[2801] in cryptography@c2.net mail archive
Experts' Report Undermines Administration Encryption Approach
daemon@ATHENA.MIT.EDU (Alan Davidson)
Mon Jun 8 16:37:22 1998
Date: Mon, 8 Jun 1998 14:36:43 -0400
To: cryptography@c2.net
From: Alan Davidson <abd@cdt.org>
Attach please find CDT's press release about the updated "Risks of Key
Recovery" report by Diffie, Neumann, Blaze, Schneier, et al.
-- Alan
Alan Davidson, Staff Counsel 202.637.9800 (v)
Center for Democracy and Technology 202.637.0968 (f)
1634 Eye St. NW, Suite 1100 <abd@cdt.org>
Washington, DC 20006 PGP key via finger
For Immediate Release Contact: Jerry Berman
CDT Executive Director
Email: jberman@cdt.org
or
Alan Davidson
CDT Staff Counsel
Email: abd@cdt.org
Phone: 202-637-9800
EXPERTS' REPORT UNDERMINES ADMINISTRATION'S ENCRYPTION AGENDA
WASHINGTON, June 8, 1998 - A group of the world's leading cryptographers
today issued a 1998 update of a crucial report that continues to raise
questions about the costs and risks of government 'key recovery' proposals.
The report, which updates 'The Risks of Key Recovery, Key Escrow, and
Trusted Third-Party Encryption' issued last year by the same group of
cryptography experts, argues that the kinds of backdoor key recovery
systems proposed by the federal government will introduce tremendous new
vulnerabilities and costs that jeopardize Internet privacy and security.
The 1998 update of the cryptography experts' report takes a critical look
at the technical details of key recovery systems designed to facilitate
government access and finds them wanting. In particular, the cryptographers
determine that:
* A year after the original report was released government-access key
recovery remains a complex problem that introduces "substantial risks and
costs" into otherwise highly secure encryption systems;
* Despite this finding the federal government has offered "no substantive
response" to the challenges to key recovery that the cryptographers raised
in 1997; and
* The criticisms that have been offered of the original report do not
address key recovery's fundamental problems. In particular, the existence
of commercial key recovery products or prototype key recovery systems that
meet government specifications "is not sufficient to demonstrate that these
[government-access] systems can be operated securely, in an economical
manner, on a large scale, or without introducing unacceptable new risks."
In essence, the cryptographers conclude that in 1998 "there are compelling
reasons to believe that . . . government-access key recovery is not
compatible with large scale, economical, secure cryptographic systems."
These concerns must have a place in the policy debate.
The Center for Democracy and Technology (CDT) agrees with the 11 authors of
the report that the obstacles key recovery presents to privacy online is
too important to be ignored. "Key recovery remains the central issue in the
encryption policy debate. The experts' report indicates that the federal
government has been unable to answer even the most basic and fundamental
questions about the key recovery system that it continues to embrace," said
CDT Executive Director Jerry Berman. "Without answers to fundamental
questions about privacy and security it would be irresponsible to move
forward with wide-scale deployment of government-access key recovery
systems."
The 1998 update of the cryptography experts' report is available online at:
http://www.cdt.org/crypto/risks98
Authors of the report include Whitfield Diffie, a Distinguished Engineer at
Sun Microsystems who is often called "the father of public key
cryptography"; Peter G. Neumann, a Principal Scientist at SRI and
world-renowned computer security expert; Ronald L. Rivest, Webster
Professor of Electrical Engineering and Computer Science at the
Massachusetts Institute of Technology, and co-inventor of the RSA
public-key cryptosystem; and Matt Blaze, a Principal Research Scientist at
AT&T Laboratories, who discovered a flaw in the U.S. government's "Clipper
Chip" key escrow system.
The Center for Democracy and Technology, a non-profit organization, is
dedicated to developing public policy solutions that advance civil
liberties and democratic values in the new computer and communications
media.
# # #
