in the
streets, the market, the fields, the office, the bar room, the bedroom,
etc.  It could be used to express intimacy, conduct business, or discuss
politics. Privacy was an indispensable component of the character of many
of these conversations.  In the two hundred years since then, electronic
communications have taken the place of many of those face-to-face meetings
of two centuries ago.  The world has undergone a fundamental change in the
way it conducts its business, both personal and professional.  


The EES is primarily for use with telephones and fax machines.  The broad
public debate it has sparked is primarily, though not exclusively,
concerned with the expected extension of escrowed encryption to other forms
of electronic communications.  This debate has provided many press
clippings -- but fewer facts.  Proponents of EES argue that escrowed
encryption using a secret algorithm is a reasonable and logical way to
provide security for electronic communications without unleashing
cryptography that will thwart law enforcement and national security.
Critics of EES see the Federal program as nothing less than a large step in
the direction of Big Brother.


The fact is that the issue of cryptography is complex.  All who have
thought seriously about the issues of communications security -- from civil
libertarians to law enforcement officials to the computer industry and
national security experts -- agree that strong cryptography is necessary
for protecting the confidentiality, integrity, and authenticity of the
information infrastructure and that this protection is extremely important
for economic stability and national security.  The disagreements are
partially disputes over potential costs: What would be the cost to society
if criminals concealed their communications using codes the government
cannot decipher?  How will U.S. economic competitiveness be affected by
export controls on cryptographic systems?  It is even more a disagreement
on values: How important is protecting society from abuses by criminals and
terrorists versus protecting personal privacy from all threats -- including
potential eavesdropping by the government?


In this report, we attempt to remove the rhetoric, lay bare the
facts, and frame the issues. We examine the issues of communications
security from a variety of viewpoints: (i) we explain the technical
considerations of communications security; (ii) we consider the dual-edged
sword cryptography presents to both law enforcement and national security;
(iii) we present the history of wiretap law in the United States; and (iv)
we put the current policy on cryptography in the context of decisions over
the last twenty years.  We explain the anticipated impact of EES on the
computer and cryptography industries, on privacy, and on law enforcement
and national security, and we raise a number of questions that deserve
examination in this discussion.


We hope to have laid a foundation on which an informed public debate can
begin.  The discussion on solutions to the problems of communications
security encompasses broad issues and values, and the choices that will be
made should be made in full consideration of the facts.  President
Franklin Delano Roosevelt eloquently stated the balance that should
underlie fundamental policy decisions:


\begin{quote}
The only sure bulwark of continuing liberty is a government strong enough
to protect the interests of the people, and a people strong enough and well
enough informed to maintain its sovereign control over the
government.\footnotemark
\end{quote}


In order to determine policy for the protection of communications, the
public deserves full information on the issues.\footnotemark\ That is what
this report seeks to provide.




\vspace{4.7in}
\rule{2in}{.01in}
\begin{center}
Notes
\end{center}
{\small
\begin{enumerate}


\item Fireside Chat, April 14, 1938.


\item Note, however, that the information provided in this
report is derived from unclassified sources only.
\end{enumerate}}




\addtocontents{toc}{Executive Summary}{}
\newpage
\begin{center}


\noindent{\Large  \bf Preface}


\end{center}


\medskip


\noindent Cryptography is being debated in public -- again.  One wag claims that
every few years there is a study on cryptography and public policy, whether
it is needed or not.\footnotemark[1] \ With the increasing use of
distributed networks for computing, the emerging National Information
Infrastructure and its need for communications security, the international
availability of two strong cryptographic algorithms, DES and RSA, the
Federal ``Clipper'' Initiative, many unresolved issues have come to the
fore.  It is clear that a public debate on these issues is necessary.  This
report, by a panel convened by the Association for Computing Machinery's
U.S. Public Policy Committee (USACM), is an attempt to clarify the
technical and policy issues surrounding cryptography, so that a careful and
clear public debate may result.


This panel, which includes members of the U.S. government, attorneys, and
members of the computer industry and academia, has not come to conclusions
about the direction of cryptography in the public domain, or about the
appropriateness of the government-proferred Escrowed Encryption Standard.
While not always reaching consensus, we have attempted to present the
issues carefully and correctly, removing rhetoric and replacing it with
facts.  This report represents the work of the panel members as
individuals, and does not necessarily represent the opinions of their
organizations, nor of the ACM, which sponsored this study.  Funding was
provided in part by the National Science Foundation, under grant number
CDA-9400157.


