[Next] [Prev] [Contents]
Government vs. public interests
Many of the current controversy over cryptography can be characterised in terms of tension between government and individuals. Powerful encryption tools are widely available to people all around the world, and there seems to be nothing that can stop these technologies from spreading, also to criminal use [Far94]. From the government's point of view the availability of strong encryption methods to general public is a threat to public security and safety - terrorists and criminals can communicate freely, since the officials do not have any possibility to decrypt these digital signals. Therefore there are initiatives in U.S. and in Europe that intend to preserve the law-enforcement and signal-intelligence capabilities of governmental agencies.
The Escrowed Encryption Standard (EES) was approved in 1994 as a Federal Information Processing Standard in U.S. This standard is intended for voluntary use by all federal departments and agencies and to replace DES as the federal encryption system. The standard is better known as "Clipper chip", because of the early implementation of the encryption algorithm was called Clipper. This U.S. government initiative has raised a lot of debate about the misuse of the technology by possible violation of telephone and computer privacy. There seems to be a large mistrust on government motives to introduce this technology. These protocols have been designed secretly, without consultation and open critics by the academia or industry.
From public point of view the encryption should not be based on classified algorithms, it should be voluntary to use, and there should not be any restrictions to use it internationally. The computer industry in U.S. has complained furiously about the competitive disadvantage the export control has on their international operations. Recently U.S. administration has lifted the export regulations on strong cryptography (such as DES) when it is coupled with a key escrow mechanism. There is a need for escrowed key systems also commercially, so the system could be based on other trusted third parties than governmental organisations. Some of the open questions related to these "key escrow agents" include:
- What kind of organisations should be approved as key escrow agents? Should there be international co-operation?
- What sort of legal agreement between the government and the key escrow agent is needed?
- Should intentionally misreleasing or destroying a key be criminalised?
- Should approval of key escrow agents be tied to public key infrastructure?
- What procedures are needed for the storage and safeguarding of keys?
The Council of Europe has proposed a similar standard than EES to monitor signals in all member states, and European Commission has recently announced that EU will introduce European cryptography standards that are based on key escrow. The Commission plans to propose that member states choose private trusted third parties rather than governmental departments to regulate networks [Tho95].
[Next] [Prev] [Contents]
mtu@cs.hut.fi - 04 DEC 95