DIRECTOR, NATIONAL SECURITY AGENCY
TESTIMONY BEFORE THE
SENATE JUDICIARY COMMITTEE'S
TECHNOLOGY AND THE LAW SUBCOMMITTEE
MAY 3, 1994





Good morning. I appreciate the opportunity to discuss with you NSA's 
interests in and involvement with the Administration's key escrow 
encryption program and its decision to encourage the use of the 
government designed encryption microcircuits, commonly referred to as 
CLIPPER chips. These microcircuits, or chips, provide robust encryption, 
but also enable law enforcement organizations, when lawfully authorized, 
to obtain the key that unlocks the encryption. The President's program 
advances two seemingly conflicted interests -- preserving critical 
electronic surveillance capabilities, on the one hand, and providing 
excellent information systems security, on the other. I will discuss the 
role we played in support of this program. I will also discuss NSA's 
interests, both in general and in respect to the President's program.



NSA's Role In the President's Initiative



Our role in support of this initiative can be summed up as "technical 
advisors" to the National Institute of Standards and Technology (NIST) 
and the FBI.



As the nation's signals intelligence (SIGINT) authority and 
cryptographic experts, NSA has long had a role to advise other 
government organizations on issues that relate to the conduct of 
electronic surveillance or matters affecting the security of 
communications systems. Our function in the latter category became more 
active with the passage of the Computer Security Act of 1987. The Act 
states that the

National Bureau of Standards (now NIST) may, where appropriate, draw 
upon the technical advice and assistance of NSA. It also provides that 
NIST must draw upon computer system technical security guidelines 
developed by NSA to the extent that NIST determines that such guidelines 
are consistent with the requirements for protecting sensitive 
information in federal computer systems. These statutory guidelines have 
formed the basis for NSA's involvement with the key escrow program.



Subsequent to the passage of the Computer Security Act, NIST and NSA 
formally executed a memorandum of understanding (MOU) that created a 
Technical Working Group to facilitate our interactions. The FBI, though 
not a signatory to the MOU, was a frequent participant in our meetings. 
The FBI realized that they had a domestic law enforcement problem -- the 
use of certain technologies in communications and computer systems that 
can prevent effective use of court authorized wiretaps, a critical 
weapon in their fight against crime and criminals. In the ensuing 
discussions, the FBI and NIST sought our technical advice and expertise 
in cryptography to develop a technical means to allow for the 
proliferation of top quality encryption technology while affording law 
enforcement the capability to access encrypted communications under 
lawfully authorized conditions.



We undertook a research and development program with the intent of 
finding a means to meet NIST's and the FBI's concerns. The program led 
to the development of two microcircuits or chips. The first was an all-
purpose chip with encryption, public key exchange, digital signature, 
and hashing functions. The second contained the encryption function only 
and is intended for use in devices in which digital signature and 
hashing are not needed and key exchange is provided by some means 
outside the chip.



Throughout the design and development of the key escrow encryption 
system,

we placed an emphasis on providing for the protection of users' privacy. 
We focused on ways in which we could preserve law enforcement's existing 
capabilities without undermining privacy rights and protections embodied 
in current law.



One of the technical solutions to these privacy concerns is the split 
escrowed key. All chips have been designed to be programmed with their 
own identification number and a unique key that could be used to unlock 
the encryption. Because the chip-unique keys can be used to unlock the 
encryption, we also devised a means to split the keys and to keep each 
part with a different custodian. Neither part is useful without the 
other. The parts of each chip's unique key are separately escrowed with 
two trusted custodians at the time the chip is programmed. In this way, 
when law enforcement officials conduct a court-authorized wiretap and 
encounter this encryption, they can identify the chip being used and 
obtain the corresponding chip-unique key from the custodians, again 
using the court authorization. This concept of splitting the key into 
two or more parts is a sound security technique which provides a 
safeguard against unlawful attempts to obtain keys and illegally access 
protected communications. This also provides security against the risk 
that a single custodian might lose control of the keys, making the 
corresponding chips vulnerable to decryption.



In addition to splitting the key, the system has been designed so that 
the chip-unique key components are encrypted. Neither the custodians nor 
law enforcement officials know even a portion of the unique keys. The 
unique keys are only decrypted in a special device used to decrypt 
communications encrypted with key escrow chips. These devices are, of 
course, kept under strict control to ensure they are used only in 
connection with authorized wiretaps.



