NTIA-CR-81-10 IMPACTS OF FEDERAL P OPTIONS FOR NONMIL CRYPTOGRAPH contractor reports U S DEPARTMENT OF COMMERCE National • Telecommunications and Information Administration NTIA-CR-81-10 IMPACTS OF FEDERAL POLICY OPTIONS FOR NONMILITARY CRYPTOGRAPHY VICTOR C WALLING JR DONN B PARKER CHARLES C WOOD PREPARED FOR NATIONAL TELECOMMUNICATIONS AND INFORMATION ADMINISTRATION U S DEPARTMENT OF COMMERCE WASHINGTON D C SRI PROJECT 1663 Statements contained herein are the views of the authors and do not necessarily reflect those of the National Telecommunications and Information Administration U S DEPARTMENT OF COMMERCE Malcolm Baldrlge Secretary Bernard J Wunder Jr Assistant Secretary for Communications and Information JUNE1981 EXECUTIVESUMMARY Several developments in electronic technology are dramatically increasing private-sector and civilian governmentinterest in cryptography The growinguse of-information and communication systems is creating nonmilitary requirements to help assure privacy security and protection of information property rights The assumption that only the military and diplomatic corps have major legitimate needsfor high-quality crytography is no longer valid electronic Civilian applications from funds transfer to protection of trade secrets to assurance of confidentiality cryptography of records all require ever higher quality nonmilitary However meeting these needs may jeopardize some current practices of the national security system narrowly defined as military and diplomatic security activities To reconcile these interests it is desirable to adopt a new principle as the basis for national policy toward nonmilitary cryptography This new principle is that when considering whether to restrict or encourage nonmilitary cryptographic products and research the contributions they make to the nonmilitary sector and to national security broadly defined to include social and economic health and strength should be balanced with any potential threat theypose to national security narrowly defined Recent congressional attention has focused on the conflicts between segments of theprivate sector and the defense establishment concerning the publication of research results patenting of inventions export of hardware and technicaldata �nd control over government funding of unclassified research related to cryptography · These conflicts have raised questions as to how much and what kind of government control is iii reasonable and necessary whether controls might have an undesirable chilling effect on related areas of research whether statutory authority exists or should exist to support various contr·ols and whether First or Fifth Amendmentrights prohibit certain controls Aggravating this conflict is the advancing international trend to use cryptographic technology topromote nonmilitary electronic system security and facilitate electronic information management the conflict level Moreover will escalate unless some reconciliation of overall U S interests is achieved Recognizing the iwportance of this growing problem in December 1979 the Chairman of the Special Subcommittee on Telecommunication Protection of the National Security Council requested that the Secretary of Defense and the Secretary of Commerce propose a suitable national policy on cryptography A A Framework for Issue Formation The conceptual framework toaddress this issue is the emergi g role of electronic system integrity in the nonmilitary as well as the military sector The term system integrity refers to both 1 security asset protection and reliability and 2 effective accounting control of negotiable assets and information property rights Electronic system integrity is ever more important to the nation as it becomes aninformation economy For example computer and communication safeguards help make possible secure interbank transfer of money electronically or allow credit card users to have access totheir financial resources through automated tellers electronic transaction controls make it possible to sell scrambled encoded broadcast programs directly to individuals iv B The Effects of Current Policy Because today's federal policy concerning cryptography is oriented al most exclusively to current narrowly defined national security concerns there has been limited consideration of wl y federal support of independent private-sector competence in cryptography may be necessary and desirable within the coming decade Today's policy structure based on an adversary relationship assumes that national security interests and independent nonmilitary interest in cryptography are necessarily in significant conflict However the national security more broadly defined may be increasingly threatened by the growingvulnerability of civilian electronic communication and information systems Yet despite policy restrictions there continues to be progress in developmentof nonmilitary cryptography through corporate academic and civilian government research NBS and IBM with assistance from NSA developed a national Data Encryption Standard algorithm DES and the government continues to support development of sl�ndards that assist in the implementation of the DES C The Costs and Benefits of Cryptography Cryptography properly used in an overall security system would significantly reduce civilian system vulnerability to loss or disruption and potentially increase the value of these systems as backup for diplomatic and military uses Civilian cryptography is creating dramatic newopportunities for innovation and invention of new electronically based products and services that rely on powerful low-cost system �ntegrity encryption for example opens many possibilities Signature including improved integrity in contracts management new forms of electronic purchasing This opens a wide potential for and electronic polling and voting V creating entirely new forms of business including new forms of legal transactions The cost of powerful cryptographic algorithms and automated key • management strategies integrated directly into system hardware will become virtually negligible on a unit-of-hardware basis within 5 to 10 years D Results If The Present National Course Is Left Unchanged Contention between civilian and narrowly defined national security demands for cryptography will grow There will also be a growing issue within the national security community concerningthe scope of the national security threat from increasingly insecure civilian electronic communicationand information systems both public and private Losses disruptions and costs of forgone opportunities to create new information services products and efficiencies in civilian electronic systems will increase From the perspective of total public and private benefit outside current national security definitions there will probably be underinvestment in basic research into system security and electronic information property rights management This will occur because many of the benefits are diffuse and not proportionate in private economic markets to the business risks that suppliers must take e g privacy and confidentiality of personal and business records are two suchareas of large but diffuse potential benefit This underinvestment may be especially severe before the development of national technical standards for the integrity of public communication networks and before development of more specific standardsfor duty of care in the protection of privacy rights and data in electronic communication and information systems vi Sometechnological and service industry leadership will be lost to foreign competitors as the security of their civilian electronic systems begins to match or exceed that of U S systems� Some disruption of the rate and direction of progress in other sciences and technologies will result as researchers are discouraged from exploring cryptography-related concepts and as industry is discouraged from developing independent capability to provide high quality system integrity E The Federal Government and Electronic System Integrity Because cryptography is an effective efficient and often necessary means of providing the system integrity needed in our emerging information society SRI came to one central conclusion concerning management of national cryptography policy The federal government has the obligation to balance the value of meeting the growing need for nonmilitary cryptography with Department of Defense DoD concerns and efforts to constrain cryptography This obligation should extend to federal facilitation of private sector efforts toward electronic system integrity research and product development Some of this federal obligation is being discharged under current policy The National Science Foundation NSF supports basic science and cryptography has many roots in basic science The National Security Agency NSA provides communication security for military and diplomatic services and is seeking authority to provide grants for private- sector research in cryptography • The National Bureau of Standards NBS develops technical standards for civilian government use and helps facilitate standards that may be necessary to foster trade But there is no well-thought-out national strategy for federal facilitation of commercial electronic system integrity This strategy should be based on all significant national needs military and vii nonmilitary pertaining to national security in both narrow and broad terms Within this strategy of facilitating the evolution of electronic system integrity current cryptography policies should be realigned to promote both national security broadly defined and encourage private-sector competence in designing and applying secure systems Realigned policies that do not require legislative change might include - Increased encouragement of open unclassified system integrity research including cryptography - Continuing government support for development of national technical standards for cryptographic equipment andfor its proper adoption and use - Continued government facilitation of standards of care in the areas of privacy and asset management in electronic systems - Limitation of International Trade in Arms Regul�tions ITAR export restrictions on cryptographic equipment to those products representing genuine leading-edge technology and only when these are significantly superior to available foreign commercial products - Limitation of International Trade in Arms Regulations ITAR controls on cryptographic technical data to specifications associated with products or equipment categorized as leading-edge technology and only when these data would effectively transfer manufacturing know-how significantly superior to available foreign technology Use of ITAR to constrain scientific talks and technical publications should be avoided - Application of the Invention Secrecy Act only to cases in which the government has demonstrated that the national security threat of disclosure exceeds the potential social economic and·technical benefits This process should include balanced representation from the national security and nonmilitary interests in cryptography The act should be applied only through a procedure that provides prompt assistance to the inventor in revising the patent application to avoid the secrecy order if possible • • viii F Policy Sutmnary In view of the rapidly expanding nonmilitary need for enhanced electronic system integrity the U S government policy on cryptography should be characterized by - Explicit procedures to balance the nonmilitary social economic and technological cost and benefit impacts with the expected national security costs and benefits both narrowly and broadly defined - Awareness of foreign scientific progress and product development in the field of cryptography Implementation of this type of policy would be facilitated by • reconciliation of national -security interests with the reality of growing world wide civilian need and capacity to provide electronic system integrity 'lllis reconciliation could take the form of a new or expanded federal mission concerning computer and telecommunication systems security designed within a conceptual framework of electronic system integrity�Such a mission should be designed to bridge the gap between civilian and military concerns by encouraging the national security community to stay informed of the state of ·the art of civilian technology while preserving and encouraging civilian efforts With few exceptions our respondents felt that the civilian sector interest in cryptography should be clearly and distinctly recognized and represented in federal policy and regulations • • ix ACKNOWLEDGMENTS During this project more than 60 experts from the United States and Europe were kind enough to share their views with us on one or more aspects of this topic Appendix A We thank them particularly those 11 whoattended our July 1980 workshop Appendix B We also thank the more than 15 SRI experts in various related disciplines whose comments and criticisms were most helpful Appendix C • Positions taken by these individuals were in general agreement on the actions needed tofacilitate nonmilitary cryptography but disagreed ·sharply on the forms any controlsshould take and the extent to which the nonmilitary sector could or would takethese actions voluntarily In presenting a synthesis this report deliberately avoids making reference to the comments of particular individuals Some individuals expressed strong reservations to some of the specific positions held by In such cases we have presented both the majority of our interviewees positions Finally we thank Mr Charles Wilk and Mr Donald Kraft of NTIA and Dr Fredrick Weingarten of OTA for their assistance thoughtful participation and critique of our·work in progress The SRI authors take sole responsibility for the this report It is a synthesis of viewpoints position arrived at by consensus It is statements made in not a description of a the opinion of the SRI project team that on many dimeusions of this matter no consensus can be obtained not only because many of the facts are national security secrets but because there are fundamentally different perspectives on the relative significance of the various threats and opportunities that X nonmilitary cryptography presents In this respect the national policy on this topic must be fundamentallya value decision on the type of society we want tolive·in and on how we want to defend it xi CONTENTS EXECUTIVE SUMMARY iii ACKNOWLEDGMENTS X INTRODUCTION 1 A The Problem 1 B Objectives 3 II THE CURRENT POLICY 5 III THE RATE AND DIRECTION OF THE EMERGING CIVILIAN NEED 9 A The Need for Systems Integrity 9 I IV V B Uses or �ncryption 14 c 15 The Declining Cost ofCryptography D The Dependence of Cryptography on Other Sciences 17 PREREQUISITES FOR ANALYSIS OF FEDERAL CRYPTOGRAPHY POLICIES 19 A The Nature of Impacts from Alternative Federal Cryptography Policies • • • • • • • • • • • • • • 19 B Perspectives on the Value of Policy Impacts • • • • 21 c An 22 Analysis Framework POLICY IMPACTS 25 • • • • A Objectives for Cryptography Policy 1 Impacts of Altering the Rate or· Direction of Cryptography Research• • • • • 2 Impacts on Nonmilitary Security • • • • • 3 Impacts on Individual Quality of Life 4 Impacts on U S International Competitiveness 25 xiii 26 26 27 28 5 Impacts on New Information Management Techniques 29 B�Summary of the Impacts of Altering Cryptography R and D • • • • • • • VI IMPACTS OF ALTE 1 AT1VEPOLICY OPTIONS 33 A Choices for th� Future 33 B Probable Results of the Present Policy Course 33 c VII 30 The Impact of One Centralized Federal Cryptography Mission • • • • 35 D Alternative Policy Options and Impacts • • • • • 1 An Alternative Policy Concerning Federal Cryptography Research Support • • • • • 2 An Alternative Policy Concerning Priv•te-Sector Competence in Cryptography 3 An Alternative Policy Concerning Development of National Standards for the Use of Cryptography 4 An Alternative Policy Concerning Federal Restrictions on Export Of Cryptographic Products • • • • • • 5 An Alternative Policy Concerning Federal Restrictions on Export of Cryptographic Technical Data • • • 6 An alternative Policy Concerning Invention Secrecy Constraints on Cryptographic Products 35 E Some Open Questions 43 CONCLUSIONS 45 BIBLOGRAPHY 38 39 39 40 41 42 48 APPENDICES A CONTACTS A-1 B CONFERENCE ON FEDERAL GOVERNMENT POLICIES FOR PRIVATE SECTORCRYPTOGRAPHIC RESEARCH July 11 1980 B-1 C SRI STAFF INTERVIEWED C-1 D CURRENT POLICY SITUATION D-1 E APPLICABLE LEGISLATION AND REGULATION E-1 F RISK ANALYSISAND THE ROLE OF ENCRYPTION xiv F-1 G PRELIMINARY LIST OF FEDERAL POLICY OPTIONS TO REGULATE ACADEMIC AND COMMERCIAL SECTOR ENCRYPTION RESEARCH AND DEVELOPMENT G-1 H POLICY IMPACTS H-1 I A FRAMEWORK FOR ASSESSING CRYPTOLOGY IN THE NONMILITARY SECTOR OF SOCIETY THE BROADER ISSUE OF COMPUTER AND COMMUNICATION INTEGRITY • • I-1 xv I INTRODUCTION A The Problem The nation faces a significant policy transition forced upon it by the rapid revolutionary changes in communication and computer technology ' Nonmilitary cryptography systems and research are attracting important attention from academia and commercial enterprises increasing civilian attention to cryptography • three forces First This is a direct result of is the very rapid change in electronic communication and information technologies made possible br integrated semiconductor technology Specifically development ofcommercial microprocessors in 1971 began a new era in which increasingly powerful computers could be built very inexpensively and made widely available Second perhaps because ofpowerful inexpensive computing cryptography research and developmentby commercial and academic sources has advanced rapidly in recent years Third there is growing civilian and private-sector interest in enhancing privacy security government and control of information property rights for their computing and telecommunication systems The potential economic and socialcontribution of cryptography-based security and information property rights management in this new era of electronic systems is extremely large Information - system integrity directly affects productivity balance