1993 Annual Report of the National Computer System Security and Privacy Advisory Board March 1994 TABLE OF CONTENTS Executive Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 I. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Board's Establishment and Mission . . . . . . . . . . . . . . . . . . 4 Board's Charter . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Membership. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 II. Major Issues Discussed. . . . . . . . . . . . . . . . . . . . . . . 6 Key Escrow and Public Use of Cryptography . . . . . . . . . . . . . . 6 Export Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 SKIPJACK Algorithm. . . . . . . . . . . . . . . . . . . . . . . . . . 8 Key Escrow Agents . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Law Enforcement Requirements. . . . . . . . . . . . . . . . . . . . . 8 User Community. . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Escrow Encryption Standard/Escrow Procedures. . . . . . . . . . . . . 9 Federal Criteria and Evaluation Program . . . . . . . . . . . . . . . 9 Information Brokering . . . . . . . . . . . . . . . . . . . . . . . . 10 National Information Infrastructure . . . . . . . . . . . . . . . . . 10 Cryptographic Wrap-Up . . . . . . . . . . . . . . . . . . . . . . . . 10 NIST's Security Program Plan. . . . . . . . . . . . . . . . . . . . . 10 Threats to Telecommunications Security. . . . . . . . . . . . . . . . 11 III. Advisory Board Correspondence. . . . . . . . . . . . . . . . . . . 11 Exhibits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 IV. 1994 Advisory Board Workplan. . . . . . . . . . . . . . . . . . . . 19 INTRODUCTION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 APPROVED 1994 WORK ITEMS FOR CSSPAB . . . . . . . . . . . . . . . . . 19 Action Items. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Cryptographic Issues. . . . . . . . . . . . . . . . . . . . . . . . . 19 Public Key Cryptography . . . . . . . . . . . . . . . . . . . . . . . 19 National Research Council . . . . . . . . . . . . . . . . . . . . . . 19 Telecommunications Security . . . . . . . . . . . . . . . . . . . . . 19 Council on National Information Infrastructure. . . . . . . . . . . . 20 Trusted System Criteria and Evaluation. . . . . . . . . . . . . . . . 20 Security Evaluation Process . . . . . . . . . . . . . . . . . . . . . 20 Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Implementation of the Computer Security Act . . . . . . . . . . . . . 20 Risk and Threat Assessment. . . . . . . . . . . . . . . . . . . . . . 21 Electronic Commerce (EC) Security . . . . . . . . . . . . . . . . . . 21 Monitoring Activities . . . . . . . . . . . . . . . . . . . . . . . . 21 Changes in National Computer Security Policies. . . . . . . . . . . . 21 Security and Open Systems . . . . . . . . . . . . . . . . . . . . . . 21 Effective Use of Security Products and Features . . . . . . . . . . . 21 Status of Computer Emergency Response Capabilities in Civil Agencies. 22 International Hacking . . . . . . . . . . . . . . . . . . . . . . . . 22 Local Area Network (LAN) Security . . . . . . . . . . . . . . . . . . 22 Security and the Public Switched Network. . . . . . . . . . . . . . . 22 Citizen Access to Government Electronic Records . . . . . . . . . . . 22 V. Conclusions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 LIST OF APPENDICES A - Computer Security Act of 1987 (See separate file) B - Charter (See separate file) C - June Agenda and Minutes D - July Agenda and Minutes E - September Agenda and Minutes F - December Agenda and Minutes G - Federal Register Notices (Not included) Executive Summary This Annual Report documents the activities of the National Computer System Security and Privacy Advisory Board during 1993, its fifth year. The Board, which met four times during the year, was established by Congress through the Computer Security Act of 1987 to identify emerging computer security and privacy issues. Dr. Willis Ware, of RAND, has served as Chairman of the Board since July of 1989. In 1992, the Board identified the need and called for a National Review of Cryptographic Policies and issued letters containing the Board's positions and recommendations to the appropriate Executive Branch officials. The letters identified issues surrounding cryptographic standards and the strength and availability of cryptographic products. However, in May of 1993, the President directed that the Administration conduct a review of issues related to public cryptography and advanced telecommunications systems to include: individual privacy, exportability, key escrow systems, industry requirements for information protection, to the government-developed "key escrow" chip, and related issues. Of particular interest was the impact upon industry of government cryptographic policies. As a result of the President's directive, Mr. Raymond Kammer, Deputy Director of NIST, requested the Board to devote its June meeting to collecting public comments from these outside communities for input to the Administration's deliberations. The cryptographic review was intended to track trends in telecommunication and encryption technologies, study export control issues, and examine the policy and implementation of the key escrow encryption initiative. Subsequently, the Board devoted a special July meeting, and a limited amount of time at the September meeting, to the same subject to more completely respond to Mr. Kammer's request and to fulfill its statutory obligations under P.L. 100- 235. The Board continues to monitor issues surrounding cryptography. As a result of these meetings four resolutions (of cryptographic concern) were passed by the Board: - The input collected reflected serious concerns regarding the key escrow initiative and that more time was needed to achieve a better understanding of the issues. - The Board recognized that key escrowing encryption technology represented a dramatic change in the nation's information infrastructure. Therefore, the Board recommended that key escrowing encryption technology not be deployed beyond current implementations planned within the Executive Branch, until its significant public policy and technical issues are fully understood. - Public input heightened the concerns of the Board to many issues, such as: 1) the kinds of problems that the key escrow encryption initiative attempts to solve, 2) the need to review export and import controls over cryptographic products, and 3) the key escrow encryption initiative and DoD Capstone technology proposals not addressing the needs of the software industry, and several others. - The Board endorsed the process pursued by the Administration in the form of an interagency review but believed that the scope of that review needed to include adequate industry input. The Board believed that there were a number of issues that must be resolved before any new or additional cryptographic solutions are approved as U.S. government standards. Those issues were: 1) The protection of law enforcement and national security interests; 2) The protection of U.S. computer and telecommunication interests in the international marketplace; and 3) The protection of U.S. persons' interests both domestically and internationally. In other discussions, the Board was briefed on the Clinton Administration's announcement of its intention to use the High Performance Computing and Communications as a foundation for developing a National Information Infrastructure (NII). The plan would be to draw upon a wide variety of private sector groups discussing issues associated with the NII. In July, the Board endorsed the recertification of the Data Encryption Standard (DES) algorithm for an additional five year period, from 1993 through 1998. The Board recommended endorsement of DES for use in software versions that can be used to protect information covered by the Computer Security Act of 1987. During the December meeting, the Board endorsed NIST's computer security plan for FY94 as a reasonable allocation of its limited resources for their computer security program. The Board also established a work plan for 1994 which identified candidate topics for in-depth examination. These include: Cryptographic Issues; - Public Key Cryptography; - National Research Council Study - Telecommunications Security Council on National Information Infrastructure; Trusted System Criteria and Evaluation; Security Evaluation Process; Privacy; Implementation of the Computer Security Act; and - Risk and Threat Assessment - Electronic Commerce (EC) Security Monitoring Activities; - Changes in National Computer Security Policies - Security and Open Systems - Effective Use of Security Products and Features - Status of Computer Emergency Response Capabilities in Civil Agencies - International Hacking - Local Area Network (LAN) Security - Security and the Public Switched Network - Citizen Access to Government Electronic Records These issues clearly demonstrate the extensive work which lies ahead for the Board in 1994 and beyond. I. Introduction Board's Establishment and Mission The passage of the Computer Security Act of 1987 (P.L. 100-235, signed into law on January 8, 1988) established the Computer System Security and Privacy Advisory Board. The Board was created by Congress as a federal public advisory committee in order to: - identify emerging managerial, technical, administrative, and physical safeguard issues relative to computer systems security and privacy. Appendix A includes the text of the Computer Security Act of 1987, which includes specific provisions regarding the Board. The Act stipulates that the Board: - advises the National Institute of Standards and Technology (NIST) and the Secretary of Commerce on security and privacy issues pertaining to federal computer systems; and - reports its findings to the Secretary of Commerce, the Director of the Office of Management and Budget (OMB), the Director of the National Security Agency (NSA), and appropriate committees of Congress. Board's Charter The Board was first chartered on May 31, 1988 and was rechartered for a second time on March 27, 1992 by U.S. Department of Commerce Assistant Secretary for Administration Preston Moore. (See Appendix B for the text of the current charter.) Consistent with the Computer Security Act of 1987, the Board's scope of authority extends only to those issues affecting the security and privacy of unclassified information in federal computer systems or those operated by contractors or state or local governments on behalf of the federal government. The Board's authority does not extend to private sector systems (except those operated to process information for the federal government), systems which process classified information, or Department of Defense unclassified systems related to military or intelligence missions as covered by the Warner Amendment (10 U.S.C. 2315). Membership The Board is composed of twelve computer security experts in addition to the Chairperson. The twelve members are, by statute, drawn from three separate communities: - four members from outside the Federal Government who are eminent in the computer or telecommunications industry, at least one of whom is representative of small or medium sized companies in such industries; - four members from outside the Federal Government who are eminent in the fields of computer or telecommunications technology, or related disciplines, but who are not employed by or representative of a producer of computer or telecommunications equipment; and - four members from the Federal Government who have computer systems management experience, including experience in computer systems security and privacy, at least one of whom shall be from the National Security Agency. Currently, Dr. Willis H. Ware, a senior researcher of the Corporate Research Staff of RAND, serves as Chairman of the Board. He was appointed in July 1989. As of December 1993, the membership of the Board is as follows: - Chairman Willis H. Ware, RAND - Federal Members Patrick R. Gallagher, National Security Agency Henry H. Philcox, Department of the Treasury, Internal Revenue Service Cynthia C. Rand, Department of Transportation - Non-Federal, Non-Vendor Cris R. Castro, ManTech, Inc. John A. Kuyers, Ernst and Young Sandra Lambert, Citibank - Non-Federal Gaetano Gangemi, Wang Laboratories, Inc. Stephen T. Walker, Trusted Information Systems, Inc. Bill Whitehurst, International Business Machines Corp. In September of 1993, Messrs. Colvin, Zeitler, and Lipner's terms expired, leaving three vacancies in the following categories: federal, non-federal, non- vendor, and computer or telecommunications industry. NIST's Associate Director for Computer Security, Mr. Lynn McNulty, serves as the Board's Secretary and is the Designated Federal Official (DFO) under the Federal Advisory Committee Act. The DFO is responsible for ensuring that the Board operates in accordance with applicable statutes and agency regulations. Additionally, the DFO must approve each meeting and its agenda. Through the Secretariat, NIST provides financial and logistical support to the Board as stipulated by the Computer Security Act of 1987. II. Major Issues Discussed The following section summarizes the discussions held by the Board in 1993. Additionally, the Board accomplishes much informal, non-decisional, background discussion and preparation for meetings by electronic mail between meetings. The Board's activities complement those of the individual Board members. (Note that the minutes and agenda from the June, July, September, and December meetings are included as Appendices C to F, respectively. The required Federal Register announcement notices for the meetings are presented in Appendix G.) Much of the substantive work of the Board during 1993 was devoted to collecting public comments on the subject of the Administration's key escrow encryption technology. The Board collected input from a wide range of individuals and groups representing industry, academia, privacy rights advocates, and private citizens. Key Escrow and Public Use of Cryptography The focus of the June meeting was on the "key escrow" encryption chip, and more broadly, the public use of cryptography and government cryptographic policies and regulations. On April 16, 1993 the President announced the development of a state-of-the-art microcircuit called the key escrow encryption chip (commonly referred to as the "Clipper" chip.) (The use of the term "Clipper" has been discontinued to avoid any potential conflict with similarly named products.) This initiative is intended to bring the federal government together with industry in a voluntary program to improve the security and privacy of telephone communications while meeting the legitimate needs of law enforcement. The chip scrambles telephone communications using an encryption algorithm that is more powerful than many in commercial use today. A "key- escrow" system will be established to ensure that the key escrow encryption chip is used to protect the privacy of law-abiding Americans while preserving the ability of approved agencies to gain access to the keys when legally authorized. In June, Mr. Ray Kammer, Deputy Director of NIST,2 briefed the Board on the status of the panel of cryptographers who had been invited to evaluate the SKIPJACK algorithm used in the key escrow encryption chip. Mr. Kammer informed the Board that the President had directed the National Security Council to lead the study group considering the key escrow and cryptography issues. Mr. Clint Brooks, Advisor to the director of NSA, discussed their role in the development of the key escrow encryption chip, NSA had two goals in mind: 1) to provide high quality cryptographic protection to U.S. federal government agencies and those organizations and individuals in the private sector that voluntarily wish to take advantage of it and 2) to provide a mechanism for lawful access to the encrypted information when lawfully authorized (e.g., if this powerful technology is misused to hide criminal activity). Many issues were derived from the development of the key escrow initiative. Private citizens expressed their views concerning the inadequate time that had been allotted to understanding the issues involved and that the Constitutional issues had not been adequately examined. They were concerned that the relationship of the escrow agents to the government was unclear and questioned how independent the escrow agents would be. Some of the following concerns, with regard to cryptography, and key escrowing/technology, were expressed by a number of panelists: export controls on cryptography; no legal or policy basis for the key escrow encryption initiative; the key escrow encryption initiative effectiveness is unclear with regard to law enforcement; the key escrow encryption initiative threatens existing, individual rights to privacy; the government banning of non-escrowed encryption; possible misuse or compromise of escrowed key components through abuse of political power or bribery; the algorithm not being implemented in software; and probable rejection of the key escrow encryption initiative by foreign markets. (because it is classified) The issue of privacy was also discussed. Some of the concerns were the presence of "information brokers" who sell information from government databases to the private sector, the disclosure of secret files on individuals, and the abuse of social security numbers. International issues regarding wiretapping involving eavesdropping of politicians was also a concern. One private sector organization concluded that the key escrow system will not work unless it is mandatory and believes the government will seek to legislate its use. (The government has repeatedly stated however, that it has no intention of seeking such legislation.) Export Control Export issues were also examined from a business perspective. Several panel members expressed that current U.S. export laws do not make sense given the claimed widespread foreign availability of cryptographic products. They related that software companies have suffered economic losses, and difficulties with joint ventures as a result. The July meeting was a continuation of the June meeting devoted to collecting public comment on the key escrow encryption initiative. The Board had two tasks in this regard: 1) to provide a record of the public comments it received and 2) to deliver its own input, if desired. SKIPJACK Algorithm In order to allow those in the private sector to ascertain for themselves the strength of the SKIPJACK algorithm, the government made the algorithm available to a group of independent cryptographers (under appropriate security conditions). Dr. Dorothy Denning, Georgetown University, was one of the reviewers of the SKIPJACK algorithm. Dr. Denning provided the Board with a status report and the following conclusions: 1) There is no significant risk that SKIPJACK will be broken by exhaustive search in the next 30-40 years. 