Interesting People mailing list archives
tex version of USACM Crypto report. Note The IEEE US Activities committee also took a position. Sorr
From: David Farber <>
Date: Mon, 4 Jul 1994 14:58:09 -0400
enterprises and beginning the internationalization of business that has become the byword of the present decade. It transformed warfare, giving generals the ability to control large theaters of battle and admirals the ability to control fleets scattered across oceans. So great was this impact that the interception and analysis of enemy communications had become an indispensable component of intelligence by the time of World War I. The organizations that resulted have grown steadily throughout the century, providing governments with information about the political, commercial, and military activities of friends and foes alike. \begin{center} Communications Intelligence \end{center} \noindent Communications intelligence is a complex art, and the sheer volume of modern communications makes intelligence a constant struggle against limited resources. Networks must be mapped. Intercept facilities must be established. The most important channels must be targeted. And just the right messages must be selected from the flood of traffic that passes through the channels. It is only at this point that the familiar part of the process begins: messages must frequently be stripped of their protective encryption before intelligence evaluation can begin. Those who think about the vulnerabilities of communications from the viewpoint of security frequently regard cryptography as the only substantial barrier to communications intelligence. In fact, the process of communications intelligence is fragile; anything that complicates the targeting of messages can diminish its effectiveness dramatically. An opponent who becomes aware of the degree to which his or her communications are being exploited (or worse, learns how the exploitation is being done) may make changes that render the process far more difficult and destroy years of intelligence effort. As a result, the field is characterized by secrecy even greater than that surrounding nuclear weapons.\footnotemark The growth of communications intelligence has been accompanied by a similar growth in techniques for protecting communications, particularly cryptography. What is not widely appreciated, however, is that despite the remarkable developments of cryptography, the communications intelligence products are now better than ever. In the recent past, there has been a migration of communications from more secure media such as wirelines or physical shipment to microwave and satellite channels; this migration has far outstripped the application of any protective measures. Consequently, communications intelligence is so valuable that protecting its flow by keeping secret both the intelligence technology itself and techniques for protecting communications is an important objective of U.S. national security policy. \begin{center} Communications Security \end{center} \noindent The United States may be the greatest beneficiary of communications intelligence in the world today, but it is also its greatest potential prey. Perhaps no country is more dependent on electronic communications or has more to lose from the subversion of its commerce, its money, or its civic functions by electronic intruders. The protection of American communications against both spying and disruption is therefore vital to the security of the country. It is a major objective of U.S. national security policy. The two objectives are hardly in harmony. Protecting American communications as a whole, rather than just the most sensitive government communications, requires wide deployment of cryptographic technology, whose availability to opponents could damage American intelligence capabilities. On the other hand, making such technology generally available in the United States, without making it available abroad as well, appears difficult if not impossible. The first attempts to improve overall security in American voice and data communications were undertaken in the 1970s. Encryption devices were developed for protecting telephone switching information [Myer] and both analog [Ladn] and digital [Link] telephone trunks. Microwave links in areas such as Washington, New York, and San Francisco (where Soviet diplomatic facilities had easy access to U.S. communications) were either protected by encryption or replaced by underground cables. In the most far-reaching component of this plan, a cryptographic algorithm developed at IBM and endorsed by the National Security Agency (NSA) was adopted as Federal Information Processing Standard 46 [FIPS46], the U.S. Data Encryption Standard. Several major electronics manufacturers and numerous minor ones began making DES-based equipment. For the first time, cryptographic protection of substantial quality became available in both hardware and software packages. With hindsight, the intelligence community might consider the public disclosure of the DES algorithm to have been a serious error and one that should not be repeated. DES-based equipment became available throughout the world; crytographic principles revealed by studying the algorithm inspired new cryptographic designs; and DES provided a training ground for a generation of public cryptanalysts. The result was to make the task of America's intelligence agencies more difficult. This experience raised the issue that while strong cryptography is