The Security Team: Mark Bayer - KSG Raghav Chandra - KSG Jaime Chambron - FAS Jamil Ghani - FAS Angelina Ornelas - KSG Nanthikesan S - KSG Alex C. Snoeren - MIT

Government's Role

The United States government is a global leader in cryptographic research and development, employing one of the largest groups of mathematicians in the world. U.S. prominence in the signals intelligence field dates to World War II, when American intelligence agents cracked Japan's military code and discovered plans to invade Midway Island, a breakthrough that helped U.S. forces defeat Japan's naval fleet. In 1952, President Truman established the National Security Agency (NSA) as a separate unit within the Defense Department. Over the years, NSA has evolved into the central coordinator and director of the U.S. effort to protect the nation's information systems and produce foreign intelligence information. NSA's responsibilities include: crytpanalytic research, cipher system design, advanced communications and data processing research and development and foreign language analysis and research.

While cryptography originally was a tool used primarily by governments to secure military and diplomatic secrets and gather information on foreign organizations, in the 1970s academics in universities around the country began to publish and publicly present their findings in this obscure and closely-guarded arena. Since the 1970s, NSA has been concerned that widespread public use of strong cryptography undercuts America's security interests. These concerns have intensified, as the explosive growth of the Internet fuels increased consumer demand for computer hardware and software applications that safeguard the confidentiality of communications sent electronically. With the foreign market for "over-the-counter" software with encryption estimated at between $3 and $5 billion annually, the economic stakes are stratospheric.

As the digital security debate surges forward, the interests of policymakers, industry participants and users often collide. The momentum of the debate has pushed it into a wide and diverse forum of issues: law enforcement needs, user requirements for confidentiality, U.S. industry's access to foreign markets, export controls, domestic restrictions, First Amendment consequences and so forth. Cryptography, as past of the digital security tool kit, is intertwined in all debates on these issues. Here, it will illuminate the government's present and potential roles in the digital security saga.

In our forward-looking analysis, we focus on the possibility that the U.S. government may in the future restrict the strength of encryption applications that domestic users may employ. U.S. law currently permits users within the United States to select and employ any encryption method they choose. However, the potential for domestic controls is real, as industry leaders and privacy advocates noted during the 1998 RSA Data Security Conference in January. The implementation of such controls would necessarily reconfigure the domestic landscape for potential Internet applications. We aim to show how this reconfiguration can occur to the benefit of all involved without limiting the burgeoning possibilities of the Internet.

The Need for Domestic Controls

Before proceeding to discussion as to the particulars of potential controls, we must first analyze the necessity of such controls. At present, United States legislation does not place any limitations on cryptographic technologies employed within the United States. The debate regarding these technologies has in fact shied away from addressing the domestic angle and has instead concentrated almost exclusively on the international angle. Advocates for controls have avoided the domestic sphere because this arena harbors the strongest opinions for and against legislation.

What has resulted is what we like to call a "Wild Wild West" domestic landscape. There is no digital sheriff and gunslingers can carry the weapons of their choice. But, if the Internet is to thrive as a viable public and private sector venue, some order must be imposed. At the core of all arguments for controls on cryptographic technologies lies this fundamental security issue. Controls are needed to prevent the use of these technologies for illegal activities. Cryptography, by definition, is the science of systematically altering information so as to make it unreadable and therefore unknowable to individuals not authorized to read or know it. While this ability permits applications ranging from credit card transactions to authentication of communication over the Internet, it simultaneously facilitates the activities of nefarious individuals such as terrorists, pedophiles, and drug traffickers (the classically cited cybercrime cohorts). These individuals, for whom concealing their activities is paramount to evading law enforcement’s probing eye, are using encryption technologies to ensure the security of their information. Director of the FBI Louis Freeh testified in September 1997 that "widespread use of unbreakable encryption is one of the most difficult problems confronting law enforcement" and that the failure to enact measures to stymie the unregulated availability of strong encryption would impair law enforcement’s ability to "investigate and prevent the most serious crimes and terrorism"

