Read more than 3,000 books online FREE! More than 900 PDFs now available for sale HOME ABOUT NAP CONTACT NAP HELP NEW RELEASES ORDERING INFO Items in cart [0] TRY OUR SPECIAL DISCOVERY ENGINE: Questions? Call 888-624-8373

Cryptography's Role in Securing the Information Society (1996) Computer Science and Telecommunications Board (CSTB)

Find More Like This Book Research Dashboard NEW! BUY This Book

CHAPTER SELECTOR: Openbook Linked Table of Contents Front Matter, pp. i-xxxii Executive Summary, pp. 1-14 A Road Map Through This Report, pp. 15-16 Part I - Framing the Policy Issues, pp. 17-18 Growing Vulnerability in the Information Age, pp. 19-50 Cryptography: Roles, Market, and Infrastructure, pp. 51-78 Needs for Access to Encrypted Information, pp. 79-110 Part II - Policy Instruments, pp. 111-112 Export Controls, pp. 113-166 Escrowed Encryption and Related Issues, pp. 167-215 Other Dimensions of National Cryptography Policy, pp. 216-246 Part III - Policy Options, Findings, and Recommendations, pp. 247-248 Policy Options for the Future, pp. 249-292 Syntehsis, Findings, and Recommendations, pp. 293-340 A - Contributors to the NRC Project on National Cryptographi..., pp. 341-352 B - Glossary, pp. 353-363 C - A Brief Primer on Cryptography, pp. 364-395 D - An Overview of Electronic Surveillance: History and Curr..., pp. 396-413 E - A Brief History of Cryptography Policy, pp. 414-420 F - A Brief Primer on Intelligence, pp. 421-429 G - The International Scope of Cryptography Policy, pp. 430-449 H - Summary of Important Requirements for a Public-Key Infra..., pp. 450-454 I - Industry-Specific Dimensions of Security, pp. 455-468 J - Examples of Risks Posed by Unprotected Information, pp. 469-473 K - Cryptographic Applications Programming Interfaces, pp. 474-476 L - Other Looming Issues Related to Cryptography Policy, pp. 477-484 M - Federal Information Processing Standards, pp. 485-488 N - Laws, Regulations, and Documents Relevant to Cryptograph..., pp. 489-676 Index, pp. 677-688
GO TO PAGE:	TABLE OF CONTENTS PAGE 216 PRINTABLE PDF PAGE CHAPTER   PAGE	SEARCH THIS BOOK:

CHAPTER SELECTOR: Openbook Linked Table of Contents Front Matter, pp. i-xxxii Executive Summary, pp. 1-14 A Road Map Through This Report, pp. 15-16 Part I - Framing the Policy Issues, pp. 17-18 Growing Vulnerability in the Information Age, pp. 19-50 Cryptography: Roles, Market, and Infrastructure, pp. 51-78 Needs for Access to Encrypted Information, pp. 79-110 Part II - Policy Instruments, pp. 111-112 Export Controls, pp. 113-166 Escrowed Encryption and Related Issues, pp. 167-215 Other Dimensions of National Cryptography Policy, pp. 216-246 Part III - Policy Options, Findings, and Recommendations, pp. 247-248 Policy Options for the Future, pp. 249-292 Syntehsis, Findings, and Recommendations, pp. 293-340 A - Contributors to the NRC Project on National Cryptographi..., pp. 341-352 B - Glossary, pp. 353-363 C - A Brief Primer on Cryptography, pp. 364-395 D - An Overview of Electronic Surveillance: History and Curr..., pp. 396-413 E - A Brief History of Cryptography Policy, pp. 414-420 F - A Brief Primer on Intelligence, pp. 421-429 G - The International Scope of Cryptography Policy, pp. 430-449 H - Summary of Important Requirements for a Public-Key Infra..., pp. 450-454 I - Industry-Specific Dimensions of Security, pp. 455-468 J - Examples of Risks Posed by Unprotected Information, pp. 469-473 K - Cryptographic Applications Programming Interfaces, pp. 474-476 L - Other Looming Issues Related to Cryptography Policy, pp. 477-484 M - Federal Information Processing Standards, pp. 485-488 N - Laws, Regulations, and Documents Relevant to Cryptograph..., pp. 489-676 Index, pp. 677-688 GO TO PAGE: TABLE OF CONTENTS PAGE 216 PRINTABLE PDF PAGE CHAPTER   PAGE   SEARCH THIS BOOK:

The Open Book page image presentation framework is not designed to replace printed books. Rather, it is a free, browsable, nonproprietary, fully and deeply searchable version of the publication which we can inexpensively and quickly produce to make the material available worldwide.

For most effective printing, use the "printable PDF page" link available on each OpenBook page's tool block. The 300 x 150 dpi PDF linked to it is printable on your local printer.

More information on the Open Book is available.

[ Top of Page ] [ Home ] [ Contact Us ] [ Help ] [ The National Academies Home ]

Copyright © 2005. National Academy of Sciences. All rights reserved. 500 Fifth St. N.W., Washington, D.C. 20001. Terms of Use and Privacy Statement

Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 216
Page 216 6 Other Dimensions of National Cryptography Policy In addition to export controls and escrowed encryption, current national policy on cryptography is affected by government use of a large number of levers available to it, including the Communications Assistance for Law Enforcement Act, the standards-setting process, R&D funding, procurement practices, education and public jawboning, licenses and certification, and arrangements both formal and informal with various other governments (state, local, and foreign) and organizations (e.g., specific private companies). All of these are controversial because they embody judgments about how the interests of law enforcement and national security should be reconciled against the needs of the private sector. In addition, the international dimensions of cryptography are both critical (because cryptography affects communications and communications are fundamentally international) and enormously difficult (because national interests differ from government to government). 6.1 THE COMMUNICATIONS ASSISTANCE FOR LAW ENFORCEMENT ACT The Communications Assistance for Law Enforcement Act (CALEA) was widely known as the "digital telephony" bill before its formal passage. The CALEA is not explicitly connected to national cryptography policy, but it is an important aspect of the political context in which national cryptography policy has been discussed and debated.

