[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(fwd) May 4 House Hearing on Clipper, Raymond Kammer testimony
Forwarded message:
>
> Newsgroups: talk.politics.crypto
> From: [email protected] (David Koontz )
> Subject: May 4 House Hearing on Clipper, Raymond Kammer testimony
> Message-ID: <[email protected]>
> Originator: koontzd@io
> Sender: [email protected]
> Organization: Loral Rolm Computer Systems
> Date: Thu, 5 May 1994 01:04:35 GMT
> Lines: 667
>
> Statement of
> Raymond G. Kammer
> Deputy Director, National Institute of Standards and
> Technology
> Before the
>
> Committee on the Judiciary
> U.S. Senate
>
> and
>
> House of Representatives
> Committee on Science, Space & Technology
> Subcommittee on Technology, Environment and Aviation
>
> May 3, 1994
>
>
> Introduction
>
> Good morning. My name is Raymond G. Kammer, Deputy Director of
> the Commerce Department's National Institute of Standards and
> Technology (NIST). Thank you for inviting me here today to
> testify on the Administration's key escrow encryption initiative.
> The Computer Security Act of 1987 assigns NIST responsibility for
> the development of standards for protecting unclassified
> government computer systems, except those commonly known as
> "Warner Amendment systems" (as defined in Title 10 U.S.C. 2315).
>
> In response to the topics in which the Committee expressed an
> interest, I would like to focus my remarks on the following:
>
> 1) the principal encryption policy issue confronting us,
>
> 2) the importance of encryption technology,
>
> 3) how voluntary key escrow encryption technically works
> and how it ensures privacy and confidentiality,
>
> 4) alternatives to the voluntary key escrow initiative,
>
> 5) critical components of the Administration's policy on
> encryption technology,
>
> 6) recent initiative to modify Secure Hash Standard, and
>
> 7) the effectiveness of the Computer Security Act of 1987.
>
> 1. The Principal Encryption Policy Issue
>
> First, I would like to broadly outline an important public policy
> and societal issue confronting us today regarding unclassified
> government and commercial cryptography. In developing
> cryptographic standards, one can not avoid two often competing
> interests. On the one hand are the needs of users -- corporate,
> government, and individual -- in protecting telecommunications
> transmissions of sensitive information. Cryptography can be used
> for excellent information protection. On the other hand are the
> interests of the national security and law enforcement
> communities in being able to monitor electronic communications.
> In particular, I am focusing upon their need for continued
> ability to keep our society safe from crime and our nation
> secure.
>
> Rapid advances in digital telecommunications have brought this
> issue to a head. Some experts have stated that, within ten
> years, most digital telecommunications will be encrypted. Unless
> we address this issue expeditiously, law enforcement will lose an
> important tool in fighting crime--the ability to wiretap--and the
> mission of our Intelligence Community will be made more
> difficult. The Committee is undoubtedly aware of the benefits
> such intelligence brings to the nation. This matter raises broad
> societal issues of significant importance. I have personally
> been involved in many meetings of a philosophical and wide-
> ranging nature to discuss this dilemma.
>
> Four broad conceptual alternatives emerged:
>
> Seek a legislative mandate criminalizing the use of
> unauthorized cryptography.
>
> Seek wide adoption of an encryption method with an
> unannounced "trap door." This was never seriously
> considered.
>
> Seek wide voluntary adoption of a technology
> incorporating a secure "key escrow" scheme.
>
> Allow technology to evolve without government
> intervention; in effect, do nothing.
>
> None of these options satisfies all interested parties fully. I
> doubt such a solution even exists, but the Administration has
> chosen the voluntary key escrow technology approach as the most
> desirable alternative for protecting voice communications without
> impairing the ability of law enforcement agencies to continue to
> conduct wiretaps. For data communication the long-standing Data
> Encryption Standard has recently been recertified for use.
>
> It is interesting to note that other countries have faced this
> same issue and chosen different solutions. France, for example,
> outlaws the use of unregistered cryptographic devices within its
> borders.
>
> 2. The Importance of Encryption Technology
>
> Encryption provides one of the best ways to guarantee information
> integrity and obtain cost-effective information confidentiality.
