Notes and references about encryption policy.

Overview

There seem to be three aspects to encryption policy: import/export control, usage restrictions, and production/research development. Another aspect that could be explored is corporate/private usage policy.

Export Control

• New US encryption export regulations published Jan 14, 2000 which made it easier for companies and individuals in the US to export strong encryption in common products. [1]
  • "Retail" encryption products are widely exportable to all but certain "terrorist" nations though still subject to a government review and reporting requirements. [2]
  • Non-retail products are also exportable, subject to similar requirements, to most non-government users.
  • Encryption products with less than 64-bits are freely exportable. [3]
  • Some non-proprietary source code is exportable to most countries after notice to the government. [4]

• Regulating the export of cryptography comes from the desire to give 'our side' an advantage and disadvantage the 'other side'. Given the huge impact that cryptography and cryptanalysis played in WWII, denying enemies (precieved or real) access to strong cryptographic. [5]

• Cryptography methods were/are regulated similiarly to munitions
• Cryptography methods beyond a certain strength (defined by key length) wouldn't be licensed except on a case by case basis
• Some believe that export control prevented crypto from being incorporated into commercial products (PCs, Operating Systems)
• Rise of internet and public release of crypto techniques eventually made regulation impossible to enforce
• Crytpo methods are often among a countries most guarded secrets. Especially pre-internet/digial age.
• PGP published on the internet was first major challenge to controls on cryptography export
  • First version developed by anti-nuclear activist Phil Zimmermann in 1991
  • Published on Usenet and the Internet
  • Zimmerman becamse the target of a criminal investigation in 1993 for "munitions export without a license" since cryptography was treated as a munition in terms of trade.
• Netscape developed SSL and used RC4
• Wide spread availability of encryption software outside the US and legal challenges (privacy, civil liberties) and the perception that weak encryption limited e-commerce led to relaxations in US export controls.
• Encryption systems were classified as dual-use (commerical/military) in the late 19s
• Cryptography exports are now controlled by department of commerce.
• There are still some restrictions - cryptography cannot be exported to rogue states and terrorist organizations

Factors eroding export control

• Internet / E-Commerice
• Publicly available cryptograhy

Affects

• Commercial products
• National Security (NSA)

Now

• Cannot export to rogue states (Cuba, Iran, Iraq, Libya, North Korea, Sudan, Syria)
• Administered by Department of Commerice, Bureau of Industry and Security
  • Export control given up by state department in 1996
• Products >64 bit keys eligible for export after 30 day review
  • Can be exported unless notified
  • Review period is to satisfy national security needs w/o imposing burdensome licensing requirements
• Export to government users 30 days after review request
• No review required to export to foreign subsidary (unless in a roge state)

Wassenar Arrangement

• 1998
• 33 signing nations
• non-binding agreement
• calls for limits on export of encryption products
• intended to restict transfers of weapons
• Export of strong encryption products included at insistance of us representatives
• removed all controls < 56 bits

Refererences

• http://www.worldhistory.com/wiki/E/Export-of-cryptography.htm
• http://www.worldhistory.com/wiki/B/Bernstein-v.-United-States.htm
• http://www.worldhistory.com/wiki/P/Pretty-Good-Privacy.htm
• http://www.bxa.doc.gov/encryption/default.htm
• http://www.techlawjournal.com/encrypt/19981204.htm (Wassenaar)
• http://www.fas.org/sgp/crs/RL31832.pdf

Import Control

Usage Restrictions

Key Recovery

Encryption systems designed to facilitate surreptitious government access to encrypted data and communications risks98.

Must Provide

• covert access
• ubiquitous adtopion
• rapid access to plaintext (under two hours)

Steps to key recovery (risks98)

• Reliably identify and authenticate requesting law enforcement agents (there are over 17,000 U.S. domestic law enforcement organizations).
• Reliably authenticate court order or other documentation.
• Reliably authenticate target user and data. Check authorized validity time period.
• Recover session key, plaintext data, or other decryption information.
• Put recovered data in required format.
• Securely transfer recovered data, but only to authorized parties.
• Reliably maintain an audit trail.