OCR for page 217
Page 217 6.1.1 Brief Description of and Stated Rationale for the CALEA General Description The Communications Assistance for Law Enforcement Act (CALEA) was passed in October 1994. The act imposes on telecommunications carriers four requirements in connection with those services or facilities that allow customers to originate, terminate, or direct communications: • To expeditiously isolate and enable the government to intercept, pursuant to court order or other lawful authorization, all wire and electronic communications in the carrier's control to or from the equipment, facilities, or services of a subscriber, in real time or at any later time acceptable to the government. Carriers are not responsible for decrypting encrypted communications that are the subject of court-ordered wiretaps, unless the carrier provided the encryption and can decrypt it. Moreover, carriers are not prohibited from deploying an encryption service for which it does not retain the ability to decrypt communications for law enforcement access. • To expeditiously isolate and enable the government to access, pursuant to court order or other lawful authorization, reasonably available call-identifying information about the origin and destination of communications. Access must be provided in such a manner that the information may be associated with the communication to which it pertains and is provided to the government before, during, or immediately after the communication's transmission to or from the subscriber. • To make intercepted communications and call-identifying information available to government, pursuant to court order or other lawful authorization, so that they may be transmitted over lines or facilities leased or procured by law enforcement to a location away from the carrier's premises. • To meet these requirements with a minimum of interference with the subscriber's service and in such a way that protects the privacy of communications and call-identifying information that are not targeted by electronic surveillance orders, and that maintains the confidentiality of the government's interceptions. The CALEA also authorizes federal money for retrofitting common carrier systems to comply with these requirements. As this report is being written, no money has yet been appropriated for this task. The CALEA requirements apply only to those services or facilities that enable a subscriber to make, receive, or direct calls. They do not apply to information services, such as the services of electronic mail providers; on-line services such as Compuserve or America Online; or

OCR for page 218
Page 218 Internet access providers; or to private networks or services whose sole purpose is to interconnect carriers. Furthermore, the CALEA requires law enforcement authorities to use carrier employees or personnel to activate a surveillance. The CALEA also provides that a warrant is needed to tap a cordless telephone; wiretaps on cellular telephones are already governed by Title III or the Foreign Intelligence Surveillance Act. The Stated Rationale for the CALEA Historically, telecommunications service providers have cooperated with law enforcement officials in allowing access to communications upon legal authorization. New telecommunications services (e.g., call forwarding, paging, cellular calls) and others expected in the future have diminished the ability of law enforcement agencies to carry out legally authorized electronic surveillance. The primary rationale for the CALEA is to ensure that within 4 years, telecommunications service providers will still be able to provide the assistance necessary to law enforcement officials to conduct surveillance of wire and electronic communications (both content and call-identifying information) controlled by the carrier, regardless of the nature of the particular services being offered. 6.1.2 Reducing Resource Requirements for Wiretaps Once a surveillance order has been approved judicially, it must be implemented. In practice, the implementation of a surveillance order requires the presence of at least two agents around the clock. Such a presence is required if real-time minimization requirements are to be met.1 As a result, personnel requirements are the most expensive aspect of electronic surveillance. The average cost of a wiretap order is $57,000 (Appendix D), or approximately one-half of a full-time-equivalent agent-year. Such costs are not incurred lightly by law enforcement agencies. 1 Minimization refers to the practice, required by Title III, of monitoring only those portions of a conversation that are relevant to the crime under investigation. If a subject discusses matters that are strictly personal, such discussions are not subject to monitoring. In practice, a team of agents operate a tape recorder on the wiretapped line. Minimization requires agents to turn off the tape recorder and to cease monitoring the conversation for a short period of time if they overhear nonrelevant discussions. At the end of that time period, they are permitted to resume monitoring. For obvious reasons, this practice is conducted in real time. When agents encounter a foreign language with which they are unfamiliar, they are allowed to record the entire conversation; the tape is then "minimized" after the fact of wiretapping. Additional discussion of the requirements imposed on wiretapping by Title III is contained in Appendix D.

OCR for page 219
Page 219 Under these circumstances, procedures and/or technologies that could reduce the labor required to conduct wiretaps pose a potential problem for individuals concerned about excessive use of wiretaps. Specifically, these individuals are concerned that the ability to route wiretapped calls to a central location would enable a single team of agents to monitor multiple conversations.2 Such time sharing among monitoring teams could lower wiretap costs significantly. From the standpoint of law enforcement, these savings could be used for other law enforcement purposes, and they would have the additional effect of eliminating an operational constraint on the frequency with which wiretap authority is sought today. Technologies that would enable minimization without human assistance are in their infancy today. For example, the technology of speech recognition for the most part cannot cope with speech that is speaker-independent and continuous, and artificial intelligence programs today and for the foreseeable future will be unable to distinguish between the criminally relevant and nonrelevant parts of a conversation. Human agents are an essential component of a wiretap, and law enforcement officials have made three key points in response to the concern raised above: • Most importantly, today's wiretaps are performed generally with law enforcement agencies paying telecommunications service providers for delivering the intercepted communications to a point of law enforcement's choosing. • From an operational standpoint, the real-time minimization of wiretapped conversations requires agents who are personally familiar with the details of the case under investigation, so that they know when the subjects are engaged in conversations related to the case—agents exceed their authority if they monitor unrelated conversations. • Procedural rules require that all evidence be maintained through a proper chain of custody and in a manner such that the authenticity of evidence can be established. Law enforcement officials believe that the 2 For example, such a concern was raised at the Fifth Conference on Computers, Freedom, and Privacy held in San Francisco in March 1995. The argument goes as follows. While the CALEA authorizes $500 million to pay for existing in-place telephone switch conversions to implement the capabilities desired by law enforcement, this amount is intended as a onetime cost; upgrades of switching systems are expected to implement these capabilities without government subsidy. The point is that additional wiretap orders would not pose an additional incremental cost (though the original cost of $57,000 would still obtain), and the barrier of incremental cost would not impede more wiretap orders. In short, critics argue that it would make good economic sense to make additional use of resources if such use can "piggyback" on an already-made investment.

