8 June 1998
Date: Mon, 8 Jun 1998 14:18:53 -0400 To: John Young <firstname.lastname@example.org> From: Alan Davidson <email@example.com> Subject: Update to "Risks of Key Recovery" Report You might be interested in the release today in Washington of an update to last year's "Risks of Key Recovery" report by Diffie, Neumann, Blaze, Schneier, et al. (and published by CDT). Copies are available online at http://www.cdt.org/crypto/risks98
Included below is the Introduction to the new 1998 Preface, to whet the appetite...
Alan Davidson, Staff Counsel 202.637.9800 (v)
Center for Democracy and Technology 202.637.0968 (f)
1634 Eye St. NW, Suite 1100 <firstname.lastname@example.org>
Washington, DC 20006 PGP key via finger
Steven M. Bellovin
Peter G. Neumann
Ronald L. Rivest
Jeffrey I. Schiller
Final Report -- 27 May 1997
Updated -- June 8, 1998
A variety of "key recovery," "key escrow," and "trusted third-party" encryption requirements have been suggested in recent years by government agencies seeking to conduct covert surveillance within the changing environments brought about by new technologies. This report examines the fundamental properties of these requirements and attempts to outline the technical risks, costs, and implications of deploying systems that provide government access to encryption keys.
One year after the 1997 publication of the first edition of this report, its essential finding remains unchanged and substantively unchallenged: The deployment of key recovery systems designed to facilitate surreptitious government access to encrypted data and communications introduces substantial risks and costs. These risks and costs may not be appropriate for many applications of encryption, and they must be more fully addressed as governments consider policies that would encourage ubiquitous key recovery.
Our 1997 "Risks" report was designed to stimulate a public, technical debate and analysis that, in our judgment, must precede any responsible policy decision that could result in the wide-scale deployment of key recovery systems. While there are numerous and important economic, social, and political issues raised by key recovery, the report's analysis was confined to the technical problems created by deployment of key recovery systems designed to meet government access specifications. As of mid-1998, no substantive response addressing these technical concerns has been offered.
While efforts have been made over the last year to design key recovery systems for commercial purposes, they do not alleviate the concerns raised by deployment at the scale and in the manner required to meet government demands. The design of secure key recovery systems remains technically challenging, and the risks and costs of deploying key recovery systems are poorly understood. Most significantly, government demands for access place additional requirements on key recovery systems, including covert access, ubiquitous adoption, and rapid access to plaintext. There is good reason to believe that these additional requirements amplify the costs and risks of key recovery substantially.
In the past year, the importance of cryptography for protecting computing and communications systems has gained broader recognition among the public and within industry. Most presently-deployed encryption systems support rather than hinder the prevention and detection of crime. Encryption helps to protect burglar alarms, cash machines, postal meters, and a variety of vending and ticketing systems from manipulation and fraud; it is also being deployed to facilitate electronic commerce by protecting credit card transactions on the Net and hindering the unauthorized duplication of digital audio and video. However, the deployment of encryption (and other information protection mechanisms) is still patchy. Most automatic teller machine transactions are protected by encryption, but transactions made by bank staff (which can involve much larger amounts of money) are often not protected. Most Internet electronic mail is still sent "in the clear" and is vulnerable to interception. Most cellular telephone calls in the U.S. are still sent over the air without the benefit of strong encryption. The situation is similar in other areas.
Members of the law enforcement and intelligence communities continue to
express concern about widespread use of unescrowed cryptography. At the same time, these communities have expressed increasing alarm over the vulnerability of "critical infrastructure." But there is a significant risk that widespread insertion of government-access key recovery systems into the information infrastructure will
exacerbate, not alleviate, the potential for crime and information terrorism. Increasing the number of people with authorized access to the critical infrastructure and to business data will increase the likelihood of attack, whether through technical means, by exploitation of mistakes or through corruption. Furthermore, key recovery requirements, to the extent that they make encryption cumbersome or expensive, can have the effect of discouraging or delaying the deployment of cryptography in increasingly vulnerable computing and communications networks.
