Keys to the Code

hrough the decades of the Cold War, the Defense Department's National Security Agency was the government's most secretive organization. Responsible for keeping U.S. communications secure while eavesdropping on the nation's enemies and allies alike, NSA worked hard at maintaining a low profile. The few who knew about NSA and what it did joked privately that the acronym stood for "No Such Agency."

Times have changed. The Internet explosion has made the public very much aware that advanced computers are powerful tools, but vulnerable as well. How can you be sure that data entered on one end will reach its destination without an uninvited party taking a peek? With so much interest in networked information systems and how to keep them secure, NSA has made a concerted effort in recent years to be less secretive, to explain what it does and why.

But NSA's coming out has not been completely voluntary. In fact, the U.S. computer industry has all but shoved the agency into the open. Microsoft Corp. and others want to sell their most sophisticated information security products overseas. NSA, along with the FBI, has vigorously-and publicly-argued for limits on the strength of encryption programs that are exported.

For NSA and the FBI, the reasons for a cautious export policy are simple. Encryption used to be the exclusive domain of the national security community-NSA in particular. Now, however, the U.S. computer industry has no peer when it comes to developing strong encryption technologies, which allow information to be encoded in a way that only the intended recipient can decipher it.

Without limits, argue the two agencies, terrorists and rogue nations will be able to communicate unfettered, using encryption products developed in the United States. NSA's international code-breaking duties will be made all the more difficult. On the domestic front, the FBI fears the day when it legally seizes a terrorist's computer hard drive, but is unable to read the data stored on it.

"In a world where we've got ubiquitous, unbreakable encryption, which commercial encryption can be, it becomes impossible for law enforcement to function," warned Ed Appel, National Security Council director for counterintelligence programs, at an information technology conference earlier this year.

The administration put a new encryption export policy into effect Dec. 30. Outside government, almost no one is happy. Critics say the plan will cost U.S. computer firms billions of dollars in lost sales because the policy restricts what can be sold outside the United States. U.S. computer firms generate between 50 percent and 60 percent of their revenue from exports. "We're going to be exporting jobs, not cryptography," says D. James Bidzos, president of RSA Data Security Inc., a leading encryption technology firm based in Redwood, Calif.

Aside from the economic implications, opponents say, the policy smacks of a larger, more sinister government effort to clamp down on the free flow of information and represents a major expansion of the government's current wiretapping authority. In the name of national security, NSA and the FBI want to make sure the U.S. government's communications are secure-and that everyone else's, including the American public's, are less so. People are then expected to trust that the government will respect their privacy, critics charge.

"The ability to hear a specific phone conversation is not nearly as invasive as the ability to intercept, without notice or consent, the full panoply of life online, including health records, financial transactions, online entertainment, intimate letters, and conversations," says Jerry Berman, executive director of the Center for Democracy and Technology.

A Numbers Game

Understanding the pros and cons of a restrictive encryption export policy is not nearly as difficult as comprehending what encryption is and how it works.

Encryption products use complex mathematical formulas called algorithms that are combined with secret keys to scramble and unscramble information. The algorithm blends the key, which is a unique, randomly generated number stream, with the data that is to be protected. Encryption can be handled by computer software or hardware.

There are two types of encryption. Private key encryption requires the sender and the receiver to use the same key to encrypt and decrypt messages. This is the type of encryption used most often by the military. Private key encryption is, however, logistically clumsy. A sophisticated key management and distribution system is required to make sure the sender and recipient of the message have the same key while at the same time ensuring the keys don't fall into the wrong hands.

In the mid-1970s, communications took a giant leap forward with the advent of public key, or asymmetrical, encryption. Introduced by legendary cryptographers Whitfield Diffie and Martin Hellman, asymmetrical encryption involves two different keys, one for encryption and the other for decryption. The "public" key, used for encryption, can be kept available in an open directory; the private key is kept secret and used for decryption. So anyone can send a secret message by using the public key, but the message can only be decrypted and read by the receiver who holds the private key.

The security provided by an encryption system depends mainly on the quality of the algorithm and the length of the key. The U.S. Data Encryption Standard, the federally approved encryption algorithm used in millions of credit card and ATM transactions each day, employs a key that consists of 64 binary digits, or "bits." Of those 64 digits, 56 bits are generated and used directly by the algorithm. (The other eight bits are used for error detection.)

Although rapid advances in information technology have made the Data Encryption Standard a less secure system, the mathematics behind it are still imposing: There are 70 quadrillion-that's 70,000,000,000,000,000-possible keys of 56 bits, which makes guessing the key used for a particular transmission a time-consuming chore.

Keeping the Upper Hand

Sophisticated encryption products can offer enemies significant communications advantages, so the United States has treated encryption as a weapon and generally limited exports to systems using 40-bit keys. But with today's high-speed computers, 40-bit keys are all but useless, according to leading cryptographers whose findings were published by the Business Software Alliance in a 1996 report. Cryptosystems with 40-bit keys "offer virtually no protection at this point against brute force attacks," in which large numbers of computers are harnessed together in a concerted effort to break coded information, the experts found.