2) There is no significant risk that SKIPJACK can be broken through a shortcut method of attack. 3) While the internal structure of SKIPJACK must be classified in order to protect law enforcement and national security objectives, the strength of SKIPJACK against a cryptanalytic attack does not depend on the secrecy of the algorithm. Dr. Denning said that the reviewers plan to evaluate the entire key escrow system once final details become available. Key Escrow Agents The Department of Justice reported on the outline of the criteria the Attorney General will use when naming escrow agents. The escrow agents would be U.S. government agencies that posses the following attributes: 1) credibility with the public, 2) the ability to handle sensitive information, and 3) the ability to respond rapidly in an emergency situation. Key generation will be done at a secure facility and, for extra security, the key components will be encrypted prior to providing them to the escrow agents. Law Enforcement Requirements A panel of representatives of law enforcement presented their requirements for wire surveillance to the Board. They outlined the limited circumstances where a wiretap is used and the procedures involved in authorizing one. They endorsed the key escrow initiative because it provides the public with strong encryption to protect information, but allows law enforcement access when legally authorized. User Community Some members of the user community expressed their support for key escrow technology provided that the following issues be resolved: Vendors must be able to implement key escrow mechanisms; Export controls must be addressed; The government should take the lead in establishing interoperability standards; Key escrow data must remain under the control of the U.S. government; The integration of key escrow in foreign markets; and Administrative costs need to addressed. Escrow Encryption Standard/Escrow Procedures There was continued discussion of cryptographic issues during the September meeting. The Federal Information Processing Standard for an Escrowed Encryption Standard (EES) was discussed. The proposed standard specifies use of a symmetric-key encryption/decryption algorithm and a key escrowing method which are to be implemented in electronic devices and used for protecting certain unclassified government communications when such protection is required. The Department of Justice reported that the key escrow procedures are being developed and, when completed, will be publicly announced and put in the public domain. As of December 1993, The Department had not announced the selection of the key escrow agents. Federal Criteria and Evaluation Program The Board received a status report from Ms. Janet Cugini, Computer Security Division, NIST, on the Federal Criteria and Evaluation Program. NIST held a two-day workshop and Ms. Cugini related that there was a clear agreement among the participants that the document was severely deficient by not addressing distributed systems, networks, encryption, and PC security. The draft Federal Criteria document will become input to the new Common Criteria along with the Canadian Criteria and the ITSEC. Information Brokering The Social Security Administration (SSA) provided the Board with a video, developed in-house, documenting actual information brokering in SSA. The video presents actual SSA personnel going through the procedures for access control which led them to the brokering of SSA information by an SSA employee to an outside entity. National Information Infrastructure The Board was presented a view of the emerging National Information Infrastructure (NII) in the context of the ongoing Federal High Performance Computing and Communications (HPCC) program. The Administration announced its intention to use the HPCC as a foundation for developing a National Information Infrastructure drawing upon the wide variety of private sector groups discussing issues associated with the NII. The Board will study this activity. Cryptographic Wrap-Up The December meeting was intended as a wrap-up of cryptographic issues. The Board was presented the initial plans for a study by the National Research Council of the National Academy of Sciences, as mandated by Congress, on cryptographic technologies and national cryptography policy. The purpose of the study is to assess the effect of cryptographic technologies on: national security and law enforcement interests of the U.S. government; commercial interests of U.S. industry; and interests of U.S. industry of export controls on cryptographic technologies. NIST's Security Program Plan The Board examined NIST's Security Program Plan. Some of the major areas of the program include: cryptography and authentication; network security; security management; criteria and evaluation; and electronic commerce. Threats to Telecommunications Security The Board received a report on threats to telecommunications security from Mr. Rick Kuhn of NIST's Computer Systems Laboratory. Mr. Kuhn reported that typically, traditional and non- traditional threats cause significant government and industry concerns. Today's telecommunications environment of open network architecture means much grater access to the Public Switched Network (PSN); therefore, the PSN must be secure from accidental or malicious cause. III. Advisory Board Correspondence During 1993, the Board issued three letters: 1) to the Director, National Economic Council with regards to the economic aspects of federal cryptographic policies and standards upon American competitiveness, 2) the Acting Chief Counsel for Technology, NIST on the NIST-proposed patent agreement with Public Key Partners, and 3) the Deputy Director, NIST regarding his request to collect public comments on key escrow encryption. Exhibits The Board's correspondence and replies (when received) are included in the following exhibits: Exhibit I Answer from Jane L. Sullivan, Acting Deputy Assistant Secretary for Information Systems, Department of Treasury for Secretary Bentsen, concerning efforts to develop national policies for using public key cryptography. Exhibit II Letter dated, March 12, 1993, from Chairman Ware to the Honorable Robert E. Rubin, regarding the economic aspects of federal cryptographic policies and standards upon American competitiveness. Exhibit III Answer from Robert E. Rubin, thanking the Board for sending articles about the economic aspects of federal cryptographic policies and standards. Exhibit IV Letter dated, August 4, 1993, from Chairman Ware to Mr. Michael R. Rubin, regarding the terms of the NIST-proposed patent agreement with Public Key Partners. Exhibit V Letter dated, August 24, 1993, from Chairman Ware to Mr. Raymond G. Kammer, regarding the Board's June meeting being devoted to collecting public comments on the subject of the Administration's key escrow encryption technology. EXHIBIT I DEPARTMENT OF THE TREASURY WASHINGTON February 9, 1993 Mr. Willis H. Ware Chairman, National Computer System Security and Privacy Advisory Board (NCSSPAB) National Institute of Standards and Technology Gaithersburg, Maryland 20899 Dear Mr. Ware: I am responding to your letter dated, January 22, 1993, to Secretary Bentsen concerning efforts to develop national policies for using public key cryptography. The Treasury Department supports the need for a national examination of the issues raised in your letter. The technologies associated with public cryptography and digital signatures will enable the evolution of many strategic telecommunications programs in the government and the private sector. Many applications being planned for electronic commerce, electronic tax filing, and law enforcement will be supported by the Treasury Communications System (TCS) and will rely on cryptography for privacy and authentication. As you are aware, the Chief Information Officer, Internal Revenue Service, is a member of the NCSSPAB and has worked closely with Treasury Officials from my office and the Office of Security over the past few years on these issues. If you need additional information or have questions regarding Treasury policy regarding cryptography please contact Richard P. Riley, .Director of Security. If you need additional information on Treasury(5 plans to implement public key cryptography to support telecommunication requirements please contact Jim Flyzik, Director Office of Telecommunications Management. Sincerely, Jane L. Sullivan Acting Deputy Assistant Secretary for Information Systems EXHIBIT II COMPUTER SYSTEM SECURITY AND PRIVACY ADVISORY BOARD Established by the Computer Security Act of 1987 March 12, 1993 Honorable Robert Rubin Director, National Economic Council The White House Washington, DC 20500 Dear Mr. Rubin: Thank you for your recent letter. As you requested, please find enclosed recent articles regarding, the economic aspects of federal cryptographic policies and standards upon American competitiveness. These articles provide a broad perspective of the private sector views on federal cryptographic standards activities. Among other multi-national businesses, the U.S. software industry, with sales of $100 billion per year, has stated that federal cryptographic policies are restraining their ability to ship products to the export market which represents approximately half their customer base. Currently, little quantitative.data exists to document the economic impacts upon American industry of federal cryptographic activities. Despite the lack of hard figures, there are significant economic and societal consequences of this issue. You may wish to request the Department of Commerce to gather such information. In addition to loss of international market share, there is also a need to consider the economic impacts of federal cryptographic policies and standards, on American competitiveness. Federal policies will affect the ability of American industry to remain on the cutting edge of technology in order to compete effectively in world markets. Also, U.s. business is increasingly reliant upon cryptography to protect itself against industrial espionage, much of which is sponsored by the intelligence services of friendly governments. Executive Secretariat: Computer Systems Laboratory National Institute of Standards and Technology Technology Building, Room A154, Gaithersburg, MD 20899 Telephone (301) 975-3240 For example, many of the corporations comprising the State Department's Overseas Security Advisory Committee have lost sensitive information to active foreign intelligence efforts. While the interests of the law enforcement and intelligence communities have been adequately expressed and are even almost automatically understood, American business must also be allowed to present their legitimate concerns to the Administration. Please let me know if I may be of further assistance. Sincerely, Willis H. Ware, PhD Chairman Enclosures EXHIBIT III THE WHITE HOUSE WASHINGTON March 23, 1993 Willis H. Ware, Ph.D. Chairman The National Computer System Security and Privacy Advisory Board Technology Building Room B154 Gaithersburg, MD 20899 Dear Dr. Ware: Many thanks for sending me the articles about the economic aspects of federal cryptographic policies and standards. I appreciate the follow-up. Sincerely, Robert E. Rubin Assistant to the President for Economic Policy EXHIBIT IV THE NATIONAL COMPUTER SYSTEM SECURITY AND PRIVACY ADVISORY BOARD Established by the Computer Security Act of 1987 August 4, 1993 Mr. Michael R. Rubin Acting Chief Counsel for Technology National Institute of Standards and Technology Gaithersburg, MD 20899 Dear Mr. Rubin: As provided under the Computer Security Act of 1987 (PL 100-235), the Computer System Security and Privacy Board finds that the terms of the NIST-proposed patent agreement with Public Key Partners (PKP),,as announced in the Federal Register, may have latent consequences that would be negative for the country and the general public. The Board conveys the attached resolution to you as a formal response to the request for comment as provided in the announcement. The basis of our resolution is that we have been told that no economic analysis of the proposed exclusive license to PKP has been performed. Hence, the financial impact of the proposed license may have possible and major negative effects on the country and the widespread use of a public-key digital signature standard. The resolution, which was adopted by a 9-1 vote, reflects our concern that the proposed settlement may not be in the joint best interests of the government and the public. Sincerely, Willis H. Ware, PhD Chairman Attachment cc: Ray Kammer Executive Secretariat Computer Systems Laboratory National Institute of Standards and Technology Technology Building, Room B154, Gaithersburg, MD 20699 Telephone (301) 975-3240 COMPUTER SYSTEM SECURITY AND PRIVACY ADVISORY BOARD RESOLUTION #93-4 JULY 30, 1993 The Board is concerned that: 1. The original goal that the Digital Signature Standard would be available to the public on a royalty free basis has been lost; and 2. The economic consequences for the country have not been addressed in arriving at the Digital Signature Algorithm exclusive licensing arrangement with Public Key Partners, Inc. FOR: Castro, Colvin, Kuyers, Lambert, Lipner, Philcox, Walker, Whitehurst, Zeitler AGAINST: Gallagher ABSTAIN: none ABSENT: Gangemi, Rand EXHIBIT V THE NATIONAL COMPUTER SYSTEM SECURITY AND PRIVACY ADVISORY BOARD Established by the Computer Security Act of 1987 August 24, 1993 Mr. Raymond G. Kammer Deputy Director National Institute of Standards and Technology Gaithersburg, MD 20899 Dear Mr. Kammer: At your request, the Computer System Security and Privacy Board devoted its June meeting to collecting public comments on the subject of the Administration's key escrow encryption technology as well as broader issues of cryptographic policy. In all, we heard two days of public statements and received 58 written submissions from a wide range of individuals and groups representing industry, academia, privacy rights advocates, and private citizens. The statements, along with a document summarizing the major issues, are enclosed in this package. I hope this satisfies your objective in seeking the Board's assistance. If we can be of any further assistance in the cryptographic policy review, please do not hesitate to contact us. Sincerely, Willis H. Ware, PhD Chairman Enclosures cc: Director, OMB Director, NSA George Tenet, NSC Executive Secretariat: Computer Systems Laboratory National Institute of Standards and Technology Technology Building Room B154, Gaithersburg, MD 20899 Telephone (301) 975-3240 IV. 1994 Advisory Board Workplan I. INTRODUCTION This section sets forth the proposed 1994 work plan for the Computer System Security and Privacy Advisory Board (CSSPAB). This document, to be approved by the Advisory Board, is intended to be used as a planning guide for the Board's 1994 activities. The Board recognizes that other subjects not previously identified in this planning document may arise during 1994. The Board reserves the right to address any matter that pertains to its fundamental missions and may modify its program plan to meet evolving situations and changing priorities. II. APPROVED 1994 WORK ITEMS FOR CSSPAB A.Action Items. The Board will examine the following topics during its 1994 program year: A.1.Cryptographic Issues. In March 1992, the Board recommended a national level review of the use of cryptography for protecting unclassified information. During 1993 the Board devoted a large part of its efforts collecting public comment on the Administration's key escrow encryption initiative. The Board will continue to follow developments surrounding this important issue in 1994 with emphasis on the impact of cryptography on the National Information Infrastructure, the evolution of key escrow concepts and procedures and the Digital Signature Standard (DSS). In conjunction with this item, the Board will pursue these related topics: A.1.a.Public Key Cryptography. The Board will continue to review the progress in developing a Digital Signature Standard for use by the unclassified segment of the Federal Government. Of equal importance will be an examination of the infrastructure issues related to the use of public key cryptography by Federal agencies. Regardless of the algorithm to be selected as the basis for the standard, it is important that critical policy and technical alternatives be identified for managing the issuance and distribution of certificates. Which organizational entities of the Government should have operational responsibilities for the infrastructure? A.1.b.National Research Council has been charged in the 1994 Department of Defense Public Law 103-160 to conduct a Comprehensive Independent Study of National Cryptography Policy." The Board will track developments in this study and assist as it can in this realization of its March 1992 recommendation. A.1.c.Telecommunications Security. Law enforcement and national security interests have advocated legislation that might place limits on the security of the communications facilities available to the public. The Board will review the implications of current proposals for the security and privacy of computer and communications systems available to civil Government and the private sector. A.2.Council on National Information Infrastructure. The Board will work with the Advisory Council on the National Information Infrastructure (ACNII) in the area of Information Security aspects of the National Information Infrastructure. The CSSPAB will monitor the actions of the ACNII and the privacy and information security issues inherent in its development. A.3.Trusted System Criteria and Evaluation. The Board has been following the development of Federal Computer Security Evaluation Criteria. This criteria has now been advanced as part of the U.S. input into a new Common Criteria, involving U.S., Canadian, and European interests. The Common Criteria is expected to play a major role in the evolution of trusted system technology in the U.S. and internationally. The Board will closely follow developments with the Common Criteria, their relationship with the DoD Trusted Computer System Evaluation Criteria (TCSEC), and the mechanisms being evolved for the conduct of evaluations in the U.S. The following specific topic areas will be covered: A.4.Security Evaluation Process. The Draft NIST/NSA Work Plan on Trusted System Technology identifies the possibility of the NSA focusing on the higher levels of trust (B2 and above) and the NIST focusing on the lower levels of trust (C2 and B1), perhaps using the mechanisms of the National Voluntary Laboratory Accreditation Program (NVLAP). This suggestion may help increase the availability and timeliness of evaluated products at all levels by focusing attention and