Dr. Dobb's Journal March 1997
Given its reputation as America's most secret intelligence organization, it's no surprise that a recent exhibit at the National Security Agency's National Cryptologic Museum opened with little fanfare. The display, entitled "Information Security for the Nation," celebrates NSA-developed technology of the past. From Teletype encryption machines used in Washington-Moscow hot lines, to tamper-proof floppy disks and secure desktop telephones that require smart keys, the exhibit has plenty of show, but not much tell -- only the outer shells of the encryption devices are displayed.
With the demise of the Cold War, you might expect the NSA to have drifted into bureaucratic backwaters. Nothing could be further from the truth -- particularly when it comes to establishing U.S. encryption policy. In an Edgar Bergen/Charlie McCarthy-like scenario, the Commerce, State, and Justice Departments seem to be taking their lead from, you guessed it, the NSA. When asked about its role in forming a national encryption policy, the NSA public-affairs office follows standard operating procedure, referring all questions to the White House. In turn, the White House press office says that encryption policy is set by the Interagency Working Group on Encryption, of which the NSA -- the U.S. government agency primarily responsible for code breaking -- is "just another member."
The current fracas is over the differences between promises the government made last fall and the policy now being implemented. In a classic bait-and-switch move, the government agreed to one thing, then delivered another. For instance, the administration originally said it only required information about encryption implementations that would enable authorities to reconstruct keys. It also agreed to "automatically" grant licenses for U.S. companies exporting software that uses 56-bit keys. The eventual executive order, however, set forth case-by-case license approval, and said that domestic and international key-recovery software must provide advance access to government-approved third parties, and not be interoperable with non-key software. This applies to communications and stored data. To export 56-bit software, companies must submit their business and marketing plans for government approval, along with progress reports every six months.
This isn't the first time the NSA has been accused of promoting back doors to encryption. When the National Bureau of Standards asked for solicitations for encryption algorithms back in the 1970s, IBM submitted its 128-bit key "Lucifer" cipher. Under NSA pressure, IBM eventually reduced the size of the key to 56 bits. After classifying the design criteria of the cipher's eight S-boxes, the NSA declared the algorithm the best choice for the U.S. Data Encryption Standard (DES). To this day, skeptics maintain that the DES S-boxes have built-in back doors.
Critics, then, further charged that NSA codebreakers weakened the key so that the agency could easily break it, while NSA codemakers strengthened the S-boxes so that the cipher is actually useful. At the time, Martin Hellman and Whitfield Diffie theorized that a special-purpose computer running a brute-force attack at 1 trillion possible keys per second could break a 56-bit key in less than 20 hours. Interestingly, researchers have now built a 1.06 teraflop computer with off-the-shelf CPUs (see "News & Views" on page 16 of this issue).
Adding to the confusion is that one long-standing NSA worry -- ITAR and the First Amendment -- has taken a beating in the courts. In her ruling (which isn't binding on other courts), U.S. District Judge Marilyn Hall Patel said that the government's attempts to keep Daniel Bernstein from exporting his "Snuffle" encryption program was an unconstitutional restriction of his free-speech rights. While a student, Bernstein wrote Snuffle and a paper describing it. When he attempted to "export" it, the government said he must first register as a munitions dealer per the "International Traffic in Arms Regulations" (ITAR), which categories cryptography as "auxiliary military equipment." Bernstein sued. According to Judge Patel, the system for licensing encryption software for export is "a paradigm of standardless discretion" and "an unconstitutional prior restraint in violation of the First Amendment." She added that "software related to encryption is simply a topic of speech employed by scientists involved in applied research. Hence, Snuffle is speech afforded the full protection of the First Amendment."
What this all comes down to is that the government -- which has insisted on the mandatory key-escrow approach from the outset -- should stop worrying about the past, start looking to the future, and get on with the job establishing clear, workable policies. Yes, combating terrorism and computer crime is unquestionably important, but encryption technology will advance and be increasingly available no matter what. In the meantime, U.S. software developers need to know what the rules are and whether or not they'll be able to compete in a global market.
--Jonathan Erickson