Lesson 19:
Passwords, Privacy, Data Protection


              CLASSICAL CRYPTOGRAPHY COURSE
                        BY LANAKI

                    13 NOVEMBER 1996
                       Revision 0

                     COPYRIGHT 1996
                   ALL RIGHTS RESERVED

                       LECTURE 19


           PASSWORDS, PRIVACY, DATA PROTECTION



SUMMARY


For the last 18 lectures of our course, we have looked
at Classical Cryptography from the 'what' and 'how'
viewpoints.  We now look at the 'why' as pertains to
passwords, privacy issues, and legal aspects of business
and personal data protection. Cryptography is a common
security theme for each of these issues. We need to
expand our purview to modern or applied cryptography to
understand the importance and worldwide scope of
cryptography.

I will start with a presentation of Klein's excellent
work on password vulnerability.  [VACC]  We will look at
the issue of privacy - and the bundle of rights
associated with it.  [KENN], [HOFF], [ROSL] [HUTT]  We
will survey data protection legislation in the business
and personal arenas -especially E-Mail systems. [ICC],
[BIGE]  We will enter the labyrinth of the ITAR and find
that recreational and classical cryptography is exempt
from ITAR regulations on at least three counts.  [NIST],
[ITAR] Lastly, I will briefly survey some applied
cryptography themes.

PASSWORD VULNERABILITY

We remind ourselves that cryptography is the science of
secret writing.  Therefore, cryptography is used to
protect our vital datafiles and records. It is estimated
that more than 85% of all U.S. business, financial and
personal records are stored in computer systems.  We use
passwords (keywords) to enter the maze of security
levels to gain access to the various files, records,
programs that affect our daily lives.  These passwords
are cryptographically treated after they are presented
to the computer system and stored in that form.  Next
time you go to your favorite ATM machine, realize that
it is cryptography protecting yours and the banks money.
The principles that have been presented in this course
are used in the same manner on more rigorous algorithms
to provide cryptosecurity to modern day machines.

We live in an age of international - no boundary -
computer networks capable of performing huge amounts of
coordinated work to breach the security of our computer
systems and pry open the secrets of lives.  But how
secure are our systems by virtue of their encrypted
passwords?  What is the weak link of the cryptosystem -
the algorithm, the key or the key management?

Daniel V. Klein of LoneWolf Systems, Pittsburg, Pa.
performed a study in 1989 using data from clients in
both U.S. and Great Britain that would imply that the
key (password) and its management is the weak link. He
outlined some of the problems of current password
security and demonstrated the ease with which individual
accounts may be broken. [VACC]  Although his study
centered around the UNIX system, his results and
conclusions were most general in nature and can not be
ignored by users and system administrators of every type
of computer system in the country.

UNIX VULNERABILITY

Forgetting for the moment that CPU speeds, computer
architectures, and storage capabilities are more than 2
magnitudes of order faster and better in 1996 than what
was available when Klein's work was performed in 1989.
Klein was interested in the security of accounts and
passwords on the UNIX system.  Early Unix versions used
a password encryption algorithm based on the M-209 U.S.
Army cipher machine. The M-209 cipher machine exploits
many of the security features we have discussed under
aperiodic systems in Lecture 13.  On a PDP-11/70, each
encryption took approximately 1.25 ms, so that it was
possible to check 800 passwords per second.  Armed with
a dictionary of 250,000 words, crackers could compare
encryptions with all those stored in the password file
in a little more than 5 minutes. This was a security
hole that could be (and was exploited) on government and
non-government machines all over the country.

After 1976, versions of UNIX, DES (Data Encryption
Standard - to be discussed in a later lecture in detail)
was used to encrypt passwords.  The user's password was
used as the DES key, and the algorithm was used to
encrypt a constant. The algorithm was iterated 25 times,
with the results being an 11-character string plus a
2 character "salt." This method was more rigorous and
difficult to decrypt. It was complicated through the
introduction of one of 4,096 possible salt values and
was slower to execute than its predecessor.  On a VAX-II
machine, a single encryption required about 280 ms, so
that the determined cracker could only check about 3.6
encryptions per second. Checking the same 250,000 word
dictionary would take 19 hours of CPU time.  This
reduced the "payoff ratio" for cracking a single
password. Checking the passwords on a system with 50
accounts would take , on average, 40 CPU days because of
the random selection of salt values practically
guarantees that each user's password would be encrypted
with a different salt, with no guarantee of success.


In the last 5 years three developments have pushed the
problem of password security back into the forefront:

1. CPU speeds are lightning fast and readily available
   as desktop workstations.  Special boards can be made
   to optimize the password comparisons.
   With internetworking, many sites have hundreds of
   individual workstations connected together, and
   enterprising crackers are discovering that the
   "divide and conquer" algorithm can be extended to
   multiple processors, especially at night when those
   processors are not otherwise being used.

2. New implementations of the DES algorithm have been
   developed, so that the time it takes to encrypt a
   password and compare the encryption against the
   stored value in a password file has dropped below the
   1ms mark. Our 250,000 word dictionary can be
   processed in less than 5 minutes and by dividing the
   work across multiple workstations, the time required
   to encrypt these words against all 4,096 salt values
   is less than an hour. DES has been put into hardware
   implementation and the time for encryption is further
   reduced. This means the same dictionary can be
   cracked in only 1.5 seconds.

3. A study of passwords cracked showed that the user did
   not readily choose tough passwords but ones that he
   could remember. Furthermore, surveys show that the
   user is not concerned with system security but
   personal privacy. They are not aware that their
   terminal may become an entry point for a malicious
   cracker.

COLLECTION

Crackers have been using the same techniques for some
time to acquire the password files on UNIX and VAX
machines (all open system machines are susceptible):

1. They acquire a copy of the site's /etc/passwd file,
   either through an unprotected uucp link, well known
   holes in sendmail or via FTP or tpf or outright
   theft.

2. They apply the standard or sped up version of DES or
   the known password encryption algorithm to a
   collection of words, typically /usr/dict/words, plus
   some permutations on account and user names, and
   compare the encrypted results to those found in the
   purloined /etc/passwd file.

3. If a match is found (and often their are more than
   one), the cracker has access to the targeted machine.
   This modus operandi has been known for some time,
   defended, and still presents a viable alternative for
   the 'bad guys' for more than 50 per cent of the
   computers on the market.


KLEIN'S SURVEY

Klein built up a database of approximately 15,000
entries from U.S. and Great Britain of /etc/passwd
files in order to try to crack the passwords. Each of
the account entries was tested by a number of intrusion
strategies.  The possible passwords that were tried were
based on the users name or account number, taken from
numerous dictionaries (including some containing foreign
words, phrases, patterns of keys on the keyboard, and
enumerations) and from permutations and combinations of
words in those dictionaries.  After nearly 12 CPU-months
of rather exhaustive testing, approximately 25 percent
of the passwords have been guessed!  21 percent of the
passwords (nearly 3000 passwords) were guessed in the
first week and in the first 15 minutes of testing, 368
passwords (or 2.7 percent) had been cracked using what
experience had shown would be the most fruitful line of
attack (using the user or account names as passwords.)

These statistics are nothing less then frightening. On
an average system with 50 accounts in the /etc/passwd
file, one could expect the first account to be cracked
in under two minutes, with 5 to 15 accounts being
cracked by the end of the first day. Even though the
root account might not be cracked, all it takes is one
account being compromised for the cracker to have a
toehold in the system. After that is done, any number of
other well-known security loopholes ( many of which are
published on the network) can be used to access or
destroy any information on the machine.

The results did not indicate what all the uncracked
passwords were. Rather it showed that users are likely
to use words that are familiar to them as their
passwords.  What new information it did provide,
however, was the degree of vulnerability of the systems
in question, as well as developing a basis for a
proactive password checker. Passwords that can be
derived from a dictionary are clearly a bad idea.
There are hackers and companies in the business of
developing this line of attack on computer systems.
I recently downloaded some files in Russian from a
site in Moscow that would indicate that others have
known this principle too.





SAFE PASSWORDS?

Klein found three classes of 'safer' passwords. One
class of more secure passwords was the word pair, where
the password consists of two words, separated by a
punctuation character. Compuserve uses this technique
for their CIS network, but relies on too few punctuation
marks too make this an effective deterrent to the clever
cracker.  Even considering words of only 3 - 5 lowercase
characters, /usr/dict/words provide 3000 words for
pairing. When a single intermediate punctuation
character is introduced, the resulting sample size of
90,000,000 possible passwords is, in theory, rather
daunting.

We know from our course that this is not true.  Cipher
text patterns carry through and are recognizable when
using a known algorithm. The 'key space' that must be
tested is substantially smaller with a smart dictionary
of targeted information.  A 'smart' brute force attack
will be effective against the fixed length of the
password, especially if the number of salt values and/or
the number of punctuation marks are limited.

A second type of password introduces upper and lowercase
characters into the password to raise the search set
size to a magnitude that is more difficult to crack.

The third safe password is one constructed from the
initial letters of any easily remembered, but not
common, phrase. For example, the phrase "UNIX is a
trademark of Bell Laboratories" could give rise to the
password UiatoBL. This essentially creates a password
that is a random string of upper and lowercase letters.
Exhaustively searching this list at 1,000 tests per
second with only 7-character passwords would require
about 32 CPU-years - a very difficult task.

METHOD OF ATTACK

A number of techniques were used on the accounts in
order to determine whether the passwords used for them
could be compromised. To speed up the testing, Klein
grouped all passwords with the same salt value together.
This way, one encryption per password per salt value
could be performed, with multiple string comparisons to
test for matches. Rather than 15,000 accounts, the
problem was reduced to 4,000 salt values. [VACC]

The password tests were as follows:

1. Name Variations

     Try using the users name, initials, account name,
     and other relevant personal information as a
     possible password.  All in all, up to 130 different
     passwords were tried, based on this information.