increasing resources available to specific areas. The Board will review the possibilities of this development through discussions and briefings from the NSA, the NIST, and civilian and defense organizations that would be affected by this split of responsibilities. One model for such an evaluation program might be the FIPS 140-1 cryptographic module product evaluation process. The Board will review this evolving process as part of its overall examination. A.5.Privacy. There is a continued interest in privacy issues in the public press with mixed signals coming from the general public, showing concern for privacy but unwillingness to pay for protection or be inconvenienced. The Board should review the measures that are needed or being taken by the Government to protect privacy in Federal programs and issue recommendations on what NIST and others should be doing to encourage protection of individual privacy. Specific briefings from agencies involved in handling personal information should be scheduled early in the year. The scope of this activity will also include monitoring developments in European privacy regulations to assess their potential impact upon U.S. entities. A.6.Implementation of the Computer Security Act. Subsumed under this heading are the various related issues the Board would like to address in 1994 including any proposed changes to the Computer Security Act of 1987, the role of the Inspectors General in computer security, and computer security training and its effectiveness. The Board will review the current status of OMB/NIST/NSA agency security planning visits and plans for follow-up activities. A.6.a.Risk and Threat Assessment. The Board will review the state of risk management practices in the Federal Government, and make recommendations on the process by which agencies evaluate their threat, vulnerability, and risk posture in the process of devising cost-effective programs of security measures. The Board will review the status of FIPS Publication 65, Guideline for ADP Risk Analysis, and of agencies' application of this guideline. The Board will review the product of the DCI Threat IV study, and consider the extent of its relevance and availability to civil agencies. The Board will develop recommendations on the availability of threat data to civil agencies and on their use of threat and vulnerability data to perform risk analysis and develop security programs. A.6.b.Electronic Commerce (EC) Security. Many Federal agencies are about to launch ambitious automation programs that will make extensive use of EC technology. There are significant security policy and technical issues that must be addressed to assure that the use of EC complies with the spirit and intent of the Computer Security Act and other existing computer security Government directives. The Board will address this issue both from a policy and technology perspective. B.Monitoring Activities. The Board has expressed a desire to maintain a continuing interest in various critical issues. The Board may choose to exercise its statutory reporting responsibilities if it believes that a specific issue has become sufficiently important to warrant such action. B.1.Changes in National Computer Security Policies. The Board will continue to receive written updates and briefings from the Executive Secretary on any pending or proposed changes in national computer security policies. This area will include the revision to Appendix III, Office of Management and Budget (OMB) Circular A-130, which the Board recognizes as a critical component in the foundation of security policy foundation for the Government's unclassified systems. B.2.Security and Open Systems. A major segment of the NIST Computer Systems Laboratory program is directed to achieving the concept of open systems. The Board will review the current status of security within the open systems context and seek to identify any critical areas where security issues may impede the full utilization of open systems. One frequently voiced problem area involves the lack of an adequate public key based cryptographic key distribution standard. Is this a valid concern and are there other security gaps that need to be addressed by NIST and other standards entities? B.3.Effective Use of Security Products and Features. A study conducted by the President's Council on Integrity and Efficiency indicated that many security functions and features were either unused or misused by system administrators and users. The experience of emergency response teams further bears this out. The Board would like to examine what must be done to change this and whether better guidelines, training, etc., are needed on how to use basic security tools and features designed into existing products. B.4.Status of Computer Emergency Response Capabilities in Civil Agencies. The Board has heard from several sectors of the U.S. Government that have organized highly effective emergency response teams and centers. How well prepared are other agencies such as HHS, HUD, etc., to handle computer emergencies? Is there a requirement for such agencies to establish such a capability? Periodic briefings on the use of a Computer Security Incident Response Capability (CSIRC) and what lessons can be learned to improve security would be useful. Since most incidents occur because accepted routine security practices are not followed, should this not be well publicized as an awareness or training tool? B.5.International Hacking. Cases of international hacking such as those that Cliff Stoll documented seem to keep occurring. Hackers continue to exploit the same old vulnerabilities that Stoll and many others have documented. Where is the accountability for taking care of known problems? Also, there appears to be continuing organizational confusion on the international hacking problem (i.e., who in the Government, if anyone, is or should be responsible?). B.6.Local Area Network (LAN) Security. Federal agencies are experiencing significant security problems with the utilization of LAN technology. The pace of the installation of this technology, combined with the security exposures resulting from the use of LANs, has created a new level of risk for Federal information systems. Another aspect of this issue will be the potential explosive growth in the installation of wireless LAN technology over the next few years. The Board will examine the LAN issue to determine what can be accomplished to improve the security of installed LANs and what research, policy, and/or other initiatives must be undertaken to effect a long term improvement in LAN security. B.7.Security and the Public Switched Network. A number of studies have highlighted the vulnerabilities of the public switched network. At the moment, much activity is taking place behind closed doors on this issue, particularly in the National Security Emergency Preparedness arena. At some point, this issue needs to be surfaced and examined by the Board. B.8.Citizen Access to Government Electronic Records. There is considerable discussion underway concerning this issue. A legislative proposal, S. 1940, "Electronic Freedom of Information Improvement Act of 1991," was recently introduced for Congressional consideration. The Board will examine the information system security and related privacy issues inherent in this important public policy debate. V. Conclusions During 1993, the Computer System Security and Privacy Advisory Board held meetings devoted to the "key escrow" encryption chip and the public use of cryptography and government cryptographic policies and regulations. In a response to a request from Mr. Ray Kammer, Deputy Director of NIST, the Board collected public input for the presidentially-directed review of national cryptographic policies. The Board also issued several resolutions on this issue. The Board also developed its work plan and priorities for 1993. With regard to cryptographic issues, the Board will continue to follow developments surrounding this important issue in 1994 with emphasis on the impact of cryptography on the National Information Infrastructure. While the Board has initiated an action plan to identify emerging computer security and privacy issues, much remains to be accomplished in successfully addressing the computer security challenges of the 1990s. Meeting of the Computer System Security and Privacy Advisory Board June 2-4. 1993 NIST, Administration Bldg. 101, Red Auditorium AGENDA WEDNESDAY, JUNE 2, 1993 I. INTRODUCTION 9:00 Welcome Lynn McNulty, Board Secretary II. SETTING THE STAGE 9:15 Opening Remarks Dr. Willis Ware, Chairman 9:30 Government Developed Key Escrow Chip Issues and Update Clint Brooks Advisor to the Director of NSA Ray Kammer Deputy Director, NIST Lynn McNulty Associate Director for Computer Security, NIST 10:15 BREAK III. PUBLIC INPUT ON CRYPTOGRAPHIC ISSUES 10:45 SESSION 1 LEGAL & CONSTITUTION ISSUES Moderator: Pat Gallagher Speakers Dwight Price National District Attorneys Association WEDNESDAY (continued) Marc Rotenberg Director, CPSR - Washington Office Michael Baum Consultant, Independent Monitoring Janlori Goldman Director, ACLU Privacy & Technology Project Kate Martin Director, ACLU Center for National Security Studies 12:30 Lunch 2:00 Escrow Key Technology Issues Professor Silvio Micali Massachuetts Institute of Technology 3:00 BREAK 3:15 SESSION 2 SOCIAL AND PUBLIC POLICY ISSUES Moderator: Hank Philcox Speakers Professor Lance Hoffman George Washington University Professor Dorothy Denning Georgetown University Donald Alvarez National Defense Science & Engineering Graduate Fellow, Princton University Addison M. Fischer Fischer International Systems, Inc. 4:30 Board Discussion 5:00 RECESS THURSDAY, JUNE 3, 1993 9:00 SESSION 3 PRIVACY Moderator: Willis Ware Speakers Wayne Madsen Computer Sciences Corportation Jerry Berman Electronic Frontier Foundation Daniel Weitzner Electronic Frontier Foundation Dave Banisar Policy analysist, CPSR - Washington Office 10:15 BREAK 10:45 SESSION 4 VENDOR AND BUSINESS PERSPECTIVES Opening Remarks Bill Whitehurst, Board Member Panel #1 11:00 Ilene Rosenthal Software Publisher s Association Bob Rarog Manager, Export Policy, DEC Jim Bidzos President, RSA Data Security, Inc. 12:00 LUNCH Thursday, (continued) 1:00 Panel #2 Ron Paglierani Open Software Foundation Fred Mailman Hewlett Packard Robert Hollyman President, Business Software Alliance Sharon Webb Secure Systems Oliver Smoot Executive Vice President, CBEMA 2:15 BREAK 2:35 SESSION 5 CRYPTOGRAPHY USERS PERSPECTIVES Moderator: Sandra Lambert Speakers Frank Sudia Bankers Trust Professor Pete Wagner Georgetown University ] Geoff Turner ManTech 3:30 General Comments W. Mark Lloyd Toolmaker, Inc. Bill Murray Executive Consultant, Deloitte & Touche 4:00 Speak Out - (5min. max. per person) 5:00 RECESS Friday, June 4, 1993 IV. Other Business 9:00 Board Discussion 10:00 BREAK 10:15 Federal Critera Briefing Stu Katzke, NIST 11:00 Discussion 12:00 ADJOURN --------------------------------- Next Meeting September 1-2, 1993 Hyatt Regency Baltimore, MD MINUTES OF THE JUNE 2-4, 1993 MEETING OF THE COMPUTER SYSTEM SECURITY AND PRIVACY ADVISORY BOARD Wednesday, June 2, 1993 Call to Order A quorum being present, the Chairman, Dr. Willis Ware, called the meeting to order at 9:00 a.m. in the Red Auditorium of the Administration Building at NIST. In addition to Dr. Ware, the following members were present: Cris Castro, Patrick Gallagher, Don Gangemi, John Kuyers, Sandra Lambert, Steve Lipner, Henry Philcox, Cynthia Rand, Steve Walker, Bill Whitehurst, and Eddie Zeitler. The entire meeting was held in open, public session. Opening Remarks Mr. Lynn McNulty, Executive Secretary, welcomed the Board, speakers and members of the audience. He stated that the Board has been asked to collect public input for the presidentially- directed review of national cryptographic policies. (See Reference #1.) This meeting would be devoted to the "key escrow" encryption chip, and more broadly, to public use of cryptography and government cryptographic policies and regulations. He announced that all sessions of the meeting would be taped and transcribed by a court reporter. Dr. Ware stated to the Board that it was to address cryptography in its fullest scope, not just focus on the recent announcements regarding key escrow encryption technology. He added that the term "Clipper" has been found to be a registered trademark but noted that it was likely to be used to refer to the government developed key escrow encryption technology during the course of the meeting. Key Escrow Encryption Chip Issues and Update Mr. Ray Kammer, Deputy Director of NIST, briefed the Board on the status of the panel of cryptographers who have been invited to evaluate the SKIPJACK algorithm used in the key escrow encryption chip. Three invitations were accepted and two were turned down. Mr. Kammer stated that the Clipper trademark issue was under review and that the Attorney General was in process of considering escrow agents and procedures. He informed the Board that the President has directed the National Security Council to lead the study group considering the key escrow and cryptography issues and that the group was beginning to review options. Mr. Kammer was asked about an article in the Washington Post reporting that the Administration was considering banning all encryption devices other than Clipper. He replied that this is just one of many wide ranging options under consideration and that no decision had been made yet. Dr. Clint Brooks, Advisor to the Director of NSA, made some remarks regarding NSA role in development of the key escrow encryption chip. He stated that when NSA was asked to get involved, they had two goals; 1) to provide good solid security protect U.S. citizens, and 2) to offer some balance by providing law enforcement access. Mr. McNulty provided an update on current federal standards and proposed standard related to cryptography. NIST intends to recommend reaffirmation of FIPS 46, t~ Data Encryption Standard (DES) for another five-year period. FIPS 140-1, the o federal standard 1027 was sent to the Secretary of Commerce for final approval. T~ Secretary of Commerce has approved the Secure Hash Standard (SHS), which will L published next month as FIPS 180. Mr. McNulty reported that the Digital Signature Standard (DSS) is close to completion. NlST is in the process of resolving the patent issues that came up in the public comment period initiated in August 1991. During the question period, Dr. Brooks was asked to respond to rumors that AT& had developed a chip with stronger encryption than DES but NSA pressured them accept Clipper as a substitute. He replied that AT&T's involvement developed follows: 1) NSA was working with NIST on the key escrow encryption chip; 2) AT& was developing independently a DES-based chip for their secure telephones. D Brooks stated he did-not know if it was a faster chip. 3) AT&T came to NSA expressing concerns about national security, and NSA informed them about the key escrow encryption chip. 4) AT&T decided that since the chip was on a course become a federal standard they would use it instead. He added that Motorola initiate discussions with NSA as well. Dr. Ware asked if the key escrow technique could be used under existing laws. D Brooks replied that he believed that this was the case. He also stated that the SKlPJACK algorithm has-been under development since 1985. He added that NSA will consider its use with classified information. He stated that work on Capstone began in September of 1991. When AT&T came along with their product, NSA split out the encryption key exchange part of the chip for use in the AT&T telephones. The Board posed additional questions about exportability and key management costs the chip. These questions are being considered as part of the interagency review, the speakers noted. Session 1: Legal and Constitutional Issues A panel of legal and constitutional experts presented their views on the key escrow initiative to the Board. First, Mr. Michael Baum, a consultant with the Independent Monitoring Board expressed his personal views: 1) Inadequate time has been allotted to understanding the issues involved. It will be January 1994 before the America Bar Association could even pass a resolution on this issue. 2) Constitutional issue have not been adequately examined. 