OCR for page 220
Page 220 use of one team to monitor different conversations could call into question the ability to establish a clear chain of custody. 6.1.3 Obtaining Access to Digital Streams in the Future In the conduct of any wiretap, the first technical problem is simply gaining access to the relevant traffic itself, whether encrypted or not. For law enforcement, products with encryption capabilities and features that allow exceptional access are useless without access to the traffic in question. The CALEA was an initiative spearheaded by law enforcement to deal with the access problem created by new telecommunications services. The problems addressed by the CALEA will inevitably resurface as newer communications services are developed and deployed for use by common carriers and private entities (e.g., corporations) alike. It is axiomatic that the complexity of interactions among communications systems will continually increase, both as a result of increased functionality and the need to make more efficient use of available bandwidth. Consequently, isolation of the digital streams associated with the party or parties targeted by law enforcement will become increasingly difficult if the cooperation of the service provider is not forthcoming, for all of the reasons described in Chapter 2. (It is for this reason that the CALEA applies to parties that are not common carriers today upon appropriate designation by the Federal Communications Commission (FCC).) Moreover, even when access to the digital stream of an application is assured, the structure of the digital stream may be so complex that it would be extremely costly to determine all of the information present without the assistance of the application developer. Tools designed to isolate the relevant portions of a given digital stream transmitted on open systems will generally be less expensive than tools for proprietary systems, but since both open and proprietary systems will be present in any future telecommunications environment, law enforcement authorities will need tools for both. The development of such tools will require considerable technical skill, skill that is most likely possessed by the application developers; cooperation with product developers may decrease the cost of developing these tools. Finally, as the telecommunications system becomes more and more heterogeneous, even the term "common carrier" will become harder to define or apply. The routing of an individual data communication through the "network" will be dynamic and may take any one of a number of paths, decisions about which are not under the user's control. While only one link in a given route need be a common carrier for CALEA purposes, identifying that common carrier in practice may be quite difficult.

OCR for page 221
Page 221 6.1.4 The CALEA Exemption of Information Service Providers and Distinctions Between Voice and Data Services At present, users of data communications services access networks such as the Internet either through private networks (e.g., via their employers) or through Internet service providers that provide connections for a variety of individuals and organizations. Both typically make use of lines owned and operated by telecommunications service providers. In the former case, law enforcement access to the digital stream is more or less the same problem as it is for the employer (and law enforcement has access through the legal process to the employer). In the latter case, the CALEA requires the telephone service provider to provide to law enforcement authorities a copy of the digital stream being transported. The CALEA exempts on-line information service providers such as America Online and Compuserve from its requirements. In the future, other CALEA issues may arise as the capabilities provided by advanced information technologies grow more sophisticated. For example, the technological capability exists to use Internet-based services to supply realtime voice communications.3 Even today, a number of Internet and network service providers are capable of supporting (or are planning to support) real-time "push-to-talk" voice communications. The CALEA provides that a party providing communications services that in the judgment of the FCC are "a replacement for a substantial portion of the local telephone exchange service" may be deemed a carrier subject to the requirements of the CALEA. Thus, one possible path along which telecommunications services may evolve could lead to the imposition of CALEA requirements on information service providers, even though they were exempted as an essential element of a legislative compromise that enabled the CALEA to pass in the first place. These possibilities are indicative of a more general problem: the fact that lines between "voice" and "data" services are being increasingly blurred. This issue is addressed in greater detail in Chapter 7. 6.2 OTHER LEVERS USED IN NATIONAL CRYPTOGRAPHY POLICY The government has a number of tools to influence the possession and use of cryptography domestically and abroad. How the government uses these tools in the context of national cryptography policy reflects the government's view of how to balance the interests of the various stakeholders affected by cryptography. 3 Fred Hapgood, "IPHONE," Wired, October 1995, p. 140; and Lawrence M. Fisher, "LongDistance Phone Calls in the Internet," New York Times, March 14, 1995, p. D6.

OCR for page 222
Page 222 6.2.1 Federal Information Processing Standards Federal Information Processing Standards (FIPSs) are an important element of national cryptography policy, and all federal agencies are encouraged to cite FIPSs in their procurement specifications. (Box 6.1 contains a brief description of all FIPSs related to cryptography.) The National Institute of Standards and Technology (NIST) is responsible for issuing FIPSs. FIPSs can have enormous significance to the private sector as well, despite the face that the existence of a FIPS does not legally compel a private party to adopt it. One reason is that to the extent that a FIPS is based on existing private sector standards (which it often is), it codifies standards of existing practice and contributes to a planning environment of greater certainty. A second reason is that a FIPS is often taken as a government endorsement of the procedures, practices, and algorithms contained therein, and thus a FIPS may set a de facto ''best practices" standard for the private sector. A third reason is related to procurements that are FIPS-compliant as discussed in the next section. NIST has traditionally relied on private sector standards-setting processes when developing FIPSs. Such practice reflects NIST's recognition of the fact that the standards it sets will be more likely to succeed—in terms of reducing procurement costs, raising quality, and influencing the direction of information technology market development—if they are supported by private producers and users.4 The existence of widely accepted standards is often an enormous boon to interoperability of computers and communication devices, and the converse is generally true as well: the absence of widely accepted standards often impedes the growth of a market. In the domain of cryptography, FIPSs have had a mixed result. The promulgation of FIPS 46-1, the Data Encryption Standard (DES) algorithm for encrypting data, was a boon to cryptography and vendors of cryptographic products. On the other hand, the two cryptography-related FIPSs most recently produced by NIST (FIPS 185, the Escrowed Encryption Standard (EES), and FIPS 186, the Digital Signature Standard (DSS)) have met with a less favorable response. Neither was consistent with existing de facto industry standards or practice, and both met with significant negative response from private industry and users.5 4 Carl F. Cargill, Information Technology Standardization, Digital Press, Bedford, Mass., 1989, p. 213. 5 The story of resistance to the EES is provided in Susan Landau et al., Codes, Keys, and Conflicts, Association for Computing Machinery Inc., Washington, D.C., June 1994, p. 48; to DSS, in Landau et al., Codes, Keys, and Conflicts, 1994, pp. 41-43. In the case of DSS, a de facto industry standard had already emerged based on RSA Data Security Inc.'s public-key algorithm.

