2008/08/02

Administration Statement on Commercial Encryption Policy

The Clinton Administration is proposing a framework that will encourage the use of strong encryption in commerce and private communications while protecting the public safety and national security. It would be developed by industry and will be available for both domestic and international use.
The framework will permit U.S. industry to take advantage of advances in technology pioneered in this country, and to compete effectively in the rapidly changing international marketplace of communications, computer networks, and software. Retaining U.S. industry's leadership in the global information technology market is of longstanding importance to the Clinton Administration.
The framework will ensure that everyone who communicates or stores information electronically can protect his or her privacy from prying eyes and ears as well as against theft of, or tampering with, their data. The framework is voluntary; any American will remain free to use any encryption system domestically.
The framework is based on a global key management infrastructure that supports digital signatures and confidentiality. Trusted private sector parties will verify digital signatures and also will hold spare keys to confidential data. Those keys could be obtained only by persons or entities that have lost the key to their own encrypted data, or by law enforcement officials acting under proper authority. It represents a flexible approach to expanding the use of strong encryption in the private sector.
This framework will encourage commerce both here and abroad. It is similar to the approach other countries are taking, and will permit nations to establish an internationally interoperable key management infrastructure with rules for access appropriate to each country's needs and consistent with law enforcement agreements. Administration officials are currently working with other nations to develop the framework for that infrastructure.
In the expectation of industry action to develop this framework internationally, and recognizing that this development will take time, the Administration intends to take action in the near term to facilitate the transition to the key management infrastructure.
The measures the Administration is considering include:
1. Liberalizing export controls for certain commercial encryption products.
2. Developing, in cooperation with industry, performance standards for key recovery systems and products that will be eligible for general export licenses, and technical standards for products the government will purchase.
3. Launching several key recovery pilot projects in cooperation with industry and involving international participation.
4. Transferring export control jurisdiction over encryption products for commercial use from the Department of State to the Department of Commerce.
Administration officials continue to discuss the details of these actions with experts from the communications equipment, computer hardware and software industries, civil liberties groups and other members of the public, to ensure that the final proposal balances industry actions towards the proposed framework, short-term liberalization initiatives, and public safety concerns.
The Administration does not support the bills pending in Congress that would decontrol the export of commercial encryption products because of their serious negative impact on national security and law enforcement. Immediate export decontrol by the U.S. could also adversely affect the security interests of our trading partners and lead them to control imports of U.S. commercial encryption products.
A Cabinet Committee continues to address the details of this proposal. The Committee intends to send detailed recommendations to the President by early September, including any recommendations for legislation and Executive Orders. The Committee comprises the Secretaries of State, Defense, Commerce and Treasury; the Attorney General; the Directors of Central Intelligence and the Federal Bureau of Investigation; and senior representatives from the Office of the Vice President, the Office of Management and Budget, and the National Economic Council.