of trade personal privacy reduction of crime and overall national welfare and • security Yet at the same time international pr·oliferation of cryptography from foreign as well as U S sources mayjeopardize some of our present national security signals intelligence activities 1 The growthof interest in nonmilitary cryptography has sparked a major policy debate to what extent the Federal government should tolerate or encourage open nonmilitary research in cryptography The new information technologies have created requirements for communication and file protection private sector both in civilian government agencies and in the This need in turn has led to unprecedented academic and commercial progress in cryptography related topics� For example dozens of cryptography related scientific papers have been published in the past 5 years mostly by Americans but also by foreign nationals and more thantwo dozen firms are now offering cryptographic equipment Various private businesses and civilian agencies are beginning to see a need for cryptographic protection for their computerized information systems andtelecommunications Some government agencies are also finding themselves with new responsibilities for protecting the personal privacy of Americans other agencies are chargedwith responsibility for developing appropriate technical and procedural standards to promote privacy and asset security in electronic systems The need has led to the adoption of the first national Data Encryption Standard DES by the National Bureau of Standards for government use and possible general commercial use These activities represent a substantial growth in nonmilitary concern for cryptographic research and development This increased public interest conflicts with traditional practice past private-sector In the advances were tightly controlled because almost all applications of cryptography were limited to military and diplomatic missions This new conflict caused a comprehensive new policy for cryptography to be soughtby the Chairman of the Special Subcommittee on - Telecommunication Protection of the National Security Council in 1979 Because the microcomputer revolution is sonew its implications for society are not yet clear and therefore great care should be taken to base national policy about cryptography on forwa d looking values and national goals Policy decisions should not be based on values and goals established to suit a previous era of technology Retarding of civilian cryptography may slow the rate of innovation and development security and information property rights management strategie �in 2 electronic communication andinformation systems It research in their supporting sciences maydiscourage This effect in turn could cause serious harm to the abi�ity of the UnitedStates to remain globally competitive in civilian telephony industries computer and information-service Moreover it may also create major disadvantages should the United States decide in the future to place greater defense emphasis on securing civilian as well as military communication and information systems In cryptography as in many other technologies no single theme represents the overall national interests The basic message ofthis report is that development of an appropriate national policy on cryptography should be made only in the context of a balanced consideration of the following three elements 1 The contribution that nonmilitary cryptographic research and product development canmaketo the Americaneconomy and the quality of life for American citizens e g jobs privacy protection international competitiveness control of crime preservation of free speech and freedom of researc h 2 The contribution t hat nonmilitary cryptography canmake to national securi ty in the broadest sense of the term especially as we move into the eraof the electronically based global information society 3 The threat that ne nmilitary cryptography poses to national signals j ntelligence and communication security as they are cuirrently being conducted Because the project wasdesigned to be unclassified this report addresses the first of these three topics and focuses on the impacts of nonmilitary cryptograpt1yresearch on Americansociety B Objectives Under contract t o theNational Telecommunications and Information Administration NTIA SRI International undertook this study with the following objectives 1 To evalua·te the nonmilitary and nondiplomatic impact of altering the rate and direction of cryptographic research and newp r oduc t development 3 2 To evaluate the impacts offederal policy on the rate and direction of cryptographic research and development This study had a very li�ited scope No classified data or potential impact areas concerning the U S intelligence community were to be examined However a large number of our interviewees commented that national security might benefit significantly from independent and prolific development and use of very powerful cryptography in the nonmilitary sector Independent does not mean without NSA knowledge Without exception our interviewees agreed that it is desirable for NSA to keep and be kept fully current on all new cryptographic technology and its deployment Respondents were divided on the value and effect of direct involvement in or control of civilian cryptographic efforts NSA 4 by II THE CURRENT POLICY Currently federal governmentpolicy which affects nonmilitary cryptography r�search springsfrom two sources traditional national security concerns and concerns for government facilitation of commerce and basic science National security concerns have led to the ITAR the International Traffic In Arms Regulations 22 CFR Parts 121-128 Sturges 1980 the Arms Export Control Act of1976 22 USC 2778 and the Invention Secrecy Act 35 USC181-188 which have been and continue to be used to limit the distribution of American cryptographic technology to other nations and to limit the U S patent rights of American inventors but not of foreign inventors Federal concerns for commerce and basic science particularly to meet public and federal civilian needs have led to federal grants and standardsdevelopment activities in the area cf cryptography or in fields of basic science that have proven toyield significant cryptographic insight for example Public Key Code technology was discovered and developed by academic researchers supported in part by federal research dollars Moreover there has recently been effort by NSA to develop both a prepublication review process for cryptogru�hy related research and to devise and support its own unclassified cryptography grants program Table 1 summarizes this current policy situation of current policy status Appendix D presents a review Appendix E lists the primary legal underpinnings of current policy Within this policy context however conflicts have begun to arise between new and traditional interests This conflict is well documented in the House Government Information Subcomittee Hearings 1980 Some national security community representatives have declared that proliferation of nonsecret cryptographic research capability constitutes 5 TABLE 1 · CURRENT POLICY °' PoucY AREA Pou CY Pos IT ION EXPORT RESTRICTIONS ITAR AND ARMS EXPORT • REQUIRE AcT CONTROL EXPORT CONTROL CRYPTOGR OF EQUIPMENT AND TECHNICAL ENCOURAG t DATA COMPETIT INVENTION SECRECY PATENT OFFICE ISSUES SEt 7 SECRECY CFECY ORDERS AT REQUEST GRAPHY OF AS DEFENSE AGENCIES DoD DoE 2 MORE THA NSA DoJ PREPUBLICATION REVIEW FORMALLY REVIEW ON PROJECTS OPEN INT OF NON-D OUTSIDE DoD FUNDING NSA RESEARCH IS NOW TRYING A VOLUNTARY PROCEDURE IMPACTS NSF FUNDS WORTHY OF •BASIC NSF SUPP RESEARCH INCLUDING SOME SCIENCE A CRYPTOGRAPHY DRAWS U b-8ACADE 1 NSA SEEKS STATUTORY AUTHORITY TO PROVIDE GRANTS FORCRYPTOGR PRIVATE SECTOR RESEARCH ONA SERI FEDERAL FUNDING LEVEL BRooKs AcT LED To DES t TECHNICAL STANDARDS t � 1 - ONE NATI STANDARD SUSPICION a significant threat to their mission and that greater restraints and control by DOD are therefore necessary Inman 1979 Many researchers in the academiccommunityargue that even the present restraints are too severe not only because they have a chillingeffect on the amount and type of cryptographic research but because reduced research in turn deprives Americans individually and collectively of products and services that could increase their privacy personal security and even national security Helman 1978 In response partially to the concern for the system security requirements brought on by the new electronic technology Congress took • one key direct action in the form ofthe Brooks Act 1965 PL 89�306 to support development of standardsfor government use of computers This act combined with the requirements of the Privacy Act of 1974 helped lead NBS to adopt the DES This action did not end the conflict it expanded the controversy Suspicions were immediately voiced that if NSA found the DES acceptable for widespread use then NSAmust beable to break it either through a trap door or by testing Diffie 1978 This suspicion was reinforced by the fact that some ofthe specifications of the DES were not made available to the public for evaluation and criticism Overall this incident points up that the demandfor cryptography in the nonmilitary sector cannot be metsimply by supplying one good multipurpose algorithm A part of this sector demands the opportunity to independently evaluate the quality of any code proposed for use and to do so in an atmosphere that is open and above suspicion particularly for products designed to serve in the international market A basic philosophical conflict that goes even deeper than that between current military and nonmilitary interests in cryptography concerns adequate secure-system design One side saysthat the details of a security strategy should be kept secret to increase its effectiveness The other saysthat at least for commercial systems 7 unless the security strategy is designed overtly its weaknesses will not comeunder the most effective criticism hence the system will be weaker andmore vulnerab le to attackthan it could be In this context of current controversy policies coming under discussion in six areas are These policies and their most immediate impacts are cited in table 1 Policy Situation Today and discussed in more detail in Appendix D The current policy situation concerning cryptography reflects the traditional A concerns of the national security community although it is debated whether thesepolicies are adequate to satisfy this community's interpretation of establishing its needs Conspicuously absent as a principle ·for national policy is any direct recognition that there is a legitimate and growing need for nonmilitary cryptography capability and that this places an obligation on the federal government to balance the value of nonmilitary cryptography with any national security value from constraining it This means for example that some agency should be s pecifically assigned the task of interest representing and facilitating public that is served by improving electronic system integrity including nonmilitary cryptography mission to identify and facilitate Some agency should be assigned the private sectors research and development for those national nonmilitary cryptography needs not otherwise adequately·reflected in private market forces 8 III THE RATE AND DIRECTION OF THE EMERGING CIVILIAN NEED The role of cryptography in society has been changed by three basic forces the rapidly growing needfor electronic system integrity the potential rapid decline in cost of system-integrated cryptography and the growing importance ofmany of the various sciences on which cryptography advancements depend A The Need for Systems Integrity The general purposes of encryption and other safeguards are to • help protect data from misuse abuse errors provide transaction control Table 2 displays the types of interactions for which cryptography is relevant assure orderliness and omissions andto integrity Transaction control is auditability used to and accountability in electronic markets involving data as intellectual products and negotiable assets such as electronic money In the electronic exchange of assets in bothform and speed encryption is of increasing importance as a means of control as well as safeguard Then the exchange andaccounting of decryption keys to convert the encrypted information back to plaintext form completes thetransaction example the distribution of For electronically based educational or entertainment programs television radio computer interaction and the like can take place through mass distribution in encrypted form Accounting for use of the programs can be accomplished by an exchange of moneyfor keys through a brief telephone exchange This makes it possible for audiences to buy what they would like directly rather than through support of advertisers' products One of the most promising cryptographic concepts to facilitate 9 TABLE--2 EMERGING CRYPTOGRAPHY ROLE IN E USES TYPES OF ACTS CAUSE EXAMPLE APP EFFECT PRIVACY MODIFICATION RECORDS - M PRESERVATION ERRORS - CRED OMISSION DESTRUCTION MONEY - EFTS - Po IN TRA Loss PREVENTION ACCIDENTAL INTENTIONAL DISCLOSURE MESSAGES- TE - ELEC - PRO REMOVAL UsE CopyRIGHT - SU DENIAL OF USE BRO - PAY TRANSACTION CONTROL ELECTRONIC INFORMATION PROPERTY RIGHTS MANAGEMENT THREATSCRYPTOGRAPHY HELPS PREVENT IN OF TRADE SECRETS1 FRAUD1 IMPERSONATION1 DECEP � T transaction control is that of the digital signature Developmentof public key cryptographic strategies has greatly enhanced practical application of this concept By encrypting the messagewith a secret key as the signature of the author digital signatures virtually tamperproof electronic documents applications maymakepossible This technique has many for example it makes it possible to create legally binding contracts and signatures authorized at a distance and communicated electronically Protection from errors and omissions is usually treated as a serendipitous benefit of encryption There are more effective means of direct protection from accidental loss However this inherent benefit increases the attractiveness of encryption Error and omission detection and correction based on early work of Shannon and Hamming in information theory u e concepts employedin encryption This is another exampleof the overlap of research ·betweencryptography and other important research subjects Abuse and misuse have been identified as potential thr�ats for which encryption can bea particularly important to distinguish valuable safeguard Here it is betweenprotection of data from criminals and protection of their own data by criminals Therefore abuse andmisuse form twotypes 1 direct loss to legitimate owners and custodians of data through modification destruction l· disclosure including taking and u�authorizeduse or denial of use and 2 use of encryption���· criminal and other antisocial purposes Some examples of ·direct loss to legitimate owners and custodians that is preventable with encryption are 1 Transferring funds from several accounts into a favored account in a bankchecking account system '· 2 Inserting a fictitious employee record into a payroll file 3 Modifying the names andaddresses of stockholders in a dividend payment system 11 These activities can be done using a master program that can change the contents of data files independently of the production program that is authorized for processing the files The masterfiles could be encrypted and decrypted under control of the production program which generates its own encryption key The files plaintext would be available in one record at a time only during authorized production processing vulnerability If this action were taken the remaining serious appears to be unauthorized modification during the production program operation or unauthorized modification of production data input 4 Inserting data into a communication circuit to allow repeated withdrawals of cash from an automatedteller machine using and magneticstripe card and personal identification number This activity would be especially �omplexand would require great skill and knowledge even in the absence of encryption However encryption could make it totally impractical relative to the potential gain · Currently in some EFTsystems data sent over thecommunicationcircuits is encrypted during transmission the attacker This adds complexity to the job of He must break the encryption processor obtain the· encryption key Otherwise the perpetrator is forced to gain access to the control data before encryption in the computer or after decryption • in the automated teller machine 5 Destruction of invoice data that would have shownremoval of products from a warehouse If the invoice data were block-encrypted in computer storage media such as cards tape or disk then any kind of meaningful destruction of selected data would also destroy easily detectedamounts of other receipt data the decryptio� process would then reveal that the original data had been modified Therefore for the crime to occur the receipts _ would have tobe destroyed before or during input to the computer or during output from the computer· 6 Retrieval and display of trade secrets from a computer ata remote terminal Trade secrets could be encryptedin computer storage Authorized terminal users would have secret identifiers to prevent theft by others 12 This protection would also help preclude those authorized to use the computer frc m gaining unauthorized possession of the plain text material without leaving a clear audit trail Therefore the perpetrator must either capture the trade secrets in the computer as plaintext or obtain the encrypted information and attempt to decrypt it 7 Taking a mailing list of most favored customers 8 Obtaining personal medical recordsfrom a hospital records systemfor use by insurance salesmen These activities could be precluded by routine encryption of the data whenever they are not being used for authorized purposes Breaking the encryption process or key and obtaining the key from the authorized custodian remain as the likely vulnerabilities The above cases show that encryption considered in the broad context of computer and communication security