The question to ask at this point is: Has the use of this technology for illegal activities here in the United States truly become so widespread that domestic controls are in order? To be completely honest, the number of reported incidents to date does not merit the claim that the criminal world in the United States is extensively employing cryptographic measures to thwart law enforcement efforts. Biases in the data, however, may make this claim more true-to-life than anyone is willing to admit. First, because of corporate and government interest to save public face, cases of criminal acts involving encryption or other digital security measures are probably highly underreported to the public. Just as is the case when it suffers a physical breach of security, a company or government agency that has experienced a breach in its digital security at the hands of a hacker employing powerful cryptographic tools has a strong incentive to keep the incident under wraps. This helps limit copycat crimes against itself and other institutions with similar vulnerabilities. The Computer Security Institution recently found that while for the 536 companies it polled "75% reported large monetary losses, only 17% of the computer crimes were reported to law enforcement agencies." Beyond underreporting, the data on crypto-related crimes is probably misleading because it only indicates those cases in which the perpetrators were actually caught. Just like in the real world, crimes and criminals that are caught represent only a subset of the total number of crimes and criminals. Third, the set of reported criminal acts is a subset of the total committed acts because oftentimes the victim is unaware that she has even been burgled. Perpetrators can very effectively cover up their digital footprints, leaving victims little evidence of their actions. Finally and most importantly, while examples to date may be limited, this in no way limits future cases. Dorothy Denning, recognized expert in cryptography and cryptographic policy, has indicated that the real threat from crypto-facilitated crime still lies in the future. As she writes in her paper "Encryption and Evolving Technologies as Tools of Organized Crime and Terrorism," "most of the investigators we talked with did not find that encryption was obstructing a large number of investigations. They were, however, concerned about the future." Therefore, while at present the threat may seem minimal, the potential for threat in the future is great. And if nothing else, one can expect today’s criminals to help realize this potential.

A quick survey of the documented crimes involving cryptographic technologies serves to open one’s eyes to the potential nefarious uses for the technology. Terrorists here and abroad have used encryption technologies to hide their plans and communications from law enforcement. Ramsey Yousef, member of the terrorist group responsible for the World Trade Center bombing in 1994 and the Manila Air bombings in 1995, encrypted documents on his laptop that detailed further plans to destroy US owned air liners in the Far East. The Aum Shinri Kyo cult, which released sarin nerve gas in the Tokyo subway, has been implicated in plans to release weapons of mass destruction in the United States and Japan. Law enforcement officials obtained this information after they were fortunate enough to find the key that decrypted the files containing the plans. Cryptographic technologies have also been employed in drug trafficking. The Dallas Police Department recently confronted a national drug ring employing encryption to protect customer information. Additionally, the Cali drug cartel, well known for its business with American distributors, is known to use advanced encryption technology to protect telephone and video communications. As if that were not enough, cryptography tools have been involved in other crimes, pedophilia being a particularly troubling (and commonly cited) example.

While the above-cited cases surely indicate a rising need for some sort of control on cryptographic security tools, concentrating on crime alone does not properly address the argument for these controls. Beyond what criminals may be able to do with unregulated cryptographic tools, the nation at large has an increasing interest in robust digital security. With this interest comes a need for governmental policy that will ensure the usefulness of this technology, and simultaneously will thwart the use of the technology by individuals who should not be using it.

As stated above, the US only has controls regarding the export of strong encryption products. These controls arise from a Cold War-esque fear that foreigners’ possession of these products is necessarily injurious to the interests of the United States. The apparent underlying philosophy is that individuals within our own country can be trusted a priori with strong encryption products while foreign bodies or individuals cannot.