important for U.S. private interests, it should not come at the expense of American intelligence capabilities. Striking a balance between these two competing national security objectives is a daunting task that poses a serious challenge to those charged with protecting U.S. national security. \begin{center} Export Control \end{center} \noindent National security experts argue that export control is essential if the U.S. is to protect its communications without affording protection to the rest of the world. The goals of U.S. export control policy in the area of cryptography are (i) to limit foreign availability of crytographic systems of strategic capability, namely, those capable of resisting concerted cryptanalytic attack; (ii) to limit foreign availability of cryptographic systems of sufficient strength to present a serious barrier to traffic selection or the development of standards that interfere with traffic selection by making the messages in broad classes of traffic (fax, for example) difficult to distinguish; and (iii) to use the export-control process as a mechanism for keeping track of commercially produced cryptosystems, whether U.S. or foreign, that NSA may at some time be called upon to break. The second goal is perhaps less obvious than the first and third and presents an intrinsic conflict between the needs of intelligence and the needs of private users of cryptography. At present, the vast majority of the world's communications are unencrypted. This makes it feasible to sort traffic in real time and determine which messages are of interest and which are not. Even a weak cryptosystem can be a serious obstacle to traffic selection, and the rise of international encryption standards (of even moderate quality) would make the task of traffic selection immeasurably more difficult. Export control presents a conflict between the requirements of the government and the needs of users and developers of cryptography. Commercial enterprises argue that export control weakens American business and thus is not in the nation's strategic interest. The situation is not so simple. Some foreign markets of interest would not accept U.S. cryptographic exports were export controls to be lifted. For example, France does not permit the use of cryptographic products unless the algorithm has been registered with the French government. Private use of encryption technology is illegal in South Korea, Taiwan, and the People's Republic of China.\footnotemark\ For a number of markets, the fact that the U.S. government restricts export of products containing cryptography has not had any real effect on U.S. manufacturers of secure systems. \begin{center} Digital Signatures \end{center} \noindent Many commercial applications of cryptography, both domestic and international, depend not on cryptography's ability to conceal the content of communications, but on cryptography's ability to assure authenticity and integrity of the message. Digital-signature technology can therefore be applied to authenticate such transactions as electronic funds transfers without presenting a barrier to intelligence. A second element of the U.S. cryptographic program is the Digital Signature Standard [DSS] (discussed further in Chapter 6) that does not lend itself to encryption and decryption of messages. Export of equipment using DSS can be permitted without posing a threat to traditional communications intelligence, and such equipment may eventually replace DES-based equipment technology for authentication.\footnotemark \begin{center} Key Escrow \end{center} \noindent With cognizance of the conflict between national security needs and civilian requirements, Congress in 1987 placed the responsibility for civilian encryption standards with the National Institute for Standards and Technology. (See Chapter 6 for a discussion of the Computer Security Act.) As is discussed in Chapter 3, there are governmental concerns about the impact encryption may have on law enforcement. At present, the centerpiece of government plans for securing the bulk of American communications is the key-escrow initiative, a plan for a cryptographic system that can be widely deployed without providing opponents, either at home or abroad, with systems that impede American law enforcement or intelligence capabilities. The plan has two essential components. Rather than publishing a standard cryptographic algorithm, as was done with DES, the new technology will be made available only in tamper-resistant hardware. This will permit the U.S. to control distribution and hinder public study or imitation. Equally important, an alternative means of decryption in the form of an escrowed key will be available to guarantee that encrypted traffic can always be read when American interests require it. Export of key-escrow equipment will be permitted, but both the secrecy of the algorithm and the U.S. government's possession of keys are expected to dampen the enthusiasm of those who might otherwise be tempted to employ it in a manner contrary to U.S. interests. This will minimize the likelihood as well as the danger of uncontrolled foreign distribution. Authorized accessibility of the traffic will also serve the interests of such vital national security functions as domestic counterintelligence. There have been concerns that use of key-escrow technology will result in isolation of U.S. commercial interests. However, other nations are also pursuing key-escrow technology. Nations in the European Community are considering a more complex version of key escrow using multiple keys. If implemented, this would allow government interception capabilities only for communications which originate or terminate within that nation, while simultaneously protecting the communicators against interception by all other intruders.