> Encryption transforms intelligible information into an
> unintelligible form. This is accomplished by using a
> mathematical algorithm and a "key" (or keys) to manipulate the
> data in a complex manner. The resulting enciphered data can then
> be transmitted without fear of disclosure, provided, of course,
> that the implementation is secure and the mathematical-based
> algorithm is sound. The original information can then be
> understood through a decryption process. As I shall discuss,
> knowledge of the particular key utilized for a particular
> encryption of information (or, in the case of asymmetric
> cryptography, knowledge of the associated key of the key pair)
> allows decryption of the information. For this reason, such keys
> are highly protected.
>
> Uses of Cryptography
>
> Encryption can be used in many applications for assuring
> integrity and confidentiality, or both. It can be used to
> protect the integrity and/or confidentiality of phone calls,
> computer files, electronic mail, electronic medical records, tax
> records, corporate proprietary data, credit records, fax
> transmissions and many other types of electronic information. It
> is expected that cryptographic technologies will be used on a
> voluntary basis in the protection of information and services
> provided via the National Information Infrastructure.
>
> Encryption used with these and other types of information
> protects the individual privacy of our citizens including, for
> example, their records and transactions with government agencies
> and financial institutions. Private sector organizations can
> also benefit from encryption by securing their product
> development and marketing plans, for example. It also can
> protect against industrial espionage by making computers more
> secure against unauthorized break-ins and, if data is encrypted,
> making it useless for those without the necessary key.
>
> The government has long used cryptography for the protection of
> its information -- from that involving highly classified defense
> and foreign relations activities to unclassified records, such as
> those protected under the Privacy Act. My point here is not to
> list all potential applications and benefits but to give you a
> feel for the innumerable applications and benefits which
> encryption, when securely implemented, can provide.
>
> Hazards of Cryptography
>
> Counterbalanced against its benefits, encryption also can present
> many substantial drawbacks -- to both the government and other
> users. First and foremost, encryption can frustrate legally
> authorized criminal investigations by the federal, state, and
> local law enforcement agencies. As their representatives can
> better explain, lawful electronic surveillance has proven to be
> of the utmost benefit in both investigating and prosecuting
> serious criminal activity, including violent crime.
> Cryptographic technologies can also seriously harm our national
> security and intelligence capabilities. As I shall discuss, the
> Administration recognizes that the consequences of wide-spread,
> high quality encryption upon law enforcement and national
> security are considerable.
>
> Encryption may also prove a potential hazard to other users, such
> as private sector firms, particularly as we move into the
> Information Age. Private firms, too, are concerned about the
> misuses of cryptography by their employees. For example, a rogue
> employee may encrypt files and offer the "key" for ransom. This
> is often referred to as the "data hostage" issue. Keys can also
> be lost or forgotten, resulting in the unavailability of data.
> Additionally, users of encryption may gain a false sense of
> security by using poorly designed or implemented encryption. To
> protect against such hazards, some corporations have expressed
> interest in a "corporate" key escrowing capability to minimize
> harm to their organizations from internal misuse of cryptography.
> As security experts point out, such a false sense of security
> can be worse than if no security measures were taken at all.
> Encryption is not a "cure-all" to all security problems.
>
> Let me now turn to the details of the Administration's key escrow
> encryption initiative.
>
> 3. Voluntary Key Escrow Encryption Initiative
>
> Goals of the Voluntary Key Escrow Encryption Initiative
>
> I will begin my remarks about the government-developed key escrow
> encryption chips (referred to as "chips" herein) by discussing
> the goals that we were trying to achieve in developing this
> technology for application to voice-grade communication.
>
> At the outset, we sought to develop a technology which provides
> very strong protection for government information requiring
> confidentiality protection. Much of the sensitive information
> which the government holds, processes, and transmits is personal
> and requires strong protection. Tax records and census data are
> two such examples. We sought nothing less than excellent
> protection for government communications. In order to allow
> agencies to easily take advantage of this technology, its
> voluntary use (in Federal Information Processing Standards (FIPS)
> 185) to protect telephone communications has been approved by the
> Secretary of Commerce.
>
> The chips implementing FIPS 185 efficiently support applications
> within the its scope. They far exceed the speed requirements of
> commercial modems existing today or envisioned for the near
> future.
>
> In addition to the need for strong information protection, the
> increasingly digitized nature of advanced telecommunications is
> expected to significantly hamper the ability of domestic law
> enforcement to carry out lawfully authorized wiretapping. Their
> problem has two dimensions.
>
> First, the design and complexity of the nation's
> telecommunications networks makes locating those communications
> which can be lawfully tapped very difficult. This is the digital
> telephony issue, which my law enforcement colleague will discuss
> today.