replaces one set of vulnerabilities with another In some cases the use of encryption does not reduce the greatest vulnerability such as bribing a computer operator and is therefore ineffective in protecting the whole system against an observant and intelligent enemy who can find and take advantage of opportunities L hat are easier and safer than defeating an encryption system Therefore encryption will be effective only when it strengthens the weakest most vulnerable links in an information system and when it is part of a comprehensive safeguarding effort Some examples of the use of encryption for criminal purposes are - Safe communication and storage of betting information in a bookmaking operation - Use of a time-sharing computer for safecommunication of informat l on concerning criminal activities such as drug traffic or prostitution - Secretly encrypting the financial master files and backup files of a company in its own computer and holding the key for ransom The above cases show that making encryption generally available for 13 legitimate purposes makes it available for criminal and other antisocial purposes as well One r�sult is that extensive use ofencryption by criminals may reduce thevalue of court-ordered wiretapping by law enforcement agencies currently a valuable tool in fighting crime B Uses of Encryption For purposes of prevention of abuse and misuse and transac_ tion control encryption can be usedfor concealment source authentication and data authentication Each of these is discussed below Concealment-- Disclosure of prevented data to unauthorized parties can be The contents of misrouted messages therefore will not be divulged to mistaken receivers of these messages In additionf the volume of data its source receiver timing and frequency of transmission can all be concealed Source Authentication -- Decryption into an intelligible pla_intext indicates that the messageprobably comes from the supposed source To the extent that it can be proved that the source is the authentic and only possessor of the key that party is authenticated Therefore encryption can bea significant element of message source authentication Data Authentication -- If data in ciphertext form are modified in any way decryption will reveal the modification magnified by the decryption process Federal Requirements for Privacy and Legal Standards of Due Care At the same time that these various vulnerabilities have emerged to create a need for new prot ctions there has been a se ri in federal legislation to citizens' legislation require increased protection and due care concerning privacy rights and rights to public records Hence and regulation may becomea major force to promote private-sector and civilian agency adoption of cryptography equipment 1 Typical laws that may be interpreted to have thiseffect include the Right to Firtancial Privacy Act of 1978 and the Family Educational Rights and Privacy Act of 1974 Because of growing private sector uses for cryptography combined with federal requirements for electronic security we conclude that in the absence offederal and international constraints on civilian cryptography over the next several decades DoD will cease to dominate the market for cryptographic products DoDmay continueto dominate the cutting edge of the market in this country but the private-sector will soon acquire and use a significant number of cryptographic devices c The Declining Cost of Cryptography Cryptography has two major subsets cryptography and cryptanalysis Cryptography is the useof a coding scheme and cryptanalysis is the process of breaking the code The cost of each of these is being powerfully affected by the semiconductor revolution The hardware cos t of implementing powerful cryptographic systems suchas the DES is falling rapidly because semiconductor complexity is rising while the unit costs are falling On the other hand exhaustive search is a geometric function of the complexity of the cryptographic algorithm hence the increasing complexity ofcryptographic systems has a geometrically increasing impact on the cost and even feasibility of cryptanalysis Our interview subjects all agreed that even the DES if properly implementedto multiple�encrypt would become unbreakable by any technique or set of hardware available in the unclassified sector today Over the next decade an impressive degree ofpotential cost decline is highly probable for cryptographic sy�tems implemented by direct integration into the electronic systems they are to serve To build an encryption system such as one that uses the DES requires about 5 000 active devices Diffie 1978 In 1975 5 000 devices were about In 1980 there are more than the maximum that could be put on one chip 15 60 000 active devices on individual chips available commercially According to SRI semiconductor industry experts by 1985 the device count will reach 600 000 and by 1990 the count willexceed 2 000 000 Today the DES is typically sold in an add-ondevice at a retail price of $1 500 to $3 000 installed Integrated into a system as part of the original equipment cryptographic algorithms such as the DES would become muchless costly The potential cost per unit of the next generation of algorithm after the DES however may be virtually zero If this generation algorithm can also be implemented using about 5 000 active devices it will occupy as little as 0 25% of the surface area of the· most advanced chips in 1990 This means thatfor those chips which probably cost less than $200 the cost ofintegrating cryptography will be less than $ 50 per unit in large volumes assuming the cost of integrating cryptography into the total chip logic is proportional does not makeit significantly more expensive and Moreover because the cryptographic algorithm will be physically in the same chip as the rest of the computer data for such adevice might enter andleave in encrypted form andbe in plaintext form only within the chip itself While a rapid decline in costs of semiconductors can reduce the cost of a cryptographic algorithm implemented in hardware to virtually zero it can also change key management costs Key management is the task of maintaining the s�curity of the encrypting and decrypting key and securing transmission of new keys between the encoder and decoder Semico nductor technology coupled with major advances in mathematics and computer science has led to development two of key cryptographic systems that allow the encod r to publicly broadcast his encryption key � without revealing his decryption key Called public key code PKC this technology allows the process of key management to be fully automated the economic and psychologicalcosts of key management may therefore also be reduced Certainly within a decade powerful integrated cryptograhic systems using automatic key management could be producedmass in quantities for 16 A a marginal cost per unit of no more than a few-dollars The application of such devices in the telephone system cable or fiber-optic systems and even subscription broadcasting systems could create hundreds of newinformation service industries--for example a records management industry that maintains personal records such as medical histories safely anri securely while relieving physicians of the cost and complexity of office file maintenance The records would always be encrypted before they left the doctor's office sothat even the records managerswould not have access to the plaintext D Tbe Dependence of Cryptography on Other Sciences PKC offers one exampleof the connection between cryptography and· basic sciences In this_ case the discovery and exploration of-trap-door mathematical functions provided an ideal starting point to �evelop a two-key asymetrical code Because cryptography is a field that particular set of practical problems it other sciences applies manyconcepts to a draws on a wide variety of Key branches of science in addition to mathematics that are used by cryptographers include computer science statistics • and human factors The individuals in these fields along with the colleagues they call on for review can recognize when a new concept has cryptographic implications It is also possible to identify the common concerns shared by cryptographers and scientists in these other fields These common grounds range from finding shortcuts in complex computations to finding human factors that affect the interface between human users and computers In particular cryptographers and mathematiciansshare a common interest in developing general proofs as to the type anddegree of complexity of a given mathematical problem In the future we can expect even greater dependencecryptography of on other sciences that are highly critical to many sectors of our society Two areas of dependence are likely 17 First is pattern recognition technology that would coincidentally allow people to use some personalcharacteristic cryptographic key such as the face a s their unique Second is computer-aided design which will allow designers to further reduce the cost of building system integrity directly into electronic systems 18 IV PREREQUISITES FOR ANALYSIS OF FEDERAL CRYPTOGRAPHY POLICIES There are three major factors that interact to constitute a policy impact the nature of the impact the value of the impact as seen from someperspective� and the framework thatputs the impact in the context of the other events and values in thesociety The approachused in this report for each of these is described below A The Nature of Impacts from Alternative Federal Cryptography Policies The range ofimpacts of policies aimed at maintainingor altering the rate and direction of cryptographic research or product development is quite broad Cryptography and the policy leversnecessary to control it have increasingly broad and deep connections toa large number of services and products that affect civilian life Business Week 1981 Table 3 lists 12 impact categories that are affected by changesin the rate and direction of nonmilitary cryptography research and development or by changes in federal cryptography policy Under each category are selected specific impact dimensions national security impact categories have be�n deliberately excluded The purpose of this table is to show how broadly varied were the impact areas mentioned by our interviewees Impacts of a policy fall iµto three basic types The first is direct intended impacts for example the direct' success or failure of a policy designed to prevent criminal use of cryptography For example the U K requires that the key be registered with the government before any encryption is done over the nationaltelephone network The second 19 TABLE 3 IMPACT AREAS CRYPTOGRAPHY OF POLICIES EXCLUDING NATIONAL SECURITY 1 DOMESTIC PRIVACY 2 DOMESTIC SECURITY I GOVERNMENTI TRADE INTERFERENCE SECRETS 3 5 6 DoMESTI c SocAL I RATE �IRECTrONDOMESTIC GENERAL ECONOMIC WELFARE OF ACADEMIC R D CRYPTOGRAPHY RESEARCH IN ON CRYPTOGRAPHY INDUSTRY THE U S I PRODUCTIVITY I QUALITY OF I INSTITUTIONAL I FRAUD INTERFERENCE PREVENTION LIFE I NUMBER OF I SALES RESEARCHERS I RESEARCH TOPICS I ACADEMIC FREEDOM I EXPORTS I DEVELOPMENT IN RELATED SCIENCES IMPORTS I CRIMINAL I TRANSACTION I EXTENT AND BALANCE I INNOVATIONBETWEEN INVOLVEMENT I SOCIAL NETWORK I TYPES OF INTERFERENCE CONTROL RESEARCH I RATE OF NEW OF DoD AND OTHER I DISRUPTIONS STRUCTURE INSTITUTIONS COMMERCIAL GOVERNMENT AGENCIES OF CONTROL PRODUCT SYSTEMS I QUALITY AND DEVELOPMENT AVAILABILITY OF TYPES OF CRYPTOG tAPt-1 re PROTECTTONS z 12 8 lQ 9 ll TI fOREIGN lEVEL OF GENERALUOMESTIC GOVERNDOMESTIC IN- COMPETITION l NTERNAONAL USERS PUBLIC DEBATE MENT FUNCTIONSDIRECT IMPACTS FROM NON-U S NONMILITARY OVER CRYPTO SUPPLIERS STANDARDS • FREQUENCY OF GENERAL PUBLICATIONS • TONE OF GEN- I QUALITY OF SOCIAL SERVICES • Pou CE ROLE ERAL PUBLICATIONSI POLITICAL PARTICIPATION I MARKET • HUMAN I FIRST AND SIZE I SECURITY FIFTH SHARE RIGHTS SYSTEMS AMENDMENT NETWORK RIGHTS TRANSMIS- I TOTALITARIAN SION MEDIA POWERS I TRUSTIALIENATION I RATE OF NEW I ATTITUDES I TRANSBORDER PRODUCT DEVEDATA FLOW CONTENT LOPMENT I ACCESS TO MARKET 20 TOWARD U S INFORMATION IMPERIALIST 4 � is direct unintended impacts for example the effect of a policy designed to prevent crim_ inal use of crytography on the ease of legitimate use Finally there are indirect effects of second-order effects of its direct effects the policy or for example the impact on the frequency andtype of invasion of the privacy of honest citizens because a policy to prevent criminaluse of cryptography has also made it much more difficult or costly to use cryptography legitimately Hence the path linking cryptography policies to impacts in these 12 impact areasis direct in some cases and indirect in others Were the government _to institute a process ofmandatory prepublication review of all cryptography-related research papers examples of the three types of impacts would be - Direct intended Potentially some improved opportunity for DoD to stayfully informed and current on academic cryptography research progress - Direct unintended Decline in graduate student interest in cryptography there byreducing the pool of qualifieq talent for recruiting by military and nonmilitary employers - Indirect Slower improvement innonmilitary electronic system security for want of qualified personnel B Perspectives on the Value of Policy Impacts Possibly never in our history has the U S citizenry been more polarized than today on manyvalue issues There are competinginterest groups with contrasting pe rspectives on energy the environment gun control welfare integration and manymore issues The same impact by a policy in one of these areas maybe considered a benefit by one and a cost by another This conflict of values also pertains to national security and to the place of national security relative to other prio�ities Hence it is national goals and not enough to characterize only the nature of the impacts from alternative cryptography policies to evaluate themfrom several value perspectives 21 it is also necessary Table 4 summarizes A Table 4 TWO VALUE PERSPECTIVES ON CRYPTOGRAPHY POLICY EFFECTS Perspective A Perspective B Some national security requirements narrowly defined take priority over constitutional rights Preservation of full constitutional rights is the only justification for national security actions National security depends first and foremost on a strong military diplomatic position National security depends first and foremoston a strong domestic economy and effective international exchange Nonmilitary electronic system security research and development should be controlled by DoD Nonmilitary electronic system security research and development should be independent of DoD and subject to international peer review • 22 two opposing value systems that our interviewees agree defines the spectrum Certainly there are more than two but for the purpose of this analysis two are sufficient to present the argument for the role of values in selecting alternative cryptography policies C An Analysis Framework In light of the complexity of the impact categories and the reality of conflicting value perspectives on the impactsof nonmilitary cryptography we developed a specific frameworkfor analyzing alternative federal cryptography policies elaboration of the origin of this framework major components First See appendix I for an The framework has two it recognizes that cryptography as a concept and a technology cannotbe separated from other safeguards for electronic communication and information system security Policies aimed at cryptography will have immediate and direct effects on the entire domain of communication and information security Second�it a of values assumesthat the policymaking process can generate synthesis that incorporates and meets themajor concerns of thedifferent perspectives We do not predict what this perspective would be but expect some of its characteristics to be - Reconciliation of the current national security concerns with concern over growingnonmilitary vulnerability and newly emerging forms ofnational vulnerability - Recognition of the growing importance of very high electronic system integrity for international competitiveness in information service and systems industries 23 V POLICY IMPACTS A Objectives for Cryptography Policy The objective of present federal cryptography policy is not to alter the rate or direction of U S itself cryptography development in and of and it is not adequateto say that the objective of policy should be to increase or decrease the rate or determine the direction of nonmilitary cryptographic technology innovation objectives in this area are more subtle Choices of policy Options we found among our interviewees included emphasis on enhancement of - National security - Nonmilitary security especially in communication and information systems - Individual quality of life in such categories as personal privacy and assurance of confidentiality - New techniques to manage information inthe emerging information economy - U S international competitiveness in service and information industries as well as in the computer and telecommunications hardware industries - Academic freedom and open communication in basic research The following discussion is divided into two major topics to respond to the two project objectives The first discusses the impacts of altering the rate or direction of cryptography research and development The seconddiscusses the impacts of alternative policies federal to regulate cryptography research anddevelopment The second also is divided into two parts a discussion of the impact of current policies and a discussion of selected alternative contains a list of policies Appendix H likely impacts which were suggested in thecourse of our interviews 25 1 Impacts of Altering the Rate or Direction of Cryptographic Research Later sections will discuss might be expected to have that all policies the impacts that specific policies Here we present and evaluate the impacts successful in altering the rate or direction of cryptography R D might be expected to have in common With the exception of the national security objective each of the policy objectives officials are discussed