Revision as of 06:36, 14 November 2004

Notes and references about encryption policy.

Overview

There seem to be three aspects to encryption policy: import/export control, usage restrictions, and production/research development. Another aspect that could be explored is corporate/private usage policy.

Export Control

• New US encryption export regulations published Jan 14, 2000 which made it easier for companies and individuals in the US to export strong encryption in common products. [1]
  • "Retail" encryption products are widely exportable to all but certain "terrorist" nations though still subject to a government review and reporting requirements. [2]
  • Non-retail products are also exportable, subject to similar requirements, to most non-government users.
  • Encryption products with less than 64-bits are freely exportable. [3]
  • Some non-proprietary source code is exportable to most countries after notice to the government. [4]

• Regulating the export of cryptography comes from the desire to give 'our side' an advantage and disadvantage the 'other side'. Given the huge impact that cryptography and cryptanalysis played in WWII, denying enemies (precieved or real) access to strong cryptographic. [5]

• Cryptography methods were/are regulated similiarly to munitions
• Cryptography methods beyond a certain strength (defined by key length) wouldn't be licensed except on a case by case basis
• Some believe that export control prevented crypto from being incorporated into commercial products (PCs, Operating Systems)
• Rise of internet and public release of crypto techniques eventually made regulation impossible to enforce
• Crytpo methods are often among a countries most guarded secrets. Especially pre-internet/digial age.
• PGP published on the internet was first major challenge to controls on cryptography export
  • First version developed by anti-nuclear activist Phil Zimmermann in 1991
  • Published on Usenet and the Internet
  • Zimmerman becamse the target of a criminal investigation in 1993 for "munitions export without a license" since cryptography was treated as a munition in terms of trade.
• Netscape developed SSL and used RC4
• Wide spread availability of encryption software outside the US and legal challenges (privacy, civil liberties) and the perception that weak encryption limited e-commerce led to relaxations in US export controls.
• Encryption systems were classified as dual-use (commerical/military) in the late 19s

• Cryptography exports are now controlled by department of commerce.
• There are still some restrictions - cryptography cannot be exported to rogue states and terrorist organizations

Refererences

• http://www.worldhistory.com/wiki/E/Export-of-cryptography.htm
• http://www.worldhistory.com/wiki/B/Bernstein-v.-United-States.htm
• http://www.worldhistory.com/wiki/P/Pretty-Good-Privacy.htm

Import Control

Usage Restrictions

Key Recovery

Encryption systems designed to facilitate surreptitious government access to encrypted data and communications risks98.

Must Provide

• covert access
• ubiquitous adtopion
• rapid access to plaintext (under two hours)

Steps to key recovery (risks98)

• Reliably identify and authenticate requesting law enforcement agents (there are over 17,000 U.S. domestic law enforcement organizations).
• Reliably authenticate court order or other documentation.
• Reliably authenticate target user and data. Check authorized validity time period.
• Recover session key, plaintext data, or other decryption information.
• Put recovered data in required format.
• Securely transfer recovered data, but only to authorized parties.
• Reliably maintain an audit trail.

Quotes

• "The deployment of key recovery systems designed to facilitate surreptitious government access to encrypted data and communications introduces substantial risks and costs." risks98
• "there is a significant risk that widespread insertion of government-access key recovery systems into the information infrastructure will exacerbate, not alleviate, the potential for crime and information terrorism. Increasing the number of people with authorized access to the critical infrastructure and to business data will increase the likelihood of attack, whether through technical means, by exploitation of mistakes or through corruption." risks98
• "In making information secure from unwanted eavesdropping, interception, and theft, strong encryption has an ancillary effect: it becomes more difficult for law enforcement to conduct certain kinds of surreptitious electronic surveillance (particularly wiretapping) against suspected criminals without the knowledge and assistance of the target. This difficulty is at the core of the debate over key recovery." risks98
• "The requirements imposed by such government-driven key recovery systems are different from the features sought by encryption users, and ultimately impose substantial new risks and costs." risks98
• "The key recovery infrastructure will tend to create extremely valuable targets, more likely to be worth the cost and risk of attack." risks98
• "someone who steals -- or recovers -- a signature key for a law enforcement officer or a corporate officer could use this key to forge legitimate requests for many other keys." risks98

Notes

• Governments desire the ability to monitor all internal and external communications. The reasons vary by country but can include monitoring: terrorists, journalists, civil dissidents, and criminals.
• Commerical users that may want key recovery would probably not need covert access to the plaintext - this is uniquely a government/law enforcement requirement. Commercial users do not need ubiquitous adoption. Only the government wants mass-monitoring of communications
• It may be impossible to provide an encryption system that satisfies the demands of government and the encryption users.
• Key recovery systems provide access to the plaintext outside of the normal encryption and decryption channels
• Keys must be stored securely for an extended period of time.
• Scale is a major problem in key recovery systems as desired by the government (17,000 US law enforcement agencies, 100s of millions of internet users)

References

• http://www.worldhistory.com/wiki/K/Key-escrow.htm
• http://www.cdt.org/crypto/risks98/

Research and Production

Data Encryption Standard (DES)

• 1972 - NBS (National Bureau of Standards), now NIST (National Institute of Standards and Technology) pushed for a government-wide standard for encrypting sensitive, but unclassified information.
• 1973 - Solicited for a cipher that would meet the design criteria
  • No supitable canidate
• 1974 - second call for submissions
  • IBM submitted an accetable canidate
• 1975 - propsed DES published
• NSA shortened key length to 56 bits (from 128 to 64 then to 56) and added a tweak to improve security
• 1976 - Aprooved as federal standard 1976
• 1977 - Published
• 2002 - Superseded by AES
• 2004 - Withdrawl as a standard proposed

• 56-bit key size
  • Now considered too small (can be broken in less than 24 hours)

• Triple DES is thought to be practically secure

References

• http://en.wikipedia.org/wiki/DES

Advanced Encryption Standard

References

• http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

PGP

References

• http://www.worldhistory.com/wiki/P/Pretty-Good-Privacy.htm

References

Summary websites

• http://www.cdt.org/crypto/admin/

Source documents

News Articles

Policy

• http://www.cdt.org/crypto/risks98/
• The Legacy of DES