Quotes

• "The deployment of key recovery systems designed to facilitate surreptitious government access to encrypted data and communications introduces substantial risks and costs." risks98
• "there is a significant risk that widespread insertion of government-access key recovery systems into the information infrastructure will exacerbate, not alleviate, the potential for crime and information terrorism. Increasing the number of people with authorized access to the critical infrastructure and to business data will increase the likelihood of attack, whether through technical means, by exploitation of mistakes or through corruption." risks98
• "In making information secure from unwanted eavesdropping, interception, and theft, strong encryption has an ancillary effect: it becomes more difficult for law enforcement to conduct certain kinds of surreptitious electronic surveillance (particularly wiretapping) against suspected criminals without the knowledge and assistance of the target. This difficulty is at the core of the debate over key recovery." risks98
• "The requirements imposed by such government-driven key recovery systems are different from the features sought by encryption users, and ultimately impose substantial new risks and costs." risks98
• "The key recovery infrastructure will tend to create extremely valuable targets, more likely to be worth the cost and risk of attack." risks98
• "someone who steals -- or recovers -- a signature key for a law enforcement officer or a corporate officer could use this key to forge legitimate requests for many other keys." risks98

Notes

• Governments desire the ability to monitor all internal and external communications. The reasons vary by country but can include monitoring: terrorists, journalists, civil dissidents, and criminals.
• Commerical users that may want key recovery would probably not need covert access to the plaintext - this is uniquely a government/law enforcement requirement. Commercial users do not need ubiquitous adoption. Only the government wants mass-monitoring of communications
• It may be impossible to provide an encryption system that satisfies the demands of government and the encryption users.
• Key recovery systems provide access to the plaintext outside of the normal encryption and decryption channels
• Keys must be stored securely for an extended period of time.
• Scale is a major problem in key recovery systems as desired by the government (17,000 US law enforcement agencies, 100s of millions of internet users)

References

• http://www.worldhistory.com/wiki/K/Key-escrow.htm
• http://www.cdt.org/crypto/risks98/

Research and Production

Data Encryption Standard (DES)

• 1972 - NBS (National Bureau of Standards), now NIST (National Institute of Standards and Technology) pushed for a government-wide standard for encrypting sensitive, but unclassified information.
• 1973 - Solicited for a cipher that would meet the design criteria
  • No supitable canidate
• 1974 - second call for submissions
  • IBM submitted an accetable canidate
• 1975 - propsed DES published
• NSA shortened key length to 56 bits (from 128 to 64 then to 56) and added a tweak to improve security
• 1976 - Aprooved as federal standard 1976
• 1977 - Published
• 2002 - Superseded by AES
• 2004 - Withdrawl as a standard proposed

• 56-bit key size
  • Now considered too small (can be broken in less than 24 hours)

• Triple DES is thought to be practically secure

References

• http://en.wikipedia.org/wiki/DES

Advanced Encryption Standard

References

• http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

PGP

References

• http://www.worldhistory.com/wiki/P/Pretty-Good-Privacy.htm

References

Summary websites

• http://www.cdt.org/crypto/admin/

Source documents

News Articles

Policy

• http://www.cdt.org/crypto/risks98/
• The Legacy of DES

CRISIS

CRISIS stands for Cryptography's Role in Securing the Information Society. It is a book published in 1996 by the National Research Council.

Notes

Very random notes that I jotted down while reading.