     For the account name klone with a user named "David
     V.  Klein," some of the password tried were: klone,
     klone0, klone1, klone123, dvk, dvkdvk, dklein,
     Dklein, leinad, nielk, dvklein, danielk, DvkkD,
     DANIEL-KLEIN, (klone), KleinD, and so on.

2. Dictionaries

     Try using words from various dictionaries. These
     included lists of women's and men's names (some
     16,000 in all); places (including permutations, so
     that "spain," "spanish," and "spaniard" would be
     considered); names of famous people; cartoons and
     cartoon characters; titles, characters and
     locations of films and science fiction stories;
     mythical creatures (garnered from Bulfinch's
     mythology and dictionaries of mythical beasts);
     sports (including team names, nicknames, and
     specialized terms); numbers both as numerals -
     "2001" and written out - "twelve"); strings of
     letters and numbers ("a", "aa," "aaa," and so on);
     Chinese syllables (from the Pinyin Romanization of
     Chinese, an international standard system of
     writing Chinese on an English keyboard); the King
     James Bible; biological terms; common and vulgar
     phrases (such as "ibmsux" and "deadhead"); keyboard
     patterns (such as "QWERTY", "asdf" and "zxcvbn");
     abbreviations (such as "roygbiv" - the colors in
     the rainbow, and "ooottafagvah" - a mnemonic for
     remembering the 12 cranial nerves); machine names
     (acquired from the /etc/hosts); characters, plays,
     and locations from Shakespeare; common Yiddish
     words; the names of asteroids;  and a collection of
     words from various published technical papers.
     60,000 separate words were considered per user (
     with the inter and intradictionary duplicates being
     discarded.

3. Permutations of Item 2

     Try various permutations on the words from step 2.
     Make the first letter uppercase or a control
     character, make the entire word uppercase,
     reversing the word(with and without the capital-
     ization), changing the letter o to the digit 0, so
     the word scholar becomes sch0lar, performing
     similar manipulations on letter z to digit 2,
     letter s to digit 5.  Make the word plural, so
     dress becomes dresses. Add suffixes of -ed -er -ing
     to transform words like phase to phased. These 14
     to 17 additional tests per word added another
     1,000,000 words to the list of possible passwords
     that were tested for each user.

4. Capitalization

     Try various capitalization permutations on the
     words in step 2.  This included all single-letter
     capitalization permutations (so that michael would
     be checked as mIchael, miChael, and so forth,)
     double letter capitalization (MicHael) and triple
     letter capitalization (MIchAel). This added 400,000
     more words to be tested for single-letter,
     1,500,000 for double-letter and 3,000,000 more
     words for three-letter capitalization checks.

5. Foreign Words

     Try foreign words on foreign language users. Klein
     used Chinese words on users with Chinese names.
     Klein made exhaustive one-,two-,three syllable word
     tests on all 398 Chinese symbols for about
     16,158,404 additional tests.

6. Word Pairs.

     Try word pairs. The magnitude of this test was
     staggering. Klein simplified the test to include
     words three and four characters in length from
     usr/dict/words. The number of words was order of
     magnitude 10**7 X 4096 possible salt values.

Klein used four linked DECstation 3100's to perform 3000
comparisons a second. The study ran for 20 CPU-months.
The bulk of the effort was complete in the first 12 CPU-
months.


SUMMARY OF RESULTS

The problem with using passwords that are derived
directly from obvious words is that when users think
"Hah, no one will ever guess this permutation," they are
invariably wrong. Klein found a match on the "fylgjas,"
(guardian creature from Norse mythology. No matter what
words or permutations thereof are chosen for a password,
if they exist in some dictionary, they are susceptible
to direct cracking.  Table 19-1 shows the breakdown of
passwords cracked in a sample size of 13,797 accounts.

Klein suggests four solutions for the 'key challenge':
1) use a proactive password checker; 2) eradicate easy-
to- guess passwords ( the user will normally defeat this
approach); 3) Assign passwords - nonsense words or
random characters (the user dislike this approach also);
and 4) use smart cards which respond to electronic
challenges from the computer security system.










                             TABLE 19-1


         Passwords Cracked for Sample Set of 13,797 Accounts

Type       Dictionary Duplicates  Search  Number   Percent  Cost
of         Size       Eliminated  Size    of       of       Benefit
Password                                  Matches  Total    Ratio
--------------------------------------------------------------------
User/
Account    130+          -        130     368      2.7%      2.830
Name
--------------------------------------------------------------------
Character
Sequences  866           0        866      22      0.2%     0.025
--------------------------------------------------------------------
Numbers    450          23        427       9      0.1%     0.021
--------------------------------------------------------------------
Chinese    398           6        392      56      0.4%     0.143
--------------------------------------------------------------------
Place
Names      665          37        628      82      0.6%     0.131
--------------------------------------------------------------------
Common   2,268          29       2,239    548      4.0%     0.245
Names
--------------------------------------------------------------------
Female
Names    4,955         675       4,280    161      1.2%     0.038
--------------------------------------------------------------------
Male
Names    3,901        1,035      2,866    140      1.0%     0.049
--------------------------------------------------------------------
Uncomm-
on       5,559          604      4,955    130      0.0%     0.026
Names
--------------------------------------------------------------------
Myths
and      1,357          111      1,246     66      0.5%     0.053
Legends
--------------------------------------------------------------------
Shakes-
pearean    650          177        473     11      0.1%     0.023
--------------------------------------------------------------------
Sports
Terms      247            9        238     32      0.2%     0.134
--------------------------------------------------------------------
Science
Fiction    772           81        691     59      0.4%     0.085
--------------------------------------------------------------------
Movies
and
Actors     118           19         99     12      0.1%     0.121
--------------------------------------------------------------------
Cartoons   133           41         92      9      0.1%     0.098
--------------------------------------------------------------------
Famous
People     509          219        290     55      0.4%     0.190
--------------------------------------------------------------------
Phrases
and
Patterns   998           65        933    253      1.8%    0.271
--------------------------------------------------------------------
Surnames   160          127         33      9      0.1%    0.273
--------------------------------------------------------------------
Biology     59            1         58      1      0.0%    0.017
--------------------------------------------------------------------
/usr/
dict/
words    24,474        4,791    19,683   1,027     7.4%    0.052
--------------------------------------------------------------------
Machine
Names    12,983        3,965     9,018     132     1.0%    0.015
--------------------------------------------------------------------
Mnemonics    14            0        14       2     0.0%    0.143
--------------------------------------------------------------------
King
James
Bible    13,062        5,537     7,525      83     0.6%    0.011
--------------------------------------------------------------------
Misc
Words     8,146        4,934     3,212      54     0.4%    0.017
--------------------------------------------------------------------
Yiddish
Words        69           13        56       0     0.0%    0.000
--------------------------------------------------------------------
Asteroids 3,459        1,052     2,407      19     0.1%    0.007
--------------------------------------------------------------------
Total    86,280       23,553    62,727   3,340    24.2%    0.053



Table Notes

1.  The number of matches is the total number of matches
    given for the particular dictionary, irrespective of
    the number of permutations that user applied to it.

2.  Duplicate names were eliminated.

3.  In all cases, the cost/benefit ratio is the number
    of matches divided by the search size.  The more
    words that needed to be tested for a match, the
    lower the cost/benefit ratio.

4.  The dictionary used for user/account names checks
    naturally changed for each user. Up to 130 different
    permutations were tried for each.

5.  Although monosyllabic Chinese passwords were tried
    for all users (with 12 matches) polysyllabic
    Chinese passwords were tried only for users with
    Chinese names. The percentage of matches was 8.0% -
    a greater hit ratio than any other method but the
    dictionary size is 16 X 10**6, though, and the
    cost/benefit ratio is infinitesimal.

Klein's work is a professional success - if we are in
the cracking business and a disheartening insight if you
are in the security business.

The total size of the dictionary was only 62,727 words
(not counting various permutations). This is much
smaller than the 250,000-word dictionary postulated at
the beginning of this lecture.  Yet armed with even this
small dictionary, nearly 25% of the passwords were
cracked.  It is easy to see how a professional
organization could increase the dictionary and funding
on the machinery and up the cost/benefit ratio
significantly.


Table 19-2 shows the length of the cracked passwords.



                       TABLE 19-2

Length             Count           Percentage
------------------------------------------------
1 Character           4              0.1%
------------------------------------------------
2 Characters          5              0.2%
------------------------------------------------
3 Characters         66              2.0%
------------------------------------------------
4 Characters        188              5.7%
------------------------------------------------
5 Characters        317              9.5%
------------------------------------------------
6 Characters       1160             34.7%
------------------------------------------------
7 Characters        813             24.4%
------------------------------------------------
8 Characters        780             23.4%
------------------------------------------------


The results of the word-pair tests are not included in
either of the two tables. They represent another 0.4%
of the passwords cracked in the sample.



PRIVACY REFERENCES/RESOURCES

When I started my research on this topic, I thought that
there would be a lot of well-organized material
available. In my opinion, only the first part of this
wish was true.  There a fair amount of history, an
exciting growth of technology and a legal system that
can not keep pace with the issues that have arisen
because of the new technology. It would seem that only
the money interests have been able to present their
cases in the priority list.  However, there is plenty of
excellent material to work with.

Lance Rose gives a reasonable description of the laws
applying to systems operators and on-line owners. [ROSL]
Lance J. Hoffman has edited a superior group of papers
which define some of the sides of the cryptographic
debate. [HOFF]  Professor Chandler, et. al. in
cooperation with Martin Marietta Energy Systems, Inc.
have produced a strong review of the U.S. Laws,
Regulations, and Case Law pertaining to commercial
encryption products. [CHAN]  Charles E. H. Franklin
has edited the summary work by ICC on business and
private data protection legislation - worldwide. [ICC]

The National Computer Association has 21 proactive
forums devoted to current computer security, encryption,
privacy, government and civil liberties, legal and other
issues.  Hult et. al. have produced the definitive
Computer Security Handbook; of special value is
Professor Robert P. Bigelow's treatment of privacy laws
and Dr. Diane E. Levine's treatment of data encryption.

