Interesting People mailing list archives
IP: CDT analysis of the Administration proposals on Key Escrow
From: Dave Farber <farber () central cis upenn edu>
Date: Tue, 08 Oct 1996 11:50:29 -0400
----------------------------------------------------------------------------- _____ _____ _______ / ____| __ \__ __| ____ ___ ____ __ | | | | | | | | / __ \____ / (_)______ __ / __ \____ _____/ /_ | | | | | | | | / /_/ / __ \/ / / ___/ / / / / /_/ / __ \/ ___/ __/ | |____| |__| | | | / ____/ /_/ / / / /__/ /_/ / / ____/ /_/ (__ ) /_ \_____|_____/ |_| /_/ \____/_/_/\___/\__, / /_/ \____/____/\__/ The Center for Democracy and Technology /____/ Volume 2, Number 35 ---------------------------------------------------------------------------- A briefing on public policy issues affecting civil liberties online ---------------------------------------------------------------------------- CDT POLICY POST Volume 2, Number 35 October 3, 1996 CONTENTS: (1) Latest Administration Crypto Policy Continues Push Towards Key Escrow (2) Analysis of the Administration's Next Step: Short-Term Export Relief to Compel Long-Term Key Escrow (3) How to Subscribe/Unsubscribe to the Policy Post list (4) About CDT, contacting us ** This document may be redistributed freely with this banner intact ** Excerpts may be re-posted with permission of <editor () cdt org> ** This document looks best when viewed in COURIER font ** ----------------------------------------------------------------------------- (1) LATEST ADMINISTRATION CRYPTO POLICY CONTINUES PUSH TOWARDS KEY ESCROW This week the Administration announced the latest in a series of encryption policies designed to promote the use of key escrow systems, both domestically and abroad. This latest initiative continues the drive towards a global guarantee of law enforcement access to all encrypted communications and stored data. CDT believes that such governmental access systems -- whether through "key escrow" or "key recovery" -- threaten the fundamental privacy rights of computer users, both domestically and abroad. The latest Administration proposal would promote key escrow by temporarily easing current export restrictions on moderately strong encryption products. The proposal would raise the current export limit from 40 bits to 56 bits for companies that agree to produce key escrow products. Companies would be required to report their progress every six months. After two years, all exportable encryption systems stronger than 40-bits would have to include key escrow. Encryption producers will be compelled to be part of this scheme in order to stay competitive, eventually producing and adopting key escrow systems which so far have been largely rejected by the public. An overview of the latest Administration policy, considered within the context of the government's relentless drive towards key escrow, is attached below. - THE UNSWERVING GOAL: GOVERNMENT ACCESS TO ALL COMMUNICATIONS AND STORED DATA The long-standing goal of every major encryption plan by the Administration has been to guarantee government access to all encrypted communications and stored data. In 1993, the Clipper Chip policy achieved access through keys held by the government. In 1995, the "Clipper II" proposal allowed export relief for commercial key escrow systems. This summer, "Clipper III" sought access to keys through the dual incentives of export controls and a new government "key management infrastructure." In each case, the ultimate goal has been a guarantee of government access to the plaintext of encrypted information. Law enforcement and national security interests have driven this process. The attempt to institutionalize key escrow worldwide is a fundamental threat to the privacy and security of Internet users both domestically and abroad. * GUARANTEED ACCESS TO INTERNET COMMUNICATIONS AND STORED DATA WOULD BE A DRAMATIC EXPANSION OF CURRENT LAW ENFORCEMENT CAPABILITIES. Guaranteed access to Internet communications and stored files is a far greater intrusion into the privacy of computer users than current wiretapping. As individuals conduct more aspects of their lives online, key escrow is tantamount to guaranteeing law enforcement access to all of our most intimate conversations, sensitive personal records, musings and thoughts in a way never available before. Within the United States, Congress and the courts have established a delicate balance in electronic surveillance between law enforcement and individual privacy rights. Key escrow destroys that balance, providing law enforcement with a comprehensive dossier of individual lives and activities. * GLOBAL KEY ESCROW ENDANGERS THE PRIVACY RIGHTS OF COMPUTER USERS COMMUNICATING IN COUNTRIES THAT HAVE NO FOURTH AMENDMENT OR OTHER PRIVACY PROTECTIONS. An international key escrow scheme will necessarily entail the escrow of key information in foreign countries, with access by foreign governments through much weaker privacy protections. Such global key escrow jeopardizes the privacy rights of any American who communicates or stores files abroad, where key information might be released with few privacy protections. Moreover, global key escrow endangers the privacy and free expression of computer users everywhere by establishing the global machinery for government surveillance without privacy protections. * THE CHOICE TO ACCEPT THE COSTS AND RISKS OF KEY ESCROW SHOULD BE MADE BY INDIVIDUAL USERS, NOT FORCED UPON THEM. Additional access points to encrypted data will create added vulnerabilities, new security problems, and additional costs. While some users may decide that the benefits of key escrow outweigh the costs, governments should not be imposing these costs and risks on users who do not want them. Individuals should be able to choose the type of encryption they want. The global adoption of government access systems has serious, negative consequences on the privacy of computer users. The recent Administration announcement is another step in that wrong direction. ----------------------------------------------------------------------- WHAT YOU CAN DO -- ADOPT YOUR LEGISLATOR As Members of Congress head home for the fall elections, they need to hear from Internet users about the importance of encryption policy reform for the future of the Net. Adopt your legislator -- tell them that the Administration's Key Escrow plan threatens the basic privacy rights of Internet users, and let us know what they say! Please take a moment to join the "Adopt Your Legislator" campaign. By taking a moment to sign up to contact your member of Congress, you can make a critical difference in the debate over privacy and security on the Internet. Details can be found at: http://www.crypto.com/ and http://www.cdt.org/crypto/ Tell them it's "My Lock, My Key!" (The Adopt Your Legislator Campaign is a joint effort organized by the Voters Telecommunications Watch (VTW), the Electronic Frontier Foundation (EFF) and the Center for Democracy and Technology (CDT)). ----------------------------------------------------------------------- (2) ANALYSIS OF THE ADMINISTRATION'S NEXT STEP: SHORT-TERM EXPORT RELIEF TO COMPEL LONG-TERM KEY ESCROW The latest Administration encryption policy, announced October 1, continues this trend towards governmental access to all encrypted information. Using a carrot-and-stick approach, the plan promises moderate, short-term export relief in return for the development and eventual adoption of key recovery systems. The Administration unveiled its encryption initiative at a White House briefing by CIA Director John Deutch, Domestic Policy Advisor to the Vice President Greg Simon, Undersecretary of Commerce William Reinsch, and high-level representatives of the Department of Justice and the Office of Management and Budget. The basic outlines of the proposal included below were culled from the Administration's statement and Tuesday's White House briefing. Major features of the new policy include: * ALLOWS EXPORT OF 56-BIT ENCRYPTION PRODUCTS FOR THE NEXT TWO YEARS, "contingent upon industry commitments to build and market future products that support key recovery." Six-month licenses for 56-bit exports would be granted and renewed for up to two years -- contingent on satisfactory progress towards key escrow. * REQUIRES KEY ESCROW CAPABILITIES AFTER TWO YEARS in all exportable products with more than 40 bits. * "ENCOURAGES" THE ADOPTION OF KEY ESCROW SYSTEMS through international agreements, standards processes, and a new key management infrastructure. * TRANSFERS JURISDICTION OVER ENCRYPTION EXPORT LICENSING TO THE DEPARTMENT OF COMMERCE, but grants the Department of Justice a formal vote in the process. The President is expected to sign an Executive Order enacting many of these changes in mid-October. Other pieces will be published as agency rules or regulations; a small part of the proposal (rules governing key holders) may require legislation. WHAT IT ALL MEANS FOR INTERNET USERS: In the short run, computer users may see more widespread availability of moderately stronger encryption products (up to 56-bit key length) if vendors choose to and are able to meet the "commitments" required under the proposal. In the longer term, however, even these moderately stronger products will only be exportable with key escrow. Ultimately, this proposal is designed to force the widespread adoption of key escrow systems, both domestically and abroad. A. EXPORT CONTROL RELIEF AS AN INCENTIVE FOR KEY ESCROW: The Administration proposal would allow for short-term export of 56-bit DES equivalent encryption products in return for commitments from exporters to develop "key recovery" systems. * Starting on Jan. 1, 1997, the Administration would begin granting six month general licenses for export of 56-bit encryption products. * Licenses would be granted "contingent on commitments from exporters to explicit benchmarks and milestones for developing and incorporating key recovery features into their products and services." * Additional six month licenses would be granted "if milestones are met." * In two years, "the export of 56-bit products that do not support key recovery will no longer be permitted." * Export of longer key lengths would continue for certain sensitive financial applications. * Export of longer key lengths may be allowed more generally once key escrow mechanisms are in place. Questions remain as to exactly what form the commitments from exporters will take, who will qualify for these relaxations, and what will happen at the end of two years to 56-bit non-escrow products in the marketplace and how they will be supported. No interoperability restrictions on products have been mentioned, and the Administration seemed to indicate that it would be willing to tolerate a greater degree of interoperability between products. WHAT EXPORT CONTROLS MEANS FOR INTERNET USERS: This Administration export control scheme coerces industry into developing key escrow systems, domestically and abroad, whether they want to or not. Since 1992, export controls have been the favorite vehicle for enforcing the adoption of such key escrow systems. The strong public desire for secure global communications has allowed government to use key escrow as a precondition for export relief. Export controls are a force for key escrow in the domestic market as well as the international market because of the need for secure international communications and the cost of producing product lines for U.S. use only. The Administration realizes this: as CIA Director Deutch stated at the White House press briefing, he was more concerned with encryption that people "buy at Sears" than about less popular strong encryption products that the Administration concedes will always be available. In addition to their impact on the market for key escrow, the proposal's export controls and key length limits themselves hurt user privacy and security. * Export controls don't make sense for a global Internet; they place business at a competitive disadvantage and prevent deployment of a secure global infrastructure. * 56-bits is not enough for many applications. CDT welcomes the Administration's recognition that 40-bit products are not strong enough, but last winter's study by a panel of encryption experts argued that DES keys can be cracked relatively quickly by well- financed groups, and that 70- to 90-bit keys are more appropriate. * Key length limits are a flawed approach because they presuppose that some entities should be able to break keys and some should not -- a solution that is unlikely to appeal to worldwide consumers of