The technical concerns about key recovery and trusted third-party systems in 1998 remain largely unchanged from our 1997 analysis. We specifically do not address questions of how and whether key recovery might benefit law enforcement and whether there are alternatives to key recovery that might achieve equal or greater benefits. However, the predictable costs and risks of key recovery, particularly when deployed on the scale desired by law enforcement, are very substantial. The onus is on the advocates of key recovery to make the case that the benefits outweigh these substantial risks and costs.
For more, see http://www.cdt.org/crypto/risks98
Date: Mon, 8 Jun 1998 14:36:48 -0400 To: John Young <email@example.com> From: Alan Davidson <firstname.lastname@example.org> Subject: Experts' Report Undermines Administration Encryption Approach And here is CDT's press release about the updated "Risks of Key Recovery" report by Diffie, Neumann, Blaze, Schneier, et al. Hope this is helpful, -- Alan Alan Davidson, Staff Counsel 202.637.9800 (v) Center for Democracy and Technology 202.637.0968 (f) 1634 Eye St. NW, Suite 1100 <email@example.com> Washington, DC 20006 PGP key via finger For Immediate Release Contact: Jerry Berman CDT Executive Director Email: firstname.lastname@example.org or Alan Davidson CDT Staff Counsel Email: email@example.com Phone: 202-637-9800 EXPERTS' REPORT UNDERMINES ADMINISTRATION'S ENCRYPTION AGENDA WASHINGTON, June 8, 1998 - A group of the world's leading cryptographers today issued a 1998 update of a crucial report that continues to raise questions about the costs and risks of government 'key recovery' proposals. The report, which updates 'The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption' issued last year by the same group of cryptography experts, argues that the kinds of backdoor key recovery systems proposed by the federal government will introduce tremendous new vulnerabilities and costs that jeopardize Internet privacy and security. The 1998 update of the cryptography experts' report takes a critical look at the technical details of key recovery systems designed to facilitate government access and finds them wanting. In particular, the cryptographers determine that: * A year after the original report was released government-access key recovery remains a complex problem that introduces "substantial risks and costs" into otherwise highly secure encryption systems; * Despite this finding the federal government has offered "no substantive response" to the challenges to key recovery that the cryptographers raised in 1997; and * The criticisms that have been offered of the original report do not address key recovery's fundamental problems. In particular, the existence of commercial key recovery products or prototype key recovery systems that meet government specifications "is not sufficient to demonstrate that these [government-access] systems can be operated securely, in an economical manner, on a large scale, or without introducing unacceptable new risks." In essence, the cryptographers conclude that in 1998 "there are compelling reasons to believe that . . . government-access key recovery is not compatible with large scale, economical, secure cryptographic systems." These concerns must have a place in the policy debate. The Center for Democracy and Technology (CDT) agrees with the 11 authors of the report that the obstacles key recovery presents to privacy online is too important to be ignored. "Key recovery remains the central issue in the encryption policy debate. The experts' report indicates that the federal government has been unable to answer even the most basic and fundamental questions about the key recovery system that it continues to embrace," said CDT Executive Director Jerry Berman. "Without answers to fundamental questions about privacy and security it would be irresponsible to move forward with wide-scale deployment of government-access key recovery systems." The 1998 update of the cryptography experts' report is available online at: http://www.cdt.org/crypto/risks98 Authors of the report include Whitfield Diffie, a Distinguished Engineer at Sun Microsystems who is often called "the father of public key cryptography"; Peter G. Neumann, a Principal Scientist at SRI and world-renowned computer security expert; Ronald L. Rivest, Webster Professor of Electrical Engineering and Computer Science at the Massachusetts Institute of Technology, and co-inventor of the RSA public-key cryptosystem; and Matt Blaze, a Principal Research Scientist at AT&T Laboratories, who discovered a flaw in the U.S. government's "Clipper Chip" key escrow system. The Center for Democracy and Technology, a non-profit organization, is dedicated to developing public policy solutions that advance civil liberties and democratic values in the new computer and communications media. # # #