below impacts on We acknowledge that of NSA havegone on record saying that some types of uncontrolled cryptographic research and product development may have negative impacts on national security On the other hand many of our interviewees who volunteered comments on the nationalsecurity issue suggested that there may bea rapidly increasing national security benefit to strong independent private-sector capability to safeguard the new wealth of the post industrial era Significant were cited ranging from inadequate security against areas of electronic international funds transfer news services national dangers sabotage in the to unsecured national and and major public utilities such as power and transportation Concerning the other objectives extent that federal cryptography it 2 it was generally agreed that to the policy retarded the development of nonmilitary would also retard U S progress toward these goals Impacts on Nonmilitary Security Our interviewees suggested that at this point in may offer little additional security in applications time cryptography many theoretically useful This is the case because there are typically easier today to abuse systems against which cryptography would offer little protection such as bribing an insider rather t han tapping a communication line tighter in However to the extent that security various systems those links encryption may becomethe weak links 26 becomes that can be protected by Moreover the terrorist and ways criminal elements of our society have notyet had much time to develop their computer skills and learn how to attackinformation systems As all of society becomesmore computer literate we can expect that these groups will also becomecomputer literate Therefore more imagination and skill will be invested to attack and commit crimes againstour information and computer systems It is not possible in advance to specifically measure the size of this risk or how much it maybe increased or decreased byincreasing or decreasing the availability of nonmilitary cryptography to risk analysis is presented in appendix F However many examplesof the potential danger can be given It is conceivable a small terrorist An approach for example that organization could coordinate a an attack on key international oil installations with b deliberate manipulation of unsecured international news services and possibly even with c some I manipulation of international financial transactions to set off a major financial panic panic In fact any one of these eventsmight set off such a It was not within the resources of this project to determine how severe such a paniccould become Manyof our interviewees thought one or more of theseforms of attack are entirely possible and that the vulnerabilities grow daily Several individuals suggested that it is not only terrorists who might attempt todemoralize our economy through such an attack but also certain foreign powers or extremist groups 3 Impacts on Individual Quality of Life The principal impacts of changes in the type and availability of cryptography on the quality of life according to our interviewees were in the domain ofprivacy and confidentiality on one hand and in the area of potential new products services and employment possibilities on the other Again there was no agreement on the economic social or national security value of enhanced or decreased· personal privacy or on the value of the ability of government or privateinstitutions to assure confidentiality of records or communication Someexampleswere suggested of the costs of the present system's weaknesses ranging from threat of blackmail to inflated professional insurance costs to protect 27 against breaches of confidentiality One interviewee proposed that cryptography concepts available today might easily allow professionals to turn over the task of maintaining confidentiality of client records to a sort of Brinks electronic security service integrated with a full line of electronic data processing services Finally one interviewee suggested that international diffusion of an inexpensive powerful technology that guaranteed personal privacy and confidentiality in message exchanges clearly had a potential to improve the human rights struggle of manypeople It was generally agreed that many useful potential applications could be developed if nonmilitary cryptography werepermitted and possibly even encouraged todevelop in the world marketplace No agreementwas reachedon the size of the benefit from these applications in the United States or in other nations 4 Impacts on U S International Competitiveness Our respondees generally agreed that international sales of w any information services such as banking and some computer and telecommunications hardware depend on thequality of the underlying system integrity They also agreed that assecurity increases as an issue in system integrity the cost and easeof cryptography use will be a characteristic to which the international market is sensitive We found some sensitivity in our foreign interviews to the lack of independence of American cryptography technology fromgovernment--and specifically NSA--influence Some interviewees believe that only security systems developed under open procedures without direct NSA involvement would sell effectively internationally involvement might make little or no difference 28 others said such • 5 Impacts on NewInformation Management Techniques The impact of the ratearid direction of nonmilitary cryptography research and development'on new information management techniques is highly speculative because the value of innovations in this area is very difficult to anticipate First Two examples demonstrate the potential in the area of pay or subscription broadcasting encryption may makeit possible to significantly enhance the variety and even the quality of education information and entertainment available in the home The value of an orderlymarket that allows direct electronic purchases of specific information products from the home or office may have the same potential order ofmagnitude effect on society as did the • invention of the printing press Already relatively crude forms· of encryption are being used to permit pay television broadcasters to control access to their signals On the other hand piracy and other forms of property rights abuse are becoming serious threats to the entertainment business Today many millions possibly billions of dollars in sales much of it from overseas are lost in this field Cryptography may offer some solutions to help cut these loss·es A second example of how cryptography may offer a major invention to help expand productivity in the information economy lies in digital signatures This is the application of cryptography to develop forgery-proof electronic documents and signatures Such a technique might make it both possible and desirable to recognize electronically transmitted signatures as legally binding This in turn could have major implications for improving efficiency in contract administration or increasing the range of flexibility in electronic or catalog sales It could even be a contributing technology to permitmore decentralization of work and increase thekinds of work that could be performed in the home Until the imagination of the commercial sector has had time to assess what cryptography can be used to do it is not possible to estimate specifically how important nonmilitary cryptography may be as a 29 source of or element in new information management products or services however the importance is potentially verylarge B Summary of the Impacts of Altering Crypto graphy R and D Overall it is our judgment based on our interviews and other research that retarding the rate of nonmilitary cryptography development or limiting its independence would impose important restrictions on the areas of nonmilitary security assurance of confidentiality U S personal privacy and international coompetitiveness and innovation in new information techniques We also suspect that there may beimportant national security costs in retarding nonmiliary cryptography To someextent accelerating the rate of development of independent nonmilitary cryptography would have the opposite effects Beyond saying that they are potentially quite large it was not possible to estimate accurately the overall importance of these effects for three reasons First there is little or no agreement on the precise size of each impact--for example how much sabotage of international EFT might be prevented by cryptography or how great might be the damage if it were not prevented Second there is no agreement on the value of manyof the impacts even if their exact size could be specified Finally For example there is no agreement on the value of privacy the only useful standard for comparing importance of impacts is the simultaneous gains or losses in all the areas of impact including national security particularly because only in that context can adjustments be identified that would give maximum benefit and minimize costs across all contrasting perspectives Within these limitations we concluded that the federal cryptography policies to be preferred have thefollowing characteristics 1 They permit the national security community to staymost currently informed of progress in nonmilitary cryptography 30 • 2 They permit and encourage independent nonmilitary competence incryptographic research and product development 3 They provide the type and degree of government support necessary to encourage amore rapid rate of technological change in system integrity development thanwould occur with private-sector support alone 4 They permit continued recognition that leading-edge cryptography technology like sophisticated microprocessors has a military strategic value and should be exported only under appropriate license constraints 5 They discourage controls on the export of technicaldata to the extent that controls would impede privatesector research and development innovation and domestic trade I• We again point out that these criteria were chosen without access to any classified information There maybe specific national security threats that we did notencounter in our interviews that would alter these priorities It is within this limited context that we assessed specific policy alternatives to regulate cryptography 31 VI IMPACTSOF ALTERNATIVE POLICY OPTIONS A Choices for the Future One clear result of present trends is that we are being drawn to a basic choice concerning cryptography in which we have three options As a nation we can 1 Muddle through with no specific policy changes This will satisfy neither the current national security concerns nor the civilian needs 2 Consolidate the federal support for electronic system integrity development including cryptography under one agency and assign that mission to DoD because of its · necessary interest in military and diplomatic cryptography 3 Recognize that there is a new and growing civilian demand for system integrity including cryptography and·create a civilian mission distinct from that assigned to DoD for facilitation of development of civilian system integrity B Probable Results of the Present Policy Course The future of nonmilitary cryptography in the international context is being shaped by these forces 1 The growing use and dependence on electronic communication and information systems 2 The near technological parity and extreme competition in electronic products and services amoung Western Europe Japari and the United States 3 The rapidly declining cost and increased functional ease of use of cryptography in electronic systems 4 Several interviewees felt strongly that there is an increasing interdependence between the integrity of civilian communication and information systems and national security that may lead many nations to make much 33 greater use of powerful civilian cryptography An evaluation of this topic is outside the scope of this project In addition to these international forces the trends in cryptography in the United States are also being shaped by 1 A general atmosphere of government discouragement of private- sector interest or effort to develop independent competen ce in electronic system integrity including appropriate use of cryptography 2 Sporadic and uncoordinated federal regulations concerning the amount and type of security and due care that must be exercised in fields of electronic communication and data processing ranging from securities exchange to maintenance of personal records For more detail on the status of present national cryptography policy see Appendix D Hence the present policy course will likely have these results 1 Contention between civilian and current national security demandsfor cryptography will grow There may also bea growing issue within DoD concerning the size of the national security threat from increasingly nonsecure civilian electronic communication and information systems 2 Losses disruptions and costs of foregone opportunities to create new information services products and efficiencies in civilian electronic systems will increase 3 From the perspective of overall social benefit outside current national security definitions there will be underinvestment in basic research into systems security and electronic information property rights management as measured against total social return from such research This will be especially true prior to the development of national standards for the integrity of networks such as the Fedwire or for legal standards of due care in the protection of privacy rights and data in electronic communication andinformation systems · 4 Loss of some technological and service industry leadership to foreign competitors if the security of begin to match or their civilian electronic systems exceed that of the U S 34 5 Some disruption of the rate and direction other sciences and technologies as researchers are discouragedfrom exploring cryptography related concepts andas industry is not encouraged to develop its own independent capability to provide system integrity c The Impact of One Centralized Federal Cryptography Mission Extension of the current status of DoD as the centralizedlocation of federal involvement in electronic system integrity developmentmay have advantagesfrom the current narrowly defined national security perspective However most of our interviewees did not think such a change would benefit the nonmilitary sector nearly as much would as recognition of distinct reasons First military and nonmilitary interests for two centralization in DoD would tend to lead to more frequent classification of new ideas and hence would hold back new technology Secondly it would also tend to discourage the private-sector from developing the capability to diagnose andeliminate its own security vulnerabilities at the same time it would leave the suspicion that DoD-approved products must be limited of value This approach would lead to less use of cryptography in the nonmilitary sector than would otherwise result or to the use of cryptography in forms that are not optimized to commercial and civilian applications D Alternative Policy Options and Impacts There are five primary focal points for federal actions to alter the rate and the direction of cry�tography - Research Product development - Domestic distribution and use Foreign distribution and use - Publicity concerning cryptography research or products With these focal points in mind a wide variety of types of policy options that could theoretically be applied were uncovered in thecourse of this project Appendix G contains this list 35 From this Table 5 LEVERS OR F' FEDERAL CRYPTOGRAPHY POLICY Target Area Research Product Development Domestic Distribution and Use Levers 1 Direct federal funding of research o The amount of funding o The channels offunding o The type ofresearch organization funded o The security classification associated with funding o Prepublication review requirements 2 Risks and incentives for private sector research o Patent and copyright restrictions o Availability of highly skilled labor scholarships and research money o Size and type of ultimate market o Cost of research 1 Cost of newproduct development o Licensing and testing requirements 2 Firm's ability to protect and recover its investment o Invention secrecy especially administered with high uncertainty o Limitations on the applicability or use of the product 1 Domestic standards o Algorithms DES o Protocols o Key manag�ment 2 Federal market for systems o Required characteristics of systems to bepurchased by federal agencies 36 Foreign Distribution and Use Domestic Publicity 3 Private market requirements o Characteristics that must be provided for assurance of civil rights rights to property etc o Characteristics that must be provided to meet standards of due care requirements 1 Export controls TAR Export administration controls o Hardware constraints o Technical data constraints - Blueprints design and algorithms - Academic papers - Scientific conferences - Technical expertise - Foreign nationals in U S research 2 International standards o Quality for international and foreign national businesses and services o Applications for cryptography systems 1 Secrecy requirements 2 Profile of 3 Communication between DoD and the civilian cryptography community 37 DoD's public commentary list a list of specific policy levers was synthesized for each of the five focal ·points for federal action Table 5 Based on conversationswith our interviewees and several synthesis sessions at SRI including a workshop on July 11 1980 we made a basic assessmentof the primary impacts of optionsfor possible policy levers see Appendix H From this assessment the sixbasic policy clusters discussed in the remainder of this section emerged in response to the five major concerns 1 An Alternative Policy Concerning Federal Cryptography Research Support Because demand for cryptography is so new and the nonmilitary technology is not yet well developed it appears desirable to continue federal support for such cryptography research for several reasons - A major demandfor cryptography is being and will be created by governmentregulation Nonmilitary