Title: Under Secretary of Commerce for Technology Mary L. Good's Prepared Remarks of December 5, 1996 Note: The following are the prepared remarks of Under Secretary of Commerce for Technology, Dr. Mary L. Good for the first meeting of the Technical Advisory Committee to Develop a FIPS for the Federal Key Management Infrastructure. -------------------- Opening Address of the Technical Advisory Committee to Develop a Federal Information Processing Standard for the Federal Key Management Infrastructure Mary L. Good Under Secretary of Commerce for Technology December 5, 1996 Dallas, Texas (As Prepared for Delivery) Good morning. On behalf of Vice President Gore and Secretary of Commerce Kantor, I want to welcome you to this meeting which marks the beginning of what I believe is a unique -- and quite possibly historic -- undertaking. In establishing this Technical Advisory Committee to Develop a Federal Information Processing Standard for the Federal Key Management Infrastructure, Secretary Kantor -- in fact, all of the Administration -- saw a real opportunity to learn from those in the private sector who are working on the cutting edge. Our goal is very simple: to work together to develop potential technical solutions to a problem that we both are increasingly finding at doorsteps. This Administration, especially, is looking forward to your work in helping us address how the Federal government should best go about providing itself the ability to recover its own encryption keys. While stating our goal simply, I do not underestimate the challenge before you. The problem is not easy. As we all know, encryption, and the issue of key recovery, has been -- and I am quite sure will continue to be -- a contentious subject. But, keep in mind two very important contexts in which the Committee's activities take place. First, the issue of adequate and effective recovery of keys is an important piece of the puzzle that is emerging in both the public and private sectors in what is commonly called, the "Key Management Infrastructure." The lesson we have learned from past experiences is that for solutions to be viable, we must work closely with the private sector as new standards and technologies involving encryption -- and the recovery of keys -- evolve. For this reason alone, I am especially pleased to help kick-off this first meeting of the "Technical Advisory Committee." The second context is our nation's strategy for long-term economic growth. Your efforts do not take place in a vacuum; they will affect U.S. competitiveness and the ability of organizations and individuals to protect their sensitive information in what is increasingly a knowledge-based economy. They will also affect the global development of standards that will shape the world's market place. In my role at the Commerce Department, I focus on technologies and strategies to increase the competitiveness of American industry in the global marketplace. This includes, among many areas, promoting the sale of U.S. hardware and software, and the provision of globally available electronic services. Our commitment is to foster global electronic commerce in which all stakeholders have confidence. And, you all know that encryption will increasingly be a feature of these products and services. But, in many respects, we are only just now beginning to see how customer demand for security is leading to greater use of encryption and the inevitable challenges which will arise -- challenges like the one before this Committee. American industry and government must be able to protect itself, both at home and abroad, against threats to its sensitive business, government, and personal information -- and we can best address the challenges at hand if we work together to identify potential solutions. Protection of the critical assets of the Global Information Infrastructure will rely upon cryptographic technologies, particularly for digital signatures and encryption. This is certainly something about which I think we can all agree. Nevertheless, as has been the subject of much public debate, encryption can cause problems for both users and law enforcement, and you are all well aware that export controls are in place to help mitigate the negative effects of encryption on national security. Given that encryption will be used, we must ask: can we find an acceptable approach to key recovery that will minimize its potential risks? That is, in essence, the charge to the Committee. We are looking to members of the Committee to provide us with your best recommendations for developing a federal government standard for encryption key recovery, in whatever level of detail you can provide. We want to be able to follow industry's lead in this area, and have convened this Committee to help facilitate that. To help you in your work, and provide you a better understanding of the federal government's needs for this standard, we have asked various federal agencies to provide a liaison to this Committee. You will be able to hear various perspectives and the government's requirements for key recovery directly from these officials and interact with them directly as your work progresses. By bringing everyone together, we hope that the Committee will be able to weigh the various technical approaches and user requirements, and develop a consensus recommendation as to how we should proceed with a federal standard. In this regard, I think the Committee will function rather like a voluntary standards body. No particular constraints are placed on the technical approaches available to the Committee; we have laid out a very general charge which you will find in your materials, but are open to modifying it as necessary. The Committee is plowing new ground here, and we recognize the need for flexibility as we progress. Let me make one comment about the Committee's scope of work. If your effort is to be successful, I believe the Committee it needs to carefully focus its attention on the relevant question at hand. There are many issues regarding cryptography that are being examined by other groups in Washington and internationally; I note especially the work going on in the OECD. I encourage you to stick to the topic at hand, in order to make timely progress. Certainly, the various policy debates and Congressional activities are of interest to all of us and will no doubt arise in discussion -- frankly, it's a little hard to ignore them. But I would encourage you to keep in mind that we are looking for a technical recommendation to a technical standards challenge -- one that is important to both the public and private sectors, the emerging "Key Management Infrastructure," effective global commerce, and the customer in this particular case, the Federal government. So, the task at hand is to listen to the needs of your customers for key recovery, the needs of the federal agencies for key recovery, and draw upon your technical expertise to provide your best assistance in arriving at a standard that best meets those needs. Let me add a word here about the urgency of this task. In today's competitive economy, time is money. This is particularly true in the area of information technology, where rapid advances make "on the shelf equipment" almost obsolete overnight. So, it should come as no surprise to you -- and I hope you will agree -- that I believe this Committee should make every effort to get underway, organize the work, and proceed apace. Finally, let me extend my personal thanks to all of you for your willingness to assist us in this effort. Since we began forming this Committee, I have been particularly impressed by the qualifications of each of you who volunteered your service, whether from industry, academia, or the federal government. We will especially benefit from the diversity of sectors and representatives serving on the Committee -- hardware manufactures, software developers and distributors, systems integrators, security specialists, financial institutions, and the university community. Individually and collectively, you are a uniquely well qualified group to take on this work. I also want to recognize the members of the public who are also with us today -- I understand that you will have a chance to speak later in the Committee's agenda. I am also particularly grateful to Dr. Stephen Kent for his willingness to serve as Chairperson and lead this effort. I have every confidence that under his capable leadership and with the individual expertise and perspectives each of you bring to the table, the Committee will successfully complete its work. The Secretary and I look forward to hearing of your progress over the coming months. I will be with you through much of this afternoon, and I hope that I get a chance to visit with you. In the meantime, good luck.