tex version of USACM Crypto report. Note The IEEE US Activities committee also took a position. Sorr

[David Farber <>]

enterprises and beginning the internationalization of business that
has become the byword of the present decade.  It transformed warfare,
giving generals the ability to control large theaters of battle and
admirals the ability to control fleets scattered across oceans.


So great was this impact that the interception and analysis of enemy
communications had become an indispensable component of intelligence by the
time of World War I.  The organizations that resulted have grown steadily
throughout the century, providing governments with information about the
political, commercial, and military activities of friends and foes alike.


\begin{center}


Communications Intelligence


\end{center}
\noindent Communications intelligence is a complex art, and the sheer
volume of modern communications makes intelligence a constant struggle
against limited resources.  Networks must be mapped. Intercept facilities
must be established.  The most important channels must be targeted. And
just the right messages must be selected from the flood of traffic that
passes through the channels.  It is only at this point that the familiar
part of the process begins: messages must frequently be stripped of their
protective encryption before intelligence evaluation can begin.


Those who think about the vulnerabilities of communications from the
viewpoint of security frequently regard cryptography as the only
substantial barrier to communications intelligence.  In fact, the process
of communications intelligence is fragile; anything that complicates the
targeting of messages can diminish its effectiveness dramatically.  An
opponent who becomes aware of the degree to which his or her communications
are being exploited (or worse, learns how the exploitation is being done)
may make changes that render the process far more difficult and destroy
years of intelligence effort. As a result, the field is characterized by
secrecy even greater than that surrounding nuclear weapons.\footnotemark


The growth of communications intelligence has been accompanied by a similar
growth in techniques for protecting communications, particularly
cryptography.  What is not widely appreciated, however, is that despite the
remarkable developments of cryptography, the communications intelligence
products are now better than ever. In the recent past, there has been a 
migration of communications from more secure media such as wirelines or
physical shipment to microwave and satellite channels; this migration has
far outstripped the application of any protective measures.  Consequently,
communications intelligence is so valuable that protecting its flow by
keeping secret both the intelligence technology itself and techniques for
protecting communications is an important objective of U.S. national
security policy.


\begin{center}




Communications Security


\end{center}


\noindent The United States may be the greatest beneficiary of
communications intelligence in the world today, but it is also its greatest
potential prey.  Perhaps no country is more dependent on electronic
communications or has more to lose from the subversion of its commerce, its
money, or its civic functions by electronic intruders.  The protection of
American communications against both spying and disruption is therefore
vital to the security of the country.  It is a major objective of U.S.
national security policy.


The two objectives are hardly in harmony.  Protecting American
communications as a whole, rather than just the most sensitive
government communications, requires wide deployment of cryptographic
technology, whose availability to opponents could damage American
intelligence capabilities.  On the other hand, making such technology
generally available in the United States, without making it available
abroad as well, appears difficult if not impossible.


The first attempts to improve overall security in American voice and data
communications were undertaken in the 1970s.  Encryption devices were
developed for protecting telephone switching information [Myer] and both
analog [Ladn] and digital [Link] telephone trunks.  Microwave links in
areas such as Washington, New York, and San Francisco (where Soviet
diplomatic facilities had easy access to U.S.  communications) were either
protected by encryption or replaced by underground cables.


In the most far-reaching component of this plan, a cryptographic algorithm
developed at IBM and endorsed by the National Security Agency (NSA) was
adopted as Federal Information Processing Standard 46 [FIPS46], the U.S.
Data Encryption Standard.  Several major electronics manufacturers and
numerous minor ones began making DES-based equipment. For the first time,
cryptographic protection of substantial quality became available in both
hardware and software packages.