cryptography research could help provide the knowledge to select -bette r and less costly regulations regarding security in civilian electronic systems Conversely it may produce less costly ways of meeting nonmilitary regulatory goals - Major benefits of nonmilitary cryptography are likely to be diffuse or hard for product developers to capture through the price mechanisms of the marketplace This situation is common in new high-technology products To the extent that many social benefits of improved system integrity are not well reflected in market prices federal support of R and D is necessary to produce a higher rate of technological innovation Therefore we believe that the newfederal policy on cryptography should provide INCREASED ENCOURAGEMENT FORUNCLASSIFIED OPEN SYSTEM INTEGRITY RESEARCH INCLU DING CRYPTOGRAPHY 38 A 2 An Alternative Policy Concerning Private-Sector Competence in Cryptography Because of the rapidly growing varietyin the vulnerabilities of nonmilitary electronic communication and information systems it is desirable to encourage the development of the private-sector competence to identify these vulnerabilities and take any prudent actions necessary to reduce them This approach is appropriate for several reasons - It eliminates the need for the government to provide all the leadership and resource supportfor a private-sector activity that promises to advance technology - It permits the private-sector to operate openly with international peer review and thereby competemore directly in world markets that dependon international confidence in electronic system integrity - It enables the national security community to maintain an arms-length relationship with nonmilitary security and to avoid becomingmore the center ofcontroversy over meeting this nonmilitary need - It would allow the nonmilitary market to developalong lines that best meet nonmilitary needswithout unnecessary biases from government prerequisites Therefore we believe that the new federalpolicy on cryptography should provide ENCOURAGEMENT OF INDEPENDENT PRIVATE-SECTORCOMPETENCE IN CRYPTOGRAPHY 3 An Alternative Policy Concerning Developmentof National Standards for the Use of Cryptography Because cryptography is becoming an important characteristic of electronic systems within domestic and international markets and because these systems have broad socialimplications and uses it is desirable for the federal government to continuea major participation in setting national and international cryptographic standards specific Several government responsibilities increase the appropriateness of government involvement in standard setting - The Federal government is amajor maintainer of records on individuals Th�fact that these records should often be kept confidential makes thefederal government a 39 ' potentially large buyer of cryptographic products and services When the is a major buyer of a new product government procurement specificationssometimes become de facto standards for those products - The federal government setsstandards in a number offields relying on electronic communication and information systems for example electronic funds transfer and air traffic control Hence it is appropriate for the government to participate in setting standards to better coordinate regulations in these areas with alternative standards Therefore we believe that the newfederal policy on cryptography should provide CONTINUING GOVERNMENT SUPPORTFOR DEVELOPMENT OF NATIONAL S TANDARDS FOR CRYPTOGRAPHIC EQUIPMENT ALGORITHMS ANDPROTOCOLS FOR THEIR PROPERADOPTION AND USE 4 An Alternative Policy Concerning Federal Restrictions on Export Of Cryptographic Products Because international and transnational nonmilitary applications of cryptography are likely to continue their rapid growth the international market for cryptographic hardware is likely to grow Also the integrity of international electronic systems is likely to become increasingly important tointernational trade in communication and financial services information It is therefore desirable to encourage U S suppliers to competevigorously in the international electronic integrity market for several reasons - Such competition will allow U S organizations to have a greater role in establishing international standards for electronic systems - Such competition will help eliminate a divergence in integrity maintenance strategies between U S nonmilitary organizations and their foreign competitors - Such competition will avoid leaving a market gap thatmight give a major Jdvantage toforeign trade competitors in such areas as - Computers office automation ·and robotic controls - Telecommunications - Communication and information services - Such competition will help avoid a situation in which the United States becomes a major dependent importer of foreign nonmilitary electronic system security technology 40 Therefore we believe that the new federal policy on cryptography should LIMIT ITAR EXPORT RESTRICTIONS CRYPTOGRAPHIC ON EQUIPMENT TO THOSE PRODUCTS THAT REPRESENT GENUINE LEADING-EDGE TECHNOLOGY AND ONLY WHEN THESE ARE SIGNIFICANTLY SUPERIORFOREIGN TO PRODUCTS 5 An Alternative Policy Concerning Federal Restrictions on Export of Cryptographic Technical Data Both for nonmilitary reasons and for stronger legal support of U S ITAR constraints on technical data export restrictions should be narrowed to apply to productspecifications or technical information that effectively communicate manufacturing knowhow Such constraints may be practical and enforceable because product specifications can clearly defined by legal precedent be more Other forms of technological exchange such as the exchange of academic papers should not be constrained for several reasons - There is no clear objective standard for determining when a piece of work on a topic is closely enoughrelated to cryptography to warrant constraint - Constraints may hamper thefree flow of ideas within the United States and henceslow domestic nonmilitary research progress - Constraints may be declared unconstitutional except where convincingly shownto represent a grave threat to national security Harmon undated Therefore we believe that the newfederal policy on cryptography should LIMIT ITAR CONTROLS ON CRYPTOGRAPHIC TECHNICAL DATA TO SPECIFICATIONS ASSOCIATED WITH PRODUCTS OR EQUIPMENT CATEGORIZED AS LEADING-EDGE TECHNOLOGY AND ONLY'WHEN THESE WOULD EFFECTIVELY TRANSFER MANUFACTUR KNOW-HOW SUPERIOR TO AVAILABLE FOREIGN TECHNOLOGY 41 6 A nAlternative P olicy Concerning I nvention Secrecy Constraints on Cryptographic P roducts I nvention secrecy orders for cryptographic technologies should continue in the short run if neccessary for national security for those inventions that directly gravely but only threaten existing military or diplomatic communication security The appeals process for inventors should be improved not only to better provide due process for the - inventor but also to assist the inventor in modifying his patent application so that it need not be classified Such actions are desirable because they will - Reduce the uncertainty and risk of private-sector investment in new electronic system integrity research and thereby reduce the public cost and increase at least the nonmilitary public benefit of such private research - Reduce the incentives for U S multinational organizations to move their system integrity research operations overseas - Reduce the differential incentive in the U S patent system to protect foreign invention property rights while potentially limiting the property rights of U S invento_rs of similiar products A foreign patent will be granted even thougha secrecy order would have been issued for an identical U S patent application Therefore we believe that the newfederal policy on cryptography should be to SELDOM IF EVER APPLY INVENTIONS THE SECRECY ACT TO A • CRYPTOGRAPHY AND LIMIT APPLICATION TO CASES IN WHICH THE GOVERNMENT HAS DEMONSTRATED THAT CLEARLY THE NATIONAL SECURITY THREAT OF DISCLOSURE EXCEEDS THE POTENTIAL SOCIAL ECONOMIC AND TECHNICAL BENEFITS I n summary we believe that in contrast with current policy the new federal policy on cryptography should be tempered by - EXPLICIT PROCEDURES TO BALANCETHE PROPOSED NATIONAL SECURITY BENEFITS OF RESTRAINTS AGAINST SOCIAL THE ECONOMIC AND TECHNOLOGICAL COSTS - AWARENESS OF FOREIGN SCIENTIFIC AND PRODUCT DEVELOPMENT OF CRYPTOGRAPHY FOR THE NONMILITARY SECTOR 42 E Some Open Questions Several questions important for establishing cryptography policy were left open in this inquiry because of either limitations of scope or lack of reliable unclassified expert information sources These questions include 1 What is the national security value of increased nonmilitary use of cryptography to eliminate vulnerabilities in civilian systems 2 How secure must a system be to be adequately secure This question seems to come down to the dangers and costs associated with making the transition from an older obsolete system to a newer one If the costs and security threats of such transitions are very high they should be minimized byusing the best current technology and practice in each new installation or application Diffie 1981 3 What is the quality of foreign nonmilitary cryptography in terms of civilian market requirements Because the cryptography markets are sonew their requirements are not yet well defined nor are there international or even national commercial standards to measure performance Conversely there is no independent neutral authority analogous to Underwriters' Laboratories to provide an assessment of cryptographic products 4 In the absence of this authority is there a need for the government to provide assistance or is it as some interviewees asserted that even current government assis tance is retarding private sector development of needed capabilities 5 How rapidly will foreign suppliers fill the gap if the United States constrains its own cryptography development The answer to this question depends on two factors the current level of foreign nonmilitary cryptography developmentcapability and the size of the incentive foreign suppliers perceive to fill the gap In the opinion of our interviewees the level of foreign capability to develop new cryptography technology is significantly behind that of the United States but is closing fast particularly because of the foreign students studying computer science and �thematics in this country We gained little insight into how foreign companiesview the incentives of the cryptographymarket except _that in Europein particular civilian cryptography i a well established small market that has begun growing Moreover both the French and the Japanese havemajor national commitments to develophet_ 43 technology necessary to be leaders in telecommunication and information processing industries including the development of any necessary electronic system security and information management technology A study conducted by NTIA CRC 1981 found 3 dozen vendors of cryptographic terminals worldwide ten are foreign and four of these are headquartered innon-NATO countries i e their sales would not be subject to multilateral member export restrictions The largest of these Crypto AG uses a proprietary algorithm all foreign suppliers use proprietary algorithms which claims to be superior to the DEC Crypto AG exportsto over ninety countries 6 How much independence from NSA in terms of technical competence and managerial confidence is necessary for U S suppliers to be credible and meet the needs of foreign domestic and transnational markets The answer to this question would require an in-depth analysis of the product marketing and purchasing strategies of both U S and foreign firms regarding electronic system security products 7 How quickly will the communication and information system links that can be protected by cryptographybecome the weakest links to major systems This question is important because thetransition point from one set of weakest links to another may mark the point of a sudden Our increase in demand for cryptographicprotection interviewees had no definitive answers Some suggested that it depends onthe timing of such breakthroughs as automated voice recognition • 44 VII CONCLUSIONS SRI reached three basic conclusions First broad and highly valuable applications for cryptography in the private-sector though very recent in origin are likely to grow rapidly over the next several decades Hence it is desirable to reconcile national security interests in signals intelligence and communication securitywith the reality of growing world wide civilian need and capacity to provide electronic system integrity This reconciliation could take the form of a new or expanded federal mission concerning computer and telecommunication system security within a conceptual framework of electronic systemintegrity The mission should be designed to bridge the gap betweencivilian and military ·concerns by encouraging the national security community to stay informed of the state of the art of civilian technology while preserving and encouraging civilian efforts Experts consulted in this study agreed that the national security community should be provided with the resources to stay ahead df andbuild on civilian progress With few exceptions our respondents also felt that to one degree or another the civilian sector interest in cryptography should be clearly and distinctly recognized and represented in federal policy and regulations Second the Federal mission and policy frameworkfor cryptography should be designed to foster private-sector competence in providing what · the marketplace determines is the necessary level ofelectronic systems security and property rights control However it· may be necessary in the short run for the Federal government toaugment market forces by defining legal requirements in such areas as required standards of care for assuring confidentiality in both governmentand private record- 45 keeping it may also be necessary to set national and international standards concerning the minimum security effectiveness that systems must have tobe used with various nonmilitary government files and personal records Third given this framework cryptography policies should be - Increased support for open unclassified systems integrity research including cryptography - Encouragement ofprivate-sector independent competence in cryptography - Continuing government supportfor development of national standards for cryptographic equipment andfor-its proper application and use - Limitation of TAR export restrictions on cryptographic equipment tothose products that represent genuine leading-edge t��hnology and only when these are superior to available foreign products This does not address political criteria for deciding on control of exports to selected foreign countries - Limitation of TAR controls on cryptographic technical data to specifications associated with products or equipment categorizedas leading-edge tecl1nology and only whenthese are superior to available foreign technology The scope of TAR should beclarified and narrowly interpreted Use of TAR to constrain scientific talks and technical publications should be avoided because of their detrimental side effects and because it may violateFirst or Fifth Amendment rights A mission to facilitate nonmilitary development andapplication of cryptography should include reviewing both the short-term andlong-term nonmilitary costs of proposed TAR applications - The Invention Secrecy Act should seldomif ever be applied to cryptography and should be limited to cases in which the government has demonstrated through timely due process that the national security threat of disclosure exceeds the potential social economic and technical benefits This process should contain balanced representation from the national security and the nonmilitary interests in cryptography The act should be applied through a procedure that provides prompt assistance to theinventor to revise the patent application in ways that will avoid the secrecy order In view of the rapidly expanding nonmilitary need for enhanced 46 electronic system integrity any U S government restriction on cryptography should be tempered by Explicit procedures to balance the proposed national security benefit against the social economic and technological costs of the restrictions Awareness of foreign scientific and product development 47 BIBLIOGRAPHY Adleman Leonard M and Ronald L Rivest The Use of Public Key Cryptography in Communication System Design IEEE November -1978 pp 20-23 Alexander Tom The Postal Service Would Like To Be the Electronic Mailman Too Fortune June 18 1979 pp 92-100 Americans Are Worried About Loss of Privacy San Francisco Chronicle May 3 1979 pp 30 Announcing the Data Encryption Standard Superintendent of Documents U s Government Printing Office Washington D C Associated Computer Industries Offers NBS Encryption Infoworld July 7 1980 Banking byComputer - It Moves a Step Closer s U News World Report March 7 1977 pp 81-82 Beardsley Charles w Is Your Computer Insecure IEEE Spectrum January 1972 pp 67-78 Bell Daniel Communications Technology--For Better or for Worse Harvard Business Review May-June 1979 pp 20-42 Berg John L Exploring Privacy and Data Security Costs - A Summary of a Workshop NBS Washington D C August 1975 Blumenthal Marcia Maintain Lead in Research or Lose Role as Leader Packard Tells U S • Lndustry Computerworld May 26 1980 page 21 Brandin David H Public Cryptography Study Group--Interim Report No 2 private communication to NSF committee members June 25 1980 Branstad Dennis Validation Tests for DES Devices January 29 1976 Brenner Steven N Business and Politics--An Update Harvard Business Review November-December 1979 pp 149-163 Brenner Steven N and Earl A Molander Is the Ethics of Business Changing HarvardBusiness Review January-February 1977 pp 57-71 48 w Scientist Urges New Laws To Curb Misuse of Browne Malcolm Computer Technology The New York Times November 17 1977 Bruno James N Electronic Mail It Gets There Fast Administrative September 1979 pp 28-70 Management Bruno James N Privacy An Issue for the Eighties Administrative Management August 1979 pp 33-36 The