- July 1, 1996
COMPUTER SECURITY GUIDE
Data-scrambling techniques protect confidentiality of information.
ryptography, the science of encoding messages, goes back to the time of the ancient Greeks. The Spartans substituted characters in text with other letters to keep correspondence secret. Similar techniques have been used throughout the years by soldiers and spies. Now the Information Age has ushered in sometimes controversial encryption techniques to protect the confidentiality and integrity of information distributed via computers.
Modern-day data-scrambling products use complex mathematical algorithms to translate digital files into unreadable code that only can be deciphered by those with appropriate decoding devices. Such encryption is critical for electronic commerce or for transmitting classified information over public networks.
Some encryption devices are hardware-based, such as Paralon's PathKey product or GTE and Cylink's InfoGuard asynchronous transfer mode cell encryptor. Software-based packages, such as Electronic Publishing Resources' DigiBox and IBM's Cryptolopes, can be used to protect digital copyrights.
Two types of technology exist for encoding transmissions: public-key and private-key encryption systems. With private-key encryption, both parties share one key - or mathematical value-for encryption and decryption. IBM's Data Encryption Standard, endorsed as a Federal Information Processing Standard in 1977, is the most popular algorithm for private-key encryption.
With public-key encryption, such as that sold by Mykotronx and RSA Data Security, each user holds a public key and a secret key. The Clinton Administration had wanted to make the public-key Escrowed Encryption Standard (EES) mandatory in the federal government. The technology, which uses the National Security Agency's classified Clipper algorithm, calls for special decoding chips to be installed in equipment. Each chip contains a Law Enforcement Access Field that enables intelligence and law-enforcement agencies to unscramble encrypted messages with keys held in escrow at the National Institute of Standards and Technology and the Treasury Department.
Critics have charged that EES makes it too easy for the government to play Big Brother and bills have been introduced to prohibit government-mandated encryption methods. A policy shift would enable agencies to use more encryption products embedded in popular commercial software.