OCR for page 223
Page 223 BOX 6.1 Cryptography-related Federal Information Processing Standards • FIPS 46, 46-1 and 46-2: Data Encryption Standard (DES). Specification of DES algorithm and rules for implementing DES in hardware. FIPS 46-1 recertifies DES and extends it for software implementation. FIPS 46-2 reaffirms the Data Encryption Standard algorithm until 1998 and allows for its implementation in software, firmware or hardware. Several other FIPSs address interoperability and security requirements for using DES in the physical layer of data communications (FIPS 139) and in fax machines (FIPS 141), guidelines for implementing and using DES (FIPS 74), modes of operation of DES (FIPS 81), and use of DES for authentication purposes (FIPS 113). • FIPS 180-1: Secure Hash Standard. This standard specifies a Secure Hash Algorithm (SHA) that can be used to generate a condensed representation of a message called a message digest. The SHA is required for use with the Digital Signature Algorithm (DSA) as specified in the Digital Signature Standard (DSS) and whenever a secure hash algorithm is required for federal applications. The SHA is used by both the transmitter and intended receiver of a message in computing and verifying a digital signature. • FIPS 186: Digital Signature Standard. This standard specifies a Digital Signature Algorithm (DSA) appropriate for applications requiring a digital rather than a written signature. The DSA digital signature is a pair of large numbers represented in a computer as strings of binary digits. The digital signature is computed using a set of rules (i.e., the DSA) and a set of parameters such that the identity of the signatory and integrity of the data can be verified. The DSA provides the capability to generate and verify signatures. • FIPS 140-1: Security Requirements for Cryptographic Modules. This standard provides specifications for cryptographic modules which can be used within computer and telecommunications systems to protect unclassified information in a variety of different applications. • FIPS 185: Escrowed Encryption Standard (see main text). • FIPS 171: Key Management Using ANSI X9.17. This standard specifies a selection of options for the automated distribution of keying material by the federal government when using the protocols of ANSI X9.17. The standard defines procedures for the manual and automated management of keying materials and contains a number of options. The selected options will allow the development of cost-effective systems that will increase the likelihood of interoperability. Other FIPSs that address matters related more generally to computer security include the following: • FIPS 48: Guidelines on Evaluation of Techniques for Automated Personal Identification, • FIPS 83: Guidelines on User Authentication Techniques for Computer Network Access Control, • FIPS 112: Password Usage, • FIPS 113: Computer Data Authentication, and • FIPS 73: Guidelines for Security of Computer Applications.

OCR for page 224
Page 224 The promulgation of the EES and the DSS, as well as current Administration plans to promulgate a modification of the EES to accommodate escrowed encryption for data storage and communications and another FIPS for key escrow to performance requirements for escrow agents and for escrowed encryption products, has generated a mixed market reaction. Some companies see the promulgation of these standards as a market opportunity, while others see these standards as creating yet more confusion and uncertainty in pushing escrowed encryption on a resistant market. Appendix M contains a general discussion of FIPSs and the standards-setting process. 6.2.2 The Government Procurement Process Government procurement occurs in two domains. One domain is special-purpose equipment and products, for which government is the only consumer. Such products are generally classified in certain ways; weapons and military-grade cryptography are two examples. The other domain is procurement of products that are useful in both the private and public sectors. Where equipment and products serve both government and private sector needs, in some instances the ability of the government to buy in bulk guarantees vendors a large enough market to take advantage of mass production, thereby driving down for all consumers the unit costs of a product that the government is buying in bulk. Through its market power, government has some ability to affect the price of products that are offered for sale on the open market. Furthermore, acceptance by the government is often taken as a "seal of approval" for a given product that reassures potential buyers in the private sector. History offers examples with variable success in promoting the widespread public use of specific information technologies through the use of government standards. • The DES was highly successful. DES was first adopted as a cryptographic standard for federal use in 1975. Since then, its use has become commonplace in cryptographic applications around the world, and many implementations of DES now exist worldwide. • A less successful standard is GOSIP, the Government OSI Profile, FIPS 146.6 The GOSIP was intended to specify the details of an OSI configuration for use in the government so that interoperable OSI net- 6 OSI refers to Open Systems Interconnect, a standardized suite of international networking protocols developed and promulgated in the early 1980s.