While this philosophy may have held in the highly delimited world of the Cold War, it does not apply today. In the absence of opposing superpowers, the world’s physical, political and social barriers have been torn down. No longer is the developed world comprised of separate and distinct economic and political entities; while borders still hold, they no longer serve as firewalls through which all incoming and outgoing interaction must pass. Basically, the world has become international in scope. Gone are the days of national economics or national knowledge pools; today one must think instead in terms of global economics and global knowledge pools.

The implications for digital security are clear. It is foolish to draw limits beyond which the technology cannot pass; experience shows that it will find some way to get through. Take for example the fact that 128-bit PGP can be downloaded from sites all over the world despite US restrictions on this distribution. In fact, Netcraft's recently released Secure Server Survey indicates that "around a third of sites run by non-US companies were capable of 128-bit encryption, albeit with significant variations from country to country." Take as another example the fact that companies are restructuring themselves so as to have foreign subsidiaries that can develop and market strong encryption products. This tactic allows the parent company to capitalize on the foreign demand for strong digital security while still adhering to US law. For example, Network Associates International B.V., which is based in the Netherlands, recently announced the international availability of its 128-bit encryption products. This comes after Network Associates, which is US based, established this international corporate counterpart in the Netherlands. Since the internationally marketed products have been supposedly developed without any assistance from the US arm of Network Associates, the company is in full compliance with US export restrictions. Fundamentally, the technology is out there and in the current "global" world it is inevitable that the technology will be shared.

The response to this realization is that if restrictions, controls or even frameworks are to be at all effective, they must be focused simultaneously at the domestic and international markets. To make the current export controls have any bearing on the digital security landscape, the US must also put into place controls on the domestic use and distribution of these products. By so doing it will control the technology at all levels at which it can effect any control.

The final justification for concrete dialog on the domestic aspect of cryptography policy is the one already mentioned, that is that future Internet applications hinge upon solidification of this policy. As was shown in the analyses of virtual universities and on-line commerce, encryption and other digital security tools are essential to the viability of these endeavors. Without them, users and providers alike cannot realize the full potential of these projects because their interactions are necessarily limited by the deficiencies in security. Thus, the discourse on domestic digital security policy will drive (or deadlock) these applications. As a recent Business Week survey indicates, a large percentage of Internet users would go online more often if their personal information and communications were secure. Additionally, nearly half of those polled felt that the government should enter the debate by passing laws that stipulate how personal information can be collected and used on the Internet.

Although it has now been shown that there is indeed a need for government to more concertedly discuss the domestic digital security sphere, this do not imply, however, that the authors favor restrictive domestic controls. These measures are but one possible outcome of the debate. As will be explained shortly, we are very much against policy models that favor suppression of technology in order to avert any and all potential drawbacks. These "dumbing down" approaches are necessarily counter to technological progress and pose a threat to future development, not to mention the fact that they seldom work. As will be explained in the recommendation section, we instead favor a model of technological innovation and distribution that gives free reins to the development and sharing of innovations yet ensures that all participants (business, government, and end users) are on the same page. Therefore, in our estimation, the domestic debate is not one of what controls to put in place but rather how best to put into place a framework by which the technology can do its job but at the same time have everyone’s concerns addressed.

Are domestic controls even feasible?

Despite our recommendations that government avoid employing technological models that involved "dumbing down" in order to ensure government control, many are advocating this very kind of program. Some examples of this type of legislation were included above. The hope is to show below that this mentality is not only counterproductive but also necessarily doomed to failure.

Let us assume, against our better judgment, that restrictive controls are the chosen means to facilitate domestic cryptography and, indirectly, Internet applications. One must then ask, Could controls be put into place? Would the controls be constitutional? Would they be enforceable? The answers to these questions will show by contradiction that restrictive controls are in fact NOT the way to proceed.