With hindsight, the intelligence community might consider the public
disclosure of the DES algorithm to have been a serious error and one that
should not be repeated.  DES-based equipment became available throughout
the world; crytographic principles revealed by studying the algorithm
inspired new cryptographic designs; and DES provided a training ground for
a generation of public cryptanalysts.  The result was to make the task of
America's intelligence agencies more difficult.  This experience raised the
issue that while strong cryptography is important for U.S.  private
interests, it should not come at the expense of American intelligence
capabilities.  Striking a balance between these two competing national
security objectives is a daunting task that poses a serious challenge to
those charged with protecting U.S. national security.


\begin{center}


Export Control


\end{center}


\noindent National security experts argue that export control is essential
if the U.S. is to protect its communications without affording protection
to the rest of the world.  The goals of U.S. export control policy in the
area of cryptography are (i) to limit foreign availability of crytographic
systems of strategic capability, namely, those capable of resisting
concerted cryptanalytic attack; (ii) to limit foreign availability of
cryptographic systems of sufficient strength to present a serious barrier
to traffic selection or the development of standards that interfere with
traffic selection by making the messages in broad classes of traffic (fax,
for example) difficult to distinguish; and (iii) to use the export-control
process as a mechanism for keeping track of commercially produced
cryptosystems, whether U.S. or foreign, that NSA may at some time be called
upon to break.


The second goal is perhaps less obvious than the first and third and
presents an intrinsic conflict between the needs of intelligence and the
needs of private users of cryptography.  At present, the vast majority of
the world's communications are unencrypted.  This makes it feasible to
sort traffic in real time and determine which messages are of interest and
which are not.  Even a weak cryptosystem can be a serious obstacle to
traffic selection, and the rise of international encryption standards (of
even moderate quality) would make the task of traffic selection
immeasurably more difficult.


Export control presents a conflict between the requirements of the
government and the needs of users and developers of cryptography.
Commercial enterprises argue that export control weakens American business
and thus is not in the nation's strategic interest. The situation is not so
simple.  Some foreign markets of interest would not accept U.S.
cryptographic exports were export controls to be lifted.  For example,
France does not permit the use of cryptographic products unless the
algorithm has been registered with the French government.  Private use of
encryption technology is illegal in South Korea, Taiwan, and the People's
Republic of China.\footnotemark\ For a number of markets, the fact that the
U.S.  government restricts export of products containing cryptography has
not had any real effect on U.S. manufacturers of secure systems.


\begin{center}


Digital Signatures


\end{center}


\noindent Many commercial applications of cryptography, both domestic and
international, depend not on cryptography's ability to conceal the content
of communications, but on cryptography's ability to assure authenticity and
integrity of the message.  Digital-signature technology can therefore be
applied to authenticate such transactions as electronic funds transfers
without presenting a barrier to intelligence.


A second element of the U.S. cryptographic program is the Digital Signature
Standard [DSS] (discussed further in Chapter 6) that does not lend itself
to encryption and decryption of messages.  Export of equipment using DSS
can be permitted without posing a threat to traditional communications
intelligence, and such equipment may eventually replace DES-based equipment
technology for authentication.\footnotemark


\begin{center}


Key Escrow


\end{center}


\noindent With cognizance of the conflict between national security needs
and civilian requirements, Congress in 1987 placed the responsibility for
civilian encryption standards with the National Institute for Standards and
Technology. (See Chapter 6 for a discussion of the Computer Security Act.)
As is discussed in Chapter 3, there are governmental concerns about the
impact encryption may have on law enforcement. At present, the centerpiece
of government plans for securing the bulk of American communications is the
key-escrow initiative, a plan for a cryptographic system that can be widely
deployed without providing opponents, either at home or abroad, with
systems that impede American law enforcement or intelligence capabilities.


The plan has two essential components.  Rather than publishing a standard
cryptographic algorithm, as was done with DES, the new technology will be
made available only in tamper-resistant hardware.  This will permit the
U.S. to control distribution and hinder public study or imitation.
Equally important, an alternative means of decryption in the form of an
escrowed key will be available to guarantee that encrypted traffic can
always be read when American interests require it.


Export of key-escrow equipment will be permitted, but both the secrecy of
the algorithm and the U.S. government's possession of keys are expected to
dampen the enthusiasm of those who might otherwise be tempted to employ it
in a manner contrary to U.S. interests.  This will minimize the likelihood
as well as the danger of uncontrolled foreign distribution.  Authorized
accessibility of the traffic will also serve the interests of such vital
national security functions as domestic counterintelligence.


