14 April 1998: Federal Computer Week has put the NSA critique of key recovery on its Web site:

See a related FCW article about it today at:

The blacked out portions of the diagrams await decoding.

13 April 1998: Link to FCW online story:

Date: Mon, 13 Apr 1998 09:32:24 -0400
From: millers <millers@cfw.com>
To: jya@pipeline.com
CC: heather@fcw.com
Subject: Re: NSA Report in FCW


The story you mentioned is now on our website. We'd be delighted if you'd link to it.



Susan Miller
Editor of Online Services
FCW Government Technology Group

To: millers <millers@cfw.com>
From: John Young <jya@pipeline.com>
Date: April 13, 1998, 10:19 AM
Subject: NSA Report in FCW

Dear Ms. Miller,

Thanks very much for making your NSA report available online. We have linked to it.

You might wish to know that a number of cryptographers have indicated strong interest in seeing the NSA report cited in your article.

Do you think FCW might be able to publish the report in full? Or, if not that, provide a lead to obtain a copy for publication?

Best regards,

John Young
JYA/Urban Deadline

10 April 1998
Source: Fax from William Payne

Thanks to the author and FCW

Federal Computer Week, April 6, 1998, p. 16

Policy & Procurement


NSA report details risks of key-recovery technology


The National Security Agency has prepared a report that may be the first federal government documentation of the potential risks posed by the encryption technology that has been at the center of a raging debate between the Clinton administration and industry.

The report details the potential threats of following a key-recovery technology, which is an encryption system that uses a so-called back door, which allows users to retrieve the key needed to unscramble encrypted data should they lose the key. Key recovery would also allow law enforcement agents to decode encrypted data after obtaining a court order or other authorization. The FBI has been a forceful proponent of key-recovery technology, arguing that investigation would be impeded without it.

The Clinton administration intends to make a market for key-recovery technology by urging federal agencies to use these encryption systems. At least one bill that is now being considered by Congress would require federal agencies to purchase key-recovery encryption systems for securing data.

But the report, "Threat and Vulnerability Model for Key Recovery," pointed out that certain law enforcement agents and officials operating key-recovery centers could pose the greatest threat to a key-recovery system -- and to the users' data, which is encrypted by the system -- if proper security mechanisms were not in place.

"A rogue key-recovery agent, because of his high level of access, poses the most formidable threat, although [he]  may lack motivation and risk-tolerance to exploit this access," the report stated. "The law enforcement agent is also trusted with a high degree of access during the recovery process and may be more motivated to exploit this access since he is already in the 'wiretap business.' "

The report said organized crime, foreign intelligence and hackers represent a low risk to key-recovery systems because these individuals lack access. However, a rogue key-recovery agent is more likely to sell his high level of access to those groups or individuals than to work on his own behalf, the report concluded.

Dave Banisar, staff counsel for the Electronic Privacy Information Center, said NSA's report is teh first public documentation from a federal entity that outlines potential risks associated with key-recovery technology. A group of leading encryption expert in May 1997 issued a report noting that widespread key-recovery systems would be extraordinarily difficult and expensive to build. That report also noted that the risks of unauthorized disclosures are much higher in a key-recovery system than a system without key-recovery features.

"It raises a lot of issues when you add it to the cryptographers' report," Banisar said. "[NSA is] finally now admitting that there are serious problems with key recovery. It raises the question: Why have they been promoting it all these years." The report was prepared by an NSA analyst at the request of a public/private advisory committee working to develop a standard for federal agency use of key-recovery technology.

The threat that anyone poses to key-recovery systems is a function of how well the application has been designed and operated to address the potential security concerns, according to a statement NSA provided to FCW.

"Key recovery, like any other application, is secure against attacks to the extent that it was properly designed, implemented and operated," according to the statement. "If due consideration is given to the threats and vulnerabilities identified in the paper and appropriate countermeasures are employed for each of the factors identified, there would be minimal risk posed to the resulting key-recovery system."

The major factor in assessing the overall security of a key-recovery system would be the strength of the countermeasures applied "against the full spectrum of threats and vulnerabilities," the report stated.

Peter Neumann, principal scientist at SRI International, Menlo Park, Calif., and one of the cryptographers who authored the report on key-recovery risks, said key-recovery systems are "inherently risky" because of overall weaknesses in the computer operating systems and networking products.

"If they put a total air gap between all the key-recovery systems in the world and the the rest of the world, then they could reduce the risks," Neumann said. "As soon as the government creates any access whatsovever to the key-recovery systems, they're vulnerable to the fact that the computer security and network protocols stink."