Before addressing any or all of these questions, one must establish what form these hypothetical restrictive domestic controls may take. Since our visions of the optimal domestic policy will be discussed later on, let it suffice to say that there are a limited number of characteristics that potential controls may incorporate. First, it is probable that restrictive controls in the United States, if they are enacted, will incorporate key recovery. As Dorothy Denning indicates, key recovery represents the only presently available compromise between the interests of users and government. On one hand, users have a strong desire for privacy and security free from the intrusion of government. On the other hand, government has an interest to have access to digitally secured information for reasons of national security and to prevent criminal activity. In order to balance these two opposing desires, key recovery systems ensure the security of data while permitting lawful access to encrypted information if the need arises. Director Freeh of the FBI has also come out in favor of this type of system because of the control is affords law enforcement.

Another potential caveat of these loathsome domestic controls that may arise is a limit on domestic key length. Since this is currently part of the US’s export controls, it is not difficult to imagine that similar restrictions could be incorporated into domestic policy. Finally, domestic policy may involve a justification process for the use of these technologies. Presently, there is a move in Congress to allow financial institutions abroad to purchase and employ U.S. manufactured strong encryption products. This allowance runs counter to the above-mentioned rule of no strong encryption exports. A debate on domestic policy may bring about similar industry-by-industry allowances. It is possible that firms would have to justify their intended use of these encryption products to a review committee which then decides if a limited dispensation of the rules is warranted.

Now that we have set out what restrictive domestic controls may look like, let us show how infeasible they are. Opposition to limits on encryption revolves around the fundamental rights of privacy and expression ascribed to citizens of the United States. Key recovery poses a direct challenge to the right of privacy. It allows 3rd parties, including the government, access to private information. Of course, there will be criteria which these parties must fulfill before access is legally sanctioned. This proviso, however, does not quell fears of wrongful access. Additionally, a key recovery system introduces additional complexity to the encryption system. A group of leading cryptographers including Ron Rivest from MIT and Ross Andersen from Cambridge University – recently concluded that "key recovery adds too much complexity to a system; systems are likely to be less secure, more costly, and more difficult to use than equivalent systems without it."

Thus, while key recovery may be the only available compromise between users and government’s interests, it will still face considerable challenges. As for the right to freedom of expression, any limitations on cryptographic technology indirectly infringe this right. If individuals do not feel safe to express themselves because of a lack of security in their information or communication, they necessarily are not free to express themselves as they would under perfect security.

As for limits on domestic key length and a review process for domestic digital security use, nothing could be more geared toward eliciting the immediate and vehement opposition of all informed individuals. Limiting key length is a direct challenge to individuals right to protect their information, as they deem appropriate. While studies show that users overestimate the security strength they need, they will fight for the right to overestimate as they please. We feel that it is highly unlikely that domestic policy involving key length limitations will pass in the current sociopolitical arena. The same is true for any proposed review process. Individuals and companies not only want to use digital security tools of their own choosing but also want to do so anonymously. While a review process may help thwart illegal uses for the technology, it simultaneously will create an information-sharing problem for legitimate users. Individuals and companies that employ digital security technologies have a strong desire to protect information concerning these systems. The situation is similar to that of a bank or office building: sharing information about their security system is often just as dangerous as simply giving away the access code to the system. Therefore, the public will also challenge any calls for a review process of requests to purchase or employ strong security tools.

These points are moot, however, if the regulations cannot be enforced. Let us quickly address this issue; a long explanation is unnecessary since we will discuss the truly feasible plans later in this work. Essentially, any discussion that attempts to ascertain the feasibility of these measures must admit that they will only be as effective as it is difficult to circumvent them. And, as we mentioned earlier, individuals and companies have already developed methods for bypassing the law. Criminals are using the technology worldwide despite U.S. export restrictions. Additionally, malfeasants are unlikely to employ a government mandated key recovery system. Companies are establishing foreign subsidiaries so that they can capitalize on the burgeoning foreign market while still maintaining their domestic adherence to current regulations. These and other modes of circumvention will be employed as long as the regulations are perceived as excessive or unrealistic. The alternatives described above will certainly be considered excessive and unrealistic and thus will be rendered useless.