ACM, the first society in computing (founded in 1947), is a 85,000-member
nonprofit educational and scientific society dedicated to the development
and use of information technology, and to addressing the impact information
technology has on the world's major social challenges.  The Association's
major programs and services include its scholarly journals (currently 18),
which are world-class repositories of the finest computing literature, and
Special Interest Groups (34) that specialize in providing educational
resources and help to establish the standard of excellence in specific
computing disciplines through technical conferences and newsletters.


USACM was created by ACM to provide a means for presenting and discussing
technological issues to and with U.S. policy makers and the general public.
Presentation of this information includes white papers, news releases,
journal articles, and expert testimony for Congressional hearings.  This
report is the first major undertaking of USACM.


A brief road map is in order.  Chapter 1 provides background on information
protection in the Information Age, including an explanation of the
different functions cryptography provides, and the algorithms currently
being used.  Chapter 2 describes the way cryptography secures electronic
communications, both for computers and for telephones. The description
provided in this chapter is somewhat more technical than the remaining
ones, and can be skipped by those who are less concerned with detail on the
technological issues.  Chapter 3 explains the problems of cryptography from
a law-enforcement perspective; it includes a brief history of wiretapping
in the United States.  Chapter 4 explains the dual nature of cryptography
in the context of national security.  Chapter 5 discusses the value and
importance of privacy in the United States.


Cryptography is not a new issue for the public forum, and Chapter 6
presents the policy issues, resolved and unresolved, that have been debated
over the last twenty years. Chapter 7 presents the Escrowed Encryption
Standard (EES), a cryptographic scheme in which government agencies hold
the keys.  This controversial standard, approved by the National Institute
of Standards and Technology earlier this year, is part of the reason for
the current report.  Chapter 8 discusses the issues highlighted by the EES,
including privacy concerns, export policy, interoperability issues, and the
impact of EES on the U.S.  computer industry.  Chapter 9 concludes the
report, by placing the issues in a broader context.  Notes appear on the
last page of the chapter.


\begin{center}


Acknowledgements


\end{center}


\noindent This report is the idea of Dr. Barbara Simons, chair of USACM.
Within days of the White House announcement of the Escrowed Encryption
Initiative, Dr.  Simons conceived of this panel, and it was she who
arranged a chair and initial funding from ACM.  This report would not have
occurred without her efforts.


This report benefitted from the review by members of USACM and the ACM
Committee on Computers and Public Policy. We greatly appreciate their help.


The panel would like to thank those individuals who provided guidance and
information.  These include: David Banisar, James Bidzos, Dennis Branstad,
Lewis Branscomb, James Burrows, John Cherniavsky, Geoffrey Greiveldinger,
Doris Lidtke, Alan McDonald, Douglas McIlroy, Marc Rotenberg, Herman
Schwartz, James Simons, and Barry Smith.


\vspace{4.5in}
\rule{2in}{.01in}
\begin{center}
Notes
\end{center}
{\small
\begin{enumerate}


\item Panel studies include American Council on Education,
``Report of the Public Cryptography Study Group,'' February 7, 1981; U.S.
Department of Commerce, National Telecommunications and Information
Administration, ``White Paper: Analysis of National Policy Options for
Cryptography,'' October 29, 1980; Office of Technology Assessment,
``Defending Secrets, Sharing Data, New Locks and Keys for Electronic
Information,'' 1987; Final Report of the Industry Information Security Task
Force Industry Information Protection, June 13, 1988.  There have also been
numerous studies by individuals, including several done at the Harvard
University Program on Information Resources Policy.


\end{enumerate}}
 


\addtocontents{toc}{Preface}{}
\newpage
\begin{center}


\noindent {\Large{\bf About the Authors}}


\end{center}


\medskip


\noindent Susan Landau is Research Associate Professor at the University of
Massachusetts. She works in algebraic algorithms.


\smallskip


\noindent Stephen Kent is Chief Scientist-Security Technology for Bolt Beranek and
Newman Inc.  For over 18 years, he has been an architect of computer
network security protocols and technology for use in the government and
commercial sectors.


\smallskip


\noindent Clinton C. Brooks is an Assistant to the Director of the National 
Security Agency.  He is responsible for orchestrating the Agency's 
technical support for the government's key-escrow initiative.


\smallskip


\noindent Scott Charney is Chief of the Computer Crime Unit in the Criminal
Division in the Department of Justice.  He supervises five federal
prosecutors who are responsible for implementing the Justice Department's
Computer Crime Initiative.


