Ziskind.com > Writing > The Risks of Government Regulation of Encryption in the United States

The Risks of Government Regulation of Encryption in the United States

By Ben Ziskind
November 18, 1997

As the amount of information transferred across the Internet increases the security and protection of this information becomes very important. When we make a purchase on-line we want to be sure that no one will be able to steal that information during transit. The way to accomplish this is through encryption. The growth of the Internet has caused the topic of data encryption to become an important when determining our freedom in the next century. The key issue surrounding the regulation of encryption in the United States is whether or not the government should modify and restrict current encryption schemes in order to more efficiently fight crime. Individuals feel that current suggested government polices are an invasion of our right to privacy. Many of these government policies are under debate because of the long-term effects of regulating public use encryption. Proposed policies that regulate the strength and require mandatory key recovery systems pose a significant risk of causing harm to our individual security and privacy of our personal data.

In order to understand various policies proposed in the government to regulate encryption it is first necessary to understand the basics of what encryption is and how it works. Encryption involves taking a message and using a code key to convert it into a form that is meaningless. While in it's encrypted form, it is impossible to decipher the nature of the message or data inside. The decryption process involves using another code key (possibly the same one or a different 'paired' key) to convert the message from it's coded state to usable data.

The most popular type of personal encryption today uses a combination of a public and private key to encrypt and decrypt messages. Asymmetric encryption schemes like PGP (Pretty Good Privacy) and RSA have a public key, which is freely released and can only be used for encrypting messages, and a private key that is used to decode messages encrypted with the public key. In order for Bob to send an encrypted message to Adam, Bob would encrypt his message with Adam's public key. Once encrypted, only Adam's private key can unlock the message. Asymmetric encryption schemes are more processor intensive than other forms of encryption.

The other most commonly used type of encryption is symmetric, where there is only one key that is used for both encryption and decryption. Symmetric encryption uses less computer resources than asymmetric encryption that makes it desirable in many ways. However, symmetric encryption is inherently not as secure as asymmetric encryption because both the sending and receiving parties need to have a copy of the key.

With both of theses systems of encryption, keeping the private key private is of top importance because anyone who has a copy of the private key can read messages encrypted with it's public pair.

With all types of encryption, it is eventually possible to use brute-force (trying every possible value) to break into the encrypted data. For this reason, when determining the strength of encryption to use one needs to decide how much their data is worth. As a general rule of thumb, one wants to make it be more expensive to break the encryption than the data is worth. The strength of any type of encryption is based on the algorithm of the method and the size of the key length. Weak encryption is generally considered to be anything less than 40-bits.1 The most popular type of encryption (and standard), DES (Data Encryption Standard), is 56-bit. A panel of encryption experts met in 1996 and recommend that the minimum needed key length is 90-bit2 RSA believes that 128-bit encryption should be the new standard length, replacing 56-bit DES.3 Small increases in key length provide significantly more protection. Increasing a key length from 30 bit to 32 bit results causes the key-space to go from slightly over 1 billion keys to over 4.25 billion keys!

The United States government has a lot at stake when it trying to determine it's policy on use of encryption inside the US and for export. It has to balance the security and individual rights of US citizens with law enforcement's need to be able to get access to encrypted incriminating information. There are a number of bills currently going through Congress, which address these issues. They include clauses to limit the export of strong encryption, key escrow programs, and limitations on key length sizes. The question is how do these different policies effect the security of our data?

The issue of key length is obviously very important when talking about the security of our encrypted data. Currently, the government uses 56-bit DES as the minimum level of encryption required for sensitive information.4 At the same time, it is currently illegal, in almost all cases, to export encryption stronger than 56-bit out of the United States. U.S. law enforcement is in favor of keeping the current limit on the export of strong encryption because it makes it easier to catch criminals. The government has set this as the limit because that is the encryption strength that they can reasonably crack in a reasonable amount of time.5 RSA has already sponsored two separate public competitions to demonstrate the weakness of 56-bit encryption by decrypting a secret message through brute-force. The first, 56-bit DES was cracked by DESCHALL in four months using the power of over fourteen thousand computers.6 The second, 56-bit RC5 was cracked in 210 days using the computer power "equivalent to more than twenty-six thousand high-end personal computers."7 In the RSA press release when 56-bit DES was cracked, Jim Bidzos, president of RSA was quoted saying:

