[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Banks and Crypto - Again




I apologize for the earlier transmission error/offense.
Our server has been down intermittently so I have not received
many flames yet.  The meeting mentioned has already taken place
resulting in significant progress toward our goals.
The server is now up.  Flame away my friends.
                                                ...kawika...
******************************************************************

CONTACT:  Sonia Barbara                         FOR IMMEDIATE
RELEASE
              (202) 663-5469                                                              
(1995)

ABA REAFFIRMS SUPPORT FOR PRIVATE-SECTOR CONTROL 
OF CRYPTOGRAPHY

Association Recommends a 10-year Extension for the Data
Encryption Standard

     WASHINGTON, July 21 -- The Data Encryption Standard (DES)
should be recertified for at least 10 more years to allow
interested financial institutions adequate time to convert to any
new cryptography standard, the American Bankers Association said
in a policy statement issued today.
     Encryption is the process whereby sensitive data
communications, such as wire transfers, credit card and automated
teller machine transactions, are protected by secret codes to
protect their confidentiality.   DES, released in 1977, is the
primary method used by financial institutions to encrypt
information.
     Critics say that the longer DES is used, the more likely its
code could be broken.  While realizing this could limit its life
span as a government certified standard, ABA warned that
requiring banks to convert to a new standard by 1998 (the year
DES's certification expires) could be prohibitively costly due to
the high level of electronic funds transfers secured by DES.  ABA
therefore encouraged the National Institute for Standards
and Technology (NIST) to continue to endorse DES as a Federal
Information Processing Standard (FIPS) for use by the financial
community.
     There has been an ongoing debate regarding who should
control the development and support of private-sector computer
security standards:  the government or the private sector.  
ABA strongly recommends that the U.S. government work with the
private sector and Congress in an open forum to develop a
comprehensive policy on the commercial use of cryptography. 
     In its newly-revised policy statement on cryptography, ABA
proposed alternatives  to DES and outlined other criteria that
must be met before changes in cryptographic standards can be
accepted by the banking industry.   These criteria -- which will
be presented next week to representatives of the White House,
U.S. Department of Commerce, National Security Agency (NSA) and
federal banking agencies -- were developed following a two-day
meeting held in June of bankers, vendors and crypto
experts concerned about the federal government's direction
regarding private-sector information security. 
     Specifically, ABA recommended:
     *  The financial services industry be allowed to continue to
use DES based on risk assessment (e.g. value of the transaction)
and the business application involved. 
     *  A security framework encompassing a family of
commercially available algorithms, including DES, be developed. 
This framework should include a process for negotiated algorithm
selection based on the level of risk and other business
requirements.  
     * Opposition to government mandated key management systems
for financial applications where keys would have to be stored
outside the financial institution  (e.g. key
registration/surrender or the mandatory escrow of cryptographic
keys). 
     Instead, banks should continue to be responsible for key
management and continue to cooperate with government for law
enforcement purposes, as required by law.
     * Export of cryptography for financial applications must not
be restricted.
     * Full participation of Congress and the private sector
before establishing a U.S. policy for the commercial use of
cryptography, instead of being carried out solely by Executive
Order.
     [Note:  These recommendations were summarized.  For the full
statement, please call Sonia Barbara at 202/663-5469.]
     The American Bankers Association is the only national trade
and professional association serving the entire banking
community, from small community banks to large bank holding
companies.  ABA members represent approximately 90 percent of the
commercial banking industry's total assets, and about 94 percent
of ABA members are community banks with assets less than $500
million.
                                   ###