Professor Bigelow discusses the legal aspects of
computer privacy in the U.S. He covers a wide variety of
topics: databases, state laws, 'The Public's Attitude',
the Privacy Act of 1974, social security laws, The
Computer Matching Act, Internal Revenue Service, privacy
studies, employee privacy -drug testing and E-mail
systems, monitoring and surveillance, taxpayer privacy,
telecommunications privacy, and caller ID to name just a
few. [HUTT], [BIGE]

John Vacca and Derek Atkins, et. al. have produced two
of the best internet security books.  [VACC], [NEWR]
Bruce Schneier has produced the modern reference on
professional cryptography algorithms.  [SCH2] But James
Nechvatal's State of the Art Survey on Public-Key
Cryptography for NIST and NCSL is terrific.  [NIST90].
Privacy Law and Practice, a three volume treatise edited
by Professor George Trubow of John Marshall Law School,
is probably the leading source in the United states.
ACA's RENARD is a contributor and a very modest expert
in the field of intellectual property rights law.  NCSA
provides an up to date source of information on the
encryption legislation. Appendix 2 gives two of the most
recent issues of interest: the Bernstein Case and the 56
bit key recovery proposal by the White House.  There are
other organizations like ACLU, EFF, EPIC and EDUPAGE
that update the net regularly regarding privacy. Any
netbrowser will find them.  Don't forget that the
government agencies CIA, NSA, DIA, DOD all have home
pages as does the White House and various government-
wide security consultants like SAIC.






INTRODUCTION TO PRIVACY ISSUES

Cryptography permits the private citizen to keep his
life private.  The national debate over cryptographic
policy was captured by a speech delivered well before
the personal computer was ever invented.  In April,
1968, Thomas J. Watson Jr., Chairman of the Board of
IBM, was discussing privacy in computer systems in an
address to the Commonwealth Club of California.

"... the problem of privacy in the end is nothing more
and nothing less than the root problem of the relation
of each one of us to our fellow men.

      What belongs to the citizen alone?

      What belongs to society?

      Those, at bottom, are the questions we face -
      timeless questions on the nature and place and
      destiny of man..."

These questions work equally well for cryptography.

Professor Robert P. Bigelow says that "we have computer
security to protect us from people and people to protect
us from computers."  [HUTT]  Caroline Kennedy points out
that the word "privacy" does not appear in the United
States Constitution. Yet ask anyone and they will tell
you that they have a fundamental right to privacy.  They
will also tell you that privacy is under siege.  [KENN]
Professor Hoffman explains that the notion of privacy
developed by the Courts grew as a natural process in
support of the Bill Of Rights.

The notion that information can be kept secret to any
degree vanished with the no territorial limits of
cyberspace.  Most important, computers assure that
whatever is out there is assessable. No more roaming
file-to-file. A kid can get in an access your
information. What's more, because information exists in
cyberspace rather than real space, it can be stolen
"copied" without your knowing it. And someday soon,
the whole universe of information about you -credit
report, insurance records, medical history, employment
history, you-name-it may be recorded on "smart cards"
that will fit in your wallet. Brave New World surpassed.

Perhaps the biggest threat to our privacy comes in the
area know as "information privacy." Information about
all of us is collected not only by the old standbys, the
IRS and FBI, but also by the MIB, NCOA, and NCIC, as
well as credit bureaus, credit unions, credit card
companies, mortgagers, banks and employers. We now have
cellular phones, (not cordless or real phones), E-mail,
Fax, voice mail, talking cars, talking elevators, and
even junk mail on something called the Internet.
Computers have changed our notion of privacy.


MIB

Actually , there has always been a lot of personal
information about ourselves 'out there' but it was the
computer that made this information readily available.
The chip can store whole books of information for a very
long time. The kinds of data are endless (and market-
able. )  Your medical history is likely to be in your
doctors files, insurance companies files, laboratory
files, and possibly the Medical Information Bureau (MIB)
which collects medical data on some 15 million Americans
and makes it available to insurance companies. [KENN]

NCOA

When you fill out a change-of-address card, the U.S.
Post Office adds the information to its National Change
Of Address (NCOA) database. The Post Office then
helpfully passes on the list to list brokers, who
license the information to certain direct marketers.

NCIC

The National Crime Information Center (NCIC) database
contains over 23 million records identifying people and
vehicles sought by the police. NCIC information is
available by computer to approximately 71,000 local,
state, and federal agencies across the country.

The above are just three examples of the more than 2000
databases that destroy our collective privacy.  The
Internet is a global network of databases. Our personal
profiles are so complete and available, it is like
having another self living in a parallel dimension; its
a self you can't see, but effects your life just the
same. Even if you don't own a computer, you have joined
the revolution.

>From the privacy point of view, we are in the most
unsettling period in this revolution.  Technology is way
ahead of the laws. Those well versed in computers
already protect their communications with encryption.
Many corporations do the same.  For every means to
secure privacy, we have generated methods to invade it.

The government (especially the FBI) is concerned that if
criminals begin communicated electronically and
scrambling their messages with cryptography, police
cannot just tap in (like the wiretaps used against
organized crime.) The government's solution was to come
up with Clipper Chip, an approved method of encryption
that requires trusted key escrow and permits law
enforcement to decode with a warrant and then make the
methodology standard in the industry. Privacy advocates
are not happy, nor software companies, nor civil
libertarians and Internet freedom advocates.


The animating principle of cyberspace is the free flow
of information. It is the ultimate democracy, where
principles of open records and unfettered speech
prevail. This presents a problem to law enforcement,
national security interests and intelligence operations.

PRIVACY AND OTHER PERSONAL RIGHTS

The law of privacy originally developed as a protection
against individuals private affairs being reported in
the press and against the exploitation of their names
and pictures for advertising purposes. [HUTT], [BIGE]

The concept of computer informational privacy developed
quickly after a proposal by the Bureau of the Budget
(circa 1965) to establish a Federal Data Center to
receive and store machine readable data in the
possession of many branches of the federal government -
approximately 30,000 computer tapes and 100 million
punched cards.  Congress at that time represented the
people fairly well. There reaction was to hold hearings
on whether such a center could protect individual
privacy, since information from the IRS, the Census, the
Bureau of Labor Statistics and Social Security might all
be included.

Thomas J. Watson, Jr. then Chairman of the board of IBM
(the major player in the field for many years) stated:

" Today the Internal Revenue Services has our tax
returns. The Social Security Administration keeps a
running record on our jobs and our families. The
Veterans Administration has medical records on many of
us, and the Pentagon our records of military service.
So in this scatteration lies our protection. But put
everything in one place, computerize it, and add to it
without limit, and a thieving electronic blackmailer
would have just one electronic safe to crack to get a
victims complete dossier, tough as that job may be. And
a malevolent Big Brother would not even have to do that:
he could sit in his office, punch a few keys and arm
himself with all he needed to know to crush any citizen
who threatened his power. Therefore, along with the
bugged olive in the martini, the psychological tests,
and the spiked microphone, the critics have seen "data
surveillance" as an ultimate destroyer of the individual
American citizen's right to privacy- his right to call
his soul his own. "

Think about the abuses of this type of power under
Nixon; the hackers who can develop a detailed dossier on
you within minutes by phone and modem; the new crime of
stealing your "virtual" identity and charging thousands
of dollars against your 'new' account at some immediate
credit stores. Can you see where encryption would hinder
this process abuse?


The public's concern with privacy has been rising
steadily over the years.  A Lou Harris poll on Americans
concern about threats to personal privacy found that in
1970 34 percent were concerned. By 1993 83 percent were
very concerned. [Privacy and American Business, October
1993, p3.]


THE FEDERAL PRIVACY ACT

Opposition to the federal data bank, spearheaded by IBM,
was responsible for the fact that we do not have such a
database (per se) today.  With the help of under
secretaries Elliot L. Richardson and Casper Weinberger
of HEW, and sponsored by Senator Ervin of Watergate
fame, and signed by President Ford on 1 January, 1975,
The Privacy Act of 1974, P.L. 93-579 became law.

There is a basic rule that government files are open to
the public, unless there is a specific reason, enacted
by the legislature, saying that certain files are not
available. At the federal level, this principle is
demonstrated by the Freedom Of Information Act (FOIA)
5 U.S.C. sec. 552, under which a citizen or organization
can obtain most governmental records.  The Privacy Act,
most of which is codified at 5 U.S.C. sec 552a, applies
only to records maintained by certain branches of the
federal government, specifically executive departments,
independent regulatory agencies, government
corporations, and government-controlled corporations
such as the Federal Reserve Banks. It is not applicable
to Congress (of course) or to the District of Columbia.
When corporations do business under federal agency
contracts, the contractors employees are subject to the
same rules under the Privacy Act, including criminal
penalties for failure to comply with the act.

The act defines a "record" that is subject to it very
broadly:

"Any item, collection, or grouping of information about
an individual that is maintained by an agency,including,
but not limited to , his education, financial
transactions, medical history, and criminal or
employment history and that contains his name, or
identifying number, symbol, or other identifying
particular assigned to the individual, such as a finger
or a voice print or a photograph."

Agencies can maintain information about individuals only
when it is relevant and necessary to accomplish the
agency's purpose. The act prohibits the disclosure of
any record except within the agency maintaining it
unless the individual makes a written request for the
data; there are exceptions. The agency must give public
notice of the existence of each record system, (The 1993
listing of records systems of just the DOD consumed 935
pages of the Federal Register.) including any proposal
to match the record against those of another federal or
state agency, keep track of certain disclosures, and
establish rules of conduct for those who design, and
operate the systems.  [58 Fed Reg.  10002-10935, 22
February 1993]  [The Computer Matching and Privacy Act
of 1988, P.L. 100-503, added subsections (0) to 5 U.S.C.
sec.  552a.]