Under pressure from U.S. computer companies, the Clinton administration agreed last year to amend its encryption export regulations. The new policy, published in late December as an interim rule in the Federal Register, transferred jurisdiction for encryption export licenses from the State Department to the Commerce Department, meaning that commercial encryption products would no longer be considered weapons.

The policy would also allow encryption products of any algorithm and any key length to be exported, as long as those products incorporate controversial "key recovery" features.

Under a key recovery scheme, private encryption keys are registered with government-approved "trusted third parties" or "key recovery agents." With a court order, federal officials could quickly obtain a copy of the private key and decipher encoded information.

Encryption products up to 56-bits lacking key recovery features may be exported until January 1999, but the exporting company must commit to producing such features in the future. Computer firms would not be required to include key recovery in domestic products.

Administration officials view the new policy as a critical first step in dealing with the information age. As public key encryption becomes more prevalent, they say, there is a need for an international framework of people and systems that can generate, transport and store the keys used in the encryption process. Without such a key management infrastructure, people may not be sure who they are talking to, and whether the keys they are using are really secure.

William Crowell, NSA's deputy director, contends a good encryption algorithm is only part of the information security equation. Without a good key management infrastructure, an encryption algorithm's value "is comparable to that of a bank vault door on a cardboard box."

Make no mistake, however, NSA and the FBI view key recovery as an absolute must. In March testimony on Capitol Hill, Robert Litt, head of the Justice Department's criminal division, listed several recent cases in which encryption figured prominently. Aldrich Ames, the former CIA officer, was told by his Soviet handlers to encrypt the computer files he sent to them. Ramzi Yousef, convicted of conspiring to blow up 10 U.S.-owned airlines in Asia, and his cohorts apparently stored information about their terrorist plot in an encrypted computer file.

Shades of Orwell?

Despite the Clinton administration's security arguments, U.S. software manufacturers and many others aren't buying into the new policy.

Bruce Schneier of Counterpane
Systems, a computer security and cryptography consulting firm in Minneapolis, uses words like "Orwellian" to describe the policy. It is, he says, the latest in a
series of attempts by the administration to ensure its electronic surveillance
capabilities are not undercut by technological advances.

The American Civil Liberties Union contends the policy is an "irreparable
infringement" on First Amendment rights. Encryption is speech, the ACLU argued in comments sent to the Commerce Department earlier this year, and any efforts to restrict speech are
unconstitutional.

RSA's Bidzos, meanwhile, says the export policy will force U.S. companies to make products that overseas customers won't want. A foreign buyer, he argues, is unlikely to buy an encryption system that permits the U.S. government access to the decoding key. That buyer will look for products from other countries who don't mandate key recovery, thus allowing foreign competition to cut into a market the United States currently dominates.

"What if Japan had a policy that said computer security products may only be exported if the Japanese government is guaranteed access?" Bidzos said recently. "Would General Motors buy a computer security product from Toyota in that environment?"

So far, the administration is unfazed by the negative reactions. Indeed, government officials have proved adept at making their case, steering clear of the complex jargon that usually goes along with discussions over encryption.

In speeches and in testimony, Crowell frames the issues in plain language. To make the point that brute force assaults on encrypted messages are not really an option for law enforcement and national security officials, Crowell says it would take someone with 250 computer workstations 9 trillion times the age of the universe to decrypt a single message encoded with a 128-bit key. It would take 27 years to break a 56-bit key, he says. To avoid a terrorist incident or prepare evidence for trial, the government can't wait for years, or even months or days.

In a recent speech before the American Bar Association's Standing Committee on Law and National Security, NSA Director Lt. Gen. Kenneth Minihan insisted the administration's export strategy gives equal weight to public and private interests, a difficult balancing act.

"If we overemphasize the public interest, we risk a world with too much government, too much access, and too little security," Minihan said. "If we overemphasize the private interests, we risk a world with perhaps too many secrets. A world in which terrorists, organized crime, hackers and even other nations can acquire secure command and control capabilities formerly restricted to the advanced military forces of the world."

Although the encryption export policy is in effect, the debate rages on. Legislation pending in Congress would essentially reverse the administration's regulations, permitting U.S. companies far more leeway to ship encryption products overseas. And with American firms constantly achieving new breakthroughs in computing, it will become more and more difficult to maintain the balance between public and private interests.

It all seemed so much simpler decades ago. In 1929, President Hoover's secretary of state, Henry Stimson, upon learning that his agency was monitoring Japanese radio traffic, declared that all funding be cut off for such activities. "Gentlemen," Stimson sniffed, "do not read each other's mail."

Richard Lardner is general manager of Inside Washington Publishers' Defense Group.