3) The relationship of the escrow agents to the Professor Silvio Micali of the Massachusetts Institute of Technology compared the government proposed key escrow system to his own "Fair Public-Key Cryptosystem" (Fair PKC). (See Reference #4.) Dr. Micali stated that a better technical solution could be found to bridge the gap between the demands for absolute privacy and law enforcement access. His Fair PKC features an encrypted secret key which can be broken into three or more components that could then be escrowed with entities of the owner's choosing. Once the secret key components are escrowed, the trustees would publish the owner's public key so that he or she could receive encrypted messages. The system could be implemented in hardware or software. Dr. Micali stated that the chief benefit of the Fair PKC is that it accomplishes the same goals as Clipper with citizens always in control. Session 2: Social and Public Policy Issues Professor Lance Hoffman of George Washington University presented his views on the key escrow initiative. (See Reference #5.) He began by stating that while Clipper does promise some privacy for users of the digital telephone network, it also threatens existing, individual rights to privacy. He noted that those who wished un-escrowed confidentiality would find such encryption methods available around the world. He expressed concern that the government might seek to ban non- escrowed encryption. Such an action would have a negative effect on individual freedom and might even encourage contempt for law enforcement on the digital network. Dr. Hoffman closed by calling for an open public review, congressional hearings, and other discussions in an open, inclusive manner. In response to a question, he stated that he would welcome legislation in this area. Professor Dorothy Denning of Georgetown University expressed her view that the initiative is an excellent approach to balancing the needs of the individual against the needs of society. (See Reference #6.) She stated that the Clipper chip provides a strong level of encryption and that the algorithm should remain classified to protect the key escrow feature. She stated that Clipper allows the government to promote widespread use of encryption and that will result in great privacy. The key escrow procedure adds extra layer of protection to the existing wiretap statues, she stated. Dr. Denning defended the use of wiretaps as an essential tool for law enforcement. She also stated that she is uncertain whether a voluntary program would succeed and that Congress should consider legislation. She believes-the government has a role in regulating and controlling encryption technology, and that it should act before use of encryption becomes widespread. Next, Mr. Donald Alvarez, National Defense Science and Engineering Fellow at Princeton University, described six methods that an opponent could penetrate the Clipper/Capstone system as it is currently configured. (See Reference #7.) He stated that he believes that the needs of law enforcement and the privacy concerns of citizens can be met by an encryption standard based on the Clipper/Capstone system if changes are made to protect the system from these attacks. Mr. Addison Fischer of Fischer International Systems, a producer of cryptographic software and hardware, expressed his company's views on Clipper technology. (See Reference #8.) He stated that he was encouraged to see that the threat of back doors has been replaced by a key escrow mechanism where the system can be legally and selectively penetrated. He stated that he views banning encryption as a violation of the First Amendment, but that the government has some role in controlling such technology. On the surface, Clipper appears to be a reasonable balance, he stated, if some outstanding issues could be resolved. He listed the following concerns: 1) possible misuse or compromise of escrowed key halves through abuse of political power or bribery, 2) the fact that the algorithm can not be implemented in software, 3) probable rejection of Clipper by foreign markets. As a result, telephonic encryption will evolve into separate nationalistic pockets. During discussion, Mr. Castro raised the issue of U.S. import laws regarding cryptography. Mr. Fischer said he was not aware that such import laws existed. As a vendor, he would like to see more import laws restricting entry of products into the U.S. because currently his competitors can sell worldwide. Mr. Alvarez said such a plan amounts to going into a trade war with yourself. Dr. Hoffman stated that there are import regulations which he encountered when he tried to import an encryption product. However, he recently was able to buy an encryption product from a German firm with offices in the U.S. All of the speakers agreed that there is a need to balance the interests of law enforcement with the privacy of the individual. Dr. Alvarez stated the real issue is not how to give law enforcement access but how to set up a system that has secure and believable checks and balances to prevent abuse. Board Discussion A discussion was held about what tasks the Board was expected to accomplish in the next two days. Mr. McNulty stated as a base, that the Board was expected to produce a summary of the statements presented at this meetings. Several members of the Board expressed a desire to meet again before the interagency panel in charge of the presidentially directed review completes its work. Mr. Kammer suggested that a meeting in July or August was a possibility. Some members expressed frustration that this meeting was in some way being used as a substitute for the public national cryptography policy review called for by the Board. The Board asked the Secretary to check with the individuals coordinating the interagency review to see if they are holding to their scheduled completion date at the end of August. (ACTION - SECRETARY) Mr. Walker suggested that the entire Board hear the briefing on the key escrow initiative that was given by the Administration on April 24. Mr. McNulty agreed to make an informational presentation the following morning. Mr. McNulty was asked to clarify the objectives of the interagency review. He replied that as part of the key escrow initiative, the President's directive called for a review of national encryption policies. The full specifications for that review are detailed in a privileged executive branch document. The review encompasses the following information: trends in telecommunications technology, trends in encryption technology, issues in export control, examination of the policy and implementation of the key escrow procedures. The NSC staff that is managing the review sought public comment and discussion as advisory input to the review in accordance with the President's directive. They specifically asked this Advisory Board to assist in the conduct of the review by collecting and synthesizing public positions in part because it is a fully chartered Board under the Federal Advisory Committee Act. If the Board wishes to make its own recommendations in addition to this task, Mr. McNulty stated, it has the statutory ability to do so. The meeting then recessed for the day. Thursday, June 3, 1993 Key Escrow Encryption Briefing With the presence of a quorum, the session began with a briefing by Mr. McNulty on the government's key escrow encryption chip. (See Reference #9.) In response to a question, Mr. McNulty stated that NIST intends to validate the Clipper and Capstone implementations of key escrow through the FIPS 140-1 evaluation process. Session 3: Privacy Mr. Wayne Madsen of the Computer Sciences Corporation provided a review of issues in the privacy arena. (See Reference #10) He listed the influence of the Direct Mail Association, the presence of "information brokers who sell information from government databases to the private sector, disclosures about the LAPD secret files on individuals, and abuse of social security numbers as areas of concern. International issues include wiretapping scandals involving eavesdropping of opposition politicians as was recently disclosed in France, stories about Britain's royal family, problems in Eastern Europe involving the STASI and other secret police files, and oppressive data surveillance. Mr. Jerry Berman, Executive Director of the Electronic Frontier Foundation (EFF) appeared on behalf of the Digital Privacy and Security Working Group. He presented the Board with the 114 questions regarding the key escrow encryption chip that the Working Group had sent to the White House. (See Reference #11.) Mr. Berman was followed by Daniel Weitzner, also of EFF, who summarized the organization's concerns about privacy rights as they relate to key escrow encryption. (See Reference #12.) Mr. Weitzner made the following points in his presentation: 1) Wiretapping has always been regarded as an exceptional case under Fourth Amendment law. 2) There is a "fuzzy line" emerging between searches for papers and wiretaps. 3) The escrow system proposed by the Administration raises the possibility that everyone who uses it will be waiving their Fifth Amendment right against self-incrimination. 4) A mandatory encryption scheme raises serious First Amendment concerns. During the question period, Mr. Berman stated that EFF sees a need for robust and secure encryption to protect privacy. He also stated that his organization has concluded that the key escrow system will not work unless it is mandatory, so they believe the government will seek to legislate its use. He commented that with advances in technology, law enforcement may have to accept encryption and find other ways of conducting investigations. Mr. Dave Banisar, Policy Analyst with CPSR, presented an analysis of electronic surveillance carried out by the FBI. (See Reference #13.) He stated that statistics obtained from the Justice Department raise questions about the utility of wiretapping: 1) In the last 24 years there has been a substantial increase in the cost of wiretapping, 2) The number of conversations intercepted per tap has increased. 3) The number of incriminating conversations has not increased, and 4) The arrest level seems unrelated to the number of taps. Mr. Banisar estimated the cost of wiretapping at $46,000 per year for each tap. He noted that these statistics do not include wiretaps conducted under the Foreign Intelligence Surveillance Act. Session 4: Vendor and Business Perspectives Panel #1 Ms. llene Rosenthal, General Counsel of the Software Publishers Association (SPA), provided that organization's input on export issues and key escrow technology. (See Reference #14.) She made six points during her presentation: 1) The U.S. no longer dominates the encryption field. As part of their survey of commercially available encryption products, the SPA found 143 foreign products versus 133 domestic. Of the 80 foreign products studied, 48 employ DES. 2) Current U.S. export laws do not make sense given the widespread use of foreign encryption programs and products. Ms. Rosenthal pointed to the wide availability of DES and IDEA on the Internet as examples. 3) Demand for encryption is growing. 4) U.S. software companies have suffered economic losses as a result of U.S. export controls. 5) Clipper/Capstone must not be used as an excuse to delay export liberalization. 6) SPA is concerned that Clipper use might be made mandatory, that it cannot be implemented in software, and that it will not be accepted in foreign markets. Mr. Bob Rarog, Manager, Export Policy for Digital Equipment Corporation, provided the Board with an overview of export controls in other countries, focusing on Britain, Japan, France, German and Holland. (See Reference #15.) Mr. Rarog also spoke on behalf of the Industry Coalition on Technology Transfer. Mr. Rarog outlined some of the problems his company faces as a result of export controls, including compliance costs, difficulties with joint ventures, and lost leveraged sales. Mr. Rarog stated that Clipper does little to address the problems of export controls on encryption. He agreed with the SPA's assessment that there would be little foreign demand for Clipper and expressed concern that use of Clipper would be made mandatory, stating that such an action would force manufacturers to add costs to their products that would hurt them in foreign markets. He also recommended that no export controls by placed on Clipper. Mr. Jim Bidzos, President of RSA Data Security, Inc., summarized his company's views on key escrow encryption for the Board (See Reference #16.) Key escrow is not new, he stated; the government has been trying to control encryption for at least 16 years. The government can influence technology through export controls, standards, legislation, and market power. The escrow system is not secure since it can be compromised by bribing three people. Mr. Bidzos stated that the key policy issue to be addressed is: What kind of security are we going to have: escrowed, marginal, or trap door? He expects that Clipper will negatively impact U.S. competitiveness because it cannot be accepted as an international standard, it can't be implemented in software, and there are hidden costs of integrating it into products. In response to a question, Mr. Bidzos stated that industry needed at least six months to study the economic impact of the proposal before it should proceed. Panel #2 Mr. Ron Paglierani, Vice President and General Counsel of the Open Software Foundation (OSF), provided his organization's perspective on U.S. export regulations. (See Reference #17.) OSF is a not-for-profit joint research and development venture formed for the purpose of developing and implementing open systems. OSF has developed the Digital Computing Environment (DCE) which contains an implementation of the DES algorithm. In order to ship DCE in source code to their customers abroad, they must strip it of DES capability. These customers then have two options: no security feature or implementing an alternative encryption scheme that will be incompatible with U.S based nodes. Mr. Paglierani stated that there is a thriving industry in Europe that specializes in reinstalling DES, so he feels that the export controls serve no apparent purpose. Mr. Fred Mailman, Export Manager at Hewlett Packard, described Hewlett Packard's experience with export of DCE. (See Reference #18.) He stated that Hewlett Packard has created two versions of DCE--one with total DES security implemented for the domestic market and one with DES for access control and authentication only for export. Despite these measures, Hewlett Packard is required to obtain a license for every export of the international version, and they cannot export it in source code. In addition to the costs of maintaining two versions, this situation has created interoperability and support problems for Hewlett Packard. In response to a question, Mr. Mailman stated that he thought DES should be treated as a dual-use item by the export agencies. The Business Software Alliance (BSA) was represented by Mr. Robert Holleyman. (See Reference #19.) In his presentation, he highlighted three points: 1) The U.S. software industry is a major contributor to the U.S. economy. According to a report prepared for BSA by Economists Incorporated, the software industry accounts for $36.7 billion in value added to the U.S. economy in 1992. (See Reference #20.) 2) A critical component of the information infrastructure will be software, and that software will require security features. 3) Customers are demanding encryption, specifically with DES or a comparable algorithm. 4) Clipper/Capstone does not meet this demand because it is not available in software, the public cannot be assured at this time of its reliability and security, and it is not compatible with the installed base of DES, RC2, RC4 and other encryption regimes, all of which have international acceptance. Mr. Holleyman was accompanied by Ms. Melinda Brown, Counsel with Lotus Corporation. Ms. Brown detailed some of the export problems experienced by Lotus. For example, one of their customers went through a ten month process to obtain an individual export license. Ms. Brown stated that Lotus has lost sales to non-military commercial entities in Western Europe. Lotus feels that not only Clipper will close down the foreign market which represents 50% of their revenue, but it will seriously hurt the domestic market as well. In response to a question, Ms. Brown stated that foreign customers have expressed dissatisfaction with the RC2/RC4 version of Notes. Ms. Sharon Webb, CEO of Secure Systems Group, presented the Board with another vendor perspective. (See Reference #21.) She stated that of Mr. Rarog's list of DES products available abroad, she knows of four that are sold in competition with her company's products in the U.S. One of the products listed as available in the U.K. is actually produced by her company. She stated that it took ten months for her company to go through the munitions control licensing process and by then the sales opportunity was lost. She closed by stating that the only asset the U.S. has of great value is its information, and the only way to protect that information is through encryption. She urged the Board to recommend the decontrol of DES encryption products. Mr. Oliver Smoot, Executive Vice President of the Computer and Business Equipment Manufacturer's Association (CBEMA), summarized his organization's position on cryptographic policy. (See Reference #22.) He made the following points: 1) CBEMA questions whether Americans will accept Clipper where every telephone call, electronic mailing and fax transmission would be open to government interception. 2) Foreign marketability, foreign availability, international and foreign standards and export controls must be looked at. Mr. Smoot called for an independent panel reflecting broad cross-section of U.S. expertise to review the algorithm and the key escrow process. 3) Clipper is incompatible with the installed base of CBEMA's members, requiring retrofit or replacement of all encryption hardware. 4) If Clipper is not exportable, there will be costs involved in developing and maintaining two product lines. 5) No distinction has been made between voice and data transmission. 6) Most foreign countries impose less restrictive controls on encryption products, resulting in highly competitive data security industry abroad. During discussion, Mr. Castro commented that the Board has not heard from law enforcement about their needs and requirements for Clipper. He also noted that AT&T was asked to appear, but declined. He stated that so far no business case has been presented in support of key escrow technology. Ms. Webb added that there has been no dialogue among law enforcement, vendors and other government agencies about alternatives to Clipper. Session 5: Crytoqraphic Users' Perspectives Frank Sudia, Vice President of Banker's Trust, offered his company's views on the Clipper proposal and export issues in general. (See Reference #23.) They are as follows: 1) Bankers Trust recommends a 12-month period for thorough review of the proposal, and to encompass the issue of the national information infrastructure. Coordination with other governments is needed. 2) A hardware- based algorithm will interject the government into the computer hardware market. 3) NlST should turn its attention to making PCs tamper resistant. 4) The banking industry has a significant investment in a DES-based worldwide network. Clipper is incompatible with that network. 