[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
clipper_q-and-a.txt (fwd)
Forwarded message:
From postmaster Fri Feb 4 17:49:33 1994
Date: Fri, 4 Feb 1994 17:47:38 -0500
From: Dan Brown <brown>
Message-Id: <[email protected]>
To: eff-board, eff-staff
Subject: clipper_q-and-a.txt
>From the White House
*****************************************************************
Embargoed until 3:00 p.m. EST Feb. 4, 1994
QUESTIONS AND ANSWERS ABOUT THE
CLINTON ADMINISTRATION'S ENCRYPTION POLICY
Q. What were the findings of the encryption technology review?
A. The review confirmed that sound encryption technology is
needed to help ensure that digital information in both computer
and telecommunications systems is protected against unauthorized
disclosure or tampering. It also verified the importance of
preserving the ability of law enforcement to understand encrypted
communications when conducting authorized wiretaps. Key escrow
technology meets these objectives.
Specific decisions were made to enable federal agencies and the
private sector to use the key escrow technology on a voluntary
basis and to allow the export of key escrow encryption products.
In addition, the Department of State will streamline export
licensing procedures for products that can be exported under
current regulations in order to help U.S. companies to sell their
products abroad.
To meet the critical need for ways to verify the author and sender
of an electronic message -- something that is crucial to business
applications for the National Information Infrastructure -- the
federal government is committed to ensuring the availability of a
royalty-free, public-domain Digital Signature Standard.
Finally, an interagency working group has been established to
continue to address these issues and to maintain a dialogue with
industry and public interest groups.
Q. Who has been consulted during this review? The Congress?
Industry? What mechanism is there for continuing consultation?
A. Following the President's directive announced on April 16,
1993, extensive discussions have been held with Congress,
industry, and privacy rights groups on encryption issues. Formal
public comment was solicited on the Escrowed Encryption Standard
and on a wide variety of issues related to the review through the
Computer System Security and Privacy Advisory Board.
The White House Office of Science and Technology Policy and the
National Security Council will chair the interagency working
group. The group will seek input from the private sector both
informally and through several existing advisory committees. It
also will work closely with the Information Policy Committee of
the Information Infrastructure Task Force, which is responsible
for coordinating Administration telecommunications and information
policy.
Q. If national security and law enforcement interests require
continued export controls of encryption, what specific benefits
can U.S. encryption manufacturers expect?
A. The reforms will simplify encryption product export licensing
and speed the review of encryption product exports. Among other
benefits, manufacturers should see expedited delivery of products,
reduced shipping and reporting costs, and fewer individual license
requests -- especially for small businesses that cannot afford
international distributors. A personal exemption for business
travellers using encryption products will eliminate delays and
inconvenience when they want to take encryption products out of
the U.S. temporarily.
Q. Why is the key escrow standard being adopted?
A. The key escrow mechanism will provide Americans and
government agencies with encryption products that are more secure,
more convenient, and less expensive than others readily available
today -- while at the same time meeting the legitimate needs of
law enforcement.
Q. Will the standard be mandatory?
A. No. The Administration has repeatedly stressed that the key
escrow technology, and this standard, is for voluntary use by
federal and other government agencies and by the private sector.
The standard that is being issued only applies to federal agencies
-- and it is voluntary.
Does this approach expand the authority of government agencies to
listen in on phone conversations?
No Key escrow technology provides government agencies with no
[sic] new authorities to access the content of the private
conversations of Americans.
Q. Will the devices be exportable? Will other devices that use
the government hardware?
A. Yes. After an initial review of the product, the State
Department will permit the export of devices incorporating key
escrow technology to most end users. One of the attractions of
this technology is the protection it can give to U.S. companies
operating at home and abroad.
Q. Suppose a law enforcement agency is conducting a wiretap on a
drug smuggling ring and intercepts a conversation encrypted using
the device. What would they have to do to decipher the message?
A. They would have to obtain legal authorization, normally a
court order, to do the wiretap in the first place. They would then
present documentation, including a certification of this
authorization, to the two entities responsible for safeguarding
the keys. (The key is split into component parts, which are stored
separately in order to ensure the security of the key escrow
system.) They then obtain the components for the keys for the
device being used by the drug smugglers. The components are then
combined and the message can be read.
Q. Who will hold the escrowed keys?
A. The Attorney General has selected two U.S. agencies to hold
the escrowed key components: the Treasury Department's Automated
Systems Division and the Commerce Department's National Institute
of Standards and Technology.
Q. How strong is the security in the device? How can I be sure
how strong the security is?
A. This system is more secure than many other voice encryption
system readily available today. While the algorithm upon which the
Escrowed Encryption Standard is based will remain classified to
protect the security of the system, an independent panel of
cryptography experts found that the algorithm provides significant
protection. In fact, the panel concluded that it will be 36 years
until the cost of breaking the algorithm will be equal to the cost
of breaking the current Data Encryption Standard now being used.
Q. Is there a "trap door" that would allow unauthorized access
to the keys?
A. No. There is no trapdoor.
Q. Whose decision was it to propose this product?
A. The National Security Council, the Justice Department, the
Commerce Department, and other key agencies were involved in this
decision. The approach has been endorsed by the President, the
Vice President, and appropriate Cabinet officials.