\smallskip


\noindent Dorothy E. Denning is Professor of Computer Science at
Georgetown University.  She is author of ``Cryptography and Data Security''
and one of the outside reviewers of the Clipper system.


\smallskip


\noindent Whitfield Diffie is Distinguished Engineer at Sun Microsystems.
He is the co-inventor of public-key cryptography, and has worked
extensively in cryptography and secure systems.


\smallskip


\noindent Anthony Lauck is a Corporate Consulting Engineer at Digital
Equipment and its lead network architect since 1978.  His contributions
span a wide range of networking and distributed-processing technologies.


\smallskip


\noindent Douglas Miller is Government Affairs Manager for the Software
Publishers Association.


\smallskip


\noindent Peter G. Neumann has been a computer professional since 1953, and
involved in computer-communication security since 1965.  He chairs the ACM
Committee on Computers and Public Policy and moderates the Risks Forum.


\smallskip


\noindent David L. Sobel is Legal Counsel to the Electronic Privacy
Information Center (EPIC).  He specializes in civil liberties, information,
and privacy law and frequently writes about these issues.


\addtocontents{toc}{About the Authors}{}
\newpage
\pagenumbering{arabic}
\chapter{                  Information Protection in the Information Age}


If this is the Information Age, how do we protect information?  Many times
a day people transmit sensitive data over insecure channels: reciting
credit card numbers over cellular phones (scanners are ubiquitous), having
private exchanges over electronic mail (Internet systems are frequently
penetrated), charging calls from airports and hotel lobbies (our Personal
Identification Numbers (PINs) easily captured). The problem is magnified at
the corporate level.  For several years in the 1970s, IBM executives
conducted thousands of phone conversations about business on the company's
private microwave network -- and those conversations were systematically
eavesdropped upon by Soviet intelligence agents [Broa].\footnotemark


IBM is not unique in having suffered from electronic eavesdroppers.  Weak
links exist throughout electronic communications, in networks and in
distributed computer systems.  An Alaskan oil company kept losing leasing
bids by small amounts to competitors. The line between a computer in the
Alaska office and one at the home base in Texas was being tapped, and a
competitor was intercepting pricing advice transmitted from the Texas
office [Park, pg.  322].


Computer systems themselves can be a weak link.  Employees at British
Airways read Virgin Atlantic Airlines' passenger records. From that
information the employees carried on systematic efforts to induce Virgin's
travelers to switch their flights to British Air [Stev].


Deceptive communications can easily undermine users' confidence in a
system. For example, a group of students at the University of Wisconsin
forged an E-mail letter of resignation from the Director of Housing to the
Chancellor of the University [Neu]. There can be denials of service because
of altered or jammed communications; ``video pirates'' have disrupted
satellite television programs a number of times [Neu].


Electronic communications are now an unavoidable component of modern life.
Every day, millions of people use telephones, fax machines, and computer
networks for interactions that were once the province of written exchanges
or face-to-face meetings.  Private citizens may want to protect their
communications from electronic eavesdroppers. Privacy is a fundamental
value of this society, reflected in the Fourth Amendment -- which provides
safeguards for the security of our ``persons, houses, papers and effects''
against intrusion by the government.


Over the past five years, thousands of mainframe computers have been
replaced by networked computing systems.  This process is accelerating, and
that change will increase the importance of secure electronic
communications. The National Information Infrastructure (NII), the
``information superhighway,'' will have an even greater effect.  Businesses
will teleconnect with customers to sell and bill.  Manufacturers will
electronically query suppliers to check product availability.  Insurance
companies, doctors, and medical centers will carry on electronic exchanges
about patient treatment.  Much of the information being sent on the NII
will be sensitive.  At the same time, most of its users will be quite
unsophisticated in the complexities of the networks they access, or in the
problems that can arise from intercepted communications.  Protecting the
confidentiality, integrity, and authenticity of the information
infrastructure is extremely important to economic stability and national
security.


\begin{center}


Cryptography as a Solution


\end{center}


\noindent How can communications security be achieved?  A very important
part of the solution is cryptography.  It has long been the military
solution to the problem of transmitting sensitive information over insecure
channels.  Cryptography can help prevent penetration from the outside. It
can protect the privacy of users of the system so that only authorized
participants can comprehend communications.  It can ensure integrity of
communications.  It can increase assurance that received messages are
genuine.