>
> Second, the proliferation of encryption is expected to make law
> enforcement's tasks more difficult. If a telephone conversation
> is encrypted, resources must be expended for decryption, where
> feasible. Such expenditures and technical capabilities are
> normally far outside the ability of local law enforcement
> organizations and could be quite significant at the federal
> level. In seeking to make available a strong encryption
> technology, we have sought to take in to account the needs of the
> law enforcement community. For example, one of the reasons that
> the SKIPJACK algorithm, the formula on which the key escrow chip
> is based, is being kept classified is that its release would make
> their job much harder were it to be used to hide criminal
> activity.
>
> Misconceptions Concerning the Purpose of the Voluntary Key Escrow
> Encryption Initiative
>
> A number of those opposed to this Administration initiative have
> expressed doubt about whether the key escrow encryption
> initiative can do anything to solve this nation's crime problem.
> Of course, this initiative cannot by itself do so. The basic
> intent of the program is the provision of sound security, without
> adversely affecting other government interests, including, when
> necessary, the protection of society through lawfully authorized
> electronic surveillance.
>
> The voluntary key escrow encryption initiative, first and
> foremost, was devised to provide solid, first-rate cryptographic
> security for the protection of information held by the government
> when government agencies decide such protection is needed for
> unclassified government communications -- for example, tax,
> social security and proprietary information. (The Escrowed
> Encryption Standard (FIPS 185) allows federal agencies to use
> this technology for protection of telephone communications.)
> This was done, in part, with the realization that the current
> government cryptographic technique, the Data Encryption Standard
> (which was recently re-approved) is over fifteen years old; while
> DES is still sound, its usefulness will not continue
> indefinitely. We also recognized that were we to disclose an
> even stronger algorithm (with the government's "seal of
> approval"), it could be misused to hamper lawful investigations,
> particularly electronic surveillance.
>
> In approving this initiative, we felt it important that
> protective measures be taken to prevent its misuse -- a safety
> catch, if you will. This will help assure that this powerful
> technology is not misused if adopted and used voluntarily by
> others. Our method of providing this safety mechanism relies
> upon escrowing cryptographic key components so that, if the
> technology is misused, lawful investigations will not be
> thwarted. Additionally, the algorithm (SKIPJACK) will remain
> classified so that its only uses will be consistent with our
> safety mechanism, key escrowing. I think it is fair to say that
> use of this powerful algorithm without key escrowing could pose a
> serious threat to our public safety and our national security.
>
> Key Escrow Encryption Technology
>
> The National Security Agency, in consultation with NIST and the
> federal law enforcement community, undertook to apply voluntary
> key escrow encryption technology to voice-grade communications.
> The product of this effort was announced in the April 16, 1993
> White House release concerning the key escrow encryption chip. I
> note that we have chosen to discontinue use of the term "Clipper
> Chip" to avoid potential confusion with products and services
> with similar names.
>
> The state-of-the-art microcircuit, the key escrow encryption
> chip, can be used in new, relatively inexpensive encryption
> devices that can be attached to an ordinary telephone. It
> scrambles telephone communications using an encryption algorithm
> more powerful than many in commercial use today. The SKIPJACK
> algorithm, with an 80-bit long cryptographic key,is approximately
> 16 million times stronger than DES. For the record, I will
> restate my earlier public statements that there is no trapdoor in
> the algorithm.
>
> Each key escrow encryption chip has two basic functions. The
> first is an encryption function, which is accomplished by the
> SKIPJACK algorithm, developed and rigorously tested by NSA. The
> second function is a law enforcement access method. I will
> discuss each briefly.
>
> The SKIPJACK algorithm is a symmetric algorithm (as opposed to
> "public-key" algorithms). Basically, this means that the same
> cryptographic key (the session key) is used for both encryption
> and decryption. The algorithm is so strong that the Department
> of Defense will evaluate it for use in protecting selected
> classified applications.
>
> The second basic function of the chip is the provision for law
> enforcement access under lawful authorization. To do so, each
> chip is programmed with three values: a cryptographic family
> key, a device unique key, and a serial number. (The device
> unique key is split into two key components which are then
> encrypted and are provided to the two current escrow agents, NIST
> and the Automated Systems Division of the Department of the
> Treasury, for secure storage.) These three values are used in
> conjunction with the session key (which itself encrypts the
> message) in the creation of the law enforcement access field.
