![[CRS Issue Brief for Congress]](iblogo.gif)
96039: Encryption Technology: Congressional Issues
Updated January 2, 1997
Marcia S. Smith
Science Policy Research Division
CONTENTS
- Encryption, Computers, and the Internet
- Clinton Administration Policy
- Current Policy
- Industry Reaction
- NRC Report
- Action in the 104th Congress
- Issues
- Export Restrictions
- Key Recovery
The Clinton Administration's announcement of a new encryption policy on October 1, 1996, highlighted a year of intense debate among the White House, industry, and Congress.
Fundamentally, the controversy is over what access the government should have to private information stored by or transmitted via computers for law enforcement or national security purposes. Businesses and consumers want strong encryption products to protect their information, while the Clinton Administration wants to ensure its ability to monitor undesirable activity. Administration policy employees two methods to accomplish that goal: using the export control process to restrain the development of "strong" encryption products that would be difficult to break; and aggressively promoting the use of "key recovery agents" that would make available to court-ordered law enforcement officials the key to enable a message to be decrypted.
All agree that encryption is essential to the growth of electronic commerce and use of the Internet, but there is little consensus beyond that. Hearings were held on two bills that reflected industry's concerns (H.R. 3011, S. 1726), but neither cleared committee. The White House released an Executive Order and other information on November 15 providing more detailed information about the new policy. Initial reaction was mixed, and subsequently the policy has lost ground. The Business Software Alliance (BSA), representing many of the largest computer software companies, supported the policy announced October 1, but withdrew its support once the details were made public. BSA also sharply criticized a draft of the Administration's new regulation transferring primary responsibility for export of commercial encryption from the State Department to the Commerce Department as "confirm[ing] our worst fears." The Commerce Department published the "interim final" version of the regulation on December 30, with few changes from the draft. A 45-day comment period is in progress.
Meanwhile, some computer companies are moving forward in developing key recovery products that meet the Administration's new policy, including Trusted Information Systems, Hewlett-Packard, and an IBM-led consortium.
On December 30, the Commerce Department published the "interim final" regulation transferring primary jurisdiction over commercial encryption from the State Department to the Commerce Department. The regulation is effective December 30, with a 45-day comment period (until February 13, 1997). Critics claim that there is little change from the draft regulations released earlier which sparked numerous complaints from affected companies. On December 18, U.S. District Judge Marilyn Hall Patel had ruled that the International Traffic in Arms Regulations (ITAR), through which exports of items on the U.S. Munitions List are regulated, are an unconstitutional prior restraint on free speech. The case concerned Prof. Daniel Bernstein, and his attorneys have written to the Department of Justice asking that enforcement of the new regulations be delayed until they can be reviewed by Judge Patel. The lawyers argue that the new regulations "contain the same facial Constitutional violations as Judge Patel found in the ITAR ...."
Encryption, Computers, and the Internet
Encryption and decryption are procedures for applying the science of cryptography to ensure the confidentiality of messages. Technically, the issue discussed here is cryptography policy, but since encryption is the most controversial application of cryptography, it is the term used popularly and herein.
Encrypting messages so they can be read only by the intended recipient historically had been the province of those protecting military secrets. The burgeoning use of computers and computer networks, including the Internet, now has focused attention on its value to a much broader segment of society. Government agencies seeking to protect data stored in their databases, businesses wanting to guard proprietary data, and consumers expecting electronic mail to be as private as first class mail, all want access to strong encryption products.
Whether hardware- or software-based, an encryption product scrambles a message using mathematical algorithms. A corresponding key is needed to decrypt (unscramble) the message, and the key itself also may be encrypted. The algorithm is a series of digital numbers (bits), and the level of difficulty of breaking the code (its "strength") is usually represented by the number of bits in the key. (There are other factors that affect a key's strength, but in this debate, bit length is used as a benchmark.) The National Institute of Standards and Technology (NIST), in conjunction with industry, developed an encryption standard using a 56-bit key in 1977. Called the Data Encryption Standard (DES), it is widely used today in the United States and abroad, often in an enhanced mode called "3-key triple DES" providing the equivalent of a 112-bit key. Encryption products are widely available today, including some that use 128-bit keys or more. Some can be downloaded from the Internet.
There are no limits on the strength of encryption products used domestically or imported. Depending on the type of encryption involved, exports generally must be licensed by either the State Department (with primary jurisdiction) or the Commerce Department. Reflecting policies that evolved during the Reagan, Bush, and Clinton Administrations, the State Department has not allowed general exports of encryption with better than 40-bit keys, except for exports for banking and U.S.-owned subsidiaries. (For a list of exceptions, see CRS Report 96-232.) In 1996, the Clinton Administration announced that it would raise the limit to 56 bits for up to 2 years with certain requirements. It is 216 (65,536) times more difficult to break a 56-bit key than a 40-bit key. Breaking a message encrypted with a 40-bit key by "brute-force" -- trying every possible combination of bits until the correct one is found -- is not considered difficult. In a widely reported incident, a MIT student using a single $83,000 graphics computer was able to do so in 8 days.