OCR for page 225
Page 225 work products could be procured from commercial vendors and to encourage the market development of products. GOSIP has largely failed in this effort, and network products based on the TCP/IP protocols now dominate the market.7 In the case of the EES, the government chose not to seek legislation outlawing cryptography without features for exceptional access, but chose instead to use the EES to influence the marketplace for cryptography. This point was acknowledged by Administration officials to the committee on a number of occasions. Specifically, the government hoped that the adoption of the EES to ensure secure communications within the government and for communications of other parties with the federal government would lead to a significant demand for EES-compliant devices, thus making possible production in larger quantities and thereby driving unit costs down and making EES-compliant devices more attractive to other users. A secondary effect would be the fact that two nongovernmental parties wishing to engage in secure communications would be most likely to use EES-compliant devices if they already own them rather than purchase other devices. As part of this strategy to influence the market, the government persuaded AT&T in 1992 to base a secure telephone on the EES. In the case of the Fortezza card, the large government procurement for use with the Defense Messaging System may well lower unit costs sufficiently that vendors of products intended solely for the commercial nondefense market will build support for the Fortezza card into their products.8 Given the wide availability of PC-Card slots on essentially all notebook and laptop computers, it is not inconceivable that the security advantages offered by hardware-based authentication would find a wide commercial market. At the same time, the disadvantages of hardware-based cryptographic functionality discussed in Chapter 5 would remain as well. 6.2.3 Implementation of Policy: Fear, Uncertainty, Doubt, Delay, Complexity The implementation of policy contributes to how those affected by policy will respond to it. This important element is often unstated, and it refers to the role of government in creating a climate of predictability. A 7 See Computer Science and Telecommunications Board, National Research Council, Realizing the Information Future: The Internet and Beyond, National Academy Press, Washington, D.C., 1994, Chapter 6. 8 In a recent contract, a vendor agreed to provide Fortezza cards at $69 per card. See Paul Constance, "After Complaining $99 Was Too Low, Fortezza Vendors Come in at $69," Government Computer News, October 2, 1995, p. 6.

OCR for page 226
Page 226 government that speaks with multiple voices on a question of policy, or one that articulates isolated elements of policy in a piecemeal fashion, or one that leaves the stakeholders uncertain about what is or is not permissible, creates an environment of fear, uncertainty, and doubt that can inhibit action. Such an environment can result from a deliberate choice on the part of policy makers, or it can be inadvertent, resulting from overlapping and/or multiple sources of authority that may have at least partial responsibility for the policy area in question. Decisions made behind closed doors and protected by government security classifications tend to reinforce the concerns of those who believe that fear, uncertainty, and doubt are created deliberately rather than inadvertently. The committee observes that cryptography policy has indeed been shrouded in secrecy for many years and that many agencies have partial responsibility in this area. It also believes that fear, uncertainty, and doubt are common in the marketplace. For example, the introduction of nonmarket-driven standards such as the DSS and the EES may have created market uncertainty that impeded the rapid proliferation of high-quality products with encryption capabilities both internationally and domestically. Uncertainty over whether or not the federal government would recertify the DES as a FIPS has plagued the marketplace in recent years, because withdrawal of the DES as a FIPS could cause considerable consternation among some potential buyers that might suddenly be using products based on a decertified standard, although in fact the government has recertified the DES in each case. On the other hand, the DES is also a standard of the American National Standards Institute and the American Banking Association, and if these organizations continue to endorse it, the DES will arguably represent a viable algorithm for a wide range of products. Many parties in industry believe that the complexity and opacity of the decision-making process with respect to cryptography are major contributors to this air of uncertainty. Of course, the creation of uncertainty may be desirable from the perspective of policy makers if their goal is to retard action in a given area. Impeding the spread of high-quality products with encryption capabilities internationally is the stated and explicit goal of export controls; on the domestic front, impeding the spread of high-quality products with encryption capabilities has been a desirable outcome from the standpoint of senior officials in the law enforcement community. A very good example of the impact of fear, uncertainty, and doubt on the marketplace for cryptography can be found in the impact of government action (or more precisely, inaction) with respect to authentication. As noted in Chapter 2, cryptography supports digital signatures, a technology that provides high assurance for both data integrity and user au-

OCR for page 236
Page 236 BOX 6.2 Overview of Joint NIST-NSA Activities The National Security Agency provides technical advice and assistance to the National Institute of Standards and Technology in accordance with Public LaW 100235, the Computer Security Act of 1987. An overview of NIST-NSA activities follows. National conference. NIST and NSA jointly sponsor, organize, and chair the prestigious National Computer Security Conference, held yearly for the past 16 years. The conference is attended by over 2,000 people from government and private industry. Common criteria. NSA is providing technical assistance to NIST for the development of computer security criteria that would be used by both the civillian and defense sides of the government. Representatives from Canada and Europe are joining the United States in the development of the criteria. Product evaluations. NIST and NSA are working together to perform evaluations of computer security products. In the Trusted Technology Assessment Program, evaluations of some computer security products will be performed by NIST and its laboratories, while others will be performed by NSA. NIST and NSA engineers routinely exchange information and experiences to ensure uniformity of evaluations. Standards development. NSA supports NIST in the development of standards that promote interoperability among security products. Sample standards include security protocol standards, digital signature standards, key management standards, and encryption algorithm standards (e.g., the DES, Skipjack). Research and development. Under the Joint R&D Technology Exchange Program, NIST and NSA hold periodic technical exchanges to share information on new and ongoing programs. Research and development are performed in are  such as security architectures, labeling standards, privilege management, and identification and authentication. Test-bed activities are conducted in areas related to electronic mail, certificate exchange and management, protocol conformity, and encryption technologies. SOURCE: National Security Agency, April 1994 (as reprinted in Office of Technology Assessment, Information Security and Privacy in Network Environments, OTA-TCT-606, U.S. Government Printing Office, Washington D.C., September 1994, Box 4-8, p. 165). MOU is faithful to both the spirit and letter of the Computer Security Act of 1987.28 The MOU between the FBI and NSA, declassified for the National Research Council, states that the NSA will provide assistance to the FBI upon request, when the assistance is consistent with NSA policy (includ- 28 For more discussion of these critical perspectives, see Office of Technology Assessment, Information Security and Privacy in Network Environments, 1994, Box 4-8, pp. 164-171.