> When law enforcement has obtained lawful authorization for
> electronic surveillance, the serial number can be obtained
> electronically. Law enforcement can then take the serial number
> and a certification of their legal authorization to the two
> escrow agents. (Detailed procedures for the release of these key
> components were issued by the Department of Justice in early
> February.) After these certifications are received, the
> encrypted components will be transmitted by escrow agent
> officials for combination in the decrypt-processor.
>
> After decryption of the key components within the decrypt
> processor, the two key components are then mathematically
> combined, yielding the device unique key. This key is used to
> obtain another key, the session key, which is used to decrypt and
> understand the message. This device unique key may be used by
> law enforcement only for the decryption of communications
> obtained during the applicable period of time of the lawful
> electronic surveillance authorization. It can also only be used
> to decrypt communications transmitted or received by the device
> in question.
>
> Security and Privacy Using Key Escrow Encryption
>
> When the Administration announced the voluntary key escrow
> encryption initiative, we anticipated that questions would be
> raised about the strength and integrity of the SKIPJACK
> algorithm, which is at the heart of the system. We assured the
> public that we knew of no weakness in the algorithm and that
> there was not an undisclosed point of entry, commonly referred to
> as a trapdoor. The algorithm was designed by cryptographic
> experts at the National Security Agency and withstood a rigorous
> testing and analysis process.
>
> As a further way to indicate the fundamental strength of
> SKIPJACK, we invited a group of independent experts in
> cryptography to review the algorithm, under appropriate security
> conditions, and make their results publicly known, again,
> consistent with the classified nature of the algorithm. This
> group consisted of Ernest Brickell (Sandia National
> Laboratories), Dorothy Denning (Georgetown University), Stephen
> Kent (BBN Communications Corp.), David Maher (AT&T) and Walter
> Tuchman (Amperif Corp.). These experts reported that:
>
> Under an assumption that the cost of processing power
> is halved every eighteen months, it will be 36 years
> before the cost of breaking SKIPJACK by exhaustive
> search will be equal to the cost of breaking DES today;
>
>
> and
>
> There is no significant risk that SKIPJACK can be
> broken through a shortcut method of attack.
>
> Let me also repeat the reasons why the algorithm must remain
> classified. First, we believe it would be irresponsible to
> publish the technical details. This would be tantamount to
> handing over this strong algorithm to those who may use it to
> hide criminal activity. Publishing the algorithm may also reveal
> some of the classified design techniques that NSA uses to design
> military-strength technology. It would also allow devices to be
> built without the key escrowing feature, again allowing criminals
> to take advantage of the strength of this very powerful
> technology without any safeguard for society.
>
> With regard to privacy, key escrow encryption can, of course, be
> used to protect personal information contained in telephone
> communications. Moreover, the voluntary key escrow encryption
> initiative does not expand the government's authority for the
> conduct of electronic surveillance, as my colleague from the
> Federal Bureau of Investigation will discuss. It is important to
> understand that the escrow agents will not track the devices by
> individual owners; they will simply maintain a database of chip
> ID numbers and associated chip unique key components (which
> themselves are encrypted).
>
>
> 4. Alternatives to the Voluntary Key Escrow Initiative
>
> In reaction to industry's concerns about our hardware-only
> implementation of key escrow encryption, we announced an
> opportunity for industry to work with us on developing secure
> software-based key escrow encryption. Unfortunately, initial
> industry interest was minimal; our offer, however, remains open.
> We are also willing to work on hardware alternatives to key
> escrowing as we emphasized in our recent announcements.
>
> The Administration has been seeking to meet with members of the
> computer, software, and telecommunications industries to discuss
> the importance of this matter. We are open to other approaches.
>
>
> 5. Key Government Policies on Unclassified/Commercial Encryption
>
> Encryption is an important tool to protect privacy and
> confidentiality.
>
> As I discussed earlier, encryption is powerful technology that
> can protect the confidentiality of data and the privacy of
> individuals. The government will continue to rely on this
> technology to protect its secrets as well as the personal and
> proprietary data it maintains. Use of encryption by federal
> agencies is encouraged when it cost-effectively meets their
> security requirements.
>
> No legislation restricting domestic use of cryptography.
>
> Early in the policy review process, we stated that the
> Administration would not be seeking legislation to restrict the
> use, manufacture, or sale of encryption products in the U.S.
> This was a fear that was expressed in the public comments we
> received, and one that continues, despite our repeated assertions
> to the contrary. Let me be clear - this Administration does not
> seek legislation to prohibit or in any way restrict the domestic
> use of cryptography.
>
> Export Controls on encryption are necessary but administrative
> procedures can be streamlined.