Benefits of strong encryption

The economic and social benefits of robust encryption need to be understood as part of the digital security debate. Communications encoded with weak encryption are vulnerable to attack by unauthorized parties, as noted earlier by specific examples. While the proliferation of unbreakable encryption could undermine government’s law enforcement functions, the easy availability of strong encryption is crucial for the legitimate needs of citizens and businesses. In the aftermath of the Cold War, information espionage has become prevalent, with nations around the world deploying agents skilled at cracking encrypted trade secrets and military data. Moreover, the tantalizing benefits of global information networks will unfold fully only if users have confidence in the privacy of their electronic communications.

Next Steps

So were does the government go from here? Essentially, the analysis above has shown that simply applying the current export policies at home will not work. In fact, successful implementation of a framework to facilitate future Internet applications hinges upon a rethinking of the domestic landscape on the government’s part. Four models describe the potential path down which the governmental may choose to travel.

The first model is the one that has been applied to the foreign market for U.S. encryption policies. Having already fully analyzed and subsequently disparaged this option, let it suffice to say that "dumbing down" the available technology is not an effective or acceptable manner in which to proceed. This can only result in deadweight loss in the form of lost opportunities to capitalize on the potential of the Internet.

The second potential model for government to follow in the domestic digital security arena is one that has already been utilized to develop cryptography policy. The Technical Advisory Committee on Encryption Federal Information Processing Standard (TACEFIPS) is a group of representatives from information technology companies and government agencies and departments. TACEFIPS participants meet regularly and help shape the standard encryption technology that the federal government will employ to conduct government business. The organizational and procedural model employed here is similar to that of the Internet Engineering Task Force and its IP protocol development procedures.

There has been some criticism of the TACEFIPS process however. A senior executive at EDS, which does not participate in TACEFIPS discussions, stated the government’s aim is to dictate the marketplace standard, regardless of what commercial users may demand. Specifically, the government is not interested in simply deciding which technology should be the standard for government business; the goal is to mandate a standard for the marketplace.

So, although the collaborative development process expressed in the TACEFIPS model allows for input from many involved parties, power plays within the group can render the process ineffective.

The third model for domestic policy making on cryptography is the one presently in place, what we call the "Wild Wild West" scenario. The weaknesses of this chaotic system are apparent, especially in light of the increasing demands from users and providers for robust, secure digital security tools. In a world where there is no information sharing or even regard for the needs of others, as is the case in the "Wild Wild West" scenario, the needs of participants will go unfulfilled.

The final model for the future of government involvement in the domestic encryption debate is based upon the NET Center concept. In September 1997, the House Commerce Committee attached an amendment to the SAFE Act that creates a national clearinghouse designed to improve law enforcement’s code-breaking abilities. The National Electronic Technologies (NET) Center established within the Justice Department would assist federal, state and local enforcement authorities in the detection, investigation and prosecution of encryption-related crimes. The NET Center would serve as, among other things, a forum for government and industry to exchange information on public safety needs and marketplace trends. Rules Committee Chairman Solomon opposes the Commerce Committee version of the SAFE Act, which contains the NET Center amendment. Consideration of the bill on the House Floor has not been scheduled.

We feel that this is not only a viable possibility but also a strong solution to the government’s dilemma of not being able to enforce law because it cannot decrypt communications or stored data employing the panoply of currently or soon to be able strong encryption technologies. With the NET Center, the government can be kept abreast of the latest available information, technical and otherwise. Additionally, will improve its ability to decrypt communications by investing resources into research and development at the local, state, and national levels. This way government smartens up instead of forcefully "dumbing down" industry and users. Everyone will be allowed to carry the encryption gun of her choice but government, as the digital sheriff, will make sure that it always has the biggest gun around.

Finally, the encryption policy debate is complex, and prospects for resolving all the inter-related components at once are, at best, remote. We, therefore, advocate taking them piece-by-piece, where possible. This will ensure that policy lags as little as possible, if at all.