[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NSA on GAK




The opening comments here by Admiral McConnell of the NSA 
appear to
parallel the comments of Mr. Michael Nelson at the September 6 
NIST
Key Escrow meeting on the use of encryption by "spies, 
terrorists,
and criminals."


URL: http://csrc.ncsl.nist.gov/secnews/ees_q-a.txt

----------

Note:  The following answers were provided by NSA to the Senate
Subcommittee on Technology and the Law in response to their 
follow-
up questions to the May 3, 1994 hearings.

                   ---------------------------

          Senate Subcommittee on Technology and the Law
 Hearing on the Administration's Key Escrow Encryption Standard

        Written Questions for Vice Admiral McConnell, NSA

*Questions for Senator Pressler:

Q:   Admiral, as you are aware, critics of the Administration's
proposal argue that as a practical matter, no criminal, foreign
spy, or terrorist of any sophisticated would be foolish enough 
to
use an encryption device designed by the NSA and approved by 
the
FBI.

How do you respond? Why do[n't you] think the people whose
telecommunications the NSA and the FBI want most to decode will 
be
the very people most unlikely to use this technology?

Answer:   From what we know today, the overriding requirement 
that
spies, terrorist, and criminals have is for readily available 
and
easy to use equipment that interoperates.  Key escrow 
encryption is
not meant to be a tool to catch criminals.  It will make 
excellent
encryption available to legitimate businesses and private 
citizens
without allowing criminals to use the telecommunications system 
to
plan and commit crimes with impunity.  We believe it would be
irresponsible for government to make excellent encryption 
broadly
available knowing that its use by criminals would make it
impossible for law enforcement agencies to conduct lawful 
wiretaps
against them.

The Department of Justice credits information gleaned through
wiretaps as leading to more than 20,000 felony convictions 
since
the early 1980s.  This would not have been possible if the
criminals had been using encryption systems the FBI could not
break.

Without government action, however, this fortunate situation
will change.  At present most people, and most criminals, don't 
use
encryption.  However, there is an increasing public awareness 
of
the value of encryption for protecting private personal and
business communications.  Increasing demand for encryption by 
the
public will likely lead to the widespread use of some form of
standardized encryption on the public telecommunications 
network.

This development would have great benefits for the country.
Legitimate businesses an private individuals could use the
telecommunications system secure in the knowledge that their
private information such as business records and credit card
numbers could not be intercepted by third parties.

But there is a down side.  Criminals, terrorists, and others
could also use the system to plan crimes, launder money, and 
the
like, completely secure in the knowledge that law enforcement
agencies could not listen to those communications.  Just as
legitimate businesses operate much more efficiently and 
effectively
using the telecommunications system than they could without it, 
so
will criminal enterprises be able to operate more efficiently 
and
effectively if they no longer have to avoid using the
telecommunications system.

The United States is faced with a choice.  We can sit back and
watch as the emerging national information infrastructure 
becomes
a valuable tool for criminals and terrorists to use to plan and
carry out their activities with complete security, or we can 
take
steps to maintain the current ability of government to conduct
lawful wiretaps so that prudent criminals will have to find 
other
less efficient ways to operate and foolish ones may be caught.  
Key
escrow encryption is the later option.

Q:   Would widespread use of the Skipjack algorithm harm U.S.
exports?  Do you think it is unlikely foreign businesses will
purchase American encryption technology if the U.S. Government
holds a set of the decoding keys?

     Answer:  I do not believe that widespread use of key 
escrow
encryption in the United States will harm U.S. exports.  If it 
has
any effect at all, it could increase exports somewhat.  Key 
escrow
encryption products provide another option for foreign 
purchasers
that they have not had in the past; to the extent that 
foreigners
doe purchase key escrow encryption products, it will mean an
increase in exports.  Meanwhile, U.S. exporters are free to
continue to sell the products they currently sell in foreign
markets and to seek license approvals for new products.