>
> Encryption use worldwide affects our national security. While
> this matter cannot be discussed in detail publicly without harm
> to this nation's intelligence sources and methods, I can point to
> the Vice President's public statement that encryption has "huge
> strategic value." The Vice President's description of the
> critical importance of encryption is important to bear in mind as
> we discuss these issues today.
>
> In recent months, the Administration has dramatically relaxed
> export controls on computer and telecommunications equipment.
> However, we have retained export controls on encryption
> technology, in both hardware and software. These controls
> strongly promote our national security. These export controls
> include mass market software implementing the Data Encryption
> Standard. The Administration determined, however, that there are
> a number of reforms the government can implement to reduce the
> burden of these controls on U.S. industry.
>
> These reforms are part of the Administration's goal to eliminate
> unnecessary controls and ensure efficient implementation of those
> controls that must remain. For example, fewer licenses will be
> required by exporters since manufacturers will be able to ship
> their approved products from the U.S. directly to customers
> within approved regions without obtaining individual licenses for
> each end user. Additionally, the State Department has set a
> license review turnaround goal of two working days for most
> applications. Moreover, the State Department will no longer
> require that U.S. citizens obtain an export license prior to
> taking encryption products out of the U.S. temporarily for their
> own personal use. Lastly, after a one-time initial technical
> review, key escrow encryption products may now be exported to
> most end users. These reforms should help to minimize the effect
> of export controls on U.S. industry.
>
> The Government requires a mechanism to deal with continuing
> encryption policy issues.
>
> In recognition of this, the Interagency Working Group on
> Encryption and Telecommunications was formed in recognition of
> the possibility that the economic significance of our current
> encryption policy could change. The Working Group has been
> assigned to monitor changes in the balance that the President has
> struck with these policy decisions and to recommend changes in
> policy as circumstances warrant. The Working Group will work
> with industry on technologies like the key escrow encryption chip
> and in the development and evaluation of possible alternatives to
> the chip.
>
> The group is co-chaired by the White House Office of Science and
> Technology Policy and the National Security Council. It includes
> representatives from all departments and agencies which
> participated in the policy review and others as appropriate, and
> keeps the Information Policy Committee of the Information
> Infrastructure Task Force apprised of its activities.
>
> Flexibility on Encryption Approaches.
>
> >From the time of the initial White House announcement of this
> technology, we have stated that this key escrow encryption
> technology provides 1) exceptionally strong protection and 2) a
> feature to protect society against those that would seek to
> misuse it. I have personally expressed our flexibility in
> seeking solutions to these difficult issues. We have offered to
> work with industry in developing alternative software and
> hardware approaches to key escrowing. We actively seek
> additional solutions to these difficult problems.
>
> We also stand willing to assist the Congressionally-directed
> study of these issues by the National Research Council.
>
> Use of EES is voluntary and limited to telephone systems.
>
> The Escrowed Encryption Standard, which was approved on February
> 3, 1994, is a voluntary standard for use both within and outside
> of the federal government. It is applicable for protecting
> telephone communications, including voice, fax and modem. No
> decisions have been made about applying key escrow encryption
> technology to computer-to-computer communications (e.g., e-mail)
> for the federal government.
>
> Government standards should not harm law enforcement/national
> security
>
> This is fairly straightforward, but can be difficult to achieve.
> In setting standards, the interests of all the components of the
> government should be taken into account. In the case of
> encryption, this means not only the user community, but also the
> law enforcement and national security communities, particularly
> since standards setting activities can have long-term impacts
> (which, unfortunately, can sometimes be hard to forecast).
>
> 6. Secure Hash Standard
>
> As the Committee may be aware, NIST has recently initiated the
> process to issue a technical modification to Federal Information
> Processing Standard 180, the Secure Hash Standard. The Secure
> Hash Standard uses a cryptographic-type algorithm to produce a
> short hash value (also known as a "representation" or "message
> digest") of a longer message or file. This hash value is
> calculated such that any change to the file or message being
> hashed, will, to a very high degree of probability, change the
> hash value. This standard can be used alone to protect the
> integrity of data files against inadvertent modification. When
> used in conjunction with a digital signature, it can be used to
> detect any unauthorized modification to data.
>
> Our intent to modify the standard was announced by NIST after the
> National Security Agency informed me that their mathematicians
> had discovered a previously unknown weakness in the algorithm.
> This meant that the standard, while still very strong, was not as
> robust as we had originally intended. This correction will
> return the standard to its intended level of strength.
