Donate for the Cryptome archive of files from June 1996 to the present

8 June 1998

Date: Mon, 8 Jun 1998 14:18:53 -0400
To: John Young <>
From: Alan Davidson <>
Subject: Update to "Risks of Key Recovery" Report 

You might be interested in the release today in Washington of an 
update to last year's "Risks of Key Recovery" report by Diffie, 
Neumann, Blaze, Schneier, et al. (and published by CDT). Copies 
are available online at
Included below is the Introduction to the new 1998 Preface, to whet the appetite...
-- Alan
Alan Davidson, Staff Counsel                 202.637.9800 (v)
Center for Democracy and Technology          202.637.0968 (f)
1634 Eye St. NW, Suite 1100                  <>
Washington, DC 20006                         PGP key via finger

The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption 1998

Hal Abelson
Ross Anderson
Steven M. Bellovin
Josh Benaloh
Matt Blaze
Whitfield Diffie
John Gilmore
Peter G. Neumann
Ronald L. Rivest
Jeffrey I. Schiller
Bruce Schneier

Final Report -- 27 May 1997
Updated -- June 8, 1998


A variety of "key recovery," "key escrow," and "trusted third-party" encryption requirements have been suggested in recent years by government agencies seeking to conduct covert surveillance within the changing environments brought about by new technologies. This report examines the fundamental properties of these requirements and attempts to outline the technical risks, costs, and implications of deploying systems that provide government access to encryption keys.



One year after the 1997 publication of the first edition of this report, its essential finding remains unchanged and substantively unchallenged: The deployment of key recovery systems designed to facilitate surreptitious government access to encrypted data and communications introduces substantial risks and costs. These risks and costs may not be appropriate for many applications of encryption, and they must be more fully addressed as governments consider policies that would encourage ubiquitous key recovery.

Our 1997 "Risks" report was designed to stimulate a public, technical debate and analysis that, in our judgment, must precede any responsible policy decision that could result in the wide-scale deployment of key recovery systems. While there are numerous and important economic, social, and political issues raised by key recovery, the report's analysis was confined to the technical problems created by deployment of key recovery systems designed to meet government access specifications. As of mid-1998, no substantive response addressing these technical concerns has been offered.

While efforts have been made over the last year to design key recovery systems for commercial purposes, they do not alleviate the concerns raised by deployment at the scale and in the manner required to meet government demands. The design of secure key recovery systems remains technically challenging, and the risks and costs of deploying key recovery systems are poorly understood. Most significantly, government demands for access place additional requirements on key recovery systems, including covert access, ubiquitous adoption, and rapid access to plaintext. There is good reason to believe that these additional requirements amplify the costs and risks of key recovery substantially.

In the past year, the importance of cryptography for protecting computing and communications systems has gained broader recognition among the public and within industry. Most presently-deployed encryption systems support rather than hinder the prevention and detection of crime. Encryption helps to protect burglar alarms, cash machines, postal meters, and a variety of vending and ticketing systems from manipulation and fraud; it is also being deployed to facilitate electronic commerce by protecting credit card transactions on the Net and hindering the unauthorized duplication of digital audio and video. However, the deployment of encryption (and other information protection mechanisms) is still patchy. Most automatic teller machine transactions are protected by encryption, but transactions made by bank staff (which can involve much larger amounts of money) are often not protected. Most Internet electronic mail is still sent "in the clear" and is vulnerable to interception. Most cellular telephone calls in the U.S. are still sent over the air without the benefit of strong encryption. The situation is similar in other areas.

Members of the law enforcement and intelligence communities continue to
express concern about widespread use of unescrowed cryptography. At the same time, these communities have expressed increasing alarm over the vulnerability of "critical infrastructure." But there is a significant risk that widespread insertion of government-access key recovery systems into the information infrastructure will
exacerbate, not alleviate, the potential for crime and information terrorism. Increasing the number of people with authorized access to the critical infrastructure and to business data will increase the likelihood of attack, whether through technical means, by exploitation of mistakes or through corruption. Furthermore, key recovery requirements, to the extent that they make encryption cumbersome or expensive, can have the effect of discouraging or delaying the deployment of cryptography in increasingly vulnerable computing and communications networks.