Business Stake in Soviet Snooping Business Week December 12 1977 pp 57-58 Campbell Duncan Whose Eyes on Secret Data New Scientist March 2 1978 pp 593-595 Canning Richard G Data Encryption Is It For You December 1978 Vol 16 No 12 pp 1-13 EDP Analyzer Carter Jimmy Proposal To Protect The Privacy of Individuals Office of The White House Press Secretary April 2 1979 CRC Systems Inc An Assessment of Technological Trends Affecting the Development of Cryptographic Markets--Working Paper #1 prepared for U S National Telecommunications and Information Administration February 15 1980 CRC Systems Inc An Assessment of the Market for Cryptographic Equipment--Working Paper #2 prepared for the U S National Telecommunications and Information Administration February 29 1980 Credit Cards Get A Lot Smarter Business Week February 23 1981 pp 107-111 Cryptically Yours The Economist UK February 1978 p 92 Cryptography Meeting Goes Smoothly Science November 1977 p 198 Darrow Joel W and James R Belilore The Growth of Data bank Sharing Harvard Business Review November-December pp 1978 180-190 Davis Ruth M The Data Encryption Standard in Perspective IEEE November 1978 pp 5-9 Department of Justice Testimony of H Miles Foy Senior Attorney--Advisor Office of Legal Counsel Before the Government Information and Individual Rights Subcommittee of the Committee on Government Operations House of Representatives February 28 1980 Washington D C 49 Diffie Whitfield Cryptographic Technology Fifteen Year Forecast BNR Inc prepared for CRC Systems under contract from the U S Department ofCommerce January 1981 Diffie Whitfield The Outlook for Computer Security Mini-Micro Systems October 1978 pp 42-44 Diffie Whitfield and Martin E Hellman Multiuser Cryptographic Techniques American Federation ofInformation Processing Societies National Computer Conference Proceedings 1976 pp 109-112 Diffie w and M E Hellman NewDirections in Cryptography IEEE Transactions on Information Theory Vol IT-22 No 6 November1976 pp 644-654 Discovery Rocks World of Math Computers San Francisco Chronicle November 15 1979 Eger John Transborder Data Flow Datamation November 1978 pp 50-54 Federal Reserve Bankof Minneapolis Electronic Funds Transfer--An Introduction Ninth District Quarterly July 1976 Freundel Mark Overseas Cryptographic Industry and Crypto AG memo to Chuck Wilk National TelecommunicationsInformation Administration June 16 1980 private communication Gardner Martin A New Kind of Cipher that Could Take Millions of Years to Break Scientific American pp 120-124 Girsho Allen Communications Privacy IEEE Grasping for Privacy The Washington Post April 7 1979 Harmon John M Constitutionality Under the First Amendment of ITAR Restrictions on Public Cryptography Dept of Justice Memorandum to Dr Frank Press Science Advisor to the President undated private communication Hellman Martin Cryptography in the Electronics Engineer Fall Winter 1978 pp 4-82 Age The Stanford Hellman Martin E An Overview ofPublic Key Cryptography IEEE November 1978 PP• 24-32 Hindin Harvey J New Security Planned for Data Electronics August 16 1979 50 • Hiltz Starr Roxanne and MurrayTuroff The Network Nation Human Addison-Wesley Publishing Company Communication Via Computer Reading MA 1978 Hoffman Lance J Modern Methods for Computer Security and Privacy Prentice-Hall Englewood Cliffs NJ 1977 Hoffman Lance J Security and Privacy in Computer Systems Melville Publishing Co Los Angeles CA 1973 Horan Thomas F Electronic Funds Transfer Systems Business Intelligence Program - SRI International Research Report 573 April 1976 House Government Information Subcommittee Hearings February 28 March20 and August21 1980 Inman B R The NSA Perspective on Telecommunications Protection in the Nongovernmental Sector Signal March 1979 Kahn David Cryptography Goes Public Foreign Affairs Fall 1979 pp 141-159 Kolata Gina Bari Cryptography A Secret Meeting at IDA Science April 14 1978 p 184 Kolata Gina Bari Cryptography On the Brink of a Revolution Science August 19 1977 pp 747-748 Kolata Gina Bari New Codes Coming Into Use--Their Unique Properties Make Them Ideal for Tamper-proof Security Systems Science May16 1980 pp 694-695 Kolata Gina Bari Solve One and You Could Solve Them All New Scientist April 3 1980 Lancaster Hal Desktop Deception--Rise of Minicomputer Ease of Running Them Facilitates New Frauds The Wall Street Journal October 5 1977 pp l 34 Lipton Stephen M and Steven M Matyas Making Digital The Signature Legal--and Safeguarded Data Communications Febi -uary 1978 pp 41-52 Little Arthur D _ Inc The Consequences of Electronic Funds Transfer A Technology Assessment of Movement Toward a Less Cash Less Check Society NSF Contract C844 June 1975 Martin James The Wired Society Prentice-Hall Englewood Cliffs NJ 1978 51 Marshall Eliot ''Math enter Protests Army Contract Terms Science June 6 1980 pp 1122-1123 Merkhofer Miley w Steven B Engle and Charles c Wood Decision Analysis Applied to a Technology Assessment of Public KeyCryptographic Systems 1980American Society for Engineering Education Conference Proceedings Merkle Ralph c Secure Communications Over Insecure Channels Communications of the ACM April 1978 pp 294-299 Meyer Carl H and Walter L Tuchman Putting Data Encryption to Work Mini-Micro Systems October 1978 pp 46-52 Morgan Barrie D and William E Smith Data Encryption The High Cost of Installing a $50 Chip Data Communications February 1977 pp 25-28 l • Morris Robert The Data Encryption Standard--Retrospective and Prospects IEEE November 1978 pp 11-14 Needham Roger M and •• Michael D Schroeder Using Encryption for Authentication in Large Networks of Computers Communications of the ACM December 1978 pp 993-999 The NewMoney--Promises andPitfalls of Electronic Funds Consumer Reports June 1978 pp 354-357 Transfer I- Nolan Richard L Managing the Crisis in Data Processing Harvard Business Review March-April 1979 pp 115-126 Orceyre M J and R M Heller An Approach to SecureVoice Communication Based on The Data Encryption Standard IEEE November 1978 pp 41-50 Pantages Angeline Is the World Building Data Barriers Datatnation December 1977 pp 90-91 98 103 Privacy and Security in Computer Systems Institute for Computer Sciences and Technology National Bureau of Standards February 1974 Privacy Protection--The President's Proposals Office Liaison The White House Press Office April 2 1_979 of Media Report of the Public Cryptography Study Group prepared for the American Council on Education February 7 1981 Rivest Ronald L A Method for Obtaining Digital Signatures and Public-Key Cryptosystems Memo for Scientific American April _1977 52 Rivest Ronald Adi Shamir andLen Adleman A Method for Obtaining Digital Signatures and Public-Key Cryptosystems Laboratory for Computer Science MIT Technical Memo 82 April 1977 Rose Sanford The UnexpectedFallout From Electronic Banking Fortune April 24 1978 pp 82-86 Sanders Sylvia Data Privacy What Washington Doesn t Want You To Know Reason January 1981 pp 24-37 Safirstein Peter How Do We Best Control the Flow of Electronic Information Across Sovereign Borders AFIPS 1979 National Computer Conference Proceedings Vol 48 pp 279-282 Schlick Blair C Privacy--the Next Big date on copy pp 71-76 Issue in EFT Banking no Shapley Deborah and Gina Bari Kolata Cryptology Scientists Puzzle Over Threats to Open Research Publication Science September 30 1977 pp 1345-1349 Shapley Deborah DOD Vacillates on Wisconsin Cryptography Work Science July 14 1978 p 141 The Spreading Danger of Computer Crime Business Week April 20 1981 pp 86-92 • Solomon Richard J The Encryption Controversy Mini-Micro Systems February 1978 pp 22-26 Starting to Protect Privacy New York Times April 10 1979 Steen Arthur Lynn Linear Programming Solid NewAlgorithm Science News October 6 1979 pp 234-236 Sturges Gerald D Summary Invention Secrecy Act of 1951 Appendix A to White Paper Analysis of National Policy Options for Cryptography U S Department ofCommerce NationalTelecommunications and Information Admenistration October 29 1980 Sugarman Robert On Foiling Computer Crime IEEE July 1979 pp 31-41 Sykes David J Protecting Data by Encryption� Datamation August 1976 pp 81-85 Tajelski Tom Data Encryption Standard Causes Senate Concern Security Management January 1979 pp 22-23 An Uncrackable Code Time_ July 3 1978 p 55 53 Appendix A CONTACTS l This contacts list is divided into two parts Part 1 lists those individuals interviewed concerning a wide range of cryptography issues to the degree theyfelt able to reply Part 2 lists those individuals interviewed on the more narrow topic of thefuture of nonmilitary cryptography and its applications Part 1 M M John Atalla President Atalla Technovations Sunnyvale CA John Boyle Vice President Finance San Francisco CA Art Bushkin Sr Policy analyst Crocker National Ba k NTIA Washington DC Herbert Chang Bank of America San Francisco CA David L Chaum Ph D candidate dissertation on cryptography University of California Berkeley CA Ronald Clark Cryptography user Interbank Research London England Howard Crumb New York City Federal Reserve Bank New York NY Kent Curtis Project Administrator Science Division Washington DC NSF Mathematics and Computer Donald Davies Cryptography researcher U K National Physical Laboratory Teddington Middlesex U K Whitfield Diffie Cryptography research scientist Bell Northern Labs of Canada Palo Alto CA Frank Fojtik VISA San Francisco CA Leslie Goldberg Computer security consultant London England A·-1 Robert Gorman Cryptography salesman Racal-Milgo London England Carl Hammer Senior Scientist Sperry UNIVAC Washington DC Noel M Herbst IBM White Plains NY Lance Hoffman Professor of Computer Science George Washington University Washington DC Seymour Jeffery NBS Computer Sciences Division Washington DC Steven Kent Research Fellow MIT-Lab for Computer Science Cambridge MA • Don Kraft NTIA Washington DC Stephen M Matyas IBM Kingston NY Max Meth Institutional Information Group London England Carl Meyer IBM White Plains NY Eric Michaelman SPI Data Systems Palo Alto CA Granger Morgan Professor Carnegie-Mellon University Pittsburgh PA Matthew Nimetz Undersecretary for Security Assistance Science Technology Group State Dept Washington DC John Oseas Manager of cryptographic productmarketing IBM Poughkeepsie NY John Pasta NSF Mathematicsand Computer Science Division Washington DC John Pemperton Cryptograghic product marketer Communication SecurityLtd London England Gerald Popek Professor of Computer Science UCLA Karl Rihaczek Ph D Hamburg Republic of Germany Eli Schutzman Project Administrator Washington DC Adi Shamir Professor Marvin Sirbu Jr Cambridge MA NSF Engineering Division MIT-Lab for Computer Science Cambridge MA Professor MIT-Center for Policy Alternatives Gerald Sturges Professional Staff Member House Subcommittee on GovernmentInformation and Individual Rights Washington DC M N Sugarhood Barclay's Bank London England ·- Eli Schutzman Project Administrator Washington DC NSF Engineering Division Bruce Walker Ph D candidate dissertation on cryptography Computer Science Department UCLA Steve Walker Information Scientist DoD ARPANET Washington DC George H Warfel Identification Technologies Financial Service Menlo Park CA Consultant Laura A Weatherly Manager Technical Support Services Interbank Card Assoc New York NY Terry N Westgate Mount Allison Univ Sackville Howard Zeidler VISA San Mateo CA 1� A-3 NewBrunswick Canada Part 2 Bob Abbott President EDP Audit Controls Oakland CA Len Adleman Professor of Computer Science UCLA George Batejan Chase Manhattan Bank New York NY Al Bayse Federal Bureau of investigation Washington DC Dennis Branstad Senior Scientist U S Dept of Justice NBS Washington DC Herbert Bright President Computation Planning Corporation Washington DC Peter Browne President Computer Resource Controls Washington DC - Robert Courtney Computer Security Consultant IBM White Plains NY George I Davida Associate Professor of Electrical Engineering and Computer Science University of Wisconsin Madison WI Richard Davis Mountain View CA Harry DeMaio Director of Data Security Programs BM Armark NY Phillip Farley Visiting Scholar Stanford Arms Control Research Project Stanford University Stanford CA Mark Freundel Research Manager CRC Systems Washington DC Blake Greenlee V P of Computer Security Citibank New York NY Herb Grosch Independent computer security consultant ' William Halpin Vice President Bankwire Marketing Payment and Tel Services New York NY Peter Hamilton Chubb Company London England Martin E Hellman Associate Professor Electrical Engineeriµg Stanford University Stanford CA Vico E Henriques President Computer and Business Equipment Manufacturers Association Washington DC Ed Jacks Director of Security General Motors Detroit MI Robert V Jacobson President International Security Technology G Patrick Johnson Washington DC Senior Policy Analyst National Science Foundation Leo H Jones Saber Laboratories San Francisco CA David Kahn Author Washington DC John Kennedy Scientists Institute for Public Information New York NY Steve Kent Ph D candidate consultant Massachusetts Institute of Technology Cambridge MA Thomas Maril President Computer Corporation ofAmerica Cambridge MA Jeffrey A Meldman Massachusetts Institute of Technology Cambridge MA Joshua Menkes Group Leader National Science Foundation Technology Assessment and Risk Analysis Washin�ton DC Arthur Miller Professor Harvard University Law School�Cambridge MA Donald G Miller Assistant Vice President in charge of EDP security The First National Bank of Chicago Chica�o IL Ron Rivest Professor of Computer Science MIT-Lab for Computer Science Cambridge MA Nicholas Schklair Product Manager R�cal-Milgo Miami FL Michael D Schroeder Xerox Palo Alto Research Center Palo Alto CA Henry D Taylor Jr Marketing Administrative Systems Manager Hewlett-Packard Palo Alto CA Sidney Weinstein Executive Director Association for Computing Machinery New York A-5 Appendix B CONFERENCE ON FEDERAL GOVER NMENT POLICIES FOR PRIVATE SECTOR CRYPTOGRAPHIC RESEARCH July 11 1980 Attendees Dennis Branstad National Bureau of Standards Washington DC Herb Bright Computation Planning 7840 Aberdeen Road Bethesda MD20014 Harry DeMaio IBM Corporation Old Orchard Road Armonk NY 10504 Phil Farley Arms Control Disarmament Project Stanford University Building 160 Stanford CA 94305 Blake Greenlee Computer Security Department Citibank 111 Wall Street New York NY 10005 · Marty Hellman Dept of Electrical £ngineering Durand Bldg Room 135 Stanford University Stanford CA 94305 Susan Nycum Chickering Gregory 3 Embarcadero Center San Francisco CA 94111 B 1 Gerald Popek Computer Science Department University of California Los Angeles CA 90024 Ronald Rivest Computer Science Department MIT-Lab for Computer Science 545 Tech Square Cambridge MA Nick Schklair Racal-Milgo 8600 N w 41st Street Miami FL 33166 Terry Westgate Mt Allison University Sackville New Brunswick Canada EOA 3CO SRI International participants and observers Donn Parker Victor Walling Charles Wood Peter Schwartz Thomas Mandel Thomas Thomas David Brandin David Elliot 41 From the National Telecommunications Information Administration Charles Wilk Fredrick Weingarten B-2 Appendix C SRI STAFF INTERVIEWED Milton Adams Manager of the Digital Development Group Craig Blackman Program Manager Telecommunications David Brandin Exec Director ' Computer Science and Technology Division George Byrne Senior Research Engineer Russell Dewey Management Systems Consultant Dave Elliott Exec Director SystemsResearch andAnalysis Division Bernard Elspas Staff Scientist Steve Engle Decision Analysis Intern Elaine Hatfield Research Engineer E M Kinderman Manager Nuclear Systems Termpool Kovattana Senior Research Engineer Thomas Mandel Senior Policy Analyst Lee Merkhofer Principal Investigator NSF CryptographyProject Peter Neumann Program Manager Norm Nielsen Program Manager Donald Nielson Director Telecommunications Sciences Center John Pickens Senior Research Engineer Dean Robinson Manager Computer Security Program Raphael Rom Senior Research Engineer Dennis Sachs Senior Policy Analyst Peter Schwartz Senior Policy Analyst Donn Seeley Senior Consultant Thomas Thomas Director Willard Tiffany Center For The Studyof Social Policy Senior Systems Analyst Douglas Webb Management Systems Consultant Harold Winslow Senior Legal Analyst James Young Senior Research Engineer C-2 Appendix D CURRENTPOLICY SITUATION Policy Element Status Quo--Major Points DoDfunding role Major part of all cryptography research is funded by DARPA This allows DoD to directly influence both the nature of this research and dissemination of the research results DoD also exercises review authority over NSF-funded contracts DoD NSA reviewof research results Nonexistent for projects that are not funded by DoD Informal control exercised on a contract-by-contract basis when DoD funds projects No mechanism to screen cryptography papers speeches for sensitivity is presently operational 'Meyer letter' demonstrated lack of objective measuresfor judging the national defense sensitivity of any particular research results Export Controls TAR regt lations and munitions control newsletters pr vide hazy guidance as to theexport status of cryptographic hardware firmware software and related technical documentation NSA participates in the decisions on exportability and assists manufacturers to alter their products so tha they are exportable Patent Secrecy Patent Secrecy Act NSA participates in decisions on the imposition of patent secrecy orders The basis for classification of a cryptographic invention as secret is not generally known of necessity Inventors are reportedly compensatedfor their idea Research Project Security Security is generally tighi for projects that are classified but rather lax for those that are not For unclassified projects there are no formal restraints on participation in meetings and conferences on the employment of D-1 foreign nationals or on travel and the like Standardization Regulations for civilian use Government basicallytakes the stance that the DES will encourage cryptography use by simpli fying interconnection of devices and systems by lowering the cost of encryption devices an� by being sufficiently strong