With the key escrow concept, the U.S. is the only country, so far, 
proposing a technique that provides its citizens very good privacy 
protection and maintains the

current ability of law enforcement agencies to fight crime. Other 
countries are using government licensing or other means to restrict the 
use of encryption. We have gone to great lengths to provide for both the 
privacy and law enforcement interests and I believe we have developed 
the best technical approach to date. As a result, I believe the key 
escrow encryption system actually enhances privacy protections when you 
consider that most people currently use no encryption. Widespread use of 
CLIPPER will make it easy for people to take advantage of the benefits 
that high quality encryption offers.



NSA's INTERESTS IN THE KEY ESCROW INITIATIVE



While our role in this initiative has been that of technical advisor to 
NIST and the FBI, we are very interested in the outcome and its impact 
on NSA's two missions, information security and foreign signals 
intelligence.



NSA has a mission to devise security techniques for government 
communications and computer systems that process classified information 
or are involved in certain military or intelligence activities. In 
keeping with the Computer Security Act of 1987, we also make available 
to NIST the benefits of our security expertise so they can, as 
appropriate, use it to promulgate the security standards applicable to 
the systems under their purview, i.e. federal systems that process 
sensitive unclassified information. Through our support of NIST and the 
promulgation of standards for federal systems, we advance a goal we all 
share -- assuring that Americans have available to them the products 
they need to secure their communications and computer systems.



The NSA Information Systems Security, or INFOSEC, organization is 
continuously striving to understand the threats to information systems 
and to devise new or improved methods to protect against those threats. 
While most of us only

consider the security of our systems when there is a much publicized 
case of computer hacking or intercepted cellular calls, NSA's INFOSEC 
people recognize the threats are ever present. They possess a unique 
sensitivity to the nature and the extent of these threats, and these 
insights into information system vulnerabilities form the foundation for 
building information systems security products. We have applied this 
knowledge and unrivaled cryptographic expertise for over 40 years in 
designing security products for U.S. communications and information 
systems that I can say with confidence and pride, are second to none.



Key escrow technology advances NSA's INFOSEC interests. For one thing, 
the encryption microcircuits provide excellent security, better by far 
than the Data Encryption Standard (DES). We will use these chips in 
products to secure information systems for which we are responsible. We 
are also pleased to see such robust security available for the voluntary 
use of all Americans. To the extent that we can use commercial off-the-
shelf products as a basis for securing information systems under our 
purview, the cost to all users will decline. Moreover, widespread use of 
these products will enhance the interoperability of systems among all 
users. All of this is to the good of our INFOSEC interests.



The key escrow initiative was designed to accommodate all of our 
interests in assuring the privacy of our communications and in 
preserving law enforcement access to communications when necessary and 
lawfully authorized. This accommodation reflects the Administration's 
realization of the importance of effectively managing this technology so 
as to preserve our electronic surveillance capabilities. Whether it is 
law enforcement's wiretap-derived evidence of a crime or intelligence 
information regarding a foreign government, we as a nation use the 
product of electronic surveillance to assure the national security and 
the public safety.

From a signals intelligence standpoint, we are only concerned with the 
use of encryption by targets of our foreign intelligence efforts. 
Clearly, the success of NSA's intelligence mission depends on our 
continued ability to collect and understand foreign communications. 
Encryption, a technique for scrambling communications so that unintended 
recipients cannot understand their contents, can disrupt our ability to 
produce foreign signals intelligence. Controls on encryption exports are 
important to maintaining our capabilities.



At the direction of the President in April, 1993, the Administration 
spent ten months carefully reviewing its encryption policies, with 
particular attention to those issues related to export controls on 
encryption products. The Administration consulted with many industry and 
private sector representatives and sought their opinions and suggestions 
on the entire encryption export control policy and process. As a result 
of this review, the Administration concluded that the current encryption 
export controls are in the best interest of the nation and must be 
maintained, but that some changes should be made in the export licensing 
process in order to maximize the exportability of encryption products 
and to reduce the regulatory burden on exporters. These changes will 
greatly ease the licensing process and allow exporters to more rapidly 
and easily export their products.



In addition, the Administration agreed at the urging of industry that 
key escrow encