Recent Security & Privacy Developments in the United States, May 1994 - May 1995

by Willis Ware, RAND

[This is Willis Ware's annual report to IFIP TC 11 as its US representative. Willis cautions that this report was written in April, prior to the release of the Clipper III , GAO, and NRC reports released in May.]

In the last 12 months, there have been major interruptions in the U.S. government process as a result of disputes about budget matters. Accordingly, things related to system security which might otherwise have happened have either dragged or have stopped completely.

This discussion emphasizes U.S. export policy and U.S. encryption policy, both of which have been topics of ongoing debate, public discussion, and various initiatives. Other items are briefly summarized.

Export policy. The issue of concern is the export of cryptography, whether in the form of a standalone device or integrated into a system or as technical data. The U.S. controls such exports in two ways: for products that have been adjudged readily exportable, the Department of Commerce grants a commodity jurisdiction [CJ] license. For products that have to be considered on a case-by-case basis, the Department of State controls the process and issues a single-case license.

Over a year ago, the policy had been adjusted to allow CJ export of 40-bit (key length) algorithms such as RSA's RC2/RC4. Vendors asserted that this can not provide adequate strength for customer demands and various other schemes have been proposed. In particular, Lotus has negotiated commodity jurisdiction status for its Notes product incorporating 64-bit key-length cryptography. Specific details are sketchy but apparently 24-bits (of the 64) are separately signed and encrypted with a special key generated by and retained by the National Security Agency. With this arrangement, the strength against 3rd party intrusion is 64-bits but with the proper court authorization, 24-bits can be recovered from the escrow agent(s) of the U.S. Government. Hence, the arrangement is still compatible with the established 40-bit export policy.

The Government itself has proposed other possibilities in the spirit of the original Clipper arrangement. The most recent is to allow export of 64-bit cryptography provided its keys are fully escrowed with organizations approved by the U.S.Government. It is not being well received.

Cryptographic policy. For approximately 18 months, the National Research Council of the National Academies of Science and Engineering has sponsored a committee to examine the broad issue of national cryptographic policy. Its report is in the final phase of preparation and is expected to be published in late May, 1996. Meanwhile, the outcome of the committee's deliberations is not known.

The Administration has quietly maintained the progress of the Clipper proposal insofar as its original thrust was intended; namely, a significant number of Clipper-equipped telephones have been acquired for the internal use of the government. The escrow agents for their keys are the Communications Division of the Department of the Treasury and the National Institute of Science and Technology of the Department of Commerce.

A proposal nicknamed "son of Clipper" and offering alternate arrangements for escrowing of keys was also floated but did not receive good acceptance. Other proposals for handling an escrow-type process have appeared. One has been called "self-escrow" because an organization would maintain its own backup copies of cryptographic keys but be prepared to relinquish them to law enforcement authorities upon presentation of appropriate court authorization. Another is being called "commercial-key escrow" because it envisions independent business entities whose mission would be to receive cryptographic keys from clients, to maintain them securely but repond to law enforcement authority when authorized by a court procedure. Another has been called "fair escrow" because it visualizes that keys would be broken into (say) N parts, of which any K of them would be sufficient to recover encrypted traffic. Yet another is called "partial-key escrow" because only some of the key digits are escrowed.

The case for assured access to encrypted material by the government or law enforcement is far from convincingly made in the U.S. The U.S. FBI is still very vocal in its requirements to have such access, but its focus of argument has broadened beyond encrypted telephony to include stored computer materials. There has not been offered any hard data to indicate the magnitude of encryption usage in secure telephony or data files, or to assess its status or rate of growth. The argument for law enforcement access is being made on the emotional basis of a safe and orderly society, in turn supported by specific anecdotal incidents which are admittedly socially reprehensible. The other side of the case generally argues against government intrusion on personal freedom and liberty, plus a deeply rooted concern about relinquishing so much power to the government.