\footnotemark \begin{center} Prospects for the Future \end{center} \noindent A proper understanding of U.S. national security policy in the area of cryptography requires recognition that it is a dynamic policy formulated to deal with a dynamic problem. The growing importance of information as a commodity (entertainment, computer software, customer databases, etc.) and the worldwide expansion of radio-based mobile systems (cellular telephones and direct satellite communications) promise an enhanced flow of communications intelligence. If the most advanced cryptographic techniques are applied indiscriminately, however, the promise of improved or expanded communications intelligence will go unfulfilled. Ultimately, cryptography capable of defeating today's cryptanalysis may become widely deployed, but for national security it is a critical matter whether this happens sooner or later. Improved analytic methods, together with such technologies as field-deployable cryptanalytic equipment, improved emitter identification, and computer penetration (if legally permissible) might provide continued access. National security experts emphasize the importance of continuity in communications intelligence. Making the opening break into a protected communication system is usually far more difficult than tracking technological changes in an already penetrated one. If the fruits of communications intelligence are sacrificed to an excessive zeal for security in the private sector, it may be a long and costly task to regain them. \newpage \begin{center} Notes \end{center} {\small \begin{enumerate} \item That the security of communications intelligence exceeds that of nuclear weapons is apparent from the difference in both the clearances and the public literature. Access to most classified nuclear information requires a Department of Energy Q clearance, which lies roughly between the Department of Defense (DoD) Secret and Top Secret clearances. Access to communications intelligence requires a DoD Top Secret clearance with ``Special Intelligence'' indoctrination, a process that includes a ``lifestyle polygraph.'' Despite its secrecy, nuclear strategy and technology are the subject of an extensive academic literature. The public-policy literature on communications intelligence and its technology is by comparison nonexistent. \item Private communication with James Burrows on March 11, 1994. Burrows is Director of the National Computer and Telecommunications Laboratory at NIST. \item The International Traffic in Arms Regulations (ITAR) has jurisdiction of all software with data encryption capability EXCEPT commercial software with encryption limited to these functions: (i) decryption-only, (ii) access control and Message Authentication Code (MAC), (iii) functions restricted to protecting passwords and personal identification numbers (PIN), (iv) specifically designed and limited to the issuance of cash or traveler's checks, deposits, etc., and (v) software for personalized smart cards. Commercial software with encryption capability limited to the above functions has been transferred to Commerce's jurisdiction. Software that performs encryption functions other than those listed above is presumed to be under the jurisdiction of ITAR and the State Department. \item Burrows, telephone conversation. \end{enumerate}} \newpage \chapter{ The Privacy View : The Importance of Encryption} Of all the differences between democracies and totalitarian states, one of the most fundamental is the right to privacy. The ``right to be left alone'' is at the core of American life. Cryptography enables people to protect their communications. Civil libertarians view availability of strong cryptography as necessary to the ability to communicate privately in an electronic world. \begin{center} Attacks on Privacy \end{center} \noindent Protecting our privacy rights is a constant struggle. Businesses (including credit bureaus, insurance companies, and direct marketers) collect and maintain a vast amount of information about individuals. In order to ``protect individuals from the adverse effects of unfair information practices in the consumer-reporting industry,'' Congress in 1970 enacted the Fair Credit Reporting Act.\footnotemark\ But the proliferation of electronic databases has only exacerbated these problems. There are now over five hundred companies that buy and sell data about Americans. The public is concerned with its privacy. For example, Lotus and the Equifax credit bureau were developing a CD-ROM that would contain the names, estimated incomes, purchasing habits, and other data of 120 million Americans. Public response was thirty thousand letters against the product -- and the project was killed before it reached the marketplace [Pill, pg. 11]. Despite abuses by the private sector, civil-liberties groups view government abuse of privacy with even greater concern. The government is more powerful than the credit bureaus, insurance companies and direct marketers. In its attempt to ensure the safety of its citizens, the government can overstep boundaries of the rights of the individual. The privacy of Japanese-Americans was not respected during World War II. Although the