encryption. B. "KEY RECOVERY": Government access to the plaintext of encrypted data remains the centerpiece of the Administration proposal. Major features of the key escrow requirements in the latest proposal include: * Key escrow systems would rely on a trusted party to recover a user's confidentiality keys for use by law enforcement acting under "proper authority." * The trusted recovery party might in some cases be internal to the user's organization, but in all cases notice to surveillance targets that their key information had been released would be prohibited. * Access to keys internationally "would be provided in accordance with destination country policies and bilateral understandings." * The Administration will pursue legislation to govern the release of keys, provide criminal and civil penalties for unauthorized releases or theft of keys, and provide liability protection for key holders. * The Administration will continue to "encourage" the adoption of key escrow systems through it's broad efforts to promote international key escrow agreements, government key escrow purchasing standards, and the creation of a key management infrastructure. None of the officials at the White House briefing were able to give specific information about the requirements to be placed on key holders (e.g., response times, security clearances, etc.) The Administration did indicate a broader approach to allowing industry key escrow systems that more limited access to confidential information through, for example, recovery of specific plaintext or separation of key information. NOTE: KEY ESCROW V. KEY RECOVERY -- CDT recognizes that real progress has been made in the development of systems that provide access to the plaintext of encrypted data while minimizing the collection and disclosure of sensitive key information. However, from a privacy policy perspective these approaches have the same basic privacy problem: they are designed to provide law enforcement with guaranteed access to all encrypted information. WHAT "KEY RECOVERY" MEANS FOR INTERNET USERS: CDT recognizes that some companies and users may wish to use key escrow systems. The Administration's apparent recognition that these systems are best designed in the private sector is welcome. However, this policy's acknowledged desire to widely promote key escrow is dangerous and threatens the privacy of users: * Users are being pushed towards key escrow, whether they want it or not. The Administration is using the enormous pressure of export controls, competitive markets, and industry standards to force adoption of key escrow. Each user should be free to decide for themselves whether to accept the costs of key escrow. * International key escrow doesn't protect privacy in a world without a Fourth Amendment -- What legal standards apply to communications when keys are held in foreign countries? Officials have been unable to clearly explain how the privacy of computer users will be preserved. * Key escrow dramatically expands law enforcement capabilities -- Guaranteed access to encrypted information is a far greater intrusion into our lives than the delicate balance struck under U.S. privacy law. * Key escrow is unproven -- The NRC's recent study argued that a policy relying on key escrow is "not appropriate at this time" and "is likely to have a significant negative impact on the natural development of applications." * Key escrow creates new security vulnerabilities, such as the creation of large aggregations of sensitive key information, that are poorly understood. C. TRANSFER OF JURISDICTION TO THE COMMERCE DEPARTMENT: According to the White House, "after consultation with Congress, jurisdiction for commercial encryption controls will be transferred from the State Department to the Commerce Department." * Encryption licenses will be reviewed under the Commerce Department's "normal process" by a committee with representatives from the Departments of Commerce, State, Defense, Energy, and for encryption exports, Justice. * The Justice Department will have a single vote in the review committee, which will make its decisions by majority rule. * The State Department will only have jurisdiction over special, single customer, military-specific encryption products. WHAT TRANSFERRING JURISDICTION MEANS FOR INTERNET USERS: While the switch to Commerce has been perceived as helpful by some, CDT believes the benefits are unclear if fundamental policy remains unchanged. The switch to Commerce will have little impact on the underlying policy direction aimed at institutionalizing key escrow. Moreover, the Commerce Department's review committee is heavily weighted towards the law enforcement and national security perspective (State, Defense, Justice, and Energy), with the Commerce Department the lone representative of industry and consumer interests. Finally, the presence of domestic law enforcement in export control decisions raises serious questions about the ultimate goal of this policy. IV. CONCLUSION The Administration's latest encryption proposal remains wedded to a flawed, key escrow and export control oriented approach that does not address the privacy concerns of users. While it contains some welcome ideas, at its heart the Administration proposal uses the short-term easing of export controls to promote key escrow through a Faustian bargain with an industry desperate to produce strong security products. Such manipulation of the market for encryption products is designed to forward law enforcement's dangerous agenda of worldwide governmental access to all encrypted information. The march towards institutionalized key escrow is a real threat to the privacy of computer users, particularly in a world where not everyone has a Fourth Amendment. The United States should be a force for Internet privacy and security worldwide. Rather than forcing key escrow on a wary public, the Administration should look to work with Congress, privacy and Internet advocates, the user community, and industry to craft a truly voluntary policy that meets the privacy and security needs of computer users in the global Information Age. -----------------------------------------------------------------------
Current thread:
- IP: CDT analysis of the Administration proposals on Key Escrow Dave Farber (Oct 08)