Hence, business and consumer groups consider 40-bit keys inadequate to ensure privacy and security. They oppose export encryption controls, or at least want increasingly higher limits on the bit length. These groups argue that strong encryption is needed to enhance the prospects for electronic commerce and other uses of computer networks. The willingness of consumers to buy goods via the Internet, for example, could be markedly affected by their beliefs as to whether credit card numbers will be secure. Businesses using computers for either internal or external communications need to ensure that competitors or other unauthorized parties cannot gain access to proprietary information. Privacy advocates argue that ordinary consumers should be assured that personal, medical and financial information transmitted by or stored in computers will be protected. They also point out that since 128-bit encryption is available worldwide either by downloading it from the Internet or by buying it from foreign firms, the U.S. government already has lost control of influencing its availability.
Supporters of encryption export controls insist that national security and law enforcement concerns demand that, when authorized, government be able to intercept and decrypt messages where undesirable activity is suspected. Law enforcement officials want to ensure their ability to access the key needed to unscramble encrypted information through the use of "key escrow" or "key recovery" agents. Where the key cannot be obtained, national security officials want to enhance the likelihood they can break the code by restricting its key length. Hence the use of export controls to restrict key length. Although any strength encryption can be used domestically, the export policy indirectly affects what is available for use because computer hardware and software companies are reluctant to develop separate products for domestic and foreign markets. While conceding some strong encryption products are available, they claim use of these products is not widespread. If the U.S. government cannot prevent the availability of strong encryption, at least it can be slowed down, they argue.
Clinton Administration Policy
The Clinton Administration has strongly backed arguments by national security and law enforcement agencies that the government must be able to gain access to electronic data and messages when undesirable activity is suspected. The export controls are one method being used. Key recovery (formerly key escrow) is the other.
The Clinton Administration has tried several approaches to promote "voluntary" use of key escrow agents who would hold a "spare key" and provide it to duly authorized law enforcement officials. In April 1993, the Administration released its "Clipper chip" policy requiring emplacement of special encryption computer chips (called Clipper) into new government equipment for voice and electronic data communications. The Administration implemented this policy in 1994 for sensitive but unclassified voice communications in the federal government. Officially called the Escrowed Encryption Standard (EES), NIST is working to update it for use with data, too. NIST and the Department of Treasury serve as escrow agents for the keys.
The Administration hoped that industry would accept the Clipper chip for its own use on a voluntary basis, but industry strongly objected to the key escrow provisions. In July 1994, the Administration agreed to work with the private sector to develop a "voluntary" key escrow system for data using "trusted third parties" as escrow agents instead of government agencies. This proposal is sometimes referred to by its detractors as "Clipper II."
Industry continued to object to the key escrow concept as well as export controls, leading to the legislation discussed below. On May 20, 1996, the Administration released a draft paper on encryption policy, followed by a July 12 statement by Vice President Gore. Called "Clipper III" by its opponents, these documents outlined policy changes the Administration was considering. Among other things, the term "key recovery" replaced "key escrow." The new term emphasizes the positive attributes of key escrow in providing a means to recover a key that is lost, stolen, or corrupted. Furthermore, "key escrow" had come to be identified with the concept of the government holding the key. The new term is meant to convey the new policy that a trusted third party or an organization itself can serve that function.
Current Policy
Vice President Gore formally announced these changes on October 1, 1996. The associated executive order was signed November 15 and released along with a presidential memorandum incorporating additional details of the policy.
As announced by the Vice President on October 1, under the new policy:
- The lack of restrictions on domestic use or import of any encryption continues;
- There will be no algorithm or key length restrictions on the export of encryption products if a key recovery system is in place for that product;
- For products without key recovery systems, 56-bit encryption products can be exported after a one-time review for up to 2 years. By then, the exporter must have developed a key recovery system. The license would be granted in 6-month increments, to hold exporters to a required timetable to ensure the key recovery system is being developed. If key recovery systems are not produced, the export license would not be renewed;
- Trusted parties must serve as key recovery agents, but in some cases, organizations would be allowed to escrow the keys themselves (self-escrow) if they meet certain requirements; and
- Commercial encryption is removed from the Munitions List and responsibility for commercial export licensing is transferred from the State Department to the Commerce Department. The Department of Justice would have an advisory role in commercial encryption export decisions.