OCR for page 237
Page 237 ing protection of sources and methods), and in accordance with certain administrative requirements. Furthermore, if the assistance requested is for the support of an activity that may be conducted only pursuant to a court order or with the authorization of the Attorney General, the FBI request to the NSA must include a copy of that order or authorization. In 1995, the National Security Agency, the Advanced Research Projects Agency, and the Defense Information Systems Agency (DISA) signed a memorandum of agreement (MOA) to coordinate research and development efforts in system security. This MOA provides for the establishment of the Information Systems Security Research-Joint Technology Office (ISSR-JTO). The role of the ISSR-JTO is "to optimize use of the limited research funds available, and strengthen the responsiveness of the programs to DISA, expediting delivery of technologies that meet DISA's requirements to safeguard the confidentiality, integrity, authenticity, and availability of data in DOD information systems, provide a robust first line of defense for defensive information warfare, and permit electronic commerce between the DOD and its contractors."29 6.3 ORGANIZATION OF THE FEDERAL GOVERNMENT WITH RESPECT TO INFORMATION SECURITY 6.3.1 Role of National Security vis-à-vis Civilian Information Infrastructures The extent to which the traditional national security model is appropriate for an information infrastructure supporting both civilian and military applications is a major point of contention in the public debate. There are two schools of thought on this subject: • The traditional national security model should be applied to the national information infrastructure, because protecting those networks also protects services that are essential to the military, and the role of the defense establishment is indeed to protect important components of the national infrastructure that private citizens and businesses depend upon.30 29 See "Memorandum of Agreement Between the Advanced Research Projects Agency, the Defense Information Systems Agency, and the National Security Agency Concerning the Information Systems Security Research-Joint Technology Office"; MOA effective April 2, 1995. The full text of the MOA is available in Appendix N and on-line at http:// www.ito.darpa.mil/ResearchAreas/Information_Survivability /MOA.html. 30 For example, the Joint Security Commission recommended that "policy formulation for information systems security be consolidated under a joint DoD/DCI security executive committee, and that the committee oversee development of a coherent network-oriented information systems security policy for the DoD and the Intelligence Community that could also serve the entire government." See Joint Security Commission, Redefining Security, Washington, D.C., February 28, 1994, p. 107.

OCR for page 238
Page 238 • The traditional national security model should not be applied to the national information infrastructure, because the needs of civilian activities are so different from those of the military, and the imposition of a national security model would impose an unacceptable burden on the civilian sector. Proponents of this view argue that the traditional national security model of information security—a top-down approach to information security management—would be very difficult to scale up to a highly heterogeneous private sector involving hundreds of millions of people and tens of millions of computers in the United States alone. There is essential unanimity that the world of classified information (both military and nonmilitary) is properly a domain in which the DOD and NSA can and should exercise considerable influence. But moving outside this domain raises many questions that have a high profile in the public debate—specifically, what the DOD and NSA role should be in dealing with the following categories of information: 1. Unclassified government information that is military in nature, 2. Unclassified government information that is nonmilitary in nature, and 3. Nongovernment information. To date, policy decisions have been made that give the DOD jurisdiction in information security policy for category 1. For categories 2 and 3, the debate continues. It is clear that the security needs for business and for national security purposes are both similar (Box 6.3) and different (Box 6.4). In category 2, the argument is made that DOD and NSA have a great deal of expertise in protecting information, and that the government should draw on an enormous historical investment in NSA expertise to protect all government information. At the same time, NIST has the responsibility for protecting such information under the Computer Security Act of 1987, with NSA's role being one of providing technical assistance. Some commentators believe that NIST has not received resources adequate to support its role in this area.31 31 For example, the Office of Technology Assessment stated that "the current state of government security practice for unclassified information has been depressed by the chronic shortage of resources for NIST's computer security activities in fulfillment of its government-wide responsibilities under the Computer Security Act of 1987. Since enactment of the Computer Security Act, there has been no serious (i.e., adequately funded and properly staffed), sustained effort to establish a center of information-security expertise and leadership outside the defense/intelligence communities." See Office of Technology Assessment, Issue Update on Information Security and Privacy in Network Environments, OTA-BP-ITC-147, U.S. Government Printing Office, Washington, D.C., June 1995, p. 42. A similar conclusion

OCR for page 239
Page 239 BOX 6.3 Similarities in Commercial Security Needs and National Security Needs • Strong aversion to public discussion of security breaches. Information about threats is regarded as highly sensitive. Such a classification makes it very difficult to conduct effective user education, because security awareness depends on an understanding of the true scope and nature of a threat. • Need to make cost-benefit trade-offs in using security technology. Neither party can afford the resources to protect against an arbitrary threat model. • Strong preference for self-reliance (government relying on government, industry relying on industry) to meet security needs. • Strong need for high security. Both government and industry need strong cryptography with no limitations for certain applications. However, the best technology and tools are often reserved for government and military use because commercial deployment cannot be adequately controlled, resulting in opportunities for adversaries to obtain and examine the systems so that they can plan how to exploit them. • Increasing reliance on commercial products in many domains (business, Third World nations). • Increasing scale and sophistication of the security threat for businesses, which is now approaching that posed by foreign intelligence services and foreign governments. • Possibility that exceptional access to encrypted information and data may become important to commercial entities. In category 3, the same argument is made with respect to nongovernment information on the grounds that the proper role of government is to serve the needs of the entire nation. A second argument is made that the military depends critically on nongovernment information infrastructures (e.g., the public switched telecommunications network) and that it is essential to protect those networks not just for civilian use but also for military purposes. (Note that NSA does not have broad authority to assist private industry with information security, although it does conduct for industry, upon request, unclassified briefings related to foreign information security threats; NSD 42 (text provided in Appendix N) also gives NSA was reached by the Board on Assessment of NIST Programs of the National Research Council, which wrote that "the Computer Security Division is severely understaffed and underfunded given its statutory security responsibilities, the growing national recognition of the need to protect unclassified but sensitive information, and the unique role the division can play in fostering security in commercial architectures, hardware, and software." See Board on Assessment of NIST Programs, National Research Council, An Assessment of the National Institute of Standards and Technology, Fiscal Year 1993, National Academy Press, Washington, D.C., 1994, p. 228.

