Interesting People mailing list archives
Background on the Administation's encryption policy announcements
From: David Farber <farber () central cis upenn edu>
Date: Sat, 5 Feb 1994 14:39:34 -0500
Subject: for interesting people Date: Sat, 05 Feb 94 14:23:27 -0500 From: Stephen Walker <steve () tis com> Background on the Administation's encryption policy announcements On Friday Feb 4 the Clinton Administration held a press conference to announce a progress report on the interagency review of cryptography. Their review is not finished but the following was made public: - approval of the Escrow Encryption Standard and thus formalization of the Clipper key escrow process. The EES (now FIPS 185) is the first "classified" Federal Information Processing Standard. The standard describes two classified "R21 Informal Technical Reports" that "will be required to assure interoperability of EES devices." "Organizations holding an appropriate security clearance and entering into a Memorandum of Agreement with the National Security Agency regarding implementation of the standard will be provided access to the classified specifications. Inquires may be made regarding the Technical Reports and this program to Director, National Security Agency, Fort George G. Meade, MD 20755-6000, ATTN: R21." This is the first time in the history of FIPS (dating back to 1965 or so) that clearances are required to implement a federal standard. This is a direct consequence of using a classifed algorithm and classified key escrow procedure to protect unclassified information. The approval of the EES was made over the nearly unanimous objections (several hundred to two) received during the public comment period. The rationale for why the overwhelming public comments were overruled will most likely not be made available since it is classified. It was announced that Clipper devices with key escrow will be able to be exported. When asked about the international acceptability of key escrow, the comment was made that "little progress has been made" in discussions with other governments that have taken place even "as little as three weeks ago". - procedures for export control of already exportable cryptographic products will be relaxed. However, there will be no change in what can and cannot be exported. If your product cannot be exported today, it will not be able to be exported tomorrow. Apparently the growing body of information concerning the foreign availability of DES and related products and the ease with which other countries allow the export of DES products has, thus far, had no influence on government policy makers. - details on key escrow agents (NIST and Treasury (it seemed important to someone to point out that neither of these were "law enforcement" related agencies)) and key escrow procedures were announced. - establishment of an interagency working group on encryption and telecommunication policy. - a decision not to proceed with the licensing of the Digital Signature Algorithm to Public Key Partners, a proposal put forward last June which met with another overwhelming public (including foreign governments) condemnation. Apparently the fact that this exclusive licensing would be at considerable cost to the public is now viewed as not in the government's best interest. Unfortunately, little was said about what would happen to the Digital Signature Standard. The government will proceed down three paths: - attempting to negotiate a deal with Public Key Partners, - resorting to "other legal" approaches, and/or - defining a new algorithm for the DSS. When asked if these alternatives would take a long time to resolve, the answer was the government expects this matter to be resolved quickly. Nothing in all that was announced at the conference was other than voluntary for the general public.
Current thread:
- Background on the Administation's encryption policy announcements David Farber (Feb 05)