The act also states:

"{agency must} establish appropriate administrative,
technical, and physical safeguards to ensure the
security and confidentiality of records and to protect
against any anticipated threats or hazards to their
security or integrity which could result in substantial
harm, embarrassment, inconvenience, or unfairness to any
individual on whom information is maintained."
[subsection (e)(10)]   [HUTT]

Investigative records maintained by CIA, FBI and other
law enforcement agencies as well as national defense
secrets are completely except from the act's operation.

If an individual proves that an agency intentionally or
willfully violated the Privacy Act, fines up to $5,000
per individual violation may be recovered as damages.

The act also established specific rules prohibiting any
federal, state or local governmental agency from denying
an individual benefits or privileges because he/she
refused to disclose a Social Security Number. [P.L. 93-
579, sec. 7. requires the governmental agency asking for
the SSN to "inform that individual whether that
disclosure is mandatory or voluntary, by what statutory
or other authority such number is solicited, and what
uses will be made of it."]  This also shows what
significance is put on the SSN as a entry key to most
federal databases. It also gives you the prime target of
data or ID thieves.  A effective countermeasure would be
to encrypt the information.  The notable exception to
the rule is the requirement for SSN's for drivers
licenses.

Out of this act has come a Privacy Protection Commission
to make recommendations to Congress. (most not passed!)
and an outgrowth called privacy implications of the
National Information Infrastructure Superhighway system.
Vice President Al Gore is currently leading the charge
on this one. The OMB has published an interesting
report on protecting intellectual property and privacy
called "National Information Infrastructure:Draft
Principles for Providing and Using Personal Information
and Commentary," 60 Fed. Reg. 4362, 20 January, 1995.

STATE ACTS AND REGULATIONS

Like the FOIA, most states have Public Records Acts
modelled after it and whose basic thrust is to make all
records available to the citizen, subject to exceptions
for law enforcement, trade secrets, and the like.
Several states have enacted Fair Information Practices
Acts regulating the information that state agencies
could maintain about individuals. several states have
enacted Uniform Information Practices Code and one
municipality, Berkeley, California has enacted a
citywide ordinance on privacy.

EMPLOYEE RIGHTS

In addition to the legal protections against discrim-
ination available to all employees, and the right to
advance warning in layoff situations, serious problems
have arisen from electronic E-Mail and drug testing.
With respect to E-mail ( hence a push for PGP and PEM
cryptosystems to protect the mail) invasion of privacy
claims for employees have been for the most part
unsuccessful.  Drug testing suits have been partially
successful against the employer.

INTERNATIONAL PRIVACY

A number of European countries also have privacy acts
covering both governmental and private corporate
records. Most of the laws apply to computerized data
banks, which must be licensed by a governmental
authority.

The rules of disclosure are quite strict, and there are
particular prohibitions against the transfer of
information in these databanks across national
boundaries. [ICC: this reference is the 'bible' of
business and data protection legal requirements in
foreign countries.]

A DEEPER LOOK AT ELECTRONIC MAIL

Federal law prohibits the intentional interception of
wire, oral or electronic communications. This does not,
however, require that telephone companies offering
cellular service provide for the encryption of such
conversations, even though they can be intercepted.
[Shubert v Metrophone, Inc., 898 F. 2d 401 (3d Cir
1990)]  The Electronic Communications Privacy Act of
1980, (47 U.S.C. 551)  is strictly interpreted; in one
case the disclosure by an attorney to the district
attorney and to the court of illegal acts of police
officers, as shown by their intercepted telephone calls,
resulted in his being fined $20,000. [Rodgers v Wood.
910F. 2d 444 (7th Cir. 1990)]

It is not yet clear whether this law applies to the
intentional reading by those in control of a bulletin
board or a company's electronic mail of the messages
sent over the system.  In Thompson v Predaina [S.D.
Indiana, #88-93C, dismissed voluntarily August 10, 1988]
plaintiff, a law student, alleged that the defendant, a
bulletin board operator, saved and distributed messages
that the plaintiff had ordered deleted. The complaint
includes counts under 18 U.S.C. 2520 and 2707. [Detail
analysis 41 Fed Comm. L.J. 17 (November 1988)] It has
been held that the operator of an electronic bulletin
board is not liable for defamation absent actual
knowledge of the allegedly defamatory statement. [Cubby
v Compuserve, Inc. F. Supp. 3 CCH Comp. Cas. para 46,547
(S.D.N.Y. 1991)]

In March 1990 Alana Shoars sued her former employer,
Epson America, alleging that her supervisor read and
printed out her electronic mail (and that of other
employees), and she was fired when she complained. A
class action suit was filed in July, 1990.  [The damages
were $75,000,000. The case was widely covered in the
trade press. see BIGE or HUTT]. A similar action against
Nissan was file in January, 1991  and a suit has been
filed against the FBI to determine whether it is
monitoring the bulletin boards of political organ-
izations.  [HUTT]  Suit has been threatened against the
Prodigy network as a bulletin board to complain against
the rate increase to cover monitoring of offensive
language and denial of service to those who use it or
send insults.


DATA PROTECTION AND DATA ENCRYPTION: A VIEW OF MODERN
CHALLENGES


The previous section on E-Mail shows that people get
angry when their mail is intercepted - who owns the mail
system or on-line service doesn't matter. It is not
surprising that encryption of E-Mail has grown to major
proportions.  With the advent of the computer and
telecommunications, the most effective means of
secreting messages is through the use of cryptology or a
cryptosystem. We know that. We have studied classical
cryptosystems for the last several months. The focus has
been on private key (password; keyword) systems. These
are also known as symmetric key or private key systems.

Trusted Information Systems

Cryptography is big business. Trusted Information
Systems (TIS) conducted a survey of companies making
products that employ cryptography both within and
outside the U.S.  Appendix 1 presents companies and
countries reported in their survey as of June 1996.  TIS
identified 1262 products worldwide. The TIS survey is
summarized by company and location.

The detailed products listing and company contact
information may be found at:

          http://www.tis.com/crypto/


This is not a static list. TIS updates it weekly. I read
in the (11 November 1996) Edupage that Phelps Dodge
plans to market in Japan a scrambler/decoder that works
on 128 bit keys. Since 40 bits is the maximum (56 bits
under the temporary position of the White House
proposal) under ITAR regulations, and the government
supports a trusted third party key escrow via the
Clipper chip, I suspect that Phelps may have a challenge
on its hands.  Since I have brought up the subject of
ITAR, lets take a brief side trip.


CLASSICAL CRYPTOGRAPHY / RECREATIONAL CRYPTOGRAPHY

The U.S. International Trade in Arms Regulations (ITAR)

All modern cryptography is subject to the famous ITAR
regulations that put cryptography on the munitions list
and requiring licensing prior to export. A license is
required regardless of the manner in which the technical
data is transmitted, whether the transfer is in person,
by telephone, through correspondence or electronically.
[22 C.F.R. para 125.2] Appendix 3 presents some of the
pertinent sections.  The entire ITAR file of 125 pages
has been transmitted to the Crypto Drop Box for the
student to download.  Appendices 2 and 4 illustrate
current issues in the debate about modern cryptography.
The export license is required for the export of
unclassified technical data. Category XIII (b) 1 of the
Munitions Control List covers cryptographic equipment.

ITAR EXCEPTIONS

ITAR govern what products can and cannot be subjected to
export controls. These regulations clearly define a set
of conditions in which information considered to be in
the "public domain" can not be subject to these
controls. In the ITAR itself, public domain is defined
as information published and that is generally
accessible or available to the public:

o  through sales at bookstores

o  at libraries

o  through patents available at the patent office, and

o  through public release in any form after approval by
   the cognizant U.S. Government department or agency.

Recreational and Classical Cryptography, i.e. everything
taught in my class, falls under the first two and last
exception to the ITAR regulations.      [ITAR], [HOFF]







PURPOSE OF ENCRYPTION

Recall from Lecture 1 that in a cryptosystem plaintext
is acted upon by a known algorithm (set of mathematical
rules to determine the transformation process to cipher-
text) and a key which controls the encryption / decrypt-
ion algorithm to transform the data into cipher-text.
In a system using a key, the message cannot be trans-
formed without the key. Two types of key systems exist:
symmetric or private key systems and asymmetric, or
public key systems.

The basic purpose of encryption (beyond enjoyment for
some of us as in ACA recreational cryptography) is to
protect sensitive data from unauthorized disclosure.
When computer systems are involved, this data can be
data stored within the system or data transmitted across
insecure public carriers.

A sender authorizes a transmission medium to carry a
message to a receiver. The message is exposed during the
transmittal and subject to possible eavesdropping and
/or alteration. Any intruder who intercepts the message
might be able to interrupt it or modify it (which
includes possibly fabricating a false but authentic -
looking message.)

The availability of the message is affected if the
intruder successfully interrupts the transmission. The
confidentiality, or secrecy, of the message is affected
when it is intercepted because the intruder can read it,
know its intentions, plan countermeasures or modify the
message for his own advantage. If the authentic- looking
but false message is successful substituted, then we
have an integrity issues as well.

Modern encryption methods are used to prevent the
exposures previously defined and offer desirable
features such as:

Data Confidentiality, or Secrecy, since messages must be
decrypted in order for information to be understood.

Data Integrity because some algorithms additional
protect against forgery or tampering.

Authentication of Message Originator, if the key has not
been compromised and remains secret.

Authentication of System User takes place by the user
performing a cryptographic function with a unique
cryptographic key.

Electronic Certification and Digital Signature, using
cryptographic algorithms to protect against unauthorized
modification and forgery of electronic documents.