OCR for page 240
Page 240 BOX 6.4 Differences in Commercial Security Needs and National Security Needs • Business wants market-driven cryptographic technology; government is apprehensive about such technology. For example, standards are a critical element of market-driven cryptography. Market forces and the need to respond to rapidly evolving dynamic new markets demand an approach to establishing cryptographic standards; businesses want standards for interoperability, and they want to create market critical mass in order to lower the cost of cryptography. • By its nature, the environment of business must include potential adversaries within its security perimeter. Commercial enterprises now realize that electronic delivery of their products and services to their customers will increase. They must design systems and processes explicitly so that customer can enter into transactions with considerable ease. Business strategies of today empower the customer through software and technology. Enterprise networks have value inallowing the maximum number of people to be attached to the network. Customers will choose which enterprise to enter in order to engage in electronic commerce, and making it difficult for the customer will result in loss of business. But adversaries masquerading as customers (or who indeed may be customers themselves) can enter as well. By contrast, the traditional national security model keeps poteial adversaries outside the security perimeter, allowing access only to those with areal need. However, to the extent that U.S. military forces work in collaboration with forces of other nations, the security perimeter for the military may also become similarly blurred. • Business paradigms value teamwork, openness, trust, empowerment, and speed. Such values are often difficult to sustain in the national security establishment. The cultures of the two worlds are different and are reflected in, for example, the unwillingness of business to use multilevel security systems designed for military use. Such systems failed the market test, although they met Defense Department criteria for security. • National security resources (personnel with cryptoraphic expertise, funding) are much larger than the resources in nondefense government sectors and in private industry and universities. As a result, a great deal of cryptographic knowledge resides within the world of national security. Industry wants access to this knowledge to ensure appropriate use of protocols and strong algorithms, as well as development of innovative new products and services. • National security places considerable emphasis on confidentiality as well as on authentication and integrity. Today's commercial enterprises stress authentication of users and data integrity much more than they stress confidentiality (although this balance may shift in the future). For example, improperly denying a junior military officer access to a computer facility may not be particularly important in a military context, whereas improperly denying a customer access to his bank account because of a faulty authentication can pose enormous problems for the bank. • While both businesses and national security authorities have an interest in safeguarding secrets, the tools available to businesses to discourage individuals from disclosing secrets (generally civil suits) are less stringent than those available to national security authorities (criminal prosecution).

OCR for page 241
Page 241 the authority to work with private industry when such work involves national security information systems used by private industry.) 6.3.2 Other Government Entities with Influence on Information Security As noted above, NSA has primary responsibility for information security in the classified domain, while NIST has primary responsibility for information security in the unclassified domain, but for government information only. No organization or entity within the federal government has the responsibility for promoting information security in the private sector.32 The Security Policy Board (SPB) does have a coordination function. Specifically, the charge of the SPB is to consider, coordinate, and recommend for implementation to the President policy directives for U.S. security policies, procedures, and practices, including those related to security for both classified and unclassified government information. The SPB is intended to be the principal mechanism for reviewing and proposing legislation and executive orders pertaining to security policy, procedures, and practices. The Security Policy Advisory Board provides a nongovernmental perspective on security policy initiatives to the SPB and independent input on such matters to the President. The SPB does not have operational responsibilities. Other entities supported by the federal government have some influence over information security, though little actual policy-making authority. These include: • The Computer Emergency Response Team (CERT). CERT was formed by the Defense Advanced Research Projects Agency (DARPA) in November 1988 in response to the needs exhibited during the Internet worm incident. CERT's charge is to work with the Internet community to facilitate its response to computer security events involving Internet hosts, to take proactive steps to raise the community's awareness of computer security issues, and to conduct research targeted at improving the security of existing systems.33 CERT offers around-the-clock technical assistance for responding to computer security incidents, educates users regarding product vulnerability 32 This observation was also made in Computer Science and Telecommunications Board, National Research Council, Computers at Risk: Safe Computing in the Information Age, National Academy Press, Washington, D.C., 1991, a report that proposed an Information Security Foundation as the most plausible type of organization to promote information security in the private sector. 33 Available on-line at http://www.sei.cmu.edu/technology/cert.faqintro.html.

OCR for page 242
Page 242 through technical documents and seminars, and provides tools for users to undertake their own vulnerability analyses. • The Information Infrastructure Task Force's (IITF) National Information Infrastructure Security Issues Forum. The forum is charged with addressing institutional, legal, and technical issues surrounding security in the NII. A draft report issued by the forum proposes federal actions to address these issues.34 The intent of the report, and of the Security Issues Forum more generally, is to stimulate a dialogue on how the federal government should cooperate with other levels of government and the private sector to ensure that participants can trust the NII. The draft report proposes a number of security guidelines (proposed NII security tenets), the adoption of Organization of Economic Cooperation and Development security principles for use on the NII, and a number of federal actions to promote security. • The Computer System Security and Privacy Advisory Board (CSSPAB). CSSPAB was created by the Computer Security Act of 1987 as a statutory federal public advisory committee. The law provides that the board shall identify emerging managerial, technical, administrative, and physical safeguard issues relative to computer systems security and privacy; advise the National Institute of Standards and Technology and the secretary of commerce on security and privacy issues pertaining to federal computer systems; and report its findings to the secretary of commerce, the directors of the Office of Management and Budget and the National Security Agency, and the appropriate committees of the Congress. The board's scope is limited to federal computer systems or those operated by a contractor on behalf of the federal government and which process sensitive but unclassified information. The board's authority does not extend to private sector systems, systems that process classified information, or DOD unclassified systems related to military or intelligence missions as covered by the Warner Amendment (10 U.S.C. 2315). The activities of the board bring it into contact with a broad cross section of the nondefense agencies and departments; consequently, it often deals with latent policy considerations and societal consequences of information technology. • The National Counterintelligence Center (NACIC). Established in 1994 by Presidential Decision Directive NSC-24, NACIC is primarily responsible for coordinating national-level counterintelligence activities, and it reports to the National Security Council. Operationally, the NACIC works 34 Office of Management and Budget press release, "National Information Infrastructure Security Issues Forum Releases 'NII Security: The Federal Role,'" Washington, D.C., June 14, 1995. Available on-line at gopher://ntiant1.ntia.doc.gov:70/00/iitf/security/files/ fedworld.txt.