5) Implementers would prefer a software implementation because it is cheaper, and easier to administer and install, and 6) The escrow system needs to be better thought out; non-governmental escrow.agents should be considered. Mr. Sudia closed by stating that it is crucial that the U.S. develop a technically strong and commercially viable national cryptographic policy, covering both authentication and privacy to ensure the success of the information-based economy. Dr. Peter Wayner, Professor of Computer Science at Georgetown University, began his presentation by stating that Clipper will add $75-100 to the cost of a device. (See Reference #24.) In the current market, this will create a problem because manufacturers are trying to keep their standard configurations as low as possible. A software implementation would be a far less expensive option, he stated. Dr. Wayner expressed the concern that if the key escrow system is compromised (which could be done by bribing two people, he stated), every key in the country must be replaced. This amounts to 250 million telephones and 50 million computers. He also fears that the U.S. would provide keys to other Western nations that could use that information to carry out industrial espionage. Mr. Geoff Turner, Technical Director of ManTech Strategic Associates, spoke on behalf of the Information Systems Security Association (155A). (See Reference #25.) He stated that the security industry views cryptography as an essential tool. Use of cryptography is becoming more common, even in mainstream products. Mr. Turner cited the following statistics from an 155A study of loss incidents of proprietary information: 589 incidents, with a net loss of $1.8 billion. Export restrictions are not just hurting vendors, they are harming U.S. user industries, he added. Mr. Turner stated that the key escrow concept has potential, but the government's proposal is not well-suited to business objectives because the algorithm is secret and the keys would not be under the control of the users. He also foresees problems with the security of the manufacturing and distribution process. Mr. Turner stated that the government's policy may lead to a ban on other types of encryption. This action would cause great damage to U.S. competitiveness, he stated. In addition, he stated that the U.S government should not use a commercial cryptographic algorithm to protect defense information because it puts the business user at risk internationally. Finally, Mr. Turner stated that a national cryptography review is needed, and that the interagency task force reporting to the National Security Council is not the proper mechanism for such a review. The NSC cannot resolve on its own the conflict between the national security community, now joined by law enforcement, and the requirements for privacy and openness in commercial cryptographic uses. Congress should be involved in this process. In the ensuing discussion, the option of having more than two key components was raised. Mr. Turner stated that from a business perspective he would not feel comfortable with the government having more than one key. Ms. Lambert stated that most banks would prefer to hold their own keys. Mr. Zeitler commented that he does not see why a financial institution would buy this technology where the government would hold the keys and the technology is only good in a local environment. General Comments Mr. W. Mark Lloyd represented Toolmaker, Inc., a consulting and engineering corporation that produces computer security products and services. (See Reference #26.) He stated that his company has deep reservation about the secrecy of the SKlPJACK algorithm. He stated his belief that the algorithm is being kept secret because it would provide an advantage in attacking the system, and described two possible ways of attacking the system once the family key is known. Mr. Lloyd also stated that the key escrow chip is not exportable. Mr. William Murray, Executive Consultant to Deloitte & Touche, expressed his personal views on the key escrow initiative. (See Reference #27.) Mr. Murray stated that the worldwide digital network that is being built will be vulnerable to eavesdropping and spoofing. Digital signatures and logical envelopes will be essential in this network environment. People must have trust in the codes that they are using to protect information. Right now DES is the trusted code. This was achieved through government soliciting a private proposal for a public algorithm and then submitting it to third party review. SKlPJACK will not be trusted because the policy making was done in secret. Mr. Murray urged the Board to recommend repeal of export restrictions on cryptography, to promote a policy of public mechanisms, and to return to the open process by which the DES was adopted. Public Participation During this period, members of the public who had signed up during the two days of sessions were afforded the opportunity to speak to the Board. (See Reference #28.) Four individuals addressed the Board. Mr. Wayne Madsen brought up the subject of an international common criteria. He objected to the fact that of the six member Editorial Committee, only one member represents the civil agencies of government and the commercial sector. The other members are from the national security community. Mr. Madsen also raised the issue of whether this group is developing trade policies without consulting the Department of Commerce. and the U.S. Trade Representative. Next, Mr. Robert Jueneman addressed the Board. He stated that cryptography was well known at the time the Constitution was written, and the First, Ninth and Tenth Amendments are relevant to the cryptography debate. He noted that good encryption is becoming increasingly more cost effective. He questioned whether the economic and social costs of implementing Clipper are worth the few hundred convictions that it might produce. Mr. Vince Cerf, President of the Internet Society and Vice President of the Corporation for National Research Initiatives, expressed his personal opinion of the Clipper initiative, as follows: 1) It is well- intentioned, but rather hasty. 2) The algorithm should be made public. 3) The national information infrastructure should be created with tools and technologies that can be used globally, and 4) The U.S. should reconsider the export controls on RSA and DES. Ms. Sharon Webb, CEO of Secure Systems and Director for Legislative Affairs for the National Computer Security Association, spoke on behalf of both of those organizations. She stated that these organizations seek decontrol of DES and to loosen the controls of compression algorithms in order to further their global market share. She noted that NlST fulfilled its mission of developing a single public standard for protecting sensitive government and private sector information when it certified DES and recommended that it now turn to developing an interoperable international standard. She closed by noting that Frost and Sullivan estimates that the European market for information security technology will be $2 billion by 1995. Software will account for $1.4 billion, with one third in encryption. Thus, the broadening of the export market is vital to the U.S. information security industry. Board Discussion The Chairman called for a motion to approve the Board's annual report. A motion to this effect was made, seconded, and passed. Mr. McNulty addressed Mr. Walker's question from the previous day about the timeline for the interagency review. He stated that the deadlines have not been changed from those set in the Presidential directive. There was a brief discussion of whether this meeting was sufficient for gathering public input. The meeting then recessed for the day. Friday. June 4, 1993 Board Discussion With the presence of a quorum, the session began with a discussion about scheduling a July meeting. It was felt that it was more important for the Board to have a substantive discussion of the issues and make recommendations than to gather more input at regional meetings. Board members echoed the concern expressed by many of the presenters that not enough time had been allocated to conduct a thorough review of cryptographic policy. A motion expressing this view and calling for a July meeting was made and seconded. During discussion, it was suggested that the Board provide a summary of the issues raised to satisfy Mr. Kammer's request and support its position that more time is needed. A short recess was taken, after which a revised motion was presented to the Board. The motion was passed unanimously. (See Attachment #1.) Discussion turned to a resolution drafted by Ms. Lambert recommending that key escrow technology not be implemented until the policy and technical issues involved are fully understood. The motion was made and seconded. During discussion it was suggested that the motion be changed to reflect the fact that the Administration already has key escrow encryption telephones on order for use in the government. With this revision, the motion was passed with the sole objection of Mr. Gallagher. (See Attachment #2.) Federal Criteria Briefing Dr. Stu Katkze, Chief of the Computer Security Division of NIST, updated the Board on the common criteria effort which evolved from work on the federal criteria. (Reference #28.) The Common Criteria Editorial Board, which consists of six senior technical experts, will take the lTSEC and TCSEC and develop one version from chat. A draft is expected six months from now. If the common criteria document meets with approval, NlST plans to make it a FlPS. At 12:05 p.m., Dr. Ware stopped the briefing, with apologies to Dr. Katkze, because of the need to vacate the room. Dr. Ware requested that Dr. Katkze's presentation be rescheduled for a future meeting. (ACTION - SECRETARY) The meeting was adjourned at 12:10 p.m. Attachments #1 - Resolution #2 - Resolution References Lynn McNulty #1 - Kammer letter Secretary #2 - ACLU statement #3 - CPSR - Rotenberg presentation #4 - Micali presentation #5 - Hoffman statement CERTIFIED as a true #6 - Denning statement accurate summary of #7 - Alvarez presentation the meeting #8 - Fischer statement #9 - McNulty briefing #10 - Madsen presentation #11 - Digital Privacy and Working Group questions Willis Ware #12 - EFF - Weitzner presentation Chairman #13 - CPSR - Banisar presentation #14 - SPA - Rosenthal statement #15 - Rarog statement #16 - RSA - Bidzos statement #17 - OSF - Paglierani statement #18 - Mailman statement #19 - BSA - Holleyman statement #20 - BSA report #21 - Webb statement #22 - CBEMA statement #23 - Sudia statement #24 - Wayner statement #25 - Turner statement #26 - Lloyd statement #27 - Murray statement #28 - Katkze briefingMeeting of the Computer System Security and Privacy Advisory Board July 29-30, 1993 NIST, Administration Bldg. 101, Green Auditorium AGENDA THURSDAY, JULY 29, 1993 I. INTRODUCTION 9:00 Welcome & Review of Events Since June Meeting Lynn McNulty, Board Secretary 9:15 Opening Remarks Dr. Willis Ware, Chairman II. UPDATE 9:30 Status Report on the Algorithm Review Professor Dorothy Denning, Georgetown University 10:00 BREAK 10:30 Briefing on Key Escrow Procedures Geoff Greiveldinger, Department of Justice 10:50 Briefing on NIST/PKP Proposed Licensing Agreement Mike Rubin, NIST Bob Foungner, PKP Lynn McNulty, NIST III. Technology Briefings 11:15 Global Security Market Requirements & U.S. Competitiveness Bill Ferguson, Semaphore Communications Corp. 11:45 Key Escrowing Chips Dr. Clinton C. Brooks, Assistant to the Director , NSA 12:05 Status of AT&T Telephone Security Product Line Mike Agee, AT&T 12:30 LUNCH THURSDAY, JULY 29, 1993 (cont.) IV. VIEWS OF THE LAW ENFORCEMENT COMMUNITY ON CRYPTOGRAPHY MODERATOR Bill Colvin, Board Member 1:30 Jim Kallstorm, FBI John Kaye Repesentative from National District Attorney s Association TBA Representative from National Association of Attorney s General Bud Meeks Representative from International Association of Chiefs of Police 3:30 BREAK 3:45 Board Discussion 5:00 RECESS FRIDAY, JULY, 30, 1993 V. EXPORT CONTROL AND OTHER ISSUES 9:00 Export Laws for Encryption Allan Suchinsky, Department of State 9:45 Activities of the Digital Privacy & Security Working Group David Johnson & Leah Gurowitz, Electronic Frontier Foundation 10:30 BREAK VI. POTENTIAL USER S OF CLIPPER TECHNOLOGY 10:45 Edward Regan, VP Chemical Bank Representative from U.S. Council for International Business Chris Sundt, ICL, Ltd. Bob Powers, MCI Representative from The Institute of Electrical and Electronics Engineering (IEEE) Ed O Malley, MCI Representative from the Overseas Security Advisory Committee (OSAC) 12:00 LUNCH VII. GOVERNMENT BRIEFINGS 1:30 Escrowed Encryption Standard Miles Smid, NIST 2:00 Administration View John Podesta, Assistant to the President & Staff Secretary 2:45 BREAK 3:00 Public Participation - (5 min. maximum per speaker) 3:30 Board Discussion 5:00 ADJOURN ________________ Next Meeting September 1-2, 1993 Hyatt Regency - Baltimore, MD MINUTES OF THE JULY 29-30, 1993 MEETING OF THE COMPUTER SYSTEM SECURITY AND PRIVACY ADVISORY BOARD Thursday, July 29, 1993 Call to Order A quorum being present, the Chairman, Dr. Willis Ware, called the meeting to order at 9:25 a.m. in the Green Auditorium of the Administration Building at NIST. In addition to Dr. Ware, the following members were present: Cris Castro, Bill Colvin, Patrick Gallagher, John Kuyers, Sandra Lambert, Steve Lipner, Henry Philcox, Steve Walker, Bill Whitehurst, and Eddie Zeitler. The entire meeting was held in open, public session. Opening Remarks Mr. Lynn McNulty, Executive Secretary, welcomed the Board, speakers and members of the audience. He announced that the Administration had prepared a compendium of frequently asked questions regarding the key escrow encryption initiative and that this document was available to the public. (See Reference #1.) Dr. Ware stated that this meeting was a continuation of the June meeting which, as requested by Mr. Ray Kammer of NIST, was devoted to collecting public comment on the key escrow encryption initiative. The Board has two tasks in this regard, he stated: 1) to provide a record of the meetings and 2) to deliver its own input, if desired. Mr. Walker asked Mr. McNulty when the Administration's interagency review would be complete, since that would affect the timing of the Board's actions. The audience was notified that the meeting was being audio and videotaped. Status Report on the Algorithm Review Dr. Dorothy Denning of Georgetown University provided the Board with an interim report on the SKIPJACK algorithm by outside experts. (See Reference #2.) The algorithm was reviewed by Dr. Denning, Dr. Ernest F. Brickell of Sandia National Laboratories, Dr. Stephen T. Kent of BBN Communications Corporation, Dr. David P. Maher of AT&T, and Dr. Walter Tuchman of Amperif Corporation. The reviewers agreed to publish a joint report. Dr. Denning reported the following conclusions: 1) There is no significant risk that SKIPJACK will be broken by exhaustive search in the next 30-40 years. 2) There is no significant risk that SKIPJACK can be broken through a shortcut method of attack. 3) While the internal structure of SKIPJACK must be classified in order to protect law enforcement and national security objectives, the strength of SKIPJACK against a cryptanalytic attack does not depend on the secrecy of the algorithm. Dr. Denning reported that the reviewers plan to evaluate the entire key escrow system once final details are available. She agreed to report back to the Board when the evaluation is complete. Briefing on Key Escrow Procedures Mr. Geoffrey Greiveldinger, Special Counsel, Narcotic and Dangerous Drug Section, Department of Justice, outlined the criteria the Attorney General will use when naming escrow agents. He stated that the escrow agents would be U.S. government agencies that possessed the following attributes: 1) credibility with the public, 2) the ability to handle sensitive information, and 3) the ability to respond rapidly in an emergency situation. Mr. Greiveldinger added that key generation will be done at a secure facility and, for extra security, the key components will be encrypted when they are given to the escrow agents. The escrow agents will be required to make a copy of the encrypted key components for offsite storage to prevent loss from fire or other accident. These escrow agents will not be told the identity of the wiretap target; requests will be made according to the serial number of the device. During discussion, Board members raised questions about control of the decryption boxes used to combine the key components. Mr. Lipner suggested that the algorithm review committee examine this feature as part of their evaluation of the entire escrow system. Mr. McNulty responded to Mr. Walker's earlier question by noting that the Administration stated in the Q&As released today that they expect the results of the Presidential Review Directive (PRD) to be completed early this fall. Mr. Walker expressed satisfaction that the Board would have an additional opportunity to comment on the review at its September meeting. Briefing on NIST/PKP Proposed Licensing Agreement Mr. Bob Fougner, Director of Licensing, Public Key Partners (PKP), Mr. Michael Rubin, Acting Chief Counsel for Technology, NIST, and Mr. McNulty presented their views on the proposed agreement between PKP and NIST with respect to the Digital Signature Algorithm (DSA). Under this agreement, which would resolve the patent disputes between the government and PKP, PKP will receive sub- licensing rights to NIST's DSA patent. (See Reference #3.) PKP will offer DSA royalty free for personal, non-commercial and government use. Only parties who realize commercial gain from the use of DSA will be required to pay royalties. Mr. Rubin noted that there is a 60-day comment period commencing June 8, 1993, the date of publication in the Federal Register. In response to a question regarding the availability of the license agreement, Mr. Fougner stated that the license agreement had not been finalized, but that he would provide the Board with a draft copy. (See Reference #4.) It was noted that PKP was providing this license agreement eight days before the comment period ends. Mr. Whitehurst commented that even though DSA will be royalty free for the government, commercial entities that use the Digital Signature Standard (DSS) will pass their costs on to their customers, who might include the government. Mr. Rubin was asked if he saw any anti-trust problems with PKP holding so many cryptography patents. He replied that he did not. Technology Briefings Mr. Bill Ferguson, Vice President, Marketing and Sales, Semaphore Communications Corporation, provided his company's input on U.S. government cryptography policies. (See Reference #5.) He made the following points in his presentation: 1) DES and RSA are the accepted commercial standards. 2) The government's standards approval process takes longer than the average product lifecycle. 3) Restrictions on export cut their market share by about two- thirds. Government purchases (estimated at less than 1% of their sales potential) do not make up this difference. Semaphore do not intend to change their products to meet government requirements. 4) The ITAR have cost U.S. firms millions of dollars; for example, EDS and NCR will not include his equipment in bids on foreign jobs. 5) It takes his company more than 60 days to obtain an export license, compared to five days in other countries; this puts his company at a competitive disadvantage. 