Nonrepudiation, using secret key where either the sender
alone or only the sender and recipient can generate
"signed" messages. This is very important in the making
of electronic contracts.


MODERN CRYPTOGRAPHY: USING PRIVATE AND PUBLIC
CRYPTOGRAPHIC KEYS

Classical Cryptography Course, Volume I and II con-
centrate on symmetric ciphers of increasing levels of
difficulty.  The two basic types of encryption are
substitution and transposition. We have studied cases
where both are applied to the cipher to increase its
security.

Most complex ciphers do not use either simple
substitutions or permutations (transpositions), relying
instead on a secret key (K) which controls a long
sequence of complicated substitutions and permutations.
The ciphertext message then depends on both the
plaintext message and the key value, as demonstrated by
equation 1:


                 C = E(K, P)               eq. 1

The key (K) modifies the specific encryption algorithm
(E), which is then applied to transform the plaintext
(P) into ciphertext (encrypted message) (C).

Use of a key provides additional security because its
value, as well as the encryption algorithm, is required
in order to decrypt information. Two types of systems
use keys: private key and public key systems.

Private key systems (symmetric) use a single key to both
encrypt and decrypt information. A separate key is
needed for each pair of users. Security depends on
protection and secrecy of the key. The best known
private key system is the Data Encryption Standard,
first introduced to the public in 1977.

Public key systems, (asymmetric) or two-key, systems use
a public and a private key. The public key is publicly
known, even published, but the user must keep the
private key completely secret. The best known public key
system is the Rivest, Shamir, and Adelman (RSA)
algorithm.

In public key systems, the public and private keys are
mathematically related.  Messages may be encrypted with
the public key, but only can be decrypted by the
recipient using the private key. great care must be
exerted in protecting the keys because we always assume
that the algorithm is known to a system perpetrator.


DATA ENCRYPTION STANDARD (DES)

DES is a private key 56-bit algorithm. The DES algorithm
is published by the National Institute of Standards and
Technology as Federal Information Processing Standard
(FIPS) 46-2. (download from our CDB) It is the only
published secret key system approved for protection of
Federal unclassified information and adopted by
American National Standards Institute (ANSI) for
commercial applications.  In 1986, the ISO organization
recommended the use of DES as an international standard
called DEA-1. The recommendation was withdrawn soon
after.  DES is widely used in financial applications to
protect trillions of dollars of electronic funds
transfers weekly. The key is a sequence of 8 bytes, each
containing 7 key bits and one parity bit; it is crucial
that the key remain secret.

DES uses substitution and transposition techniques
applied alternatively. When DES encrypts a single block,
the characters are scrambled 16 times ("rounds"), under
control of the key, and this results in 64 bits of
ciphertext.  DES accommodates about 72 quadrillion key
combinations.

DES is embedded in many commercial products and is
popular with both government agencies and private
companies. NSA publishes a list of evaluated endorsed
DES products (NEDESPL). [HUTT]

KEY DISTRIBUTION DRAWBACK

A major problem with encryption is the secure distrib-
ution of encryption keys to multiple users across
networks. Two parties using a secret key system have to
agree on the key. Because it is not safe to transmit the
key over the communication channel, the parties have to
meet personally to agree on the key or exchange keys via
a courier. There are vulnerabilities in both of these
techniques. Alternatively, if the key itself is
encrypted using a different (public key) algorithm, the
key may be transmitted over a communications link.


RIVEST, SHAMIR, AND ADLEMAN ALGORITHM (RSA)

The best known public key algorithm is RSA. The keys are
generated mathematically, in part by combining prime
numbers. Each user has a public and a private key.
Devised in 1978 at MIT, this system has 512 bit, and
1024 bit ( in some commercial versions higher) keys and
provides authentication in addition to encryption.

Typically, the sender encrypts his message using a
secret-key algorithm. Next, the sender uses a public-key
system to encrypt the secret key with the receiving
party's public key. The sender transmits both the
encrypted message and the encrypted key across the
communication channel. The recipient decrypts the secret
key first, by using his public key. Once the secret key
has been decrypted, the recipient uses it to decrypt the
main message. This type of cryptographic system is a
hybrid.

With public-key cryptography, any party can use any
public key to send an encrypted message. However, that
message can only be decrypted by a party having the
corresponding private key.   [LEVD], [HUTT]

CRYPTOGRAPHIC NETWORKS

To form a cryptographic network, each network user
should be provided with the same algorithm but with
different keys so that messages sent by one node in the
network can only be deciphered by the intended recipient
node.  Figures 19-1 to 19-3 show three different
cryptographic networks. Each Kn represents a different
key.



                       Figure 19-1
          A Fully Connected End-To-End Network



           ZDDD?      K6       ZDDD?
           3 2 3 <---------->  3 4 3DDDD? K4
           @DDDYD?             @DDDY    3
            3K1  @?K2           3 K5    3
            3     @DDDDDD?      3       3
           ZDDD?       K3@DDDDDZDDD?    3
           3 1 3 <-----------> 3 3 3    3
           @DBDY               @DDDY    3
             @DDDDDDDDDDDDDDDDDDY


When end-to-end encryption is used, both the sender and
receiver must be equipped with compatible hardware.
After validating each other, the two units exchange
encryted data. Messages are encrypted by the sender and
decrypted only at the final destination.




                       Figure 19-2
                A Link Encrypted Network


     ZDD?    K1    ZDD?   K2      ZDD?   K3      ZDD?
     31 3  32 3   33 3   3 43
     @DDY          @DDY           @DDY           @DDY







Link encryption involves a series of nodes, each of
which decrypts, reads, and then re-encrypts the message
as it is transmitted through the network. With link
encryption, both source and the destination remain
private, and no synchronization of special equipment is
required.  However, more nodes = more possibilities of
the message being intercepted and/ or modified.



                       Figure 19-3
                    A Hybrid Network





           ZDD?    K1                K5  ZDD?
           32 3 >DDD?                ZDD<36 3
           @DDY     3                3   @DDY
                    3                3
     ZDD?    K2    ZDD?   K4       ZDD?   K6      ZDD?
     31 3 DDDDDDD> 33 3   35 3 DDDY                @DD<38 3
           @DDY     K3               K7  @DDY




In a hybrid network, there is communication between a
large number of secondary stations and a single main
station all using separate master keys. A few stations
intercommunicate with each other.



                       Figure 19-4
           A Central Key Distribution Facility



                          ZDD?
                ZDDDDDDDD 32 3   DD DD D?
                          @DDY          3
                3          3
                           3 K1         3
                3          3
                          ZDD?          3
                3         31 3
                          @DDY          3
                3          3
                           3            3
                3          3
               ZDD?   K2   3  K3       ZDD?
               34 3 D D D DAD D D DD   33 3
               @DDY                    @DDY


It would seem that preferable to use a public-key system
for cryptography, because of its versatility, it is
slower that the equivalent private key cryptosystems, by
order of 10,000 times or more. The new t3-100 Cray
machine can do 3 trillion operations a second! Think
how that will effect cryptographic searches in the
future. The hybrid system uses the best of both kinds of
systems. The speed advantage of the private key
cryptography is used for encrypting and transmitting.
Public key transactions are for the smaller transm-
issions. A typical combination (for a hybrid) is to
employ a public dual key for encryption and for the
distribution of the private keys, and the private-key
system for bulk data.

The central key facility is useful when it is
undesirable to entrust individual stations with control
of cryptographic keys. Two stations wishing to
communicate request a session key from the central
station. The key generated at the central station is
sent to both stations encrypted in each stations master
key.  The master key list is known only to the central
station.  [HUTT] (LEVD)


PRETTY GOOD PRIVACY (PGP)

This system is a public-key system invented by Phillip
Zimmerman and draws upon the International data Standard
(IDEA) and RSA algorithms. By far the defacto standard
for the Internet and public. NSA has not endorsed it.
Amateurs swear by it. It appears to be out of the legal
hassle mode.  More on this system in a future lecture.

PRIVACY ENHANCED MAIL (PEM)

A system that uses both message encryption and digital
signatures, PEM encrypts messages and authenticates
senders of E-mail. PEM was a child of DARPA and uses DES
on the front-end for encryption and RSA for sender
authentication. Trusted Information Systems introduced
it commercially. The federally funded Clipper/Skipjack
is now recommended as a substitute for PEM.  [LEVD]

KEY MANAGEMENT AND DISTRIBUTION

Key management involves the secure generation,
distribution, storage, journaling, and eventual disposal
of encryption keys. The adequacy of key management is a
significant factor in using encryption as a security
method. Keys can be either distributed via escorted
courier, magnetic media, or via master keys that are
then used to generate additional keys.




Cryptographically protected data is dependent on the
protection of the encryption keys. The entire system can
be compromised by the theft, loss or compromising of a
key. Standards for key management have been developed by
ISO, ANSI, federal government and the American Banking
Association. Key management is crucial to maintaining
good, cost-effective, and secure communications between
a large number of users.

IMPLEMENTATION CONSIDERATIONS

Media

Cryptography can take place in software, hardware, or
firmware. The least efficient and cheapest media is
software.

Configurations

In-line, off-line, embedded, and stand-alone are four
different types of configurations, each with its own
requirements, need to considered when implementing
cryptosystems.

1. Inline. The communications equipment is external to
   the cryptosystem. The handoff occurs after encryption
   to the communications device.

2. Off-line. The source controls all encryption,
   storage, and communications facilities.

3. Embedded. Configurations may be off or on line. The
   main requirement is that the cryptographic module be
   embedded or contained within the computer and the
   interface with that computer.

4. Stand-alone. These require that the cryptographic
   module is separately enclosed outside of the host
   and physically secured.

NIST FIP's 140-1 is entitled "Security Requirements in
Cryptographic Modules," describes four levels of
security ranging from commercial grade security to
penetration/tamper resistant.