This demonstrates that a determined group using easily available desktop computers can crack DES-encrypted messages, making short 56-bit key lengths and unscaleable algorithms unacceptable as national standards for use in commercial applications. 8

So, how insecure is 56-bit encryption? RSA seems to take for granted that the encryption scheme is weak because it has been broken. When referring to the computer which found the correct code in the DESCHALL effort, RSA vice president of marketing, Scott Schnell stated "This guy had a 90-MHz Pentium. It wasn't some guy with a bank of workstations."9 But think about it another way. It took more than twenty-six thousand computers, most of which being more powerful than a Pentium 90, eight months to break the code! That seems pretty secure. If someone out there on the Internet is trying to steal my credit card number, that's an awful lot of effort, hardware and time for pretty minimal gains.

Even if you take into account the rate at which computer power increases, if you assumed a 100% gain in processing power every six months, five years from now it would still take over eight hundred computers more than a month to duplicate the DESCHALL effort.10 Besides the fact, the technology rate isn't increasing as fast so it might be a lot longer before we have this much growth in computer power.

So is 56-bit DES is safe, right? Wrong - scientists have calculated that a super computer can brute-force the entire 56-bit key space in about 3.5 hours!11 This changes things greatly, because it is no longer a long-term investment to crack an encrypted message. However, only governments and large companies own super computers with this amount of processing power. This is probably the reason that the 56-bit limit was set for United States export. It is a reasonably strong level of encryption for personal use, but any government or great computing power which wants to can crack codes if necessary in a reasonable amount of time. The U.S. Government can still spy on those suspected of illegal activities.

If we want real security, then do we want security from everyone, including those with super computers - the U.S. Government or otherwise. The cost to the user is relatively minimal to use a larger key length, but for someone trying to crack the code, it isn't. For that reason alone, there really isn't a good argument for restricting key lengths inside the United States. People should use whatever will provide then with adequate protection by their own definition of secure. Right now this the issue of restricting key length in the US is a pretty closed topic because the government is hoping to pass laws which will require key-escrow systems, so they will no longer need to brute-force encrypted data. However, if these laws fail to pass, there is a good possibility that the government may try to pass legislature restricting key lengths.

A really hot topic right now before the Congress regarding encryption is the issue of key recovery, or key escrow. In it's most simple form a copy of the private key is held by a trusted independent party. This key recovery agent would allow users of encryption to regain access to their encrypted data if the private key was lost or destroyed. In addition, law enforcement could decrypt information gained through legal seizures in order to better prosecute and prevent crimes. Many Americans fear that this type of policy which require key escrow systems allows for the creation of a Big Brother type of society, where the government and law enforcement has the ability to monitor everyone all of the time.

There are a number of issues that need to be worked out before any form of key escrow system could ever be put into place. The most important would be making sure that the storage site would be completely secure. The loss of even one key due to theft, piracy or hacking could be enormous and unacceptable. In addition, a secure system would need to be designed to transfer keys once they were created to the storage facilities. Third, a means of identification and collection of keys would need to be designed with allows individuals to prove their identity and reclaim keys which is virtually impossible to fake. In order for the system to work well, each of these three issues would need to be solved in a way that uses the Internet. It would be virtually impossible for a government run system to meet all these criteria, be efficient and be free of corruption.

Many people argue that this issue will solve itself because private companies will impose their own key escrow systems on their staff. Companies could impose this sort of policy in order to minimize risk due to staff attempting to hide information when they leave or are fired. There are many other reasons why a company would want to have it's own key escrow solution. Some people claim that demand will generate systems can then be implemented or used by law enforcement, however the FBI is not happy with this solution.12 What motive would a company have to open up its private key escrow system to the government for monitoring? The data protected by encryption is of a sensitive nature, and there really isn't a good reason why a company would voluntarily risk losing that private information by opening it up to the government.