There have been concerns that use of key-escrow technology will result in
isolation of U.S. commercial interests.  However, other nations are also
pursuing key-escrow technology.  Nations in the European Community are
considering a more complex version of key escrow using multiple keys.  If
implemented, this would allow government interception capabilities only for
communications which originate or terminate within that nation, while
simultaneously protecting the communicators against interception by all
other intruders.\footnotemark


\begin{center}


Prospects for the Future


\end{center}


\noindent A proper understanding of U.S. national security policy in the
area of cryptography requires recognition that it is a dynamic policy
formulated to deal with a dynamic problem.


The growing importance of information as a commodity (entertainment,
computer software, customer databases, etc.)  and the  worldwide
expansion of radio-based mobile systems (cellular telephones and direct
satellite communications) promise an enhanced flow of communications
intelligence.  If the most advanced cryptographic techniques are applied
indiscriminately, however, the promise of improved or expanded
communications intelligence will go unfulfilled.


Ultimately, cryptography capable of defeating today's cryptanalysis may
become widely deployed, but for national security it is a critical matter
whether this happens sooner or later.  Improved analytic methods, together
with such technologies as field-deployable cryptanalytic equipment,
improved emitter identification, and computer penetration (if legally
permissible) might provide continued access.  National security
experts emphasize the importance of continuity in communications
intelligence.  Making the opening break into a protected communication
system is usually far more difficult than tracking technological changes in
an already penetrated one.  If the fruits of communications intelligence
are sacrificed to an excessive zeal for security in the private sector, it
may be a long and costly task to regain them.


\newpage
\begin{center}
Notes
\end{center}
{\small
\begin{enumerate}


\item That the security of communications intelligence exceeds
that of nuclear weapons is apparent from the difference in both the
clearances and the public literature.  Access to most classified nuclear
information requires a Department of Energy Q clearance, which lies roughly
between the Department of Defense (DoD) Secret and Top Secret clearances.
Access to communications intelligence requires a DoD Top Secret clearance
with ``Special Intelligence'' indoctrination, a process that includes a
``lifestyle polygraph.''
  
Despite its secrecy, nuclear strategy and technology are the
subject of an extensive academic literature.  The public-policy
literature on communications intelligence and its technology is
by comparison nonexistent.


\item Private communication with James Burrows on March 11,
1994.  Burrows is Director of the National Computer and Telecommunications
Laboratory at NIST.


\item The International Traffic in Arms Regulations (ITAR) has
jurisdiction of all software with data encryption capability EXCEPT
commercial software with encryption limited to these functions: (i)
decryption-only, (ii) access control and Message Authentication Code (MAC),
(iii) functions restricted to protecting passwords and personal
identification numbers (PIN), (iv) specifically designed and limited to the
issuance of cash or traveler's checks, deposits, etc., and (v) software for
personalized smart cards.


Commercial software with encryption capability limited to the above
functions has been transferred to Commerce's jurisdiction.  Software
that performs encryption functions other than those listed above is
presumed to be under the jurisdiction of ITAR and the State Department.


\item Burrows, telephone conversation.


 




\end{enumerate}}
\newpage
\chapter{           The Privacy View : The Importance of Encryption}




Of all the differences between democracies and totalitarian states, one of
the most fundamental is the right to privacy.  The ``right to be left alone''
is at the core of American life.  Cryptography enables people to protect
their communications.  Civil libertarians view availability of strong
cryptography as necessary to the ability to communicate privately in an
electronic world.
                                     
\begin{center}


Attacks on Privacy 


\end{center}


\noindent Protecting our privacy rights is a constant struggle.  Businesses
(including credit bureaus, insurance companies, and direct marketers)
collect and maintain a vast amount of information about individuals.  In
order to ``protect individuals from the adverse effects of unfair
information practices in the consumer-reporting industry,'' Congress in
1970 enacted the Fair Credit Reporting Act.\footnotemark\ But the
proliferation of electronic databases has only exacerbated these problems.


There are now over five hundred companies that buy and sell data about
Americans.  The public is concerned with its privacy.  For example, Lotus
and the Equifax credit bureau were developing a CD-ROM that would contain
the names, estimated incomes, purchasing habits, and other data of 120
million Americans.  Public response was thirty thousand letters against the
product -- and the project was killed before it reached the marketplace
[Pill, pg. 11].