     It is difficult to predict the foreign market for U.S. key
escrow encryption technology.  Businesses that fear U.S. 
Government
interception of their communications presumably would avoid
products for which the U.S. Government hold keys.  However, 
there
are a number of reasons why foreign businesses might purchase 
them.
One major reason would be to communicate securely with U.S.
businesses that use them.  In addition, the superior level of
security provided by key escrow products (against all but 
lawful
U.S. Government access) may make them attractive to foreign
business that do not view U.S Government access as a major 
concern.
While some prospective users abroad may steer clear of key 
escrow
products because the United States will retain access, there 
may be
many who believe they are unlikely to be targeted by U.S.
intelligence in any case or for whom the superior security 
offered
by key escrow encryption products against threats of greater
concern may make key escrow products an attractive option.  For
example, a distributor of pay-TV programming may depend on
encryption to ensure that only those viewers who pay for the
service can decrypt the TV signal.  Such a distributor probably
would not be concerned about the threat of access by the United
States Government, and might favor suitable key escrow 
encryption
products over competing products that use weaker encryption
algorithms.

Q:   You were present when the previous panelist, Stephen 
Walker,
described how present U.S. laws prohibit his company from 
exporting
encryption products.  As I understand it, Senator Murray's bill
S.1846, attempts to relax these export controls somewhat.

Please give us your views on this legislation.

     Answer:  I support the Administration's position, as 
announced
by the White House on February 4, that current export controls 
must
remain in place and that regulatory changes should be 
implemented
to speed exports and reduce the licensing burden on exporters.  
The
bill you reference appears to be inconsistent with the
Administration position.  I would be happy to provide you 
further
information on the Administration's reasons for maintaining the
current export controls in an appropriate setting.

*Questions from Senator Murray:

Q:    In my office in the Hart building this February, I 
downloaded
from the Internet an Austrian program that uses DES encryption.
This was on a laptop computer, using a modem over a phone line.
The Software Publishers' Association says there are at least 
120
DES or comparable programs world wide.  However, U.S. export
control laws prohibit American exporters from selling 
comparable
DES programs abroad.

With at least 20 million people hooked up to the
Internet, how do U.S. export controls actually prevent 
criminals,
terrorists, or whoever from obtaining DES encryption software?

     Answer:  Serious users of encryption do not entrust their
security to software distributed via networks o bulletin 
boards.
There is simply too much risk that viruses, Trojan Horses,
programming errors, and other security flaws may exist in such
software which could not be detected by the user.  Serious 
users of
encryption, those who depend on encryption to protect valuable 
data
and cannot afford to take such chances, instead turn to other
sources in which they can have greater confidence.  Such 
serious
users include not only entitles which may threaten U.S. 
national
security interests, but also businesses and other major 
consumers
of encryption products.  Encryption software distribution via
Internet, bulletin board, or modem does not undermine the
effectiveness of encryption export controls.   

[Primary written questions for Admiral McConnell]

1.   The Defense Authorization Bill for Fiscal Year 1994 has
authorized $800,000 to be spent by the National Research 
Council of
the National Academy of Sciences to conduct a study of federal
encryption policy.  Can we wait to implement the key escrow
encryption program until we have the benefit of the NRC's 
study?
Do you think this study is necessary?  Should this study be
expedited?

     Answer:  We do not believe that we can wait until after 
the
NRC study is completed in 1996 to begin implementation of the 
key
escrow initiative.  The information technology industry is 
dynamic
and fast-moving, and to wait another two years or more would, 
we
believe, jeopardize the success of the initiative.  Industry 
demand
for encryption products is growing, and the technology is 
available
now to meet that demand with encryption products that provide 
an
outstanding level of security to the user conduct lawful 
wiretaps.
To wait for the completion of the NRC study to other encryption
products which would defeat lawful wiretaps.  We believe that 
such
a delay would not be in the best interest of the American 
people.

Neither do we believe that the study should be expedited.  For
our part, we will carefully consider the conclusions of the NRC
study.  We expect that it will give very careful consideration 
to
the issues, and we would not want the pressure of an 
unnecessarily
short deadline to limit the study group's ability to produce 
the
best report possible.

2.   The Administration has said that it is continuing to 
restrict
export of the most sophisticated encryption devices, in part,
"because of the concerns of our allies who fear that strong
encryption technology would inhibit their law enforcement
capabilities."  Do we really need to help our allies by 
prohibiting
the export of strong American encryption products, since those 
same
countries can simply control the encryption bought within their
borders?

     Answer:  Exports of encryption products are subject to 
review
primarily to protect U.S. national interests, including 
national
security, law enforcement, foreign policy, and other important
interests.  The law enforcement concerns of our allies are a
consideration, especially as the ability of our allies to 
combat
terrorism, drug trafficking, and other international law
enforcement problems can have direct benefits to the United 
States.
However, foreign law enforcement concerns do not drive our 
export
control policy.  We would continue to review encryption exports 
to
protect U.S. national interests even if foreign law enforcement
concerns disappeared.