ONE-TIME CIPHER KEYS

Discussed in Volume I in detail.

DIGITAL SIGNATURES AND NOTATIONS

RSA and DSA are the best known digital signature
algorithms. The latter was invented by NSA and approved
for government use. NIST has supported the DSA
algorithm.  Both are tools for authenticating the user
and origin of the message and the identity of the
sender.  A digital signature is unforgeable, verifies
the signer, is not reusable, cannot be repudiated and
proves that the sender did not sign an altered document.
DSA is based on the SHA (Secure Hashing Algorithm) and
is described in FIPS PUB 180 "Secure Hash Standard."


CARTE A MEMOIR (Memory Card)

The French invented the smart card which contains a chip
to process information in  protected memory.  They are
used for access control and for end-to-end encryption
schemes.

CYBER NOTARIES

The American Bar Association has developed rules for
electronic notaries for commerce that incorporate
digital signatures. Ben Wright of NCSA is the leading
authority on this kind of commerce.

KERBEROS

Among the commercial authentication systems, the most
popular is Kerberos. Developed at MIT, it verifies the
user and incorporates unique session keys for client
/server communications via a ticket-granting server.
Scientific American described the system accurately and
vividly in August 1994.

TEMPEST

This program was established in 1950's to shield
electronic equipment from electromagnetic radiations
(Van Ek emissions) that could be intercepted and "read".
TEMPEST is an entire vendor evaluation program for the
equipment that contains emanations via a special shield.

THE CLIPPER/SKIPJACK CHIP CONTROVERSY

In October 1985, NSA announced plans to phase out DES in
favor of the technique of "embedding" cryptography into
electronic communications within the United States.

The Clipper Chip, renamed Skipjack because of a
trademark conflict, is a U.S. Government-sponsored
tamper resistant chip for voice encryption that employs
a classified algorithm and a key escrow facility.
Capstone, which uses the Skipjack algorithm, is a data
encryption chip that adds digital signatures and key
exchange enhancements. Each chip contains an 80-bit key
that is split into two parts immediately following
manufacture. Each half of the key is deposited into
custody of a trusted "escrow agent." NSA designed it
during the Reagan Administration and proposed it in
April 1993 for both government and public use.

Once installed in telephones, by use of a secret
military algorithm, the chip would turn the telephones
into gibberish for everyone but the speaker and the
intended listener. [Similar to the STU-III secure system
in some ways.] The uniqueness and the controversy of
Skipjack lies in the LEAF (law enforcement access field)
that allows law enforcement, with cooperation of the two
parties, to listen under certain circumstances and to
decipher Clipper-encrypted traffic.  Any government
agency desiring to legally listen to the owner of a
communications device that contains the chip, the
government agency would present evidence of lawful
authority to the escrow holders, who would then reveal
the key pairs that the agency would join in order to
begin listening to the conversations. Notification of
the target (subject) is not necessary.

When Clipper Chip was announced, it was stated that
there was no plan to legislate Clipper as the only means
to protect telecommunications.  However, Clipper
Skipjack can only achieve its stated objectives if
everyone uses it. Manufacture of the chips would be
closely controlled with "trusted" companies.

Mykotonx was chosen to program the chips, VLSI was
chosen to manufacture the chips, and NSA would design
the algorithms and protocols. Additional points of
compromise would be the trusted facilities, which hold
the keys, and the FBI, which actually decrypts the
Clipper traffic.

The American public, EFF (Electronic Frontier
Foundation) and a consortium of companies DEC, HP, IBM,
SUN, MCI, Microsoft, Apple, and AT&T opposed the Clipper
Chip and submitted 118 questions to the White House.

The NIST, on July 30, 1993 issued a request for public
comments on its proposal to establish Clipper/Skipjack
as a FIP. Clipper/Skipjack can not be implemented in
software, which closed out more of the commercial
market. RSA data security had more than a million
packages licensed by 1992 and another million expected
because of the Macintosh OS and Novell Netware 4.0
deals.

There was such a controversy over Clipper/Skipjack that
by July 1994, the government announced that it was no
longer seeking to make this the standard form of
encryption, although NIST officials do not intend to
issue the DES standard again in its current form.

The Clinton Administration has taken up the cause and
issued numerous trial balloons to force the issue.
See Appendix 4 for a recent balloon.

When separated from the government's proposed
implementation of Clipper/Skipjack, the concept of key
escrow cryptography does have applicability for
commercial use. Business managers fear possible
extortion by unsavory employees who would hold corporate
data for ransom by withholding encryption keys. Key
escrow cryptography could eliminate this problem, but in
addition to the friction created by the government's
proposed implementation, there appear to be too many
vulnerabilities involved with the Clipper/Skipjack to
make the system acceptable in its current form.







LECTURE 18 SOLUTIONS

18-1. Unidecimal square root. (Three words 0-E) MARSHEN

LO'SE gives root it; - KF = EKSE; - ERRE = EWH

Answer: HE WORKS LIFT


18-2. Duodecimal division. (Two words, 0-E)  CODEX

BRIDGE / CLUBS = CC; - DUHRE = BRHEE; - DUHRE = BOLO

Answer: ORCHID BUGLES






                       Appendix 1


   TIS Worldwide Survey of Cryptographic Products


Crypto Survey - Domestic Products:Summary listing of
domestic cryptographic products as of 7/25/96
                 -----------

2010 Software Corp.
3Com Corp.
ADT Security Systems
ASC Systems
ASD Software, Inc.
AT&T Bell Laboratories
AT&T Datotek, Inc.
Acma
Adobe Systems, Inc.
Advanced Encryption Systems
Advanced Engineering Concepts, Inc.
Advanced Micro Devices, Inc.
Advanced Network Services, Inc.
Aladdin Software Security, Inc.
Alcatel TITN Inc.
Alsoft, Inc.
American Computer Security
Antelope Production, Inc.
Apple Computer
Applied Software, Inc.
Argus Systems Group Inc.
Arkansas Systems, Inc.
Arkhon Technologies, Inc.
Ashton Tate
Atalla Corp.
Atemi Corporation
Automated Design Systems Inc.
Axent Technologies
BCC
BOE Corp.
Bankers Trust Company
Banyan Systems Inc.
Bellcore
Bi-Hex Co.
Bill Dorsey, Pat Mullarky, and Paul Rubin
Borland
Braintree Technology
Burroughs
CDSM Inc.
COGON Electronics, Inc
COM & DIA, L.L.C.
Casady and Greene
Centel Federal Systems, Inc.
Central Point Software
Certus International
Cettlan Corp.
CheckPoint Software Technologies
Cincinnati Microwave Communications, Inc.
Clarion
Codex Corp.
Cohesive Systems
Collins Telecommunications Products Division
Comm Touch Software Inc.
Command Software Systems
Commcrypt
Communication Devices, Inc.
Complan
Computer Associates International, Inc.
Connect, Inc.
Cordant
Cray Communications, Inc.
Cryptall
Cyber-Safe
CyberSafe Corporation
Cybernetics
Cycomm Corp.
Cylink Corp.
Cyno Technologies Inc.
Cypress Data Systems
DSC Communications
DataEase International
Datakey, Inc.
Datamedia Corporation
Datawatch, Triangle Software Division
Digital Crypto
Digital Delivery, Inc.
Digital Enterprises, Inc.
Digital Equipment Corp.
Digital Pathways
Digital Secured Networks Technology Inc.
Dolphin Software
Dowty Network Systems
E-Systems
Eave Stopper
Enigma Logic, Inc.
Enterprise Integration Technology
Enterprise Solutions Ltd.
Ergomatrix
Everett Enterprises
Software Corporation
Fairchild Semiconductor
Fifth Generation Systems, Inc.
Fischer International
Front Line Software
Funk Software
Gemplus Card International
General Electric Company
General Kinetics, Inc.
General Magic
Gerald J.  DePyper
Glenco Engineering
Group Technologies
Harcom Security Systems Corp.
Harris Computer Systems Corporation
Hawkeye Grafix, Inc.
Helpful Programs, Inc.
Hilgraeve, Inc.
Hughes Aircraft Company
Hughes Data Systems, Inc.
Hughes Network Systems - Maryland
Hydelco, Inc.
Ilex Systems Inc.
Info Security Systems
Info Tel Corp.
Info-ZIP
InfoNow Corporation
Information Resource Engineering (IRE)
Information Security Associates, Inc.
Information Security Corp.
Innovative Communications Technologies, Inc.
Inside Technologies, Inc.
Intel
Intelligent Security System Inc.
Inter-Tech Corp.
International Business Machines, Inc.  (IBM)
International Micro Industries (IMI)
Interscan Corp.
Isocor
J.G.  Van Dyke & Associates, Inc.
John E.  Holt and Associates
John Walker
Jones Futurex
KarlNet, Inc.
Kensington Microware Ltd.
Kent Briggs
Kent Marsh Ltd.
Key Concepts
Kinetic Corp.
Kommunedata
Lassen Software, Inc.
Lattice, Inc.
Lexicon, ICOT Corporation
Litronic Industries (Information Systems Division)
Livermore Software Laboratories, Inc.  (LSLI)
Lockheed Martin Advanced Technology Laboratories
Lotus Development Corp.
MARX International, Inc.
MCTel
Maedae Enterprises
Magna
Marathon Computer Press
Marcor Enterprises
Mark Riordan
Massachusetts Institute of Technology (MIT)
Matsushita Electronic Components Co.
Mergent International
Merritt and Colstan
Micanopy MicroSystems, Inc.
Micro Card Technologies, Inc.
Micro Security Systems, Inc.
Microcom Inc.  (Utilities Product Group)
Microlink Technologies, Inc.
Microrim
Microsoft
Mike Ingle
Morning Star Technologies
Morse Security Group, Inc.
Motorola
Mykotronx, Inc.
National Semiconductor
NetPro Computing Inc.
Netscape Communications Corporation
Network Systems Corporation
Network-1, Inc.
Networking Dynamics Corp.
Nixdorf Computer Corporation
Norton
Novell, Inc.
Open Commerce
Open Computing Software Group, Inc.  (OCSG)
Open Software Foundation
Optimum Electronics, Inc.
Oracle
Otocom Systems, Inc.
PC Dynamics, Inc.
PC Guardian
PC Plus, Inc.
PKWARE Inc.
PMC Electronics
Pacific Communication Sciences, Inc.
Paradyne Corporation
Paralon Technologies
Personal Computer Card Corp.
Pinon Engineering, Inc.
Premenos
Pretty Good Privacy, Inc.
Prime Factors
Qtrain Corporation
RSA Data Security, Inc.
Racal-Guardata
Radix2 Software Engineering
Rainbow Technology
Raptor Systems, Inc.
Raxco
Retix
Ross Engineering, Inc.
Rothenbuhler Engineering
Rudaw/Empirical Software Products Ltd.
S Squared Electronics
SCO
SOS Corporation
SPRY/CompuServe
SVC
Safe Call
Safetynet
Samna Corp.
Scrambler Systems Corp.
Scrambler Technologies, Inc.
Sector Technology
Secur-Data Systems, Inc.
Secura Technologies
Secure Computing Corporation
Secure Systems Group International, Inc.
SecureWare, Inc.
Security Microsystems, Inc.
Semaphore Communications Corporation
Sentry Software
Sentry Systems, Inc.
Silver Oak Systems
SmartDisk Security Corp.  (SDSC)
Smartstuff Software
Software Directions, Inc.
Software Solutions, Inc.
Solid Oak Software
So phCo, Inc.
Sota Miltope
Spyrus, Inc.
StarNine Technologies, Inc.
Stellar Systems, Inc.
Sterling Software Inc.  (System SW Mktg.  Div.)
Sterling Software Interchange Software Division
Steven Ryckman
Sun Microsystems, Inc.
SunSoft
Symantec
Techmar Computer Products, Inc.
Techmatics, Inc.
Technical Communications Corp.  (TCC)
Tecsec, Inc.
Telenetics Corporation
Telequip Corp.
Telos Corp.
Terisa Systems
Terry Ritter
Texas Instruments, Inc.
The Exchange
Thumbscan, Inc.
Titan Linkabit
Tracor Aerospace Inc.
Tracor Ultron
TradeWave
Transcrypt International
TriTeal Corp.
Trigram Systems
Triton Systems
Trusted Information Systems, Inc.
UNISYS Corp.
UTI-MACO
UUNet Technologies, Inc.
United Software Security
UsrEZ Software, Inc.
V-ONE Virtual Open Network Enviroment Corp.
VLSI Technology, Inc.
Vasco Data Security, Inc.
Verdix Corp.  (Secure Products Division)
VeriSign, Inc.
ViaCrypt
Visionary Electronics
WRQ, Inc.
WTShaw
Wang Laboratories
Wells Fargo Security Products
Western DataCom Co., Inc.
Western Digital Corporation
Will Price
WordPerfect Corp
XTree
Xetron Corp.
Zoomit International
ZyXE L


