Cryptography's role in securing the information society

For every opportunity presented by the information age, there is an opening to invade the privacy and threaten the security of the nation, U.S. businesses, and citizens in their private lives. The more information that is transmitted in computer-readable form, the more vulnerable we become to automated spying. It's been estimated that some 10 billion words of computer-readable data can be searched for as little as $1. Rival companies can glean proprietary secrets . . . anti-U.S. terrorists can research targets . . . network hackers can do anything from charging purchases on someone else's credit card to accessing military installations. With patience and persistence, numerous pieces of data can be assembled into a revealing mosaic. Cryptography's Role in Securing the Information Society addresses the urgent need for a strong national policy on cryptography that promotes and encourages the widespread use of this powerful tool for protecting of the information interests of individuals, businesses, and the nation as a whole, while respecting legitimate national needs of law enforcement and intelligence for national security and foreign policy purposes. This book presents a comprehensive examination of cryptography?the representation of messages in code?and its transformation from a national security tool to a key component of the global information superhighway. The committee enlarges the scope of policy options and offers specific conclusions and recommendations for decision makers. Cryptography's Role in Securing the Information Society explores how all of us are affected by information security issues: private companies and businesses; law enforcement and other agencies; people in their private lives. This volume takes a realistic look at what cryptography can and cannot do and how its development has been shaped by the forces of supply and demand. How can a business ensure that employees use encryption to protect proprietary data but not to conceal illegal actions? Is encryption of voice traffic a serious threat to legitimate law enforcement wiretaps? What is the systemic threat to the nation's information infrastructure? These and other thought-provoking questions are explored. Cryptography's Role in Securing the Information Society provides a detailed review of the Escrowed Encryption Standard (known informally as the Clipper chip proposal), a federal cryptography standard for telephony promulgated in 1994 that raised nationwide controversy over its "Big Brother" implications. The committee examines the strategy of export control over cryptography: although this tool has been used for years in support of national security, it is increasingly criticized by the vendors who are subject to federal export regulation. The book also examines other less well known but nevertheless critical issues in national cryptography policy such as digital telephony and the interplay between international and national issues. The themes of Cryptography's Role in Securing the Information Society are illustrated throughout with many examples?some alarming and all instructive?from the worlds of government and business as well as the international network of hackers. This book will be of critical importance to everyone concerned about electronic security: policymakers, regulators, attorneys, security officials, law enforcement agents, business leaders, information managers, program developers, privacy advocates, and Internet users. Table of Contents Front Matter Executive Summary A Road Map Through This Report Part I - Framing the Policy Issues Growing Vulnerability in the Information Age Cryptography: Roles, Market, and Infrastructure Needs for Access to Encrypted Information Part II - Policy Instruments Export Controls Escrowed Encryption and Related Issues Other Dimensions of National Cryptography Policy Part III - Policy Options, Findings, and Recommendations Policy Options for the Future Syntehsis, Findings, and Recommendations A - Contributors to the NRC Project on National Cryptographic Policy B - Glossary C - A Brief Primer on Cryptography D - An Overview of Electronic Surveillance: History and Current Status E - A Brief History of Cryptography Policy F - A Brief Primer on Intelligence G - The International Scope of Cryptography Policy H - Summary of Important Requirements for a Public-Key Infrastructure I - Industry-Specific Dimensions of Security J - Examples of Risks Posed by Unprotected Information K - Cryptographic Applications Programming Interfaces L - Other Looming Issues Related to Cryptography Policy M - Federal Information Processing Standards N - Laws, Regulations, and Documents Relevant to Cryptography Index

• 1 Front Matter
• 2 Executive Summary
• 3 A Road Map Through This Report
• 4 Part I - Framing the Policy Issues
• 5 Growing Vulnerability in the Information Age
• 6 Cryptography: Roles, Market, and Infrastructure
• 7 Needs for Access to Encrypted Information
• 8 Part II - Policy Instruments
• 9 Export Controls
• 10 Escrowed Encryption and Related Issues
• 11 Other Dimensions of National Cryptography Policy
• 12 Part III - Policy Options, Findings, and Recommendations
• 13 Policy Options for the Future
• 14 Syntehsis, Findings, and Recommendations
• 15 A - Contributors to the NRC Project on National Cryptographic Policy
• 16 B - Glossary
• 17 C - A Brief Primer on Cryptography
• 18 D - An Overview of Electronic Surveillance: History and Current Status
• 19 E - A Brief History of Cryptography Policy
• 20 F - A Brief Primer on Intelligence
• 21 G - The International Scope of Cryptography Policy
• 22 H - Summary of Important Requirements for a Public-Key Infrastructure
• 23 I - Industry-Specific Dimensions of Security
• 24 J - Examples of Risks Posed by Unprotected Information
• 25 K - Cryptographic Applications Programming Interfaces
• 26 L - Other Looming Issues Related to Cryptography Policy
• 27 M - Federal Information Processing Standards
• 28 N - Laws, Regulations, and Documents Relevant to Cryptography
• 29 Index