OCR for page 243
Page 243 with private industry through an industry council (consisting of senior security officials or other senior officials of major U.S. corporations) and sponsors counterintelligence training and awareness programs, seminars, and conferences for private industry. NACIC also produces coordinated national-level, all-source, foreign intelligence threat assessments to support private sector entities having responsibility for the protection of classified, sensitive, or proprietary information, as well as such assessments for government use.35 In addition, a number of private organizations (e.g., trade or professional groups) are active in information security. 6.4 INTERNATIONAL DIMENSIONS OF CRYPTOGRAPHY POLICY The cryptography policy of the United States must take into account a number of international dimensions. Most importantly, the United States does not have the unquestioned dominance in the economic, financial, technological, and political affairs of the world as it might have had at the end of World War II. Indeed, the U.S. economy is increasingly intertwined with that of other nations. To the extent that these economically significant links are based on communications that must be secure, cryptography is one aspect of ensuring such security. Differing national policies on cryptography that lead to difficulties in communicating internationally work against overall national policies that are aimed at opening markets and reducing commercial and trade barriers. Other nations have the option to maintain some form of export controls on cryptography, as well as controls on imports and use of cryptography; such controls form part of the context in which U.S. cryptography policy must be formulated. Specifically, foreign export control regimes more liberal than that of the United States have the potential to undercut U.S. export control efforts to limit the spread of cryptography. On the other hand, foreign controls on imports and use of cryptography could vitiate relaxation of U.S. export control laws; indeed, relaxation of U.S. export controls laws might well prompt a larger number of nations to impose additional barriers on the import and use of cryptography within their borders. Finally, a number of other nations have no explicit laws regarding the use of cryptography, but nevertheless have tools at their 35 National Counterintelligence Center (NACIC), Counterintelligence News and Developments, Issue No. 1, NACIC, Washington, D.C. This newsletter is available on-line at http:// www. oss.net/oss.

OCR for page 244
Page 244 disposal to discourage its use; such tools include laws related to the postal, telephone, and telegraph (PTT) system, laws related to content carried by electronic media, laws related to the protection of domestic industries that discourage the entry of foreign products, laws related to classification of patents, and informal arrangements related to licensing of businesses. As a first step in harmonizing cryptography policies across national boundaries, the Organization for Economic Cooperation and Development (OECD) held a December 1995 meeting in France among member nations to discuss how these nations were planning to cope with the public policy problems posed by cryptography. What the Paris meeting made clear is that many OECD member nations are starting to come to grips with the public policy problems posed by encryption, but that the dialogue on harmonizing policies across national borders has not yet matured. Moreover, national policies are quite fluid at this time, with various nations considering different types of regulation regarding the use, export, and import of cryptography. Appendix G contains more discussion of international issues relevant to national cryptography policy. 6.5 RECAP While export controls and escrowed encryption are fundamental pillars of current national cryptography policy, many other aspects of government action also have some bearing on it. The Communications Assistance for Law Enforcement (Digital Telephony) Act calls attention to the relationship between access to a communications stream and government access to the plaintext associated with that digital stream. The former problem must be solved (and was solved, by the CALEA, for telephone communications) before the latter problem is relevant. The government can influence the deployment and use of cryptography in many ways. Federal Information Processing Standards often set a "best practice" standard for the private sector, even though they have no official standing outside government use. By assuring large-volume sales when a product is new, government procurement practices can reduce the cost of preferred cryptography products to the private sector, giving these products a price advantage over possible competitors. Policy itself can be implemented in ways that instill action-inhibiting uncertainty in the private sector. Government R&D funding and patents on cryptographic algorithms can narrow technical options to some degree. Formal and informal arrangements with various other governments and organizations can promote various policies or types of cooperation. Product certification can be used to provide the information necessary for a flour-

OCR for page 245
Page 245 ishing free market in products with encryption capabilities. Convening authority can help to establish the importance of a topic or approach to policy. In some ways, the debate over national cryptography policy reflects a tension in the role of the national security establishment with respect to information infrastructures that are increasingly important to civilian use. In particular, the use of cryptography has been the domain of national security and foreign policy for most of its history, a history that has led to a national cryptography policy that today has the effect of discouraging the use of cryptography in the private sector.

Failed to find ocr for page 0309054753/246
OCR for page 246

Representative terms from entire chapter:

national security agency, national security model, traditional national security, national security establishment, national security purposes, national security authorities, law enforcement agencies, law enforcement act, law enforcement officials, law enforcement authorities, computer security issues, national cryptography policy, computer security act, law enforcement access, information security policy, law enforcement, computer security products, national computer security, computer security, information security, cryptography policy reflects, digital signature standard, cryptography policy, digital signature algorithm, information service providers, escrowed encryption standard, information infrastructure security, national information infrastructure, national cryptography, digital signature