Crypto Survey - Foreign Products Summary listing of
foreign cryptographic products as of 7/25/96
                 ----------------


ARGENTINA
Hugo D.  Scolnik
Newnet S.A.

AUSTRALIA
Cybanim Pty Ltd.
Eracom Pty Ltd.
Eric Young
Microlock
Mosaic Industries
News Datacom
Randata

AUSTRIA
Siemens AG Austria

BELGIUM
CNET
Highware, Inc.
Lintel Security
UTI-MACO Belgium

CANADA
Border Network Technologies, Inc.
CRYPTOCard Corporation
Certicom
Chrysalis ITS
Compression Technologies, Inc.
FSA
Isolation Systems
Micro Tempus, Inc.
Milkyway Networks Corporation
Northern Telecom Canada Ltd.  (Data Comm.  Products)
Northern Telecom Canada Ltd.  (Secure Networks)
Okiok Data
Queen's University
Secured Communications Inc.  (SCI)
Sierra Wireless
The Enigma Group
TimeStep Corporation
Tundra Semiconductor Corp.
Zoomit Corporation

CZECH REPUBLIC
Decros spol.  s r .o.

DENMARK
Aarhus University, Computer Science Department
CryptoMathic
GN Datacom
LSI Logic/Dataco AS

FINLAND
Antti Louko
Jetico, Inc.
SSH Communications Security Oy

FRANCE
ActivCard
Atlantis
Digital Equipment Corp.  (DEC), Paris Research Lab
Hewlett Packard France
Philips Communication Systems

GERMANY
Andreas Kupries
Baller & Huwig
CE Infosys GmbH
Celticon
DataSafe
EZI GmbH
FAST ComTec GmbH
GMD
Gliss & Herweg
Jurgen Meyer, Frank Gadegast
Karl Huwig
KryptoKom
SIT
Siemens-Nixdorf
Stefan D.  Wolf
TeleSecurity Timmann
Telenet Kommunikation Systeme
UTI-MACO GmbH

HONG KONG
Triple D Ltd.

INDIA
Bharat Electronics Ltd.
Chenab Info Technology

IRAN
Communications Industries Group
IRELAND
Baltimore Technologies Ltd.
Eurologic Systems, Ltd.
Systemics Ltd.


ISRAEL
Aladdin Knowledge Systems, Ltd.
Algorithmic Research Ltd.
Aliroo Ltd.
Carmel Software Engineering Ltd.
Elementrix Technologies Ltd.
EliaShim Microcomputers Ltd.
Secure Network Systems, Ltd.

ITALY
AMTEC SPA
CERT-IT
Eutron Spa

JAPAN
Fujitsu Labs Ltd.

MEXICO
The King of Hearts

NETHERLANDS
Concord Eracom Nederland BV
DigiCash
Incaa Datacom BV
Philips Crypto B.V.
Pijnenburg
Verspeck & Soeters b.v.

NEW ZEALAND
LUC Encryption Technology, Ltd.  (LUCENT)
Peter Gutmann

POLAND
Enigma Information Security Systems

RUSSIA
Ancort
Askri
Elias Ltd.
INFORM -RTG
LAN Crypto
ScanTech
TELECRYPT, Ltd.

SOUTH AFRICA
Denel Informatics
NetSec
Sentera

SWEDEN
AU-System Communication AB
Ardy Elektronics
Business Security AB
COST Computer Security Technologies International
DynaSoft
Henry Padilla
SECTRA AB
SONNOR Crypto AB
Stig Ostholm

SWITZERLAND
ASCOM Tech AG
Crypto AG
Gretacoder Data Systems AG
Omnisec AG
Safeware AG

UK
Apricot Computers, Ltd.
Avant Guardian Ltd.
British Telecom
Data Innovation Ltd.
DataSoft International Ltd.
Digital Crypto
Finansa
GEC-Marconi Secure Systems
Global CIS Ltd.
ICL Secure Systems
IQ International
International Data Security, Ltd.
J.R.Ward Computers Ltd.
J.S.A.  Kapp
JPY Associates Ltd.
Jaguar Communications Ltd.
Microft Technology Ltd.
PC Security Ltd.
Plessy Crypto
Plus 5 Engineering Ltd.
Portcullis Computer Security Ltd.
Protection Systems Ltd.
Racal Airtech Computer Security
S&S International PLC
Sophos Ltd.
University College London
Zergo, Ltd.
Zeta Communications Ltd.





                       Appendix 2


BERNSTEIN v UNITED STATES CRYPTO CASE

The complexity of the constitutional privacy issues
are demonstrated by the current Bernstein Case.

Case Background

While a graduate student at the University of California
at Berkeley, Bernstein completed development of an
encryption equation (an "algorithm") he called
"Snuffle." Bernstein wished to publish a) the algorithm,
(b) a mathematical paper describing and explaining the
algorithm, and (c) the "source code" for a computer
program that incorporates the algorithm. Bernstein also
wished to discuss these items at mathematical con-
ferences, college classrooms and other open, public
meetings.  The Arms Export Control Act and the Intern-
ational Traffic in Arms Regulations (the ITAR regulatory
scheme) required Bernstein to submit his ideas about
cryptography to the government for review, to register
as an arms dealer, and to apply for and obtain from the
government a license to publish his ideas.  Failure to
do so would result in severe civil and criminal
penalties.  Bernstein believed this was a violation of
his First Amendment rights and sued the government.

In the first phase of this litigation, the government
argued that since Bernstein's ideas were expressed, in
part, in source code, they were not protected by the
First Amendment.  On April 15, 1996, Judge Marilyn Hall
Patel in the Northern District of California rejected
that argument and held for the first time that computer
source code is protected speech for purposes of the
First Amendment.

Because of its far-reaching implications, the Bernstein
case is being watched closely by privacy advocates, the
computer industry, the export and cryptography comm-
unities, and First Amendment activists.  In fact,
several members of these communities provided declar-
ations that were submitted in support of Bernstein's
motion.

On 26 July 1996, Bernstein filed a motion for partial
summary judgment in his suit against the State
Department that could strengthen his claim that
government restrictions on information about crypt-
ography violate the First Amendment's protections for
freedom of speech. In his 45-page memorandum in support
of his motion, Bernstein set forth several First
Amendment arguments:




Legal Arguments

*    Any legal framework that requires a license for
First Amendment protected speech, which may be granted
or withheld at the discretion of a government official,
is a prior restraint on speech.  In order for this
framework to be acceptable, the government has the
burden of showing that publication will "surely result
in direct, immediate, and irreparable damage to our
Nation or its people" and that the regulation at issue
is necessary to prevent this damage.  The government has
not met this burden regarding the ITAR legal framework.