at least for the short run There havebeen a number of negative reactions to the DES which for the most part claim that the 56-bit key provides inadequate protection Some claim that U S domestic andforeign demandfor DES devices has been unduly lowered by rumors that NSA can crackthe DES The DES currently specifies only an algorithm--not a means for integrating cryptography computer information communication systems The major advantage gained by the non-DoD sector in terms of standardization has been the elimination of the need for those considering implemen tation of cryptography to actually engage in cryptanalysis Nontechnical regulations for civilian use have mostly taken the form of general d�rectives such as Regulation E banking the Foreign Corrupt Practices Act and the Privacy Act of 1974 Because theDES is the only commercially available system they imply its use Management has the primary responsibility for the evaluation of internal controls and for the implementation of appropriate security measures GSA Procurement Policy 0MBdirectives imply if they do not explicitly dictate the use of DES equipment For instance the DES has been citedin Privacy Act implementation guidelines As the ratio of the dollar value of cryptography devices purchased by the nongovernment sector to the value of devices purchased by the government increases the impact of this policy is expected to diminish it is included because the government remains a major consumer of cryptography products Security Certification In conjunction with NSA NBS has developed a DES testing procedure that is currently being applied to cryptography devices The tes·t essentially says yes or no --the device correctly or incorrectly carries out the n z A • DES transformation of plaintext to ciphertext and vice versa Implementation certification for protocols and the like is expected to be available soon Other Agency non-DoD Funding Low dollar level projects are funded by DOE NSF and NBS Some of theseagencies deal with NSA in a formal way others do not Government Technical Assistance NSA providessomeassistance to private industry researchers working on crypto product R D This consists primarily of approval or disapproval of the results reached by the researchers NBS has issued several publications dealing with the DES andits implementation Education of Non-DoD Researchers A few periodicals such as CRYPTOLOGIA deal with cryptographic matters Several private road-show seminars are presented throughout the country A small number of universities offer cryptography or cryptanalysis courses Discussion at conferences and meetings proceeds typically without government intervention Research Alternatives to Cryptography A low funding level addresses computer communications security in general terms No projects that deal explicitly with alternatives to cryptography havecome to our attention • D-3 Appendix E APPLICABLE LEGISLATION AND REGULATION Arms Export Control Act 22 USC 2778 -- authorizes the President to compile a U S munitions list Atomic Energy Act of1954 42 USC 2161 43 FR 28950 Brooks Act of 1965 P L 89-306 --gave NBS responsibility to create standards which would govern the use ofcomputers for federal government This in conjunction with the Privacy Act of 1974 caused NBS to issue the DES Privacy Act of 1974--attempt to keepconfidential and secure all data on United States citizens which is in possession of the government Munitions Control Act of 1954 now Arms Export Control Act --to regulate the flow of weapons computers and other equipment to other countries Office of Management and Budget Circular A-71 -- specifies computer and privacy controls required within the federal civilian government Office of Managementand Budget Circular A-119 -- provides authority for federal government participation in selected voluntary technical standards development efforts International Traffic in Arms Regulations TAR 22 CFR 121-128--permits government to prevent export of crypto equipment and crypto technical information Means by which the State Department implements provisions·of the Arms Export Control Act Inventions Secrecy Act of 1951 --permits Commissioner of Patents and Trademarks to impose secrecy order on any invention submitted for patent when public disclosure could be detrimental to national security 35 USC 181 -- permits the imposition of secrecy· orders on patent applications when issuance ofa public patent would be detrimental to the national security Mutual Security Act of 1954 Section 414-22 USC 1934 E- -1 Foreign Corrupt Practices Act of 1976 -- asserts that management is required to keep adequate systems of transaction controls Foreign Intelligence Surveillance Act of NSA activities 42 USC 2274-77 18 use798 1978--places restrictions on 18 USC 952 Executive Order 12036 June 28 1978 43 FR 28949 as amended by Executive OrderNo 12148 July 20 1979 44 FR 43239 and by Executive Order12163 September 29 1979 44 FR 56673 reguarding national security act and classification National Security Act of 1947 and amending Executive Order 11905 dated 2-18-76 --discuss R D and use of cryptographic products J Executive Order 11905--Amends National Security Act of 1947 White House National Telecommunications Protection Policy Directive Feb 15 1979 --divides messages into three categories and specifies safeguards for each Export Control Act of 1949 -- Gave responsibility to the Department of Commerce to control export of technical data and products The act was renewed in 1951 1953 1956 1958 1960 1962 and 1965 Replaced by Export Administration Act of1969 Export Administration Act of 1969--legislation dealing with the export of computer networks and their associated building blocks Encryption devices are explicitly excluded by ITAR Export Administration Regulations implementthis legislation Amended in 1972 1974 1977 and superceded bythe Export Administration Act of 1979 Export Administration Act of 1979--Uses a critical technology approach to the control of exports J General Services Administration - Federal Property Management Regulation 101-35 -- directs Federal agencies to protect data in their possession E-2 Appendix F RISK ANALYSIS AND THE ROLE OF ENCRYPTION Risk analysis is a somewhat subjective procedure for identifying the most threatening vulnerabilities faced by a particular computer system This procedure involves • o Determination of the value to the organization of material data processing assets including information o Identification of threats to o Estimation of possible dollar losses threat o Estimation of the probability that each threat will occur within a certain time frame o Calculation of the expected dollar loss for each threat by multiplying dollars times probabilities o Ranking of the identified threats o Selection of cost-effective computer security controls that address the threat with the greatest expected dollar loss • o Working down thelist of threats selecting controls that provide the most security for the least cost until an acceptable risk level or firm budget constraint is reached these assets associated with each by expected dollar loss· Vulnerabilities of Computer Systems by Incidence of Loss SRI's Computer Security Program has for a decade collected information on reported cases of computer abuse The data base currently contains over 700 cases An analysis of this data base reveals that the following areas account for the stated percentages of the cases F-1 Rank Vulnerability Area 1 Frequency % 25 Physical access to facilities stealing of computer equipment 23 Handling of input data entering false amounts on input documents 15 Logical access to assets modifying confidential files stored in the computer 8 Business ethics simulating the activities of an insurance firm to perpetrate a fraud involving accounting data 8 Handling of output data stealing checks printed by a computer 7 Access to applications programs modification of programs which do payroll calculations 7 Handling of machine readable data replacement of one computer disk pack by another 3 Access to systems programs modification of login routines so that certain users are no longer able to access the computer system 2 Backup andrecovery purposely shutting off power to the computer to cause it to crash 1 Data communications wiretapping 2 3 4 5 6 7 8 9 10 -� • Examplesappear in parentheses Total does not equal 100% because of rounding Expected Losses Rankedby Threat for an Illustrative Computer System Listed below from most severe to least severe are the threats faced by one computer system It is important to note that the ranking and the terms used to classify threats will be likely to change fromcomputer system to computer system o Malfunctions and human errors o Fraud o Power and communications failures F-2 o Fire o Sabotage andriot o Other natural disasters o Other hazards such as wiretapping This list was extracted from Burch John G and Joseph L Sandinas Jr Computer Control and Audit A Total Systems Approach John Wiley and Sons 1979 Another Ranking of Threats Using a different classification scheme Bob Courtneyof IBM has come to the conclusion that the greatest expected dollar losses are to be incurred in these areas from most to least o Errors and ommissions o Dishonest employees o Fire o Disgruntled employees • o Water o Other threats These comments have been extracted from a talk that Mr Courtney gave at an IBM Data Security Seminar in November1980 Examples of Ways to Address These Vulnerabilities Listed below are only someof the computersecurity controls and countermeasures that could be used to address the vulnerability areas set forth above Physical access to Facilities Door locks gates guards Handling of input data Programmedchecks to verify that the data submitted to the computer are reasonable preventing batches of data from being used as input if the sum of each transaction doesn't sum to the batch control total Logical access to assets Passwords allowing only certain users to access sensitive files Business ethics Adoption of a code of ethics reporting of suspicious behavior Handling of output data Placing computer output in locked containers destruction of output after it has served its purpose Access to applications programs Establishment of a production set of programs towhich changes may not bemadeunless formal approval is obtained Handling of machine-readable data Establishment of a library procedure for the use of magnetic tapes Access to systems programs Passwords renaming potentially destructive programs placing systems programs in hardware instead of software Backup and recovery Keeping a current copy of critical programs stored at a remote site providing batteries to continue operation in the event that power is no longer available Data communications Routing of messages through private rather than public networks and encryption Vulnerability Areas That Encryption Can Now Address Although traditionally many believe that wiretapping is the only vulnerability that encryption addresses other vulnerabilities may also be handled by enc· ryption For instance o Losical access to resources may be restricted using encryption generated digital signatures as p�sswords perhaps preventing unauthotized persons or devices from using system resources o Access to application programs may be restricted again by using digital signatures but also by encrypting the programs o The secure handling of machine-readable data mayb� augmented if the data are encrypted o Access to systems programs like F-4 access to application programs may he in part restricted by digital encryption of che programs themselves o signatures and Data communications may be carried out more smoothly with the error detection facilities available with several encryption protocols And of course active and passive wiretapping may be defeated wh�n encryption is used Because encryption can address a wide range of threats it may be more cost-effective than other computer security controls that provide protection from only a small number of threats • New Threats Introduced By Use of Encryption Selection of a computer security control may involve the introduction of new threats Whenencryption is used these threats may be introduced o Loss of cryptographic keys - this may result in loss of data and backup and recovery problems if current keys or even cryptographic facilities are not provided by backup systems o Theft of cryptographic keys - the thief might be able to ransom the key because data in storage are inaccessible without a certain cyptographic key o Malfunction of cryptographic devices such that encryption or decryption is done using an algorithm or key other than the proper algorithm or key - this may result in lost data especially if a communication goes in one direction only o Failure of cryptographic devices - this does not necessarily result in lost data but may hamper operations and expose data to other threats such as wiretapping o Erroneous generation of keys - this situation does not affect the computer system security or operations unless the key generated is one of the very unusual weak keys o Failure to load new keys at proper times - this lessens system security and may disrupt operations if other parts of the system have loaded keys on schedule but otherwise has no noticeable effect o Cryptographic devices mayhave undocumentedcharacteristics e g the cryptographic key could be obtained as output if a stream of zeros was provided as input F-5 AppenQiX G PRELIMINARYLIST OF FEDERAL POLICY OPTIONS TO REGULATE ACADEMIC AND COMMERCIAL SECTOR ENCRYPTION RESEARCH ANDDEVELOPMENT Policies to directly regulate cryptographic R D Encouragement of licensing of individuals or organizations who engage in cryptographic research Security clearance for researchers Classification of research on encryption Encouragement oflicensing of individuals or organizations who engage in research directly related to encryption such as certain branches of mathematicsor computer science Tracking movement of identified cryptography experts Restrictions on patents and copyrights for results of encryption R D e g secrecy orders Restrictions results on or requirements for publication of encryption R D Monitoring and investigation of current research Limiting encryption research to federally secured locations Federal research funding Change research proposalapproval process Federal education and training of researchers and users Issue statements regarding permitted circumstances for crypto research Participation attendance and hosting of conferences Limiting or requiring the sharing of cryptographic R D information Provide investment tax credit or other financial incentives for cryptographic research · G-1 Federal hiring practices for people doing highly specialized work Restrict certain or all foreign nationals or cryptographic-related research from performing cryptographic Policies to regulate the use of the products of encryption R D andthereby alter the incentives for private-sector support of encryption R D Certification of products Regulation of the application of encryption such as British constraints on data flow of encrypted information through the telephone and telegraph system Encouragement oflicensing of individuals and organizations to install or use encryption or encryption equipment Federal standard setting and timing of both revisions and newstandards Continue or modify ITAR International Traffic in Arms Regulations Judicial precedents regarding court access tokeys encrypted data and also use of encryption methods 1st and 5th amendments Regulation of the types of algorithms or keysthat may be used e g allow use of Data Encryption Standard DES but restrict use of Public Key Codes PKC Regulation of the types of data that may or must be encrypted Policies to alter the need for encryption by end users and thereby reduce the incentives to support encryption R D Stiffer legal penalties for violation of nonencrypted data bases and telecommunication systems This might be effective protection only for relatively low-unit-value material such as average electronic mail or the Home Box Office type of subscription television Governmentprocurement to alter demand for various types of encryption technology Newpenalties for theft of cryptographic keys or other violations of key management systems Limits on the type of information and circumstance inwhich encryption may be used for data storage or telecommunications G-2 j Policies to alter the need for encryption in international business and commerce International agreements andtreaties to protect flows in ways that do not require encryption transborder data International agreements to standardize encryption procedures in computer data storage and telecommunications and thereby reduce reliance on advances in encryption to generate relative advantage in international trade G-3 Appendix H POLICY IMPACTS Three types of impact of each selected policy option are presented o The degree to which the policy could be expected to be feasible and effective in achieving its intended impact o The principal direct o Probable important indirect but unintended side effects effects Only selected major impacts have been identified The policies analyzed are presented here in five groups 1 Policies aimed at altering the rate or direction of nonmilitary cryptographic research directly by altering o The amount offunding o The channels of funding DoD versus other o The type of research organization funded o Th�prepublication review requirements o Patent or copyright restrictions o The availability of highly skilled labor o The size and type of the ultimate market o The cost of research and development activity 2 Policies aimed at altering the foreign of U S cryptography by altering o o o o distribution Export controls on hardware Export controls on technical data International standards concerning the technical quality of security in electronic systems International standards concerning application requirements for crypto in electronic systems H- -1 and use 3 Policies for altering the rate or direction of cryptograghic product development by altering o o o 4 nonmilitary Product licensing and testing requirements Invention