>
> I think this announcement illustrates two useful issues with
> regard to cryptographic-based standards. First, developing sound
> cryptographic technology is very difficult. This is also seen
> with commercial algorithms, including those used for hashing and
> encryption. Secondly, this incident demonstrates the commitment
> of NIST, with NSA's technical assistance, to promulgating sound
> security standards. In this case, a weakness was found, and is
> being quickly corrected.
>
>
>
> 7. Effectiveness of the Computer Security Act of 1987
>
> Lastly, as requested in your invitation to appear here today, let
> me briefly address the effectiveness of the Computer Security Act
> of 1987 (P.L. 100-235). I will first briefly comment on what we
> learned about the state of computer security in the federal
> government during our agency visit process and then turn to
> cryptographic-specific issues.
> As part of our efforts to increase awareness of the need for
> computer security, during 1991-1992, officials from OMB, NIST and
> NSA visited 28 federal departments and agencies. Each visit was
> designed to increase senior managers' awareness of security
> issues and to motivate them to improve security. I believe that
> what we learned during those visits remains valid -- and
> indicates that we still need to focus on basic computer security
> issues in the government.
>
> Specifically, OMB, NIST and NSA proposed the following steps to
> improve security:
>
> Focus management attention on computer security.
> Improve planning for security.
> Update security awareness and training programs.
> Improve contingency planning and incident response
> capabilities.
> Improve communication of useful security techniques.
> Assess security vulnerabilities in emerging information
> technologies.
>
> Actions are being taken by NIST and other agencies to address
> each of these areas. The background and discussion of the need
> for these measures is discussed in the summary report prepared by
> OMB on "Observations of Agency Computer Security Practices and
> Implementation of OMB Bulletin No. 90-08" (February 1993). In
> short, the Computer Security Act provides an appropriate
> framework for agencies to continue improving the security of
> their automated systems -- but much work remains to be done, by
> NIST and individual federal agencies.
>
> One of the questions that the Committee was interested in was
> whether there is a need to modify this legislation in response to
> the same advancements in technology that led to the key escrow
> initiative and digital telephony proposal. First, I would
> observe that the Act, as a broad framework, is not tied to a
> specific technology. I think it would be unworkable if the Act
> were to address specific computer technologies, since this is a
> rapidly evolving field. Also, I would note that the Act does not
> address digital telephony concerns -- the Administration is
> proposing separate legislation in that area. In short, no
> modifications to the Act are necessary because of technology
> advances.
>
> Before leaving the subject of the Computer Security Act, however,
> let me briefly comment on the Escrowed Encryption Standard. I
> strongly believe that NIST and NSA have complied with the spirit
> and intent of the Act. At the same time, this issue underscores
> the complex issues which arise in the course of developing
> computer security standards, particularly cryptographic-based
> standards for unclassified systems.
>
> The Act, as you are aware, authorizes NIST to draw upon computer
> security guidelines developed by NSA to the extent that NIST
> determines they are consistent with the requirements for
> protecting sensitive information in federal computer systems. In
> the area of cryptography, we believe that federal agencies have
> valid requirements for access to strong encryption (and other
> cryptographic-related standards) for the protection of their
> information. We were also aware of other requirements of the law
> enforcement and national security community. Since NSA is
> considered to have the world's foremost cryptographic
> capabilities, it only makes sense (from both a technological and
> economic point of view) to draw upon their guidelines and skills
> as useful inputs to the development of standards. The use of
> NSA-designed and -tested algorithms is fully consistent with the
> Act. We also work jointly with NSA in many other areas,
> including the development of criteria for the security evaluation
> of computer systems. They have had more experience than anyone
> else in such evaluations. As in the case of cryptography, this
> is an area in which NIST can benefit from NSA's expertise.
>
> Summary
>
> Key escrow encryption can help protect proprietary information,
> protect the privacy of personal phone conversations and prevent
> unauthorized release of data transmitted telephonically. Key
> escrow encryption is available as a valuable tool for protecting
> federal agencies' critical information communicated by telephone.
> At the same time, this technology preserves the ability of
> federal, state and local law enforcement agencies to intercept
> lawfully the phone conversations of criminals.
>
> Encryption technology will play an increasingly important
> security role in future computer applications. Its use for
> security must be balanced with the need to protect all Americans
> from those who break the law.
>
> Thank you, Mr. Chairman. I would be pleased to answer your
> questions.
>
>