charter of the Census Bureau states that ``in no case shall information furnished under the authority of this act be used to the detriment of the person or persons to whom such information relates,'' under Executive Order 9066, 112,000 people of Japanese ancestry were taken from their homes on the West Coast and placed in internment camps, with census data providing the information to locate them. The privacy of Martin Luther King was not respected during the 1960s; the FBI regularly taped King's conversations. The privacy of Americans was not always respected by the National Security Agency. In the report of the Church Committee, the Senate Select Committee to Study Governmental Operations with respect to Intelligence Activities, the NSA was cited for conducting surveillance of U.S. people: (i) ``From 1947 until May 1975, NSA received from international cable companies millions of cables which had been sent by American citizens in the reasonable expectation that [the contents of the cables] would be kept private,'' [USS. pg. 12]; (ii) `` ... in the 1960s NSA began adding to its watch lists ... the names of Americans suspected of involvement in civil liberties '' (pg. 104); (iii) ``Communications such as ... discussion of a peace concert; the interest of a Senator's wife in peace causes; a correspondent's report from Southeast Asia to his magazine in New York [were stored in Government files]'' (pg. 108). As a result of these illegal activities, legislation, executive orders, and regulations were instituted to eliminate future such occurrences.\footnotemark\ Civil libertarians note, however, the Church committee's finding that the ``surveillance which we investigated was not only vastly excessive in breadth \ldots but was also conducted by illegal or improper means \ldots [there was] frequent testimony that the law, and the Constitution were simply ignored'' [USS, pp. 12-13]. \begin{center} Privacy and the Government \end{center} \noindent The underlying principle behind the Bill of Rights was that the government is powerful while the individual is weak. The signers sought to protect the individual against intrusions by the state, as exemplified by the Fourth Amendment (``The right of the people to be secure in their persons, house, papers and effects against unreasonable searches and seizures shall not be violated; and no warrants shall issue but upon probable cause ...'') and the Fifth (``No person shall ... be compelled in any criminal case to be a witness against himself ...'' ). For the first seventy-five years of the American experiment, changing technologies had little impact on individuals' privacy. Records were in longhand. Distances were great. Government surveillance was accomplished no more easily in 1850 than it had been in 1776. By 1928, the situation had changed. Olmstead and other defendants were arrested and charged with violating the National Prohibition Act [Olm]. Evidence had been obtained through a phone tap placed by Federal agents who lacked a court order. The defendants pleaded they had been subjected to an ``unreasonable search and seizure.'' The Supreme Court disagreed. Justice Louis Brandeis, in a famous dissent, agreed with the defendants: \begin{quote} When the Fourth and Fifth Amendments were adopted, `the form that evil had heretofore taken' had been necessarily simple. Force and violence were then the only means known to man by which a government could directly impel self-incrimination ... Protection against such invasion of ``the sanctities of a man's home and the privacies of life'' was provided in the Fourth and Fifth Amendment by specific language ... But ``time works changes, brings into existence new conditions and purposes.'' Subtler and more far-reaching means of invading privacy have become available to the government. Discovery and invention have made it possible for the government, by means far more effective than stretching upon the rack, to obtain disclosure in court of what is whispered in the closet. Moreover, ``in the application of a Constitution, our contemplation cannot be only of what has been, but what may be.'' The progress of science in furnishing the government with means of espionage is not likely to stop with wire tapping. Ways may some day be developed by which the government, without removing papers from secret drawers, can reproduce them in court, and by which it will be enabled to expose to a jury the most intimate occurrences of the home ...
Current thread:
- tex version of USACM Crypto report. Note The IEEE US Activities committee also took a position. Sorr David Farber (Jul 04)
- <Possible follow-ups>
- tex version of USACM Crypto report. Note The IEEE US Activities committee also took a position. Sorr David Farber (Jul 04)
- tex version of USACM Crypto report. Note The IEEE US Activities committee also took a position. Sorr David Farber (Jul 04)
- tex version of USACM Crypto report. Note The IEEE US Activities committee also took a position. Sorr David Farber (Jul 04)
- tex version of USACM Crypto report. Note The IEEE US Activities committee also took a position. Sorr David Farber (Jul 04)
- tex version of USACM Crypto report. Note The IEEE US Activities committee also took a position. Sorr David Farber (Jul 04)
- tex version of USACM Crypto report. Note The IEEE US Activities committee also took a position. Sorr David Farber (Jul 04)
- tex version of USACM Crypto report. Note The IEEE US Activities committee also took a position. Sorr David Farber (Jul 04)