Despite abuses by the private sector, civil-liberties groups view
government abuse of privacy with even greater concern.  The government is
more powerful than the credit bureaus, insurance companies and direct
marketers.  In its attempt to ensure the safety of its citizens, the
government can overstep boundaries of the rights of the individual.


The privacy of Japanese-Americans was not respected during World War II.
Although the charter of the Census Bureau states that ``in no case shall
information furnished under the authority of this act be used to the
detriment of the person or persons to whom such information relates,'' under
Executive Order 9066, 112,000 people of Japanese ancestry were taken from
their homes on the West Coast and placed in internment camps, with census
data providing the information to locate them.  The privacy of Martin
Luther King was not respected during the 1960s; the FBI
regularly taped King's conversations.  The privacy of Americans was not
always respected by the National Security Agency.  In the report of the
Church Committee, the Senate Select Committee to Study Governmental
Operations with respect to Intelligence Activities, the NSA was cited for
conducting surveillance of U.S. people: (i) ``From 1947 until May 1975, NSA
received from international cable companies millions of cables which had
been sent by American citizens in the reasonable expectation that [the
contents of the cables] would be kept private,'' [USS. pg.  12]; (ii) `` ...
in the 1960s NSA began adding to its watch lists ... the names of Americans
suspected of involvement in civil liberties '' (pg. 104); (iii)
``Communications such as ...  discussion of a peace concert; the interest of
a Senator's wife in peace causes; a correspondent's report from Southeast
Asia to his magazine in New York [were stored in Government files]'' (pg.
108). As a result of these illegal activities, legislation, executive
orders, and regulations were instituted to eliminate future such
occurrences.\footnotemark\ Civil libertarians note, however, the Church
committee's finding that the ``surveillance which we investigated was not
only vastly excessive in breadth \ldots but was also conducted by illegal
or improper means \ldots [there was] frequent testimony that the law, and
the Constitution were simply ignored'' [USS, pp. 12-13].




\begin{center}


Privacy and the Government


\end{center}


\noindent The underlying principle behind the Bill of Rights was that the
government is powerful while the individual is weak.  The signers sought to
protect the individual against intrusions by the state, as exemplified by
the Fourth Amendment (``The right of the people to be secure in their
persons, house, papers and effects against unreasonable searches and
seizures shall not be violated; and no warrants shall issue but upon
probable cause ...'')  and the Fifth (``No person shall ... be compelled in
any criminal case to be a witness against himself ...'' ).


For the first seventy-five years of the American experiment, 
changing technologies had little impact on individuals' privacy.  
Records were in longhand.  Distances were great.  Government 
surveillance was accomplished no more easily in 1850 than it had 
been in 1776.  By 1928, the situation had changed.


Olmstead and other defendants were arrested and charged with violating the
National Prohibition Act [Olm].  Evidence had been obtained through a phone
tap placed by Federal agents who lacked a court order.  The defendants
pleaded they had been subjected to an ``unreasonable search and seizure.''
The Supreme Court disagreed.  Justice Louis Brandeis, in a famous dissent,
agreed with the defendants:


\begin{quote}
           When the Fourth and Fifth Amendments were adopted,  `the form 
           that evil had heretofore taken' had been necessarily simple.
           Force and violence were then the only means known to man by 
           which a government could directly impel self-incrimination ...
           Protection against such invasion of ``the sanctities of a man's
           home and the privacies of life'' was provided in the Fourth and 
           Fifth Amendment by specific language ... But ``time works 
           changes, brings into existence new conditions  and purposes.''
           Subtler and more far-reaching means of invading privacy have 
           become available to the government.  Discovery and invention 
           have made it possible for the government, by means far more 
           effective than stretching upon the rack, to obtain disclosure 
           in court of what is whispered in the closet.


           Moreover, ``in the application of a Constitution, our
           contemplation cannot be only of what has been, but what may be.''
           The progress of science in furnishing the government with means 
           of espionage is not likely to stop with wire tapping. Ways may 
           some day be developed by which the government, without removing 
           papers from secret drawers, can reproduce them in court, and by 
           which it will be enabled to expose to a jury the most intimate
           occurrences of the home ...