6) With throughput in the 56 KB range, Capstone is inferior technology for use in today's high-speed telecommunications equipment. Mr. Ferguson characterized it as "1970s computer speeds." Mr. Ferguson closed by stating that his company was told by the Executive Branch that they would approve the 40-bit DES key for open export under COCOM, but that this decision was reversed last month. He added that situations such as these make it difficult for companies to base their business decisions on government promises. Dr. Clinton Brooks, Assistant to the Director, NSA, discussed the development of the key escrow encryption chip. He stated that in NSA's view, weak encryption is not the answer to law enforcement's concerns. He stated categorically that there is no "trap door" in the algorithm. Dr. Brooks commented that the chip was designed to be inexpensive, transparent to the user, and exportable. He stressed that the goal of the initiative is not to catch criminals but to promulgate a strong encryption standard that does not impede law enforcement. In response to a question, Dr. Brooks stated that right now the chip is primarily for the voice domain, but they will work with manufacturers on implementations for data. Mr. Mike Agee of AT&T briefed the Board on the status of his company's telephone security product line. (See Reference #6.) He noted that the telephone security device, which will retail at $1200, is compatible with analog and digital telephones and has cellular capability. He stated that AT&T supports the government's key escrow initiative, in part, because it represents a standard for industry. AT&T is now awaiting delivery of the key escrow chips, expected in November. Views of the Law Enforcement Community A panel of representatives of law enforcement presented their requirements for wire surveillance to the Board. The panel was composed of Mr. Jim Kallstrom, FBI, Mr. Barry Smith, FBI, Mr. John Kaye, National District Attorneys Association, Mr. Bud Meeks, National Sheriffs Association, and Mr. Roy Kime, International Association of Chiefs of Police. The panelists presented a number of recent cases where wire surveillance was critical to solving the case. Mr. Kaye outlined the limited circumstances where a wiretap is used and the procedures involved in authorizing one. The panelists commented on the rapid advances in telecommunications technology and expressed their concern that encryption will soon become ubiquitous. They endorsed the key escrow initiative because it provides the public with strong encryption to protect information, but allows law enforcement access when legally authorized. They also stressed that they need a rapid response to key requests, so key escrow agents should be chosen with that requirement in mind. Board Discussion The Board unanimously approved the minutes from the previous meeting, then took up the subject of the Digital Signature Standard (DSS) and the proposed agreement between NIST and PKP. The Board discussed a paper submitted by Mr. Walker which examines the economic impact of using DSA for the DSS under the proposed agreement. (See Reference #7) Mr. Zeitler stated that under the circumstances, it made more sense for his company to use the RSA algorithm for digital signatures. Mr. Whitehurst expressed concern that through its agreements with PKP, the government is concentrating too much control over cryptography in one firm. The Board agreed to consider resolutions on this topic the following day. Discussion turned to the tabled resolutions from previous meetings. A resolution endorsing recertification of DES was moved, seconded and passed, by a vote of nine for, with Mr. Gallagher abstaining. (See Attachment #1.) The meeting then recessed for the day. Friday, July 30, 1993 Export Control With the presence of a quorum, the session began with a briefing by Mr. Allan Suchinsky, Office of Defense Trade Controls (ODTC), Department of State, on the government's export control regulations. (See Reference #8.) Mr. Suchinsky noted that the International Traffic in Arms Regulations (ITAR, 22 CFR 120-130) have recently been revised and were published in the Federal Register on July 22, 1993. In addition, he made the following points in his presentation: 1) Cryptographic technical data, including software, is considered hardware for ITAR purposes; therefore, it cannot be placed in the public domain. 2) It takes a week to 10 days to grant a license when the item is on the approved list for export, four to six weeks if the request must be referred to another agency such as the Department of Defense or NSA. 3) ODTC is working to expedite license processing. They have placed mass market software on a fast track, with a seven-day turnaround for RC2/RC4, fifteen days for all other algorithms. 4) ODTC currently has no policy on export of key escrow encryption. Briefing on the Digital Privacy and Security Working Group Mr. David Johnson and Ms. Leah Gurowitz of the Electronic Frontier Foundation (EFF) appeared on behalf of the Digital Privacy and Security Working Group. Ms. Gurowitz stated that the group was reconvened when Mr. Ray Kammer, Deputy Director of NIST, asked for EFF's input to the cryptography review. (See Reference #9.) The group has divided into four task forces that mirror those of the interagency review. They expect to complete their report by September 30. Mr. Johnson and Ms. Gurowitz agreed to appear at the September meeting of the Board to deliver an interim report. Potential Users of Key Escrow Technology Mr. Peter Browne and Mr. Tim Hall of Motorola, Inc. appeared before the Board to elaborate on Motorola's statement in the public record. They presented a letter from their CEO, Mr. George Fisher, endorsing the key escrow initiative provided the following issues are resolved: 1) Vendors must be able to implement key escrow mechanisms in their own technology. 2) Export controls must be addressed. 3) The government should take the lead in establishing interoperability standards. 4) Key escrow data must remain under the control of the U.S. government. (See Reference #10.) Mr. Ed Regan, Vice President of Chemical Bank, appeared on behalf of the U.S. Council for International Business. (See References #11 and #12.) Mr. Regan stated that the Council supports the development of a domestic encryption policy, but believes an internationally-accepted policy is needed as well. The U.S. should work with foreign governments and international standards organizations to develop such a policy, he stated. With respect to the key escrow initiative, Mr. Regan expressed concern about the following issues: 1) Competitiveness - There is no foreign market for key escrow and current export controls may restrict its export. 2) Cost to Users - Operational and administrative expenses will add substantial costs to the device beyond the chip itself. 3) Liability - Damages arising from a breach in security could be substantial; the government has stated that it would not be liable for any compromise of the keys. In addition, Mr. Regan noted that some foreign countries (e.g., France) require disclosure of the algorithm before it can be imported. This poses problems since SKIPJACK is classified. He also stated that because of U.S. export controls, non-U.S. vendors produce and sell DES in countries where U.S. companies are prohibited from selling, and this has caused U.S. companies to lose bids for leveraged sales. Mr. Chris Sundt of International Computers Limited (ICL), a U.K. based firm, presented his organization's perspective on key escrow technology and U.S. export controls. Mr. Sundt stated that the trend in encryption technology is towards software. He stated that he believes key escrow will be limited to U.S. use because foreign companies will reject technology which makes them dependent on a U.S. chip supply and where the U.S. government holds the keys. He noted that alternatives such as DES and RSA are readily available to foreign companies. Mr. Sundt also commented that the NIST/PKP proposed agreement for commercial uses of DSS raises doubts about whether the standard will be adopted by industry. In response to a question, Mr. Sundt stated that where British export controls constrain their export, his firm simply reproduces the algorithm in the destination country. Mr. Robert Powers of MCI represented the Institute of Electrical and Electronics Engineering (IEEE) Committee on Communications and Information Technology Policy. (See Reference #13.) Mr. Powers stated that technology is changing so rapidly that hardware such as the key escrow encryption chip will quickly become obsolete. He also raised questions about why the algorithm is classified, whether key escrow might be mandated in the future, and who would be liable in the event of a security compromise. Mr. Ed O'Malley of MCI spoke on behalf of the Overseas Security Advisory Committee (OSAC). Mr. O'Malley began by stating that the definition of national security is changing to include economic as well as military power and that the intelligence community should be involved in protecting U.S. economic information. He stated that he is sympathetic to law enforcement's concerns, having served as chief of FBI counterintelligence. However, he expressed concern that industry has not been asked to participate in the interagency discussions on cryptography. He stated that a balance is needed to protect intellectual property and other proprietary data without jeopardizing legitimate law enforcement interests. In response to a question, Mr. O'Malley stated that the organization he represents would be opposed to any sharing of key escrow information with foreign governments. Mr. McNulty informed the Board that the Industry Coalition on Technology Transfer (ICOTT) had been invited to the meeting but was unable to send a representative. He noted that ICOTT did submit a paper for the Board's consideration. (See Reference #14.) Government Briefings Mr. Miles Smid, Manager of the Security Technology Group at NIST, gave a briefing on the proposed Escrow Encryption Standard (EES) published July 30, 1993 in the Federal Register. (See Reference #15.) The standard specifies the use of the SKIPJACK algorithm as approved for government applications and a Law Enforcement Access Field (LEAF) Creation Method. The standard will be applied to unclassified, sensitive telecommunications data (voice, fax and computer information). Use in selected classified applications is being considered. The standard is approved for use in government applications and is voluntary for non-government users. There was considerable discussion about applicability of the standard to data. Mr. Smid stated that to the extent that data can be transmitted over low speed telephone lines, the technique can be applied. He added that NIST intends to work on additional applications. Mr. John Podesta, Assistant to the President and Staff Secretary, provided some background on the key escrow initiative. He stated that with new encryption technology increasingly available, a balance needed to be struck between the need to protect sensitive information and law enforcement requirements. He stressed the key escrow is voluntary for the private sector. Mr. Podesta thanked the Board for its efforts in gathering public comment for input to the interagency review and indicated that the review would be completed by early fall. He stated that with respect to export, the Administration anticipates that key escrow technology will be available to U.S. citizens here and abroad, as well as to foreign companies. He added that the Administration places a high priority on the National Information Infrastructure, so it intends to work through the interoperability issues. During discussion, Mr. Podesta stated that the Administration welcomes continued input for industry and the public. They have already met with the Digital Privacy and Security Working Group, the Software Publishers Association, OSAC, a wide variety of telecommunications users and vendors, and privacy groups. In response to a question regarding the economic impact of cryptographic policies, Mr. Kammer expressed his opinion that reliable data on export of American products was difficult to obtain, even from industry sources. Mr. Podesta was asked to clarify what he meant by "weak encryption." He responded that he was referring to 40-bit algorithms, not 56- bit DES. Public Participation During this period, members of the public are afforded the opportunity to speak to the Board. Mr. Paul Jones of Racal Guardata began by stating that the Polish Central Bank recently awarded a $1.2 million contract for a digital signature standard system. The contract required DES encryption, which U.S. firms cannot supply due to government export controls. He stated that U.S. industry needs to be compatible with international standards. He suggested an international treaty on cryptography so that all companies would be on a level playing field. Mr. Jones predicted that key escrow technology may be a success within government, but will fail in the commercial world because the U.S. intelligence community is not trusted overseas. Mr. Bob Powers of MCI and IEEE raised a number of questions about the technical capability of the key escrow chip, especially concerning the rate at which data can be transmitted. He expressed his concern that key escrow technology is not in step with advances in telecommunications networks. Board Discussion The Board undertook discussion of Mr. Walker's resolution on DSS. The resolution was moved and seconded. A number of members questioned whether the Board had the authority to ask NIST to perform an economic analysis of the costs of using DSA. Responding to these comments, Mr. Walker requested that his resolution be broken into two parts. The first part, expressing concern about the PKP/NIST agreement was passed with the sole objection of Mr. Gallagher. (See Attachment #2.) Mr. Walker then withdrew the second part. The Board discussed whether it wished to make additional input to the interagency review prior to its September meeting. Mr. Whitehurst noted that there is a 60-day comment period on the proposed Escrow Encryption Standard should members wish to submit statements. The Board agreed to expire all tabled resolutions from previous meetings and propose new ones, if desired, for the next meeting, to be held September 1st and 2nd in Baltimore, MD. The meeting was adjourned at 4:30 p.m. Attachments #1 - Resolution 93-3 #2 - Resolution 93-4 References Lynn McNulty #1 - Key Escrow Q&As Secretary #2 - SKIPJACK Review Interim Report #3 - DSA patent #4 - PKP draft license agreement #5 - Ferguson statement #6 - Agee briefing CERTIFIED as a true #7 - Walker paper accurate summary of #8 - Suchinsky briefing the meeting #9 - Kammer letter #10 - Fisher letter #11 - Regan statement #12 - U.S. Council for Intl. Business statement Willis Ware #13 - Powers presentation Chairman #14 - ICOTT paper #15 - Smid briefing Meeting of the Computer System Security and Privacy Advisory Board September 1-2, 1993 Hyatt Regency, Baltimore Maryland AGENDA Wednesday, September 1, 1993 9:00 Welcome & Review of Agenda 9:15 Opening Remarks & Consideration of July Minutes Dr. Willis Ware, Chairman Cryptographic Issues 9:20 NIST Cryptographic Issues Update Ed Roback, NIST 9:40 SPA Agreement: One Year Later Doug Miller, Software Publishers Association 10:15 BREAK Federal Criteria 10:30 Federal Critera & Evaluation Program Briefing Janet Cugini, NIST Dr. Stu Katzke, NIST Pat Toth, NIST 12:00 LUNCH Key Escrow Initative 1:30 Key Escrow Procedures - An Update Geoffrey Greiveldinger, U. S. Department of Justice 2:30 BREAK 2:45 Status of Key Escrow Initative Ray Kammer, Deputy Director, NIST 3:15 Board Discussion 5:00 RECESS Thursday, September 2, 1993 Social Security Administration Briefing 9:00 Joan Hash, Director, Division of Internal Control and Tom Staples, Deputy Associate Commissioner for Financial Policy Operations 9:45 BREAK National Information Infrastructure (NII) 10:00 NII, Overview and Security Issues Steve Squires, Special Assistant to the Director, ARPA Cryptographic Updates, cont. 11:00 Algorithm Review Team - An Update & Reactions Dr. Dorothy Denning, Geogetown University 11:15 Digital Privacy and Security Working Group Update Jerry Berman, Electronic Frontier Foundation Development of CSSPAB 1994 Workplan 11:45 Discussion and Assignments 12:00 LUNCH Other 1:30 Public Participation (5 minute maxium per person) 2:00 Board Discussion 4:50 Identification of December Agenda Items 5:00 ADJOURN ___________________ Next Meeting December 8-9, 1993 Hyatt Regency Hotel Reston, Virginia MINUTES OF THE SEPTEMBER 1-2, 1993 MEETING OF THE COMPUTER SYSTEM SECURITY AND PRIVACY ADVISORY BOARD Wednesday, September 1, 1993 Call to Order A quorum being present, the Chairman, Dr. Willis Ware, called the meeting to order at 9:00 a.m. at the Hyatt Regency, Baltimore Maryland. In addition to Dr. Ware, the following members were present: Cris Castro, Patrick Gallagher, John Kuyers, Sandra Lambert, Steve Lipner, Henry Philcox, Steve Walker, Bill Whitehurst, Eddie Zeitler, and Cynthia Rand. Dr. Ware presented Messrs. Colvin (in absentia), Lipner, and Zeitler with certificates of appreciation for service on the Board. Their terms of appointment will expire on September 30, 1993. The entire meeting was held in open, public session. Opening Remarks Mr. Ed Roback, Acting Board Secretary, reviewed the agenda and materials distributed to the Board and made the point that at its request, the Board was being given more time for internal discussion than at the previous two meetings. Mr. Roback elaborated on the Cooperative Research and Development Consortium (CRADA) to develop secure software encryption with integrated cryptographic key escrowing techniques. NSA has offered their technical assistance on the CRADA. Mr. Whitehurst asked what the classification of the study will be. Mr. Burrows, Director, Computer Systems Laboratory, said it would be unclassified. The announcement for the CRADA went out in a Federal Register notice on August 24, 1993. Approval of the Minutes Prior to proceeding with presentations, the Board unanimously approved the minutes of the July, 1993 meeting. Cryptographic Issues Mr. Miles Smid, Manager, NIST Security Technology Group, discussed the proposed Federal Processing Standard for an Escrowed Encryption Standard (EES). This proposed standard specifies use of a symmetric-key encryption/decryption algorithm and a key escrowing method which are to be implemented in electronic devices and used for protecting certain unclassified government communications when such protection is required. The algorithm and the key escrowing method are classified and are referenced, but not specified, in the standard. Mr. Smid then briefed the Board on the status of the reaffirmation of DES. In response to questions by Board members, Mr. Smid indicated that there are no changes to the algorithm and it is still planned to allow software implementations. Mr. Smid stated that the algorithm has not been approved by everyone in government, however, DoD does not object to it. Mr. Smid was asked if the standard allows RC2/RC4, he replied that the standard neither allows nor disallows RC2/RC4. The proposal went out for comment in a July 30 Federal Register notice. Mr. Doug Miller, Software Publishers Association (SPA), discussed the SPA agreement of July 1992. On July 17, 1992, the Bush Administration announced that it would relax and streamline the export controls on mass market software with encryption capabilities by providing for a 7-day review of requests for approval of exports of products using either RC2 or RC4, at a 40-bit key length. The Administration would not agree to these expedited procedures for export of programs using the 56-bit DES algorithm. As of September 1, 1993, SPA has identified 215 foreign hardware, software and combination products for text, file, and data encryption from 20 foreign countries. 