Also on November 15, the White House announced appointment of David Aaron, U.S. representative to the Organization for Economic Cooperation and Development (OECD), as Special Envoy for Cryptography. In addition to his OECD duties, he is charged with promoting "the growth of international electronic commerce and robust, secure communications in a manner that protects the public safety and national security."
On December 30, the Administration published an "interim final" regulation transferring primary responsibility for commercial encryption export control from the State Department to the Commerce Department (a draft version had been circulated on December 9). The new regulation is effective December 30, 1996, with a 45-day comment period (until February 13, 1997).
Industry Reaction
The details that emerged in the November 15 Executive Order and other documents led one industry group, the Business Software Alliance (BSA), to withdraw its support for the Administration's new policy. BSA said in a December 2 letter to Vice President Gore that "It appears that significant backtracking has occurred since the October 1 announcement and, therefore, we seriously doubt that the regulations will work, meet computer user demands, or be accepted by the private sector unless the Administration radically changes its approach immediately." BSA listed 5 key principles underlying its position on the matter: (1) any key recovery plan must be voluntary and market-driven; (2) key recovery products should be exportable without key length limit if they include features making recovery of stored data possible, regardless of whether they can allow access to real-time communications; (3) the government should not dictate specific milestones for companies developing key recovery products; (4) interim export of 56-bit encryption products without key recovery must be easy to accomplish under the Commerce Department's General License procedure, and products that already have export licenses should not have to undergo a new review; and (5) interoperability between key-recovery and non key-recovery products is essential, both because the interim export relief is only for 2 years, and industry needs to service and support the installed base of 56-bit non key-recovery products.
BSA also responded negatively to the December 9 draft regulation transferring jurisdiction from the State Department to the Commerce Department, asserting that it "confirmed our worst fears." As noted, the Commerce Department released the "interim final" version of the regulation on December 30. Few changes were made from the draft.
Meanwhile, some computer companies are moving forward in developing key recovery products that meet the Administration's new policy, including Trusted Information Systems, Hewlett-Packard, and an IBM-led consortium.
NRC Report
Vice President Gore said that the new policy was "broadly consistent" with recommendations from the National Research Council (NRC), part of the National Academy of Sciences. In response to language in the FY1994 Department of Defense authorization bill, NRC prepared a comprehensive report on cryptography. Released in May 1996, Cryptography's Role in Securing the Information Society (the "CRISIS" report), stressed that national policy should make cryptography broadly available to all legitimate elements of society, promote continued economic growth and leadership of key U.S. industries, and ensure public safety and protection against foreign and domestic threats. The report's recommendations included the following:
- Key escrow is an unproven technology and the government should experiment with it and work with other nations, but not promote it aggressively at this time;
- Export controls should be relaxed progressively, but not eliminated; and
- Despite contrary assertions by the national security community, encryption policy issues can be debated adequately in public without relying upon classified information.
... If cryptography can protect the trade secrets and proprietary information of businesses and thereby reduce economic espionage (which it can), it also supports in a most important manner the job of law enforcement. If cryptography can help protect nationally critical information systems and networks against unauthorized penetration (which it can), it also supports the national security of the United States. Framing national cryptography policy in this larger context would help to reduce some of the polarization among the relevant stakeholders. (Page 8-8).
Action in the 104th Congress
Hearings were held on legislation addressing computer encryption issues in 1996 (S. 1726 and H.R. 3011). Neither bill was reported from committee.
Though not identical, the main thrusts of both bills, as well as S. 1587 (on which there was no action), were to liberalize export restrictions by allowing export of software products that are generally available or in the public domain, or for which export is permitted for financial institutions not controlled by U.S. persons unless there is evidence that they will be used for military or terrorist purposes. Export of hardware products would be allowed if a product offering comparable security is commercially available from a foreign supplier. S. 1726 and H.R. 3011 would have prohibited the government from requiring the use of key escrow agents. S. 1527 provided for the voluntary use of "key holders" and established guidelines for release and use of keys, and set penalties for unauthorized release or use. All three bills would have codified existing policy of no restrictions on domestic use of encryption, made it lawful to sell encryption products, and transferred responsibility for export of commercial encryption to the Commerce Department. H.R. 3011 would have made it unlawful to use encryption in the commission of (or to cover up) a crime, or to sell encryption when done in furtherance of a crime. Under S. 1527, it would have been unlawful to use encryption to obstruct justice.
Issues
The new Clinton policy does not satisfy all the complaints of opponents to controls, so the issues are likely to come before the 105th Congress as well.