The technical concerns about key recovery and trusted third-party systems in 1998 remain largely unchanged from our 1997 analysis. We specifically do not address questions of how and whether key recovery might benefit law enforcement and whether there are alternatives to key recovery that might achieve equal or greater benefits. However, the predictable costs and risks of key recovery, particularly when deployed on the scale desired by law enforcement, are very substantial. The onus is on the advocates of key recovery to make the case that the benefits outweigh these substantial risks and costs.


For more, see

Date: Mon, 8 Jun 1998 14:36:48 -0400
To: John Young <>
From: Alan Davidson <>
Subject: Experts' Report Undermines Administration Encryption Approach

And here is CDT's press release about the updated "Risks of Key Recovery"
report by Diffie, Neumann, Blaze, Schneier, et al. Hope this is helpful,

	-- Alan

Alan Davidson, Staff Counsel                 202.637.9800 (v)
Center for Democracy and Technology          202.637.0968 (f)
1634 Eye St. NW, Suite 1100                  <>
Washington, DC 20006                         PGP key via finger

For Immediate Release		Contact: Jerry Berman
                                         CDT Executive Director
                                         Alan Davidson
                                         CDT Staff Counsel
                                         Phone: 202-637-9800


WASHINGTON, June 8, 1998 - A group of the world's leading cryptographers
today issued a 1998 update of a crucial report that continues to raise
questions about the costs and risks of government 'key recovery' proposals.
The report, which updates 'The Risks of Key Recovery, Key Escrow, and
Trusted Third-Party Encryption' issued last year by the same group of
cryptography experts, argues that the kinds of backdoor key recovery
systems proposed by the federal government will introduce tremendous new
vulnerabilities and costs that jeopardize Internet privacy and security.

The 1998 update of the cryptography experts' report takes a critical look
at the technical details of key recovery systems designed to facilitate
government access and finds them wanting. In particular, the cryptographers
determine that:

  * A year after the original report was released government-access key
recovery remains a complex problem that introduces "substantial risks and
costs" into otherwise highly secure encryption systems;
  * Despite this finding the federal government has offered "no substantive
response" to the challenges to key recovery that the cryptographers raised
in 1997; and
  * The criticisms that have been offered of the original report do not
address key recovery's fundamental problems. In particular, the existence
of commercial key recovery products or prototype key recovery systems that
meet government specifications "is not sufficient to demonstrate that these
[government-access] systems can be operated securely, in an economical
manner, on a large scale, or without introducing unacceptable new risks."

In essence, the cryptographers conclude that in 1998 "there are compelling
reasons to believe that . . . government-access key recovery is not
compatible with large scale, economical, secure cryptographic systems."
These concerns must have a place in the policy debate.

The Center for Democracy and Technology (CDT) agrees with the 11 authors of
the report that the obstacles key recovery presents to privacy online is
too important to be ignored. "Key recovery remains the central issue in the
encryption policy debate. The experts' report indicates that the federal
government has been unable to answer even the most basic and fundamental

questions about the key recovery system that it continues to embrace," said
CDT Executive Director Jerry Berman. "Without answers to fundamental
questions about privacy and security it would be irresponsible to move
forward with wide-scale deployment of government-access key recovery

The 1998 update of the cryptography experts' report is available online at:

Authors of the report include Whitfield Diffie, a Distinguished Engineer at
Sun Microsystems who is often called "the father of public key
cryptography"; Peter G. Neumann, a Principal Scientist at SRI and
world-renowned computer security expert; Ronald L. Rivest, Webster
Professor of Electrical Engineering and Computer Science at the
Massachusetts Institute of Technology, and co-inventor of the RSA
public-key cryptosystem; and Matt Blaze, a Principal Research Scientist at
AT&T Laboratories, who discovered a flaw in the U.S. government's "Clipper
Chip" key escrow system.

The Center for Democracy and Technology, a non-profit organization, is
dedicated to developing public policy solutions that advance civil
liberties and democratic values in the new computer and communications

                           #     #     #