84 of the 215 products employ DES. (see reference #1) Federal Criteria and Evaluation Program Ms. Janet Cugini, NIST Computer Security Division, presented an overview of the Federal Criteria workshop and comments. Approximately 120 organizations have submitted over 20,000 comments. The two day workshop had approximately 150 attendees that focused on specific problems that were identified in the comments. Global issues, as well as issues from each of the separate areas (e.g. functional requirements, protection profiles, etc.) were discussed. There was a clear agreement among the participants that the document was severely deficient by not addressing distributed systems, networks, encryption, and PC security. The draft Federal Criteria document will become input to the new Common Criteria along with the Canadian Criteria and the ITSEC. The goal of the Common Criteria is to develop trusted information technology (IT) products that can be used to help protect important information of the government and private sectors. Also, the Common Criteria will help achieve the mutual recognition by North American and European nations of IT product security evaluations. Ms. Cugini related that no negative feedback has been received regarding a Common Criteria. Dr. Ware asked if the positive support is in principle. Ms. Cugini answered yes. (see reference #2) Dr. Stu Katzke, Chief, NIST Computer Security Division, discussed the IT Security Criteria and Evaluation. There are four levels of evaluation that consist from top down: a senior sponsor, a steering committee, a technical group, and the common criteria editorial board. Mr. Whitehurst asked if four levels of evaluation were needed and Dr. Katzke replied that he hoped four wouldn't be needed. Again, the Board stressed the need for civilian and user participation. An NVLAP Accredited Lab is expected to be established by January, 1995 to begin C2 and B1 evaluations. Dr. Katzke noted that a good lab should be able to evaluate against any criteria. Mr. Walker asked if the lab would be a government lab. Dr. Katzke said that it could be a commercial lab, however, it is not clear at this time. The first draft criteria is due out in April, 1994. (see reference #3) Key Escrow Initiative Mr. Geoffrey Greiveldinger, Department of Justice, provided the Board with a brief update on 1) the development of the key escrow procedures for the encryption chip and 2) the selection of key escrow agents. The key escrow procedures are being developed and, when completed, will be publicly announced and put in the public domain. One reason that they are not yet public is the desire of the Administration to consult with Congress -- which is currently in recess. The Department of Justice has not yet announced the selection of the key escrow agents. Mr. Greiveldinger then proceeded to provide the Board with background information on the legal foundations for electronic surveillance, including "Title 3," the Foreign Intelligence Surveillance Act, and the annual FBI wiretap report. He also reviewed the procedures for establishing the justification for a wiretap, the built-in checks and balances, and how the key escrow system will fit into this process. The Electronic Communications Privacy Act was also summarized. It establishes illegal non-consensual taps as felony offenses. Additionally, the Act only authorizes electronic surveillance for serious offenses, when other investigative techniques would not work. The implementation of the Act, including the supervisory review process for approval of proposed surveillance, was then reviewed. Law enforcement officials must: determine whether the investigation involves appropriately serious offenses; whether other investigative techniques have been tried; and plan for privacy concerns and "minimization." Taps are resource intensive, involving much preparation, monitoring, and formal reporting to the courts. If supervisory approval is obtained, it is then necessary to obtain prosecutory approval -- at the Department of Justice in Washington. If this approval is obtained, it is presented to the appropriate court of jurisdiction. The court may then approve the request for a period up to 30 days (renewable upon application). Courts require a report if the order is to be renewed, and often request updates during the 30 day period. Once the court order is obtained, a secondary order is then served upon the service provider -- who decides how to access the line (and charges for the service.) After 30 days, if law enforcement officials have all the information they expect to need, the court is so informed, and the records are given to the court and sealed. Within 90 days the subject of the surveillance is informed of the order and whether surveillance occurred. If there is prosecution, the transcripts and taps are subject to the discovery process. In some limited cases, electronic surveillance may be conducted prior to actually obtaining the court order. The statute describes 3 such situations, involving: 1) life and death; 2) national security; and 3) organized crime. Discussion followed. In response to questions, Mr. Greiveldinger, informed the Board that state Attorneys General would be authorized to release the escrowed cryptographic keys. He also noted that Title 3 anticipates the need for decoding of electronic surveillance -- therefore, no additional legislation is necessary. Mr. Raymond Kammer, NIST Deputy Director, then provided the Board with an update of the review of cryptographic issues within the Administration. (See Reference #4) He publicly thanked CBEMA for their input into the review process and stated the review group is anticipating a response from the Electronic Frontier Foundation shortly. Export controls is proving to be one of the most frustrating issues for the Administration. One of the reasons for this is the difficulty in obtaining data on lost industry sales due to export controls. Currently being examined are: 1) the exportability of the key escrow chip; 2) use of cryptography for U.S. corporations overseas and 3) destination-based exportability. Discussions are just starting in these areas. Mr. Kammer also reviewed the Cooperative Research and Development Agreement (CRADA) announced by NIST to develop integrated secure key escrow/encryption software. Since debate on these issues could be finished within 30-45 days, Mr. Kammer indicated that whatever advice the Board planned to make should probably be made at this meeting. Federal Criteria (continued) Pat Toth, NIST Computer Security Division, addressed the Trust Technology Assessment Program (TTAP) study results. The goals of the TTAP study were to provide information on the TTAP concept, verify its approach, identify levels of interest by government and private sector users, and determine if significant support exists. See Exhibit ? for results of the study. (see reference #5) Thursday, September 2, 1993 Social Security Administration Briefing Joan Hash, Director of Internal Control and Security, and Tom Staples, Deputy Associate Commissioner for financial Policy and Operations (SSA) presented a video, produced by the Social Security Administration, documenting a real life case of information brokering in SSA. The video presents actual SSA personnel going through the procedures for access control which led them to the brokering of SSA information by an SSA employee to an outside entity. An awareness program for this type of violation has been in place for many years, but more recently, individuals are being arraigned in federal court which demonstrates the consequences of such violations. National Information Infrastructure (NII) Mr. Stephen Squires, Advanced Research Projects Agency, described to the Board his views of the emerging National Information Infrastructure in the context of the ongoing Federal High Performance Computing and Communications (HPCC) program. Mr. Squires stated that there is much activity going on in both the public and private sector. The Administration has announced its intention to use the HPCC as a foundation for developing a National Information Infrastructure (NII) drawing upon the wide variety of private sector groups discussing issues associated with the NII. Mr. Squires described the NII as a world of universal, ubiquitous access in which everything and everyone can be connected to the information infrastructure when needed. This represents a user community that is far beyond that in which existing information security is able to achieve. There is a challenge, however, to understand how to maintain information security in the face of rapid advances in the technologies that are enabling and accelerating more advanced computing. There is also an opportunity that the information technologies have a certain universal nature that enables them to be used to provide the protection as part of the system. (see reference #6) Cryptographic Updates, cont. Dr. Dorothy Denning, Georgetown University, provided the Board with an interim report on the SKIPJACK algorithm by outside experts. The algorithm was reviewed by Dr. Denning, Dr. Ernest F. Brickell of Sandia National Laboratories, Dr. Stephen T. Kent of BBN Communications Corporation, Dr. David P. Maher of AT&T, and Dr. Walter Tuchman of Amperif Corporation. The reviewers agreed to publish a joint report. Dr. Denning reported the following conclusions: 1) There is no significant risk that SKIPJACK will be broken by exhaustive search in the next 30-40 years. 2) There is no significant risk that SKIPJACK can be broken through a shortcut method of attack. 3) While the internal structure of SKIPJACK must be classified in order to protect law enforcement and national security objectives, the strength of SKIPJACK against a cryptanalytic attack does not depend on the secrecy of the algorithm. Dr. Denning reported that the reviewers plan to evaluate the entire key escrow system once final details are available. She agreed to report back to the Board when the evaluation is complete. Mr. Jerry Berman, Electronic Frontier Foundation, provided comments from the Digital Privacy and Security working Group. The Working Group has been meeting for almost half a year discussing options for a new policy on cryptography, privacy, and security. Mr. Berman presented a summary of the Working Group's progress. Some of the conclusions are that strong encryption must be widely available in the market for the National Information Infrastructure and the International Information Infrastructure to succeed as new pathways for commerce and communication. Mr. Berman presented the belief that encryption must be trusted and must accommodate flexible implementations. Encryption policy must assure compliance with constitutional privacy guarantees while meeting the legitimate needs of the law enforcement and national security. A task force met with the Administration during July and part of August discussing what our cryptographic and privacy policy should be. Mr. Berman expressed the Working Group's desire to reach agreement with some of the Administration's principles for a new public policy on cryptography, privacy, and security. (see reference #7) Board Discussion and Assignments During the discussion periods of the meeting, a number of informal proposed resolutions were considered by the Board members. After some modifications and straw polling, a formal motion was made by Mr. Walker and seconded by Ms. Lambert, detailing the concerns of the Board regarding the key escrow initiative. This motion was a followup to an earlier resolution passed by the Board in June. After more discussion, the motion passed with ten in favor and one abstention. (See Attachment #1 for Resolution #93-5.) Another motion, dealing with the need for public debate and issues which need to be resolved regarding key escrowing, was then brought to the table for discussion. After markup, it was moved and seconded, and passed with all members present voting in the affirmative. (See Attachment #2 for Resolution 93-6.) Both motions were passed in open, public session. Messers Walker and Gangemi agreed to draft the Board's 1994 workplan. The workplan should be ready by the December meeting for discussion. Attachments Lynn McNulty #1 - Resolution 93-5 Secretary #2 - Resolution 93-6 References CERTIFIED as a #1 - Miller briefing true and accurate #2 - Cugini slides summary of the #3 - Katzke slides meeting #4 - Kammer slides #5 - Toth slides #6 - Squires briefing/slides #7 - Berman briefing Willis Ware Chairman Computer System Security and Privacy Advisory Board Meeting December 8-9, 1993 Hyatt Regency Hotel Reston, VA AGENDA December 8, 1993 I. Welcome 9:00 Opening Remarks Lynn McNulty 9:10 Chairman s Remarks Dr. Willis Ware II. Unclassified Government Cryptography Activities 9:15 NRC Cryptographic Study Marjorie Blumenthal National Research Council 9:45 GAO Activities Dr. Harold Podell 10:15 Break 10:30 Status of NIST Cryptographic Standards Activities 11:00 DSS Infrastructure Briefing Lynn McNulty Dr. Santosh Chokhani, MITRE Corp. 11:30 Key Escrow Update Lynn McNulty 11:45 GSSPs Update Cris Castro 12:00 Lunch III. Emerging NII Technologies 1:30 Organizing for the GII and NII Bruce McConnell, OMB 2:00 Jim Flyzik Director, Telecommunications Management Department of Treasury 2:30 NIST s Role Jim Burrows 3:30 Discussion IV. CSSPAB Workplan 4:00 Draft CY 1994 Workplan - Presentation and Discussion CSSPAB Working Group 5:00 Recess December 9, 1993 V. MOSAIC 9:00 MOSAIC Briefing - DoD Program for Protection of Unclassified Data in the DMS John Nagangast, NSA VI. Common Criteria 9:45 Common Criteria Update Dr. Stu Katzke 10:15 Break VII. NIST Security Plan for FY-94 Dr. Stu Katzke 11:00 Discussion VIII. Telecommunications Security 11:30 Telecommunications Switch Vulnerability Analysis Rick Kuhn 12:00 Lunch IX. Workplace Privacy Bill 1:30 S.984 - Privacy for Consumers and Workers Act Ms. Kristina Zahorik Legislative Assistant Senate Employment and Productivity Subcommittee 2:00 Discussion X. Electronic Commerce 2:30 Electronic Commerce Initiative Steve Trus XI. Public Participation 3:00 Public Participation XII. Close 3:30 March Meeting - Agenda Ideas 3:45 Adjourn --Next Meeting-- March 23 & 24, 1994 Marriott Washingtonian Gaithersburg, MD MINUTES OF THE DECEMBER 8-9, 1993 MEETING OF THE COMPUTER SYSTEM SECURITY AND PRIVACY ADVISORY BOARD Wednesday, December 8, 1993 Call to Order A quorum being present, the Chairman, Dr. Willis Ware, called the meeting to order at 9:00 am at the Hyatt Regency Hotel, Reston, Virginia. In addition to Dr. Ware, the following members were present: Cris Castro, Patrick Gallagher, Don Gangemi, John Kuyers, Sandra Lambert, Henry Philcox, Cynthia Rand, Steve Walker, and Bill Whitehurst. The entire meeting was held in open, public session. Opening Remarks Mr. Lynn McNulty, Board Secretary, welcomed the Board to the last meeting of the calendar year. Mr. McNulty reviewed the agenda and materials distributed to the Board and made the point that this agenda is a wrap-up of cryptographic issues. He noted that there is nothing to announce regarding appointments for the three open vacancies on the Board and that he would like to have the positions filled by the March meeting. The three open positions are in the following categories: the federal community, the non-federal, non-vendor community, and computer or telecommunications industry. NRC Cryptographic Study Ms. Marjory Blumenthal, of the National Research Council (NRC) of the National Academy of Sciences, briefed the Board on a study, mandated by Congress, on cryptographic technologies and national cryptography policy. (See Reference #1.) The study will assess the effect of cryptographic technologies on national security and law enforcement interests of the U.S. government, commercial interests of U.S. industry, and privacy interests of U.S. citizens. The study will also assess the effect on commercial interests of U.S. industry of export controls on cryptographic technologies. The Secretary of Defense is to direct the National Security Agency, the Advanced Research Projects Agency, additional relevant agencies of the Department of Defense and other appropriate federal organizations to cooperate with the NRC in the study. The NRC study is to be completed and a report submitted to the Secretary of Defense within approximately two years after full processing of security clearances. The report will set forth the Council's findings and recommendations for improvements in cryptography policy and procedures. The report will be submitted to the appropriate committees in unclassified form, with classified annexes as necessary. Ms. Blumenthal noted that the study is being conducted by a high level committee and that no federal agency personnel will be members of the study group. The Chairman asked Ms. Blumenthal how many meetings there would be and she replied that approximately six to eight meetings would be held over a two-year period. Mr. Walker suggested that a resolution be drafted stating that this study group is what the Board has wanted. Mr. Walker said he would draft a resolution for discussion later in the meeting. GAO Activities Dr. Harold Podell, Government Accounting Office (GAO), Office of Special Investigations, briefed the Board on a recent GAO Report entitled Communications Privacy: Federal Policy and Actions. The report was prepared at the request of the Chairman, House Committee on the Judiciary, Congressman Jack Brooks. Dr. Podell highlighted some areas of the report. He said the study, which resulted in the report, was not indepth; rather, it was broad-based. Dr. Podell said the study posed some questions regarding the need for communications privacy in industry and federal policies and actions pertaining to cryptographic issues. The study showed that powerful cryptography for privacy is available worldwide and as a result, there are international concerns such as law enforcement and national security. Other Foreign government rules that restrict the use and export of cryptography were difficult to gather because other nations are reluctant to show their criteria and information on their studies have limited availability and are not generally published. Dr. Podell briefly reviewed NIST and NSA actions regarding cryptographic standards. With regards to secret-key cryptography key-generation standards, Dr. Podell reported that in 1989, NIST requested that NSA assist in developing a standard to generate good DES keys. However, NIST stopped work on the standard because of NSA's disapproval. NSA did not believe NIST had responsibility for this standard. Dr. Podell further discussed public-key cryptography for communications privacy and that because of NSA, NIST has not proposed a key- management/exchange standard. He reported that NIST canceled a 1982 project for such a standard. In response to an inquiry by Mr. Walker, Dr. Podell explained that NIST rejected an NSA- proposed technique that would allow legally authorized government officials to access the plaintext of encrypted communications--the key-escrow system, in mid-1990. Dr. Podell further explained that NIST canceled its project that included solicitation for public- key algorithms--the basis for public-key cryptography, between late 1982 and early 1983. In closing, Dr. Podell emphasized the growing need for communications privacy in a global competitive environment and the need for access to communications by law enforcement and national security agencies. (See Reference #2.) Status of NIST Cryptographic Standards Activities Mr. McNulty, substituting for Mr. Miles Smid of the NIST Computer Security Division, provided a verbal report on the status of various cryptographic standards activities. 