Export Restrictions
Using the export process to restrain the availability of strong encryption remains a core principle of Clinton Administration policy. The new policy temporarily increases the strength of encryption products that can be readily exported. Opponents of controls, however, are likely to continue demanding that the bit length limit be raised, or at least that a schedule be agreed upon where the bit length would be increased periodically. They argue that the U.S. government cannot control the availability of strong encryption, since it already can be procured from foreign suppliers, or downloaded from the Internet. They assert U.S. policies simply ensure that U.S. companies will lose market share to foreign competitors. Objections to the Department of Justice having a role in export decisions also are likely.
On the other side are groups who want to retain the current limit of 40 bits, fearing that increasing it to 56 will make it easier for terrorists and drug traffickers to use the Internet without detection. They assert the stronger encryption products available from foreign sources or the Internet are not widely used. Opponents of controls counter that criminals will develop their own encryption products and avoid those that are escrowed, so they believe the policy is immaterial. Proponents of controls concede that criminal groups will develop their own encryption, but insist that at some point they will have to interact with mainstream companies (such as banks or airlines). If the mainstream companies are using key recovery-based systems, this would provide an opportunity for the U.S. or other governments access to at least some of the groups' activities.
On December 18, U.S. District Judge Marilyn Hall Patel ruled that the International Traffic in Arms Regulations (ITAR), through which exports of items on the U.S. Munitions List are regulated, are an unconstitutional prior restraint on free speech. The specific case involved attempts by an Illinois professor, Daniel Bernstein, to publish, both in print and on the Internet, the source code for an encryption algorithm he developed, called Snuffle. The government argued that this was an export, and hence required a license under the Arms Export Control Act (AECA) and ITAR, the regulations through which AECA is implemented. On April 15, the judge had ruled that computer source code is "speech" and protected under the constitution. Her new ruling concluded, among other things, that because ITAR "fails to provide a time limit on the licensing decision, for prompt judicial review and for a duty on the part of the [Office of Defense Controls] to go to court and defend a denial of a license," it is a prior restraint on that freedom of speech. How far reaching this decision is remains to be seen, along with what impact it will have on the Administration's new encryption policy. The Administration must decide whether to appeal the judgment. Meanwhile, Prof. Bernstein's attorneys have asked the Justice Department to delay enforcement of the new regulations published on December 30 until they can be reviewed by Judge Patel. They argue the new regulations "contain the same facial Constitutional violations as Judge Patel found in the ITAR ...."
Key Recovery
Key recovery is a fundamental tenet of the Clinton Administration policy. Not only does the Administration view this as critical for U.S. users, but it seeks a global key management infrastructure to ensure confidentiality for the growth of global electronic commerce, and monitoring undesirable activity (by terrorists or drug cartels, for example). The Administration is already working with the Organization for Economic Cooperation and Development (OECD) to develop principles for such a global infrastructure.
Opponents of controls agree with the advantages of a key recovery infrastructure (recovering a lost, stolen or corrupted key), but insist that the government should have no role in choosing who will hold the key. They fear the government will have unfettered access to private files and communications, though the Clinton Administration stresses that a court order will be required to obtain the key. The Administration emphasizes that while the tenet is unshakable, it wants to be flexible in its implementation, working with industry to find a mutually agreeable solution. To date, reaction has been mixed. The Business Software Alliance's withdrawal of its original support for the October 1 policy underscores the controversial nature of this issue.
H.R. 3011 (Goodlatte)
Security and Freedom Through Encryption Act. Introduced March 5, 1996; referred to
Committees on the Judiciary and International Relations. Judiciary Committee held
hearing September 25, 1996. No further action.
S. 1587 (Leahy)
Encrypted Communications Privacy Act. Introduced March 5, 1996; referred to
Committee on the Judiciary. No action.
S. 1726 (Burns)
Promotion of Commerce On-Line in the Digital Era Act (PRO-CODE). Introduced May
2, 1996; referred to Committee on Commerce, Science and Transportation. Referred to
Subcommittee on Science, Technology and Space . Subcommittee held hearings June 26
and July 25. Full committee held hearing September 12. No further action.
U.S. National Academy of Sciences. National Research Council. Cryptography's role in securing the information society. Washington, 1996. 688 p.
U.S. Office of Technology Assessment. Issue update on information security and privacy in network environments. Washington, 1995. 142 p.
CRS Reports
CRS Report 96-232. Cyberbanking and cryptography, by M. Maureen Murphy.
CRS Report 96-670. Encryption technology and U.S. national security, by Michael Vaden and Edward Bruner.
CRS General Distribution Memorandum. Information privacy and encryption, by Gina Marie Stevens.
CRS General Distribution Memorandum. Overview of legal issues involving exports
of encryption
technology, by Jeanne Grimmett.
|
NEWSLETTER
|
| Join the GlobalSecurity.org mailing list |
|
|
|