3.   Do you know whether foreign governments would be 
interested in
importing key escrow encryption products to which they hold the
decoding keys?

     Answer:  Several foreign governments have expressed 
interest
in key escrow encryption technology due to their own law
enforcement concerns.  There have been some preliminary
discussions, but issues such as who would hold the escrowed 
keys
and the circumstances of government access to escrowed keys 
must be
fully vetted.

4.   The Government wants the key escrow encryption standard to
become the de facto industry standard in the United States.  
Would
the Government abandon the Clipper Chip program if it is shown 
to
be unsuccessful beyond government use?

     Answer:  We do not expect the program to be unsuccessful
beyond government.  We have developed a sound security product 
that
we expect will find many uses in government information systems 
and
further believe that government use will bring with it a 
commercial
market, particularly in the defense sector.  We have developed 
a
sound security product that we expect will find many uses in
government information systems regardless of its success in
commercial markets.

5.   Openly available devices, such as Intel-compatible
microprocessors, have seen dramatic gains, but only because
everyone was free to try to build a better version.  Given the
restrictions on who can build devices with the classified 
skipjack
algorithm, how will key escrow chips keep up with advances in
semiconductor speed, power, capacity and integration?

     Answer:  Despite the requirements that a firm must meet to
produce key escrow encryption chips, we expect that there will 
be
a number of manufacturers competing against each other to 
produce
the best product, and that such competition will drive them to 
keep
up with the latest technological advances.  It is worth noting 
that
only a few companies can produce the sophisticated 
microprocessors
you reference, yet the competition in that market has driven 
them
to achieve remarkable advances in that technology.  NSA's 
STU-III
secure telephone program provides an example of a cryptographic
product line that keeps pace with technology.

The presence of a classified algorithm does not preclude
keeping pace with technology.  Through NSA's use of a 
competitive,
multi-vendor approach, STU-III secure telephone products have
continued to evolve in response to user requirements and
technological advances despite their use of a classified 
encryption
algorithm and the consequent need for security restrictions on 
the
manufacturers.

6.   How well does the Skipjack algorithm work on
telecommunications operating at very high speeds.  Is NSA 
working
on another algorithm, called BATON, that could be used in high
speeds with a key escrow system?  Will Capstone be compatible 
with
BATON?

     Answer:  Using currently available microelectronics 
technology
the SKIPJACK algorithm could not be used for encryption at very
high speeds.  BATON is the name of an algorithm developed by 
NSA
that could be used at higher rates of speed.  We have no plans 
to
develop key escrow encryption devices using BATON, however.
Instead, we are considering another algorithm for use at high
speeds with a key escrow system.

A high-speed key escrow device based on an algorithm other
than SKIPJACK would not be "compatible with Capstone" in the 
sense
that traffic encrypted by such a device could not be decrypted 
by
Capstone, and vice versa.  However, since such a device would 
be
used for much higher-speed applications than those for which
Capstone was designed, there would be no need for it to be
compatible with Capstone in that sense.

7.   Can Capstone be used to encrypt video programming?  If so,
have cable companies been approached by any government agency 
to
use Capstone to scramble or encrypt cable program?

     Answer:  Capstone could be used to encrypt any digital 
signal,
including video programming, operating at up to about 10 
million
bits per second.  It could be used for encrypting individual 
video
channels but not for bulk encryption of many channels 
multiplexed
together in a single link.  NSA is not aware of any government
agency approaching cable companies to urge the use of Capstone.
Two manufacturers have asked us about the suitability of key 
escrow
devices for this purpose, however.

8.   Encryption software is available that can be used with 
Clipper
to encypt a message before after it has been encrypted with
Clipper.  This "double encrypting" risks bypassing the key 
escrow
feature.  If a sender first encrypts the message with software
using DES, and then transmits the message "double encrypted" 
with
Clipper, can tell you from looking at the cipher, or encrypted
text, that the underlying message was encrypted?

     Answer:  The only way to tell that a message has been 
"double
encrypted" in this way would be to decrypt the "outer layer" of
encryption, i.e. that done with Clipper.  Only then would one 
be
able to tell that the message had first been encrypted with
something else.
 
----------