US Cryptography Policy:
Why We Are Taking the Current Approach
July 12, 1996
We live in an age of electronic information. Information technology is transforming society, creating new businesses, new jobs and new careers. The technology also creates new opportunities for crime, and new problems in investigating and prosecuting crime. As a result, electronic information, be it corporate trade secrets, pre-release government crop statistics, or a patient's medical records, must have strong protection from uninvited modifications of disclosure. Cryptography enables that protection.
The United States is the world leader in information technology. US firms continue to dominate the US and global information systems market. Retaining this leadership is important to our economic security. The Clinton Administration, through its National Information Infrastructure initiative, has long recognized that government has an important role as a facilitator and catalyst for the industry-led transformation of the way we use computer and communications technology to work and live.
In particular, government has a strong interest in promoting the legitimate use of robust encryption to support US international competitiveness, foster global electronic commerce, prevent computer crime, and ensure that the information superhighway is a safe place to conduct one's business. At the same time, there is a growing recognition, affirmed most recently by the National Academy of Science that the use of encryption to conceal illegitimate activities "poses a problem for society as a whole, not just for law enforcement and national security." In brief, criminals can use encryption to frustrate legal wiretaps and render useless search warrants for stored electronic data. We know of no technical solution to the problems that would result from the global proliferation of strong cryptography (see box). The implications of this are no small matter.
Encrypted computer files have hampered the prosecution of child pornographers. Militia groups advise their members to use encryption to hide illicit weapons, financial, and other criminal activities. Aldrich Ames was instructed by his Soviet handlers to encrypt computer files that he passed to the Soviets. And international terrorists and drug dealers increasingly use encryption to prevent law enforcement officials from reading their voice and data transmissions. Grave crimes, such as a plot to shoot down several airliners over Chicago, have been foiled by the use of wiretaps. Had the FBI been unable to read those transmissions, however, a major tragedy might have ensued.
No restrictions apply to the US domestic use of cryptography, and the Administration has no plan to seek restrictions. Cryptography has long been controlled for export for national security reasons, so as to keep it from getting into the hands of foreign governments. But is has today become a dual-use technology, and international businesses want to use the same security products both domestically and abroad. The Administration is thus under strong pressure to provide relief from cryptography export controls.
For our cryptography policy to succeed, it must be aligned with commercial market forces and operate on an international basis. Further, it should preserve and extend the strong position that US industry enjoys in the global information systems marketplace. Accordingly, the US government is working with US industry and our international trading partners on an approach that will protect information used in legitimate activities, assure the continued safety of Americans from enemies both foreign and domestic, and preserve the ability of the US information systems industry to compete worldwide.
Key Management and Recovery
A consensus is emerging around the vision of a global cryptography system that permits the use of any encryption method the user chooses, with a stored key to unlock it when necessary. The encryption key would be provided voluntarily by a computer user to a trusted party who holds it for safe keeping. This is what many people do with their house keys -- give them to a trusted neighbor who can produce them when something unexpected goes wrong. Businesses should find this attractive because they do not want to lock up information and throw away the key or give an employee -- not the company -- control over company information. An individual might also use this service to ensure that she can retrieve information stored years ago. This will require a new infrastructure, consisting of trusted parties who have defined responsibilities to key owners. Under law, these trusted emergency key recovery organizations would also respond in a timely manner to authorized requests from law enforcement officials who required the key to decode information lawfully obtained or seized from a subject of investigation or prosecution.
The Federal government will use key recovery encryption on its own computers because it makes good management sense. It would be irresponsible for agencies to store critical records without key recovery, risking the loss of the information for programmatic use and the inability to investigate and prosecute fraud or misuse of the information.
A number of US and international companies are working with the US and other governments to create a system of trusted parties who are certified to safeguard the keys. In some cases, organizations might guard their own keys. In other cases, persons will use the key recovery services provided by third parties, one of a suite of services that will include electronic directories and electronic "notaries" in support of online commerce. Persons will be free to choose the type and strength of encryption that provide the degree of security they believe appropriate for their use. Taken together, an overall key management infrastructure is needed to make electronic commerce practical on a global scale.
Some commercial products and services which provide emergency key recovery are already available. Testing and refinement is needed before a widespread, robust infrastructure is put in place. The US government is committed to supporting the development of such a key management infrastructure through pilots and experimental trials. The State Department is expediting the review of several export license applications that test commercial key recovery on an international scale. An interagency working group is identifying several potential governmental uses of commercial cryptography - both internal transactions and in communications with the public - where key recovery can be tested. A plan outlining these government tests will be available in August. The government will be purchasing key recovery products for its own use, and will adopt a Federal standard for evaluating such products to assure agency purchasers that the key recovery features operate properly. The Department of Commerce will be establishing an industry-led advisory committee to make recommendations regarding such a standard this Summer.
While we are open to other alternatives, a key recovery system is the only approach we know of that accommodates all public safety interests. And even it is imperfect. Some people will not join voluntary systems, preferring to run the risk of losing their keys and being unable to recover their encrypted information. Although in some countries (e.g., France) mandatory key escrowing is already in effect, we are pursuing a market-driven approach in part because we hope and believe that key recovery will develop as a cost-effective service in an electronic commerce infrastructure. We are encourage in this effort by recent discussions we have had at the Organization for Economic Cooperation and Development (OECD) that are leading to international cryptography management principles which support key recovery.
Export Controls
No matter how successful we are in realizing this vision, American users of computer technology are demanding stronger encryption for international use now. Although we do not control the use of encryption within the US, we do, with some exceptions, limit the export of non-escrowed mass market encryption to products using a key length of 40 bits. (The length of the encryption key is one way of measuring the strength of an encryption product. Systems using longer keys are harder to decrypt.) US industry asserts that it is losing overseas sales to its European and Japanese competitors because it cannot include stronger cryptography as a component of its commercial software and hardware products. It warns that loss of a significant share of the world information systems market would cause serious economic damage to the US economy, and could reduce the US government's ability to influence the long term future of global cryptography. It also argues that because customers do not want to use one product in the US and a different one overseas, export controls are causing US firms to provide an unsatisfactory level of protection to their electronic information, making them vulnerable to industrial espionage by their competitors and foreign governments.
While 40 bit encryption products are still strong enough for many uses, the Administration recognizes that some export liberalization may be useful to build support for a key management regime. Accordingly, we are actively considering measures that would provide limited, temporary relief from cryptographic export controls in exchange for real, measurable commitments from industry (e.g., investments in products that support key recovery) toward the building of a key management infrastructure. The liberalization proposals under discussion, which would continue the current one-time review of products by the National Security Agency, include: permitting products using longer key lengths to be exported to specific industry sectors such as health care or insurance (similar to current policy for the financial sector); allowing export of non-escrowed products to a list of trustworthy firms beyond those sectors, with provisions for monitoring compliance to prevent product diversion to other firms; export of cryptography-ready operating systems; and, most dramatically, the transfer of jurisdiction over commercial encryption products from the State Department's munitions list to the Commerce Department's list of dual-use technologies. Our goal is to obtain commitments from industry by the Fall.
We must, however, be careful in any relaxation of controls. Other governments' law enforcement and national security needs to access material encrypted with US products could drive them to erect trade barriers by imposing import controls on strong non-escrow encryption products. In addition, we do not want to do anything that would damage our own national security or public safety by spreading unbreakable encryption, especially given the international nature of terrorism. Even 40 bit encryption, if widespread and not escrowed, defeats law enforcement.
It is for these reasons that we oppose the legislation (S.1726) introduced in this Congress by Senator Burns and co-sponsored by Senator Lott and former Senator Dole. Although it contains some provisions, such as the transfer of export control jurisdiction for commercial cryptography to the Commerce Department, with which we could agree if constructed with appropriate safeguards, the bill is unbalanced, and makes no effort to take into account the serious consequences of the proliferation it would permit.
The importance of the US information technology industry, the security stakes, and increasing Congressional interest make it clear that there is an urgent need for clear policy and direction. The Administration's proposed approach is broadly consistent with industry suggestions and conclusions reached by the National Academy of Sciences in its report. That report recognizes the need to address a complex mix of commercial and security issues in a balanced manner. We agree with that need. We also agree with the report's recommendation that export controls on encryption products need to be relaxed but not eliminated, and are actively considering ways of providing short term relief. (We do not agree with the report's recommendation that we eliminate most controls on 56-bit key length products.) Finally, we agree that key escrow is a promising but not fully tested solution, and are promoting the kinds of testing the report recommends as a way of demonstrating the solution's viability while providing stronger encryption internationally.
We will continue discussion with industry, other members of the private sector, the Congress, and governments at all levels to arrive at a solution that promotes a future of safe computing in a safe society.