*    Because restrictions on speech about cryptography
are content-based, the court must apply a strict
scrutiny test in determining whether individuals can be
punished for engaging in this speech.  A strict scrutiny
test requires that a regulation be necessary to serve a
compelling state interest and that it is narrowly drawn
to achieve that end.  The ITAR regulatory scheme has
adopted the *most* restrictive approach by prohibiting
all speech in the area of cryptography.

*    The ITAR regulatory framework lacks the necessary
procedural safeguards.  Grants of administrative
discretion must be limited by clear standards, and
judicial review must be available.  "Quite simply, the
ITAR Scheme allows its administrative agencies to make
inconsistent, incorrect and sometimes incomprehensible
decisions censoring speech, all without the protections
of judicial review or oversight."

*    The ITAR framework is unconstitutionally vague.
The government doesn't even seem to know what its
regulations include and exclude!  Here, the lack of
standards has allowed the government to misuse a statute
aimed at commercial, military arms sales to limit
academic and scientific publication.

*    The ITAR regulatory scheme is overbroad.  In an
internal memo written almost 20 years ago, the govern-
ment's own Office of Legal Counsel concluded that the
ITAR's licensing standards "are not sufficiently
precise to guard against arbitrary and inconsistent
administrative action."  The OLC specifically warned
that the coverage was so broad it could apply to
"communication of unclassified information by a
technical lecturer at a university or to the conver-
sation of a United States engineer who meets with
foreign friends at home to discuss matters of
theoretical interest."  This is exactly what is
happening here, and it is unconstitutional.


Full text Available

The legal arguments expressed above in the Bernstein
case are taken from material available from the
Electronic Frontier Foundation (EFF) online archives.
Full text of the lawsuit and other paperwork filed in
the case is available from EFF's online archives:


 http://www.eff.org/pub/EFF/Policy/Crypto/
       ITAR_export/Bernstein_case/ ftp.eff.org,
       pub/EFF/Policy/Crypto/ITAR_export/Bernstein_case
       / gopher.eff.org,
       1/EFF/Policy/Crypto/ITAR_export/Bernstein_case/





                          Appendix 3


                       FEDERAL REGISTER
                       VOL. 58, No. 139
                    Rules and Regulations
                     DEPARTMENT OF STATE
             Bureau of Politico-Military Affairs
     22 CFR Parts 120, 121, 122, 123, 124, 125, 126, 127,
    128, and 130
                     [Public Notice 1832]
       Amendments to the International Traffic in Arms
    Regulations
                           Part II
                         58 FR 39280

DATE: Thursday, July 22, 1993

ACTION: Final rule.

SUMMARY: This rule amends the regulations implementing
section 38 of the Arms Export Control Act, which governs the
import and export of defense articles and services. The rule
clarifies existing regulations and reduces the regulatory
burden on exporters of defense articles and services.
Although this is a final rule public comment is welcome and
will be taken into account to the extent possible.

EFFECTIVE DATE: This final rule is effective July 22, 1993.

FOR FURTHER INFORMATION CONTACT: Information regarding this
notice may be obtained from James Andrew Lewis, U.S.
Department of State, Bureau of Politico- Military Affairs
(202-647-4231), Mal Zerden or Allan Suchinsky, U.S.
Department of State, Office of Defense Trade Controls (703-
875-6644).

   SUPPLEMENTARY INFORMATION: The regulations implementing
section 38 of the Arms Export Control Act were last revised
substantially in November 1984. A proposed rule was published
on May 7, 1992 (57 FR 19666), for public comment.  This Final
Rule clarifies and simplifies the current regulations.
Certain sections are consolidated while others are revised in
the interests of clarity and consistency. To the extent
possible, related sections are cross-referenced.  In amending
the regulations, public comments and suggestions from
industry and other U.S. agencies have been considered and in
many cases incorporated into the regulations.

   The most significant changes are an increase in the
validity period of a license from three to four years and a
revision of the policy used by the Department for designating
defense articles that takes into account civil application
and functional equivalence. Several new exemptions from
licensing requirements are also established. These exemptions
will cover exports under approved manufacturing or technical
assistance agreements; spare parts valued at $ 500 or less;
intra-company transfers of components being sent abroad for
assembly; temporary imports for repair and servicing; and
items which were previously licensed for temporary export to
trade shows.

Other changes include a clarification of the commodity
jurisdiction process, which establishes a review period and
specifies the appeal process. The definition of public domain
is expanded and clarified. An exception allows for the re-
export of certain U.S.-origin components to the Governments
of NATO countries, and the Governments of Japan and Australia
without prior U.S.  approval for components which are not
significant military equipment or controlled for purposes of
the Missile Technology Control Regime and do not require
Congressional notification.



  PART 121-THE UNITED STATES MUNITIONS LIST


  Category XIII-Auxiliary Military Equipment

(a) Cameras [including space cameras] and specialized
processing equipment therefor, photointerpretation,
stereoscopic plotting, and photogrammetry equipment which are
specifically designed or modified for military purposes, and
components specifically designed or modified therefor;

(b) Information Security Systems and equipment, cryptographic
devices, software, and components specifically designed or
modified therefor, including:

(1) Cryptographic (including key management) systems,
equipment, assemblies, modules, integrated circuits,
components or software with the capability of maintaining
secrecy or confidentiality of information or information
systems, except cryptographic equipment and software as
follows:

   (i) Restricted to decryption functions specifically
       designed to allow the execution of copy protected
       software, provided the decryption functions are not
       user-accessible.

   (ii) Specially designed, developed or modified for use in
        machines for banking or money transactions, and
        restricted to use only in such transactions.
        Machines for banking or money transactions include
        automatic teller machines, self-service statement
        printers, point of sale terminals or equipment for
        the encryption of interbanking transactions.

   (iii) Employing only analog techniques to provide the
         cryptographic processing that ensures information
         security in the following applications:


   (A) Fixed (defined below) band scrambling not exceeding 8
       bands and in which the transpositions change not more
       frequently than once every second;

   (B) Fixed (defined below) band scrambling exceeding 8
       bands and in which the transpositions change not more
       frequently than once every ten seconds;

   (C) Fixed (defined below) frequency inversion and in which
       the transpositions change not more frequently than
       once every second;

   (D) Facsimile equipment;

   (E) Restricted audience broadcast equipment;

   (F) Civil television equipment.

   Note: Special Definition. For purposes of this
   subparagraph, fixed means that the coding or compression
   algorithm cannot accept externally supplied parameters
   (e.g., cryptographic or key variables) and cannot be
   modified by the user.

   (iv) Personalized smart cards using cryptography
        restricted for use only in equipment or systems
        exempted from the controls of the USML.

   (v) Limited to access control, such as automatic teller
       machines, self-service statement printers or point of
       sale terminals, which protects password or personal
       identification numbers (PIN) or similar data to
       prevent unauthorized access to facilities but does not
       allow for encryption of files or text, except as
       directly related to the password of PIN protection.

   (vi) Limited to data authentication which calculates a
        Message Authentication Code (MAC) or similar result
        to ensure no alteration of text has taken place, or
        to authenticate users, but does not allow for
        encryption of data, text or other media other than
        that needed for the authentication.

   (vii) Restricted to fixed data compression or coding
         techniques.

   (viii) Limited to receiving for radio broadcast, pay
          television or similar restricted audience
          television of the consumer type, without digital
          encryption and where digital decryption is limited
          to the video, audio or management functions.

   (ix) Software designed or modified to protect against
        malicious computer damage, (e.g., viruses).

   Note: A procedure has been established to facilitate the
   expeditious transfer to the Commodity Control List of mass
   market software products with encryption that meet
   specified criteria regarding encryption for the privacy of
   data and the associated key management. Requests to
   transfer commodity jurisdiction of mass market software
   products designed to meet the specified criteria may be
   submitted in accordance with the commodity jurisdiction
   provisions of S 120.4.

   Questions regarding the specified criteria or the
   commodity jurisdiction process should be addressed to the
   Office of Defense Trade Controls.  All mass market
   software products with cryptography that were previously
   granted transfers of commodity jurisdiction will remain
   under Department of Commerce control. Mass market software
   governed by this note is software that is generally
   available to the public by being sold from stock at retail
   selling points, without restriction, by means of over the
   counter transactions, mail order transactions, or
   telephone call transactions; and designed for installation
   by the user without further substantial support by the
   supplier.

   (2) Cryptographic (including key management) systems,
       equipment, assemblies, modules, integrated circuits,
       components or software which have the capability
       of generating spreading or hopping codes for spread
       spectrum systems or equipment.

   (3) Cryptanalytic systems, equipment, assemblies, modules,
       integrated circuits, components or software.

   (4) Systems, equipment, assemblies, modules, integrated
       circuits, components or software providing certified
       or certifiable multi-level security or user isolation
       exceeding class B2 of the Trusted Computer System
       Evaluation Criteria (TCSEC) and software to certify
       such systems, equipment or software.

   (5) Ancillary equipment specifically designed or modified
       for paragraphs (b)  (1), (2), (3), (4) and (5) of this
       category;



                          Appendix 4

   CLINTON'S ENCRYPTION PLAN WITH KEY RECOVERY SYSTEM

The New York Times reported in its section C1, on 1
October 1996, that:

-- Attempting to compromise with critics of its "key
escrow" approach to data encryption, the Clinton
Administration now plans to begin allowing U.S.
computer companies to export software using powerful
encryption codes (or "keys") up to 56 bits long.
However, the government will require those companies to
develop, within two years, a "key recovery" system
allowing U.S. law enforcement or anti-terrorist groups
armed with a search warrant to get the key from the
several third-party companies, each of which would hold
one part of the key.  IBM and some other large companies
are supporting the plan, but other companies are
expected to oppose it.  The system will be successful
only if the Administration can convince other countries
to adopt the same kind of system.

Back to index