secrecy requirements Specifications concerning the applicability or use of the product Policies for altering the level of domestic distribution and use of cryptography products by altering o o o 5 Domestic standards concerning electronic system integrity Required characteristics of systems to be purchased or used by federal civilian agencies Required characteristics to assure domestic provision of civil rights the right to privacy due care and others Policies for altering the amount of about cryptography by altering o o 1 Policies domestic publicity The government's media profile concerning cryptography The type and degree of communication between DoD andthe nonmilitary cryptography community for Altering Cryptographic Research Activity a Option 1 Reducing Increasing Nonmilitary Cryptographic Research Spending For Direct intended impact� o Will reduce increase the number of nonmilitary researchers overtly engaged in cryptographic research o May not alter the rate of new product development in the short run but will probably slow speed up domestic new product development in the long run Direct unintended impacts o Will increase reduce the dependence of the nonmilitary sector DoD for technical assistance to maintain systems integrity H-2 o Will reduce increase the pool of national expertise in cryptology on which DoDor the private sector could draw as needed Indirect impacts o Will cause both overt and covert shifts in research topics o Will shift the relative roles of research institutions large corporate versus public academic domestic versus U S overseas versus foreign o Will alter the knowledge basefor nonmilitary systems design and integrity design o May alter progress in related o May increase the public debate over cryptography at least in the short run A security sciences b Option 2 Channeling All Federal Cryptologic Research Support Through DoD Direct impacts o Increased centralization of all electronic systems security research in DoD o Increased focus of nonmilitary research on military as well as civilian characteristics o Reduced research for civilian needs Direct unintended impacts o Pullback from overt cryptographic research by some researchers and institutions Indirect impacts o Increased public attention on DoD as the source of system security c Option 3 Limiting the Types of Organizations Funded to do Nonmilitary Cryptographic Research Direct Impacts o Reduction in the number of researchers and amount of academic activity in cryptography o Increased separation of cryptography from other topics system integrity research in Direct unintended impacts o Reduction in the numberof types of approaches to designing nonmilitary systems using cryptography Indirect impacts o Increased reliance by world civilian system integrity research markets on foreign d Option 4 Instituting Voluntary Prepublication Review Process for Nonmilitary Cryptographic Research Direct impacts o May reduce or redirect some research on cryptography o Will help the defense community staymost current in nonmilitary state of the art o May lead to increased rate of classification of research results o May lead to restrictions on types of research funded o May cause some institutions to discourage cryptographic research projects or to reduce funding for them o May reduce incentive to publish Direct unintended impacts o Will continually resurrect the issue of academic freedom just as the Atomic Secrets Act now does o May alte the quality and scope of the basic knowledge base of nonmilitary system integrity product development Indirect impacts o May alter the balance of involvement by the defense establishment in other related areas of science o May create more incidents for public discussion o May promptchallenges of the process on constitutional e Option 5 Reducing Increasing the Availability Cryptography Labor grounds of Skilled Direct impacts o Increases reduces the ability of U S institutions to analyze and take protective actions concerning their security and asset protection requirements Direct unintended impa�ts o May reduce the quanity and quality of the overall labor pool for use by the military as well as nonmilitary sectors H-4 Indirect imp�cts o Reduced increased reliance of technical labor pools U S firms on foreign f Option 6 Limiting Expanding the Size and Types of Markets for Cryptographic Products e g Through GSA Specifications of Technical or Behavorial Standards Direct impacts o Reduc�d increased rate of cryptographic sales in the short run and application Direct unintended impacts o May move the U S cryptography market away from toward international market trends Indirect impacts o Will alter the type and degree of confidentiality and privacy available for both civilian government and private sector files and communication 2 Policies for Altering U S Cryptology Foreign Distribution and Use a Option 7 Reducing Increasing Export Cryptographic Hardware Limitations of on Direct Impacts o May increase reduce the effectiveness of future restraints by encouraging discouraging foreign nonmilitary cryptographic development o Will not alter the international spread of cryptography from other sources o May reduce increase acceptance of U S cryptographic standards internationally Direct unintended impacts o May reduce increase reliance on U S computer or telecommunication products o May reduce increase foreign reliance on U S information service industries Indirect impacts o May makethe process of defining solutions to transborder data flow problems much more complex especially if U S system integrity strategies diverge from those of other nations b Option 8 Restricting Freeing Trade in Cryptologic Technical Information Direct impacts o May slow speed up the rate of technological transfer into as well as out of the U S o May be ineffective in blocking transfer if the information is publicly available in the U S Direct unintended impacts o Will increase the tension between the military and academic sectors Indirect impacts o May alter international trade in other related information c Option 9 Reducing Increasing Government Involvement in the Establishment and Application of International Quality Standards for Cryptographic Hardware Direct impacts o Reduce increase the rate of growth in international trade information electronic services and data management Direct unintended impacts o Support or undermine private sector efforts to set international standards Indirect impacts o May alter the relative balance between government and voluntary organizations in the full range of electronic security and system integrity issues d Option 10 Decrease Increase Government Involvement in Establishment of International Standards Concerning the Duty and Care in Providing Security and Asset Protection Direct impacts o Will alter the rate at which standards of established o care are Will alter the balance between personal andstate rights in the standards established Direct unintended impacts o Will alter the world perception of the U S on human rights i�sues such as freespeech and privacy H-6 • Indirect impacts o Will alter the difficulty and likely result of resolutions to some transboarder data flow issues 3 Policies for Altering the Rate or Direction Cyptographic Product Development of Domestic a Option 11 Decreasing Increasing Licensing Requirement for Cryptographic Products and Testing Direct impacts o Decrease increase the cost of developing and marketing a new product o Decrease increase the minimummarket price of a new product Direct unintended impacts o Decrease increase the amount of bureaucracy and related cost necessary to operate secure private sector electronic systems Indirect impacts o Create additional government bureaucratic processes and costs to the b Option 12 Reducing or Increasing Use of Invention Secrecy for Cryptography Direct impacts o Reduces increases risks of undertaking commercial development of security technology o Will reduce increase reliance on trade secrets o May reduce increase reliance on foreign product development o May reduce increase the quality and type of nonmilitary cryptographic protection available in the U S Direct unintended impacts o Reduces increase s the opportunity and incentive for foreign suppliers to make faster nonmilitary progress in cryptography Indirect impacts o Will reduce increase the competitive incentives for foreign competitors worldwide and toward the U S market o May alter the strategies used by corporations to protect property rights in transborder data flows H-7 c Option 13 Reduce Increase Federal Specification of Applications and Uses of Specific Cryptography Such as DES Direct impacts o Will reduce increase the extent to which cryptography is used in the short run Direct unintended impacts o Will increase reduce the vulnerability communication andfile security of civilian Indirect impacts o Will alter the relative comparative advantage and attractiveness of U S markets to foreign suppliers 4 Policies for AlLer�ng Domestic Distribution and Use of Cryptography a Option 14 Altering Domestic Standards for System Security and Integrity Direct impacts o Increase decrease the ease of replacing technology with a new product e g GSA design standards would freeze in a tecl �ology while performance standards would permit continual innovation against a behavorial objective o May set defacto standards for some commercial applications e g telephony shared with civilian government Direct unintended impacts o Will increase decrease susp1c1on of NSA manipulation of civilian cryptographic system strength b Option 15 Alternative Federal Standards for Cryptography Procurement Commercial Versus GovermentSpecifications Direct impacts o Reuuce increase the similarities civilian markets between the commercial and Direct unintended impacts o Alter the -�at� at which foreign cryptographic is introduc�d into the U S markets equipment 5 Policies on Domestic Cryptologic Publicity a Option 16 Altering the Government Media Profile on the Topic of Cryptology Direct impacts o Lessen increase public attention to cryptography Direct unintended impacts o May raise attention to precisely what the national security communitywould like to keep quiet Indirect impacts o May set dangerousprecedent for news manipulation H-9 Appendix 1 A FRAMEWORK FOR ASSESSINGCRYPTOGRAPHY IN THE NONMILITARY SECTOR OF SOCIETY THE BROADER ISSUE OF COMPUTERCOMMUNICATION AND INTEGRITY Encryption represents only one safeguard for protecting data from errors and abuse and for facilitating electronic transaction control In fact for encryption to be effective requires signiricant safeguarding of keys and key administration Research in encryption must be considered in the broader context of making computer use communications and electronic transactions safer and more efficient Research in other computer and communicationssecurity including transaction controls is as sensitive in many respects as encryption For example research in provably secure computer research operating systems is progressing with demonstration of pilot models Identification verification of terminal operators is also a subject of research leading to a numb�rof Gecurity products IBM made available a new version of its Resource Access Control Function software package in Europe before selling it in the United Staes Several commercial access control products are available and research on more advanced products continues It is important that security against intentionally caused losses is strongly determined by the weakest link or greatest vulnerability in a system The vulnerabilities that encryption is designed to protect against are it is generally agreed not necessarily the weakest links That is there are usually easier and safer ways for an intruder to accomplish his goals He may find that stealing a computer output report from an office or compromising a computer program is a more attractive way to obtain data than tapping a phone line for example The options to affect the research and development of encryption are also applicable by extension to all computer andcommunications security research and development It is therefore reasonable to generalize the options to cover the whole range of the subject This approach would avoid suboptimization focused on only one of many security issues accomplish consistent policy over subjects that must also be addressed in any case and reduce the cost An argument against this broad approach might be that it encompassesmore than can be practically managed Therefore isolating and treating only encryption as a first step would lead I-1 to easier adoption of the broader issues not yet convinced of this However we are Cryptography in an Expanded Context When cryptography is put in its technologically and according to its the following ideas emerge proper context both need in the public sector Cryptography is just one safeguard amongmany important meansof making information processing and communicationssafe from errors omissions misuse and abuse and of providing transaction control It is not worthy of special treatment and in fact cannot be technically or scientifically isolated from other safeguard efforts such as operating system integrity The safeguard needs for military and other secret federal government secret activity require a specialized research and development culture environment and methodology suchas are found in NSA which are different from research and development in the public sector such as in academic institutions and NBS The former sector can draw freely on the resources and results of the latter both covertly and overtly but the reverse can occur only with concurrence and selective release by the secret components of the government Information security needs in the U S public sector are increasing as the value of information in electronic form increases As Lhis sector increases its reliance on electronic processing and communication these needs will becomeso critical that national security concerns will expand to include the security of automated banking and the financial industry the communications industry energy distribution and control transportation weather prediction and control and others Th� need for information security in the public sector transcends national borders and interests Research and development in security especially that including cryptography is actively pursued in other countries so that any drop in level of effort in the United States would have no effect on efforts in other countries In fact it would In addition probably encourage such efforts on a competitive basis U S -based multinational companies havesome of their greatest information security concerns in foreign communication and information processing activities Recommendations In view of the foregoing conclusions the following general recommendationsare made Cryptography should not be isolated and Cryptography created seperately from other information safeguards I-2 should be treated as an integrated function within information processing and communication systems In addition policy should not depend on differentiating between cryptography and other related research topics and not dependent upon differentiating between data processing and data communication functions within an information system Summary The issues concerning cryptography include such subjects as designing developing and proving secure computer operating systems data file access protection mechanisms communication compromise detection devices and computer terminal and telephone access identification methods The thrust of cryptographic research and development will be primarily toward systematizing its use product implementation key selection and management and applications rather than toward further algorithm and cryptanalysis discovery However a breakthrough in mathematical or electronic sciences could require a return to basic research Poiicy must anticipate this possibility • U S DEPARTMENT OF COMMERCE FORM NTIA-29 NAT'L TELECOMMUNICATIONS AND INFORMATION ADMINISTRATION 4·80 BIBLIOGRAPHIC DATA SHEET 2 G o v't Accession N o 1 PUBLICATION NO 3 Recipient's Accession oN IMPACTS OF FEDERAL POLICY OPTI Om 5 Publication Date FOR NONMILITARY CRYPTOGRAPHY Research Report 3 i 6 Perf rming Organizati n C April 1981 4 TITLE AND SUBTITLE o 7 AUTHOR S Charles Victor C Walling C Wood Jr i Donn B Parker o o de o 9 Pr o ject Task W o rk Unit N 8 PERFORMING ORGANIZATION NAME AND ADDRESS SRI International 1333 Ravenswood Ave Menlo Park California r �� i ' � � on 10 Co ntract Grant No 94025 Name and Address COTR Charles K Wilk 1325 G Street N W Washington D C 20005 ksueecwrnrna 12 Type o f Report and Peri o d Covered 13 NOm If document includes a signifcant bibliography or literature ABSTRACT r A 200-word or less factual summary of most signifcant 1nformat1on su vey mention there A study accomplished by SRI International under contract with the CommerceDept NTIA in support of work toward developing a U S policy for cryptography It provides an analysis of the policy options based on a projection of evolving I private sector needs for privacy and security the emerging potential for I innovative applications such as public key cryptographic systems the influence of government constraints on exports inventions research and innovation I scientific advancement and the preservation of constitutional rights It 1 recommends a balanced framework for U S policy including minimization of existing restraints on private sector activities concerning exports and patents governmr mtsupport of open research and technical standards development and the establishment of a government mechanismfor resolving conflicts between private sector and U S military interests 16 Key Words Alpt abet cal order separated by semicolons I computer security cryptography export controls International Traffic in Arms Regulations Inventions Secrecy Act national policy on cryptography patent secrecy privacy public key cryptography telecommunications security I 17 A'' ' ILABILITY STATEMENT l D UNLIMITED D FOR OFFICIAL DISTRIBUTION 18 Security Class Th s report Unclassified 19 Security Class This page 20 Number o f pages 99 21 Pnce I I