Some influences/Considerations

• Information Society
• Business Applications
• Personal Privacy
• Government Needs

Notes

Random notes from the book, some thoughts, some quotes

• Legislation is an important aspect to cryptographic policy. For instance, one use of legislation in forging or enforcing a crypto. policy would be to make it a criminal act to use cryptography with the intent to commit a crime. Altenativly, I guess you could say that without legislation (or executive orders) there is no policy.
• The vulneribility of information is a major driving factor in cryptograhic policy decisions.
• Businesses want to share sensitive information securily
  • Example: Many businesses (eg, credit card companies) outsource customer notifcations (late billing notices) but all those transactions should protect the consumer's privacy
• Government policy makers influenced by national security and infrastructure intrests (many others as well)
• Cryptography isn't a stand alone solution. Data is only as secure as the keys
• Crypto is a dual-edged sword for law enforcement.
  • Law enforcement has two roles: prevention and prosecution.
  • Crypto can help prevention by protecting critical information
  • Crypto can hinder prosecution
• US Economy is not manufacturing driven. It is driven by information and services
• Security threats are no longer homogonous (cold war) but heterogenous
• Widespread non-government use of crypto is inevitable
• Advantages of widespread crypto use outweigh the disadvantages
• Any crytpo. Policy should support
  • Availibility for legit. domestic use
  • Growth of US Biz.
  • Public Safety
• Laws requiring escrowed encryption would have both serious technical and legal challenges
• Crypto has historically been controllsed as a munition
  • Impeeds firms competing in global markets
  • Weakens products (domestic netscape using only 40-bit encryption)
• If not as a munition, then:
  • More market share for US Biz.
  • More good products
  • Better info. security in general (example netscape)
• Escrow is risky because:
  • No experience in large scale infrastructure for encryption.
  • No proof it will solve a serious problem
  • Harmful to natural market evolution
  • Uncertain market response
• Information is a commodity
• Crypto is one element of information security
• Legitimate crypto users may need to recover data (escrow or off-site keys are both solutions and vulnerbilities)
• Communications and computers are bluring (blured?) together
• Easier access for users in general implies easier access for unauthorized users
• Tensions between security and openness
• Export markets are as important as domestic markets
• Crypto cant help if infrastructure is weak
• Crytpo must be considered in a larger context
• US Companies are often the target of foreign esponiage.
• The markets for cryptographic products must believe that the product is secure and doesn't have back doors. This means that the algorithms must generally be developed and published openl.
• Users of escrowed encryption must be able to trust the escrow agent(s)
• Escrowed encryption may only work by banning use of non-escrowed encryption
• There are many policy "levers" that can be adjusted
  • standards
  • R&D funding
  • Procurement procedures
  • many more, page 216
• Impeeding widespread use of cryptography:
  • Critical mass
  • Infrastructure
  • Clear government policy
  • Standards and interoperability
• Escrowed encryption has three categories of users, each with different requirements
  • Government
  • Employer
  • End User
• 1996 Export policy was to do two things:
  • Delay spread of strong cryptography
  • monitor and influence commercial deveopment
• An Adversary attepmting to steal information will seek out the weakest point
• Protection of the information interests of the US industries is also a dimension of nation security, 153
• Crytpograhy is a product as well as a technology.

Quotes

• "Does the benefit to law enforcement from acess to encrypted information through an escrow mechanism outweigh the damage that might occur..." 184
• "It is impossible to prevent all uses of strong unescrowed encryption by criminals and terrorists" 186
• "The ultimate goal of export controls on cryptography is to keep strong cryptography out of the hands of potential targets of signals intelligence" 128
• "Export controls tend to drive major vendors to a "lowest common denomintor" cryptographic solution that will pass export review as well as sell in the United States." 138
• "The value of information that could be comprimised through electronic channels is only going to increas" 155
• "Export controls on products with encryption capabilities may well have a negative impaction on US national Security interests by stimulating the growth of important foreign competitors over where the US government has less influence" 166
• "Human procedures and practices have not been tested against the demands of real-life experience", 57
• "Cryptography can lead attackers to exploit some other vulnerability in the system or ntework on which the data is communicated or stored" 57