Feds respond to crypto criticism
A report questioning the Clinton administration's cryptography policy is barking up the wrong tree, a Commerce Department official says.
The report, written by a group of 11 cryptographers and computer scientists, casts doubt on the economic and technological feasibility of the administration's goal of establishing a worldwide system to help law enforcement crack encrypted messages.
"The deployment of a global key-recovery-based infrastructure to meet law enforcement's stated specifications will result in substantial sacrifices in security and greatly increased costs to the end user," states the report. "Building the secure infrastructure of the breathtaking scale and complexity demanded by these requirements is far beyond the experience and current competency of the field."
Au contraire, said the Commerce Department official.
"From what I've read of the report, it seems to set up a straw man and effectively knock it down," said Commerce Undersecretary Bill Reinsch in a statement. "It discusses the single enormous worldwide infrastructure, but that's not what we've ever contemplated. We expect smaller, private--except for government-to-government--infrastructures, which will be manageable. If they say that one global system won't work, I won't argue. But that's not what we're doing."
Today's exchange is only the latest example of a long-standing fight between the White House and the cryptography industry over key recovery, which the industry says lays an unnecessary burden on private companies to help law enforcement control digitally-enhanced crimes. This is not the first report to attack the Clinton policy on cryptography, but is the first since a new batch of cryptography regulations--championed by Clinton--went into effect January 1.
The report's authors said Reinsch still doesn't get it.
"Maybe he has a different meaning for infrastructure than we do," said John Gilmore, cofounder of the online rights advocacy group Electronic Frontier Foundation. "We mean that there will be a single worldwide system by which law enforcement can get access to private information. Depending on whose phone you tap or whose computer you're trying to get info from, you'll go to different places to get the keys, but the whole thing will be designed to a single set of standards. Those standards are set out in the Commerce Department's current export regulations."
Another of the report?s authors countered that the scale of the key-recovery system is not the central issue.
"What we're saying applies to smaller infrastructures as well," said Peter Neumann, principal scientist at nonprofit research center SRI who has appeared before the president's Commission on Critical Infrastructure Protection. "Whether it's a lot of small infrastructures or one big one, key-recovery solutions cannot be isolated and regional, and as soon as you link them, you expose them to vulnerabilties."
Current federal policy requires that any software shipped overseas that uses encryption over a set level of "strength" must store the decryption keys somewhere where law enforcement can get to them. Ideally, the government would like to see the keys stored with a neutral third party, kind of a decryption trust.
Users and producers of encryption software agree that key recovery is a useful tool in case a user loses his key. But since users might not know that third parties and the government have access to those keys, it shouldn't be mandatory.
The report also said that key recovery would in fact pose an increased security risk.
"In many key-recovery systems, the theft of a single private key held by a recovery agent could unlock much or all of the data of a company or individual," the report says. "The key-recovery infrastructure will tend to create extremely valuable targets, more likely to be worth the cost and risk of the attack."
The report, which the authors claim is not politically motivated, comes at a time when both houses of Congress are debating legislation that seeks to overturn most of the current restrictions on encryption.
Proponents of the bills--"Pro-Code" in the Senate and the "SAFE Act" in the House--are struggling to keep the bills from being watered down as they wind their way through committees. The two bills face a possible presidential veto if passed in their present form.
Rep. Zoe Lofgren (D-California), who is helping shepherd the SAFE bill through the House, thinks the report will help sway members of Congress still on the fence.
"It'll be part of our arsenal of facts," Rep. Lofgren said today from her office. "Coupled with what Sun was able to do earlier this week, this report paints a picture of what's afoot and why."
Pro-Code cosponsor Senator Patrick Leahy (D-Vermont) also issued a statement:
"It is even clearer now that the time for global key-recovery encryption is still not right, and it may never be right. The U.S. government acts as though it doesn't understand the issue."
The SAFE bill, currently in the House international relations committee, now has 114 cosponsors, according to Lofgren. The bill needs 218 votes to pass.
The following scientists are among the 11 who signed the report: Harold Abelson, professor of electrical engineering and computer science at MIT; Steven Bellowin, researcher of cryptography and security at AT&T; Josh Benaloh, cryptographer at Microsoft; Matt Blaze, principal research scientist at AT&T; Whitfield Diffie, distinguished engineer at Sun Microsystems and inventor of public-key cryptography; Ronald Rivest, MIT professor and cofounder of RSA Data Security; Jeffrey Schiller, network manager at MIT; and Bruce Schneier, president of Counterpane Systems and creator of the Blowfish encryption algorithm.