Letter to CACM, Nov. 1992

Here's a little letter I wrote to the Communications of the ACM that got published in CACMv35n11.

Note that they didn't publish it quite as I'd sent it to them (they omitted a few things like the list of references, as well as making some other editorial changes), but I want to present it here exactly as it was published, word-for-word.

IMO, the first few paragraphs are as applicable today as they were then. The more you get into the letter, the less relevant it is to today's problems, however.

After reading all the National Security Agency bashing in the July issue of Communications, I was both amazed and appalled that one very important topic was omitted. Namely, that the NSA, through its actions to squelch the publication of good encryption algorithms and attempts to force standardization on poor ones, has defeated its very purpose, in addition to causing very grave harm to national security interests.

Firstly, the former Soviet Union (now the Commonwealth of Independent States) has had good cheap working copies of both DES and RSA for years now, according to [1]. Secondly, anyone who wants either the algorithms themselves or the executable code, can easily get what they want. In fact, I have found the source code to DES available via anonymous ftp on the Internet. The RSA algorithm is somewhat more difficult to acquire, but not much. Clearly, the NSA has failed miserably in keeping these algorithms from circulating outside certain circles within the U.S.

Many people already know that government agencies are required, by law, to adhere to various different standards enacted by NIST, through their Federal Information Processing Standards (FIPS). What they may not realize is that, by congressional order, the federal agencies are required to use Commercial Off-The-Shelf (COTS) software, wherever feasible. If American companies refrain from producing a quality encryption product due to the FIPS or influences by the NSA, and the federal agencies desire to use a quality product, then they must go to contractors to have one specially written at a good deal of cost. We end up spending significantly more simply because the products we need are not commercially available.

Additionally, since American companies are not given a good standardization method of efficiently and appropriately protecting their confidential data, they are very prone to industrial espionage. Most of the countries which have been our national security espionage adversaries in the past have since turned a significant portion of their efforts over to industrial espionage, making them very vulnerable. Since national security depends, in large part, upon the welfare of defense industry and other high-technology companies, the NSA has succeeded in doing very grave harm to national security interests by leaving these companies to the wolves. Of course, these companies can also contract to have good encryption algorithms implemented for them, but then that puts them in the same boat as the federal government, in that they would be spending much more money than necessary.

Then we have the issue of interoperability -- if we were using known commercial implementations of some standard encryption algorithm, then we could be reasonably sure that we could communicate with each other with a minimum of additional difficulty. However, if we have our own private versions of even good encryption algorithms, no matter how well-written the standard, then there are very serious questions about compatibility, which means, more likely than not, encrypting something would most likely not be done, which would mean that it is effectively totally unprotected. If only the FIPS standard encryption algorithm, were a good one to begin with, and a good implementation of it (through the proper choice of long keys, etc..., as suggested in Rivest, et al. [4]) were included as a part of that standard, then those additional and totally unnecessary costs could be avoided.

In order to balance the needs of the users and the government's needs, I suggest the following:

Have a central Key Distribution Facility (KDF) that is run under the auspices of the IEEE, ANSI, FBI, NIST, another government agency, or some neutral third party -- one that gives a reasonable guarantee (one I will not attempt to define here) that the keys will be kept safely from prying eyes, even those that belong to the government. Specify that the RSA encryption algorithm (or some other public-key encryption algorithm) will be used to safely encrypt messages, and that all keys for this implementation will be issued by this KDF. Furthermore, if law enforcement agencies can present a legal wiretap order to this KDF, then issue them the private key(s) for the person(s) or organization that is/are going to be wiretapped.

There are many implementation details that have been omitted from this discussion, but I feel that this proposal will allow the public the same reasonable guarantee that we have today, namely that no one is illegally listening to conversations. If an international implementation of the encryption scheme is desired, then the organization could be sponsored under the CCITT, ISO, UN, or some other appropriate international organization.

Brad Knowles
Defense Information Systems Agency

Some interesting points:

Some related thoughts:

So, tell me why the State Department had to smuggle STU-III (Secure Telephone Unit III) devices out of the U.S. in diplomatic pouches for delivery to our guys in Saudi Arabia for support of Desert Shield/Desert Storm, when it is the State Department that is supposed to enforce this damn ITAR regulation in the first place?!? This fact was widely reported in the press at the time, by the way....

So, tell me why the STU-III units can be manufactured overseas (in Norway?), but once they're brought to the U.S. and activated with a Key, they are now considered "munitions" and aren't even exportable back to the original country of manufacture? What the HELL is it that we're protecting here, anyway?!?

So, tell me why the contract for the encryption engine for the STU-IV was explicitly given to a Canadian company because they aren't subject to U.S. ITAR restrictions?