Professional Documents
Culture Documents
Controlling
F. Weingarten
Cryptographic
1. Background
Cryptography,
export
controls,
information
policy,
* The views expressed in this article are those of Dr. Weingarten and do not reflect those of the Office of Technology
Assessment or the U.S. Congress.
North-Holland
Publishing Company
Computers & Security 2 (1983) 41-48
0167-4048/83/$03.00
Publication
0 1983 Elsevier
Science Publishers
B.V.
42
F. Wemgurten
/ Con~rdlwzg Cryptographic
Publmztion
F. Weingarten
/ Conrrding
Starting in 1973, the National Bureau of Standards, seeing the need to protect U.S. Federal data
communications,
began the search for an encryption algorithm to serve as a standard for use by the
U.S. Federal government.
While the full origins of
the encryption
standard
finally chosen by the
Bureau must remain somewhat cloudy, it can be
traced back, at least in part, to research work done
by IBM, which submitted a candidate algorithm in
1974. This algorithm was submitted for review by
experts in the field. Part of that review included
consultation
with the NSA.
In the eyes of the Bureau, such consultation
made good sense. Not only did NSA have unchallengeable expertise in the field of cryptography;
it
also had responsibility
for protecting the security
of all government
communications.
But NSA involvement was a red flag to some outside critics
who did not feel that the algorithm was secure
enough to qualify as a standard. While arguments
over the appropriateness
and quality of the DES
were generally based on technical grounds,
the
subject of NSA inevitably entered the discussion,
The loudest technical complaint from the critics
of DES, one that is still heard, is that the key
length, 56 bits, is too short to protect communications against a brute force attack, trying all possible keys until the correct one is found. This argument focused on the cost of building a specialized
computer for breaking the DES code - a debate
that inevitably turned to discussion of whether any
private or government
agency could afford or
would be inclined
to invest in such expensive
hardware. The NBS conceded that sometime in the
future, technology would be cheap enough to make
a brute force processor
theoretically
affordable,
but contended that such a time was sufficiently far
off in the future not to matter in the deliberations
taking place then. The algorithm could be reviewed
later, and, if it seemed appropriate,
strengthened.
Critics, on the other hand, said that the time
when chip technology would invalidate
the standard was not so far off. Furthermore,
even if such
an event were a decade or more in the future, by
that time substantial
investment
would have been
made by both government
and the private sector
in DES-based security. Changing over to another,
more secure system then could be very expensive
and meet with great resistance.
Cryptogruphrc Publication
43
44
F. Weingurten
/ Controlling
Cryptographic
Publication
Publication
45
46
F. Weingarten
/ Controlling
Some researchers funded by the computer science program had begun making breakthroughs
in
encryption,
particularly
in the area known as
public key. It is interesting to note that none of
the investigators
was funded explicitly to look at
encryption.
Hellman, at Stanford, was working in
coding theory (which sounds like, but is not, a
theory of encryption),
and Rivest, at MIT, was
working in complexity theory. Davida, at the University of Wisconsin,
had been working on the
general problem of securing data banks. There was
not then, nor is there now, an explicit NSF program of research in encryption.
In fact, even computer security experts thought that there were other
areas of research that held much higher priority in
terms of utility to the industry.
While NSA had contacted NSF concerning certain grants that had been made by the Computer
Science Section, the author never experienced anything that could be construed as improper
pressure. NSF had started routinely sending proposals
that clearly related to cryptography
to NSA for
technical review. This practice was felt to be consistent with the goal of eliciting best expert opinion about the scientific quality of proposed
research. Especially at that time, such expertise resided almost exclusively in NSA. In the course of
review of a few such proposals,
NSA expressed
informally
to the author their concerns that some
of the work might have national security implications. NSFs response was simply that scientific
review was not an appropriate
channel to promote
those concerns,
and
that there were proper
bureaucratic
channels to express such a concern ~
channels that lead all the way to the White House.
This interference
was one of the items investigated by the Senate Intelligence
Committee,
and the Committee
reported that they found no
evidence or improper conduct by either agency.
But they further recommended
that NSA and NSF
establish some formal mechanisms for coordination, since it was not implausible
that some day a
proposal for cryptographic
research might come
along that might be clearly hazardous
to U.S.
national security if funded by an unclassified basic
research program [ 141.
It must be realized that, even when a program
of research support is designated
as unclassified,
the U.S. Government
retains some rights to change
its mind if research results appear to be sensitive.
This fact holds true even in the case of NSF
Cryptogruphlc
Publrcurron
7. Conclusion
The four controversies
discussed above were
closely related, both in time and in the more
general debate in the USA. Although each raises
some specific and unique questions, there are also
a few important and still unresolved issues that cut
across all of them.
7.1. Classification
of Private Ideas
of Controls on Techni-
of Relevant
Data
41
Publication
World
NSA is reputed to be the most secret organization in the United States. Certainly, much of their
work is highly sensitive. At one time, even the very
existence of the agency was classified. They are
not, by nature or primary mission, oriented to
dealing with the unclassified
civilian world. Yet,
they have responsibility
for securing government
communications,
including those of civilian agencies. It was the revolution in information
technology and the way U.S. society uses it that caused
NSA to suddenly be exposed to the public light on
this issue. Their problems with NSF illustrate the
difficulty faced when the activities of two agencies
with wildly diverging
charters, operating
styles,
and constituencies
intersect unexpectedly.
If this analysis of the fundamental
problem is
correct, it implies that the future may hold further
problems,
sporadic brushfires between NSA and
the academic community
that will involve NSF.
Perhaps another small agency or office - say, in
the National
Bureau of Standards
- should be
established
to sit at this interface
between the
defense department
and the civilian community
in
the whole area of computer and communication
security.
Such a group could mediate internal
Federal policy and deal with both communities,
neither of whom, in general, trusts the other.
References
48
F. Weingarren / Controlhng
[ 1 I]
[ 12)
[13]
[ 141
[ 151
[16]
C<vptographic Puhkation
[17]