Background Paper
Changes to the Criteria Based on Earlier Public Input

The government presented draft criteria (9/95 version) for the export of software-based key escrow encryption at an open meeting at NIST on September 6-7, 1995. Meeting participants suggested several changes to the criteria; the government re-drafted the criteria as described below. Industry's ideas and words were included when possible and given serious consideration consistent with the protection of fundamental interests (e.g., privacy and national security).

General changes to the document: The document was re-structured to make it clearer. After the introductory text, related criteria are grouped into the following categories:

  1. key escrow feature
  2. key length feature
  3. interoperability feature
  4. assurances
Changes to the introductory text: The wording has been clarified, and additional words have been included to encourage vendors that are considering building non-escrowed encryption products to discuss their export objectives with the government.

Changes to the criteria: The criteria presented at the September 6-7 meeting have been modified in the following ways:

Old Criterion 1.
Moved to #7; wording clarified.

Old Criterion 2.
Moved to #8; wording clarified.

Old Criterion 3.
Split into #1 and #2 since the original criterion had two major points in it (the requirements for key escrow, and the requirement on when the keys are first escrowed); wording clarified.

Old Criterion 4.
Wording clarified; the notion of accessibility to authorized entities was modified to explicitly state that the required information must be available with a reasonable frequency.

Old Criterion 5.
Moved to #10; wording clarified, and the example was deleted so that implementors were not misled to believe that the example given was the only way of satisfying that requirement.

Old Criterion 6.
Moved to #9; wording clarified, and applicability of this requirement was scoped to address interoperability between a product's key escrow mode and a non-key escrow product.

Old Criterion 7.
Moved to #5; wording clarified.

Old Criterion 8.
Moved to #6; wording clarified because the term "repeated involvement" was perceived as being too broad.

Old Criterion 9.
Deleted.

Old Criterion 10.
Moved to #3; wording clarified, and requirement modified to not preclude the escrow of key by agents in addition to those required by these criteria.

Note: The September (and November) version of the criteria is available electronically at: http://csrc.nist.rip/keyrecovery/

11/6/95