1) The Secure Hash Standard, FIPS 180, was approved on May 11, 1993 by the Secretary of Commerce. 2) The Digital Signature Standard is being held by NIST pending resolution of patent issues. Technical modifications have been made to the standard to allow longer keys, between 512 and 1024 bits in increments of 64 bits. 3) The Data Encryption Standard, FIPS 46-2, was reaffirmed on December 3, 1993 with minor changes. Allowing software implementation was one notable change. 4) FIPS 140-1, Security Requirements for Cryptographic Modules, was also signed on December 3, 1993. FIPS 140-1 is an update to GSA 1027 (which had been adopted as the original FIPS 140) and a total re-write to cryptographic standards and describes four levels of security for cryptographic modules. Procedures will be developed using the NVLAP process to perform testing on cryptographic modules. A CBD announcement was released on November 23, 1993 requesting interested parties to contact NIST on the 140-1 validation program. 5) The Escrowed Encryption Standard is being held by NIST pending resolution of negative comments. (See Reference #3.) DSS Infrastructure Briefing Mr. Lynn McNulty and Dr. Santosh Chokhani, MITRE Corp., briefed the Board on the Public Key Infrastructure (PKI) Study. The purpose of the study was to 1) identify policy and legal issues in the use of digital signatures, 2) identify policy, technical, and legal issues, 3) develop alternatives, and 4) provide a costing methodology. Mr. McNulty said that the scope of the study was meant to meet the needs of the federal government. It was designed to consider other national and international entities, and interoperate with other algorithms and infrastructures. This study was conducted so as not to be tied to any particular public key algorithm, including the Digital Signature Algorithm in the draft DSS. The study was sponsored by many agencies who provided input and financial support. Mr. McNulty turned the briefing over to Dr. Chokhani who was the Director of the study team. Dr. Chokhani reported that the study is complete and will be examined by NIST, the Office of Management and Budget (OMB) and other participants. Dr. Chokhani discussed the study methodology used. Interviews were conducted with the user community (i.e., federal agencies and private sector) the legal community, and the technical community (i.e., standards and standards groups). Architectural and implementation infrastructure alternatives and recommendations were made, operational concepts were developed and a cost model and analysis was performed. The user requirements for PKI are trust, low cost, easy use, non-inhibitive, interoperable, scalable, and flexible. Dr. Chokhani stated that the recommendation is to start the PKI implementation with agencies that are already experimenting with the digital signature technology, such as, the IRS for tax filing, PTO for patent applications, FAA for airman medical certifications, DLA for electronic submission of bids, and NASA for office automation. Another recommendation is to train key telecommunications, information security, and information technology personnel at various agencies in the PKI, its role in electronic commerce, and its relationship to the field of cryptography. (See Reference #4.) Key Escrow Update Mr. Lynn McNulty presented an update regarding key escrow. He stated that the approval of key escrow procedures is pending as well as the approval of the Escrowed Encryption Standard. The government's policy review is continuing, with preparation of alternatives for the Administration's policy makers. Organizing for the GII and NII Mr. Bruce McConnell from the Office of Management and Budget, briefed the Board on the National Information Infrastructure (NII). Mr. McConnell referenced the NII task force which is Chaired by the Secretary of Commerce, Ron Brown, and comprised of other high level federal government officials; however, the NII will be designed, owned, and built by the private sector. The purpose of the task force is to work with Congress and the private sector to propose the policies and initiatives needed to accelerate deployment of the NII. He discussed the definition of the NII and what the NII will mean for Americans. The NII includes more than just the physical facilities used to transmit, store, process, and display voice, data, and images. It encompasses a wide range of equipment including, but not limited to: cameras, scanners, keyboards, telephones, etc. The NII will integrate and interconnect these physical components in a technologically neutral manner so that no one industry will be favored over any other. The NII will provide the foundation for living in the Information Age and for making these technological advances useful to the public, business, libraries, and other non-governmental entities. Board members asked about security issues in the NII and Mr. McConnell said that security is being worked on in a cross-cutting mode and is being address by of all of the working groups. (See Reference #5.) REENGINEERING THROUGH THE USE OF INFORMATION TECHNOLOGY Mr. Jim Flyzik, Department of Treasury and Chairman of the Government IT Services Working Group under the NII Advisory Council, briefed the Board on "Reengineering Through the Use of Information Technology" as outlined in the National Performance Review (NPR). Mr. Flyzik discussed some background on information technology (IT). He said that there are poor public perceptions of the federal government, such as, no national IT vision, paper based systems, uncoordinated service delivery, and few incentives for better performance. Mr. Flyzik described the three major parts of the NPR: 1) to strengthen leadership in information technology, 2) to implement electronic government, and 3) to establish support mechanisms for the electronic government. He said that in order to provide a clear, strong leadership to integrate information technology into the business of government there needs to be a strategic IT plan and the empowerment of interagency teams. As part of the implementation, Mr. Flyzik introduced the idea of virtual agencies with illustrative cross agency programs. He discussed the development of integrated electronic access to government information and services with a one-stop shop such as kiosks, home or business computers, and telephones. He also suggested the establishment of an International Trade Data System, whereby forty agencies could collect trade data and integrate it into a single cohesive system. Mr. Flyzik proposed the creation of a National Environmental Data Index, which would result in the building of a yellow pages type directory. This data index would serve non-federal and international data and would promote a partnership between private sector international bodies, and academia. Mr. Flyzik further stated that with the implementation of electronic government, federal, state, and local governments would receive rapid communications, and there would be citizen input and access via the Internet. To establish support mechanisms for the electronic government, an information infrastructure needs to be establish to share IT resources. The following are needed: 1) systems and mechanisms to ensure privacy and security, 2) improvement of methods of information technology acquisition, and 3) training and technical assistance in information technology for federal employees. Mr. Flyzik summarized by saying that the GITS working group will be looking to industry for input such as non-profit groups and consortia that represent industry. (See Reference #6.) NIST's Role Mr. James Burrows, Director of the Computer Systems Laboratory at NIST, briefed the Board on NIST's role in the National Information Infrastructure (NII). Mr. Burrows reported that Dr. Arati Prabhakar, Director of NIST, is chairing the Applications & Technology Committee under the Information Infrastructure Task Force. There will be an NII Advisory Council that will be comprised of 25 people and current plans are to announce the appointments this month. Mr. Burrows reported that there are three National Performance Review IT action items: 1) to strengthen leadership in IT, 2) to implement electronic government, and 3) to establish support mechanisms for electronic government. Each action item will have a corresponding working group. Items on the NII agenda include: promoting private sector investment, extending the "Universal Service" concept, promoting technological innovation and new applications, and ensuring information security and network reliability. (See Reference #7.) Discussion Board members discussed the topic of emerging NII technologies and remarked that much remains to be defined. Even so, there is much enthusiasm for upcoming activities. Mr. Walker presented two draft proposals to the Board. The first, (Resolution 93-7), endorsing the National Research Council Study of National Cryptography Policy was passed unanimously. (See Attachment #1.) The second, (Resolution 93-8), endorses the NIST Computer Security Program for FY94. Eight members voted for, they were: Messrs. Castro, Gallagher, Gangemi, Kuyers, Philcox, Walker, Whitehurst, and Ms. Rand. There was one abstention, Ms. Lambert. (See Attachment #2.) CSSPAB Workplan The CSSPAB 1994 workplan working group, Messrs. Walker and Gangemi, provided the Board with a draft of the workplan for discussion purposes. A few changes were made to the draft, with some rearrangement. Mr. Walker motioned that the plan be accepted, which was seconded by Mr. Gangemi. The plan was then unanimously approved, as amended. (See Reference #8.) Approval of the Minutes Prior to recessing for the day, the Board unanimously approved the minutes of the September, 1993 meeting with a revision to one paragraph and the addition of the presentation of Certificates of Appreciation to outgoing Board members. The meeting recessed at 5:00 pm. Thursday, December 9, 1993 NSA's Mosaic Program Mr. Bill Bialick, NSA, substituting for Mr. John Nagangast, on the DoD Program for Protection of Unclassified Data in the Defense Messaging System (DMS). Mr. Bialick gave an overview of the DMS System Evolution which facilitates connectivity between the X.400, the AUTODIN, and the SMTP communities. He then presented a representation of each of the four releases of the Multi-level Information System Security Initiative (MISSI). Each release increases user capabilities, maintains compatibility with previous releases, increases security assurance, and keeps pace with AIS technology/performance advances. Mr. Bialick introduced the TESSERA Crypto Card. The TESSERA, or ID card, is a "tool box" that holds an encryption and digital signature algorithm. He gave a demonstration of the TESSERA card integrated into an e-mail package. The TESSERA card allows for 1) signature only or 2) signature and encryption (as long as the receiver has the same capability.) This choice would be a user or policy decision. The TESSERA card is a multi-purpose card that can be used as a badge that would have a digital picture with a PIN number, and will allow access to buildings, computers, etc. (See Reference #9.) Common Criteria Dr. Stu Katzke, Chief of NIST's Computer Security Division, provided a status report of the Common Criteria project. He outlined the Editorial Board Project Plan. In addition to the events that have already occurred, Dr. Katzke noted that the first draft criteria will be presented to the sponsors in April of 1994 with a second draft criteria to the sponsors in September of 1994. The senior sponsors convened a meeting in November of 1993 to discuss previous meetings and results to date. (See Reference #10.) NIST Security Program Plan Dr. Katzke continued with an overview of the Computer Security Program. He discussed the major program thrusts that will include: cryptography and authentication technology to ensure that base technologies protect globally distributed information and systems; network security for the protection of information and systems in a network environment; security management to ensure comprehensive and cost-effective selection, implementation, and management of information security technology; criteria and evaluation to ensure the availability of affordable, reliable, and trustworthy security technology, systems, and products; and electronic commerce to establish prototype electronic commerce applications using available security standards, products, tools, and methods, all of which relate to the National Information Infrastructure. Dr. Katzke said that program funding is derived from Congressionally appropriated funds and other agency cost reimbursable funds. In FY93 the majority of the budget was from Congressionally appropriated funds which included some funding from the Director's reserve. The majority of the projected budget for FY94 will come from Congressionally appropriated funding. In summary, Dr. Katzke related that NIST must carefully select when to lead, participate, or monitor in a given project. He also observed that national policy decisions will affect the direction of cryptographic policy, privacy, the National Performance Review and the National Information Infrastructure. (See Reference #11.) Telecommunications Security Mr. Rick Kuhn, of NIST's Computer Systems Laboratory, reported on Telecommunications Security. He related that the threat to telecommunications security appears to be growing. He said that there is typically traditional and non-traditional threats and this is cause for significant government and industry concern. Mr. Kuhn said that today's telecommunications environment of open network architecture means much greater access to the Public Switched Network (PSN); therefore, the PSN must be secure from accidental or malicious cause. With regards to Public Branch Exchange (PBX) vulnerabilities, there is the potential for toll fraud such as: remote access, whereby authorization codes can be defeated; automated attendant, where many attendants are vulnerable to toll fraud; and voice mail, which is vulnerable to mailbox reassignment and outside trunk access. Mr. Kuhn discussed the Telecommunications Security Analysis Center which consists of a consortium of federal agencies. The purpose is to improve the security, integrity, and reliability of agency telecommunications by providing advanced analysis and testing techniques, doing evaluations of systems and software, and developing standards and guidance. (See Reference #12.) Workplace Privacy Bill Ms. Kristina Zahorik, Legislative Assistant from the Senate Employment and Productivity Subcommittee, briefed the Board on S. 984, a Bill introduced in Congress by Senator Simon, entitled "Privacy for Consumers and Workers Act." Ms. Zahorik related that the Bill is being re-written and has received a variety of comments. She said that the intent is not to shut down businesses, the concern is privacy in the workplace. Board members expressed their concerns regarding input to the legislation on security and privacy policy issues. They said they would like to see the re-write for review and comment. (See Reference #13.) Generally-accepted System Security Principles (GSSPs) Update Mr. Cris Castro presented an update report on the Generally-accepted System Security Principles (GSSPs). A framework is being developed and the plan is to have a strawman available in March of 1994. There are three major tasks: 1) develop GSSP support processes and boards; 2) develop principles for information security; and 3) develop principles for information processing. The GSSP document will be organized into three sections: 1) general concepts and framework; 2) GSSP for the information security professional; and 3) GSSP for information processing products. In conclusion, Mr. Castro said that the GSSP has potential for tremendous benefits for more efficient use of security dollars, increased support for security objectives, better success selling security to management, and increased respect for information security professionals. (See Reference #14.) Discussion During the discussion period, Mr. Walker brought some observasions to the table regarding the ongoing Software Publishers Association (SPA) sponsored study of the worldwide availability of cryptographic products. He said that, as of December 3, 210 foreign manufactured products are available, 129 of which utilize DES. He related the ease with which vendors in foreign countries, including the United Kingdom, Germany, Denmark, and Israel, can ship DES-based cryptographic products to the U.S. and presumably the rest of the world. Mr. Walker noted that in most cases, a phone call and a credit card number will result in immediate shipment without any apparent government red tape. (See Reference #15.) Public Participation During this period members of the public are afforded the opportunity to speak to the Board. Dr. Sarah Comely related a story of a Scottish student hacking into Belgium medical records and that this is a great concern to patients. She asked the Board to carefully monitor the Health Care Task Force Group and to invite speakers to the Board on the subject. Mr. Wayne Madsen said he feels that the U.S. is sliding behind in privacy legislation. He said that in the past year, additional countries (i.e., Switzerland, Belgium, Czechoslovakia Republic, Slovakia, and Hungary) have joined those which have enacted data privacy legislation. Close Before closing, the Board wished to congratulate Mr. Ed Roback (in absentia) on his receipt of the Department of Commerce Bronze Medal Award for his services in support of the President's key escrow encryption initiative. With no further business pending, the meeting was adjourned by the Chairman at 3:20 pm. Attachments #1 - Resolution 93-7 #2 - Resolution 93-8 References Lynn McNulty #1 - Blumenthal slides Secretary #2 - Podell slides #3 - Smid slides #4 - McNulty/Chokhani slides #5 - NII Agenda for Action #6 - Flyzik slides CERTIFIED as a #7 - Burrows slides true and accurate summary #8 - 1994 Workplan of the meeting #9 - Bialick Slides #10 - Katzke slides #11 - Katzke slides #12 - Kuhn slides #13 - S. 984 Willis Ware #14 - Castro slides Chairman #15 - Walker paper