Presidential Commission On Critical Infrastructure Endorses Key Recovery

The President's Commission on Critical Infrastructure Protection (PCCIP) today released its comprehensive report on the important issue of protecting America's vulnerable infrastructures. At the same time, however, the report recommends creation of an entirely new infrastructure for storage and recovery of encryption keys -- an infrastructure that leading experts in the field believe would itself be vulnerable to the very threats the PCCIP describes.

The PCCIP report recommends that the government expedite pilot projects to build "public confidence and trust with the KMI [key management infrastructure] key recovery approach," and calls on the Administration to promote "the implementation of a KMI that supports lawful key recovery on an international basis." (See PCCIP Report, Part 2, Recommendations.) While the report recognizes that encryption is "an essential element for the security of information," the key recovery systems it recommends would actually create new vulnerabilities in the information infrastructure.

Does Your Member of Congress Support Your Right to Privacy?

A recent study by eleven expert cryptographers and computer security experts, The Risks of Key Recovery, Key Escrow, and Trusted Third Parties (1997), identifies numerous risks in the widespread deployment of such key recovery infrastructures. Those risks include:

• Back-door Access to Data -- Key recovery "introduces an new and vulnerable path to the unauthorized recovery of data where one did not otherwise exist."

• Insider Abuse-- "Key recovery systems are particularly vulnerable to compromise by authorized individuals who abuse or misuse their positions."

• New Targets for Attack -- "Key recovery creates new high-value targets for attack of encryption systems."

• Unprecedented Scale -- "There are few, if any, secure systems that operate effectively and economically on such a scale."

These concerns go unaddressed in the PCCIP's report.

Key recovery is inconsistent with the PCCIP's own calls for greater security in our nationŐs critical infrastructures. The "increasing vulnerabilities," "increasing dependence on critical infrastructure," and "wide spectrum of threats" identified by the PCCIP all provide powerful arguments against the deployment of the vastly complex and insecure systems for back-door access that key recovery requires.

Moreover, the widespread deployment of key recovery will jeopardize privacy and further undermine trust in the information infrastructure. While the PCCIP does recommend that encryption keys require Fourth Amendment protection -- a recommendation that CDT strongly endorses -- these protections cannot be guaranteed outside of the United States. Finally, the PCCIP's apparent support for the unnecessary linkage between KMI's and key recovery endanger the deployment of authentication systems necessary for electronic commerce.

The protection of our critical infrastructures should not -- and in fact need not -- require citizens to sacrifice their basic civil liberties. Encryption is an essential ingredient in that protection; it would be an error to build vulnerabilities into the new infrastructures we are deploying to protect the old ones.

Links to additional information

• The PCCIP Report
• Cryptographers Report on the Risks of Key Recovery