WASHINGTON, April 16, 1998 -- A recent report by the National Security Agency (NSA) raises more serious questions about the Administration's policy on encryption technology. The NSA has concluded that 'key recovery' systems for encryption, or data-scrambling, software introduce new risks and vulnerabilities into American computer networks and databases. This confirms many of the findings that 11 eminent cryptographers and computer scientists reached in a study that the Center for Democracy and Technology published almost a year ago.

The NSA report is particularly telling in light of Commerce Secretary William Daley's admission yesterday that the Clinton Administration can't agree internally on how to balance the needs of the technology industry and the demands of law enforcement on how to use and export encryption codes. The FBI wants to limit the export of practically unbreakable 128-bit key-length encryption. It also wants industry to include a system in all its programs that would put keys to the encryption codes into the hands of third parties, where they can be retrieved by law enforcement to unscramble messages when illegal activity is suspected.

The Administration has pushed this key-recovery concept for four years, both in the United States and other countries, with no luck. "There are solutions out there, solutions that would meet some of law enforcement's needs without compromising the concerns of the privacy and business communities. But I fear our search has thus far been more symbolic than sincere," Daley said in a speech in Washington to high-tech companies.

The NSA's report, 'Threat and Vulnerability Model for Key Recovery,' first reported last week by Federal Computer Week magazine, shows that when the keys to encrypted, or scrambled, data are made accessible to law enforcement through a third party the risk that a key may be stolen or compromised in some way rises significantly. Everyday users of computerized data who want to circumvent a key recovery system, for example, could do so by providing incorrect identification information to the government's centralized Key Recovery Center, the NSA report suggests. Likewise, a 'rogue' law enforcement agent's 'best opportunity to gain unwarranted access to his [illegitimate] target's information is simply to just ask for it.'

These conclusions echo the 11 cryptographers' findings in their study, 'The Risks of Key Recovery, Key Escrow, and Trusted Third Party Encryption,' published last May by CDT. That study raised serious questions about the added risks, costs, and complexity of the government's key recovery proposals. 'Even if [a key recovery] infrastructure could be built, the risks and costs of such a system may ultimately prove unacceptable,' the scientists warned. (Their report is available at http://www.crypto.com/key_study/)

Besides outlining the new risks that key recovery systems introduce into the world of online communications, the NSA report finds that:

• Key recovery schemes won't solve law enforcement's problems with encrypted information because two people acting in concert can always send messages that circumvent key recovery. When both the sender and receiver of an electronic message 'collaborate to defeat KR [Key Recovery], there is no technical method from [sic] preventing this,' the NSA says.

• Creation of centralized storage locations, such as key recovery centers, for the keys to encrypted data will draw criminal attacks. A Key Recovery Center as envisioned in the NSA report 'makes an attractive target since a successful attack here has a huge return on investment,' the NSA concludes.