In a speech to the Permanent Select Committee on Intelligence, Louis J. Freeh, Director of the FBI said:

... law enforcement has a unique public safety requirement in the area of perishable communications which are in transit (telephone calls, e-mail, etc.). It is law enforcement, not corporations, that has a need for the immediate decryption of communications in transit. There is extraordinary risk in trusting public safety and national security to market forces that rightfully are protecting important but unrelated interests. Law enforcement's needs will not be adequately addressed by letting key recovery systems develop from consumer demand13

The FBI is asking for the ability to monitor encrypted data transferred over the Internet in the same way they can currently tap phone lines or monitor cell phone calls. It seems reasonable to support this policy, but it opens up many more issues than monitoring phone lines.

As more and more communication occurs over public networks the government will have the ability to monitor more and more aspects of our lives. FBI crime statistics show that criminals have and will continue to use encryption in growing numbers to protect themselves.14 Should the government have the ability to monitor all transactions in order to catch the bad guys? There are really two issues here: First, do we trust the government not to abuse its power and only use key recovery systems when it is a matter of great importance? Second, and more key, does the government have a right to invade our privacy in this way? Is it an invasion of our privacy to allow the government to monitor everything we do on-line? These are hard questions to answer because they are about trust. However, it is the fact that we have to worry about government abuse that sheds light on the answer.

In a response from Senator McCain about his proposed S. 909 encryption regulation bill, he writes "The bill requires that subpoenas for law enforcement seeking to gain these keys will be no less stringent than any other subpoenaed material."15 However, opponents of this proposed system believe it would allow "virtually anyone at any level of law enforcement to have access to private information on the flimsiest pretext, not even requiring a court order."16

The partial regulation of encryption through key-escrow systems is really not feasible. There are really only two options: 1) give citizens the right to use any form of encryption they want, or 2) require mandatory restriction and public access to encryption. The second option is basically the same thing as no encryption at all.

When we looked at encryption key lengths, it became clear at the only organizations which have enough computer power to efficiently crack encryption by brute-force are governments. Government law enforcement agents believe that the only want to successfully fight crime in this new digital age is by being able to gain access to encrypted information kept by criminals. They claim that without either restrictions on the strength of encryption or direct access key escrow systems they will not be able to do their jobs effectively. However, their proposed solutions put everyone at risk by suggesting the implementation of back doors that make even incredibly strong encryption susceptible to immediate entry by undesirables. These policies forsake our individual freedoms and right to privacy in exchange for the possibility of improved crime fighting. In our modern world, this tradeoff is unacceptable. We can not allow public, mandatory, key escrow systems or restrictions on the strength of our encryption to be put in place that would undermine our rights to personal privacy.

References

  1. Crypto!, SC Magazine, October 1997, Volume 8, No. 7, Page 19. Back
  2. Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security, January 1996 Back
  3. Team of Universities, Companies and Individual Computer Users Linked Over the Internet Crack RSA's 56-Bit DES Challenge, RSA Press Release, June 19, 1997 Back
  4. Crypto!, SC Magazine, October 1997, Volume 8, No. 7, Page 24. Back
  5. Government and Encryption: Locking You Out, Letting Them In, Ashley Dunn, October 8, 1997 Back
  6. Internet-Linked Computers Challenge Data Encryption Standard, DESCHALL Press Release, June 18, 1997 Back
  7. Secure Encryption Challenged by Internet-Linked Computers, Distributed.net Press Release, October 22, 1997 Back
  8. Team of Universities, Companies and Individual Computer Users Linked Over the Internet Crack RSA's 56-Bit DES Challenge, RSA Press Release, June 19, 1997 Back
  9. Group Cracks 56-bit Encryption, Michael Kanellos, C|Net's News.Com, June 18, 1997 Back
  10. Based on my calculations: (26000/2/2/2/2/2 computers over 8/2/2/2/2/2 months to break 25% of the key space) Back
  11. Government and Encryption: Locking You Out, Letting Them In, Ashley Dunn, October 8, 1997 Back
  12. The Impact of Encryption on Public Safety, Statement of Louis J. Freeh, Director FBI, September 9, 1997 Back
  13. The Impact of Encryption on Public Safety, Statement of Louis J. Freeh, Director FBI, September 9, 1997 Back
  14. The Impact of Encryption on Public Safety, Statement of Louis J. Freeh, Director FBI, September 9, 1997 Back
  15. Personal Letter from John McCain Back
  16. Encryption Bill: An Exercise in Deception, Dan Gillmor, Extension of Remarks, June 25, 1997, (follow congressional record, extention of remarks) Back