Importantly, however, Congress has become engaged in the issue and there are presently bills before both the House and Senate (the Goodlatte bill in the House and the Leahy bill in the Senate). Both address not only relaxation of export controls, but also law enforcement access and the legal obligations and responsibilities of escrow agents. The language and construction in each is slightly different, but in general both affirm positively that "it shall be legal for any person [within the U.S., its possessions, and territories] to use any encryption, regardless of encryption algorithm selected, encryption key length chosen, or implementation technique or medium used." The House bill also provides that "no person in lawful possession of a key to encrypted information may be required by Federal or State law to relinquish to another person control of that key." There is also a Burns bill, not yet introduced, which will address only the issue of export of cryptography and not the other issues in the Goodlatte and Leahy bills. Finally, the Kyl amendment amends the criminal code to broaden the penalties and actions taken against information systems.

It is not clear, with an election pending in November of 1996, how rapidly encryption policy will progress, whether the bills now before Congress will make any headway, or even whether the Administration will pursue any proposals that have now been surfaced.

On other matters, there continue to be cracker and penetration incidents but the cert organizations in the U.S. and worldwide, coordinated by by an organization called FIRST, seem to be dealing well with the incident response issue. There are limited signs of concern about security of systems. For example, VISA and MasterCard have announced a standard to protect bankcard data during electronic transactions; it proposes to use specially designed algorithms from RSA. On the other hand, various studies and penetration attempts support the conviction that computer and network security in government and in the private sector is overall not well implemented.

Extant organizations continue to hold their conferences and workshops, but some new ones have come into being; e.g., the various conferences sponsored by NCSA, the RSA annual cryptography conference.

At the national level, the National Information Infrastructure effort has organized an in-house group of studies under a body called the NII Task Force. It has issued for comment a document describing proposed guidelines on system security within the government. Other documents have also been issued; one that has created major opposition and discussion addresses the protection of intellectual property -- the generalized copyright issue.

The sixth Computers, Freedom and Privacy conference has been held during March, 1995 at MIT, and this year featured a moot court with real judges presiding over a hypothetical case involving escrowed encryption. This particular annual conference has been remarkably successful in bringing together an appropriate cross section of attendees to discuss and interact on issues arising from the interplay between society and communications/computer technology.

The browser known as NETSCAPE has become exceedingly popular among users of Internet and in fact has driven a huge surge of commercial interest. Everybody who is anybody now has a home page on a Web site. The growing thrust to use the Net as a means for the conduct of commerce and the sale of products led Netscape to put RSA-based encryption into its system to safeguard personal and bankcard data. There have been two rounds of events in which substantial weaknesses were discovered and quickly repaired by Netscape. A weakness was also discovered by Purdue's COAST laboratory in MIT's popular KERBEROS system, but it was not publicly announced until MIT designers had installed technical remedies.

The concept of Information Warfare has become prominent and led to specialized conferences, books, and government-sponsored study. In general, it envisions deliberate clandestine covert attacks against the information systems of a country, both themselves directly and as they occur in the general national infrastructure. To the extent that this subject attains credence and standing, it will motivate better system security.

There is little to be said about privacy in this period. The word itself has appeared in the title of some laws [e.g., Senator Leahy's Encrypted Communications Privacy Act of 1996] but it is really used as a synonym for confidentiality. Nothing new has been done to control the widespread use of personal information for a broad variety of commercial purposes, and many observers feel that the government has taken actions that allows such activity to be more intrusive than ever; e.g., authorized the creation of new data banks, authorized the use by states of the Social Security Number as a de facto personal identifier.

Interestingly, the Digital Telephony Act, enacted in late 1994, and requiring that communications providers design systems with technical features able to assure that wire tapping by law enforcement continues to be feasible, has not yet been funded. As a reminder though, during discussions leading to the final wording of the law, important privacy protections were in fact added to the bill through the participation of civil liberties' groups and privacy advocates.

The Federal Communications Commission pre-empted the actions of many states by ruling that calling-party identification (the scheme that announces the phone number of a calling party to the called party) must be made available in all interstate telephony, but it also required every telephone company to conduct an aggressive information campaign for subscribers and to offer both per-call and per-line blocking. In California where about 50% of all telephone numbers are unlisted (i.e., not in the telephone book), the tone of the information campaign almost encourages the subscriber to opt for line blocking (i.e., an outgoing call will not deliver its number to the called party but prefacing the dialing with *82 will negate call blocking for the single call).

At the same time, the FCC also ruled that calling-party numbers which are provided to the called party as part of the 800-number system (so-called ANI numbers) may no longer be used for purposes other than for which collected. This will curtail some of the commercial selling of phone-number lists.