Sidebar: Cracking Coded Messages
We should not underestimate how difficult is to decode encrypted electronic information. One approach advanced in the popular debate is to provide our law enforcement officials with more computing power. At first glance, this suggestion seems promising, because in theory any encrypted message can be decoded if enough computing cycles are applied. This approach fails for five reasons:
First, it relies on mathematical theory, not operational reality. Digital technology reduces voice, faxes, images, and text in any language to indistinguishable 1's and 0's. A great variety of encryption products are also available. Under ideal conditions -- if the type of communication or file, language, and encryption algorithm are known with certainty, and a short key is used to encrypt the information -- a large, specially-designed computer could decode a single message relatively quickly. But State, local, and Federal law enforcement officials do not operate in the clean confines of a high-tech computer center. They must first capture the 1's and 0's and discern what kind of encryption they have encountered.
Second, after the decoding problem is isolated, acquiring a machine to decode a message is neither quick, easy or inexpensive. Commercially available computers could not be used because they will not have sufficient capacity. It would, for example, take years for the computers used to process all social security claims, payments and earnings years to decode one message using the Data Encryption Standard (DES), a widely used system originally developed by the US government that uses a 56-bit key.
Third, this approach betrays a misunderstanding of how crimes are prevented. Used only in the most critical cases, legally authorized wiretaps provide crucial information just before a crime is to occur. Thus a near real-time ability to decode messages is needed. Days or weeks are too long to wait to find out that a terrorist attack is about to happen.
Fourth, this approach fails to acknowledge the volume of messages that could need decoding. Each wiretap results in the collection of thousands of messages relevant to the investigative purpose of the wiretap. Even under the most ideal conditions, had these messages been encrypted, the computing resources required to decrypt them quickly would simply not be available. And this example does not include the additional burden of decrypting, if possible, any digital information such as computer disks that are seized as evidence after a crime has been committed.
Finally, revealing the precise capabilities of law enforcement agencies to decode messages, as would be necessary in order to present the fruits of that work as evidence in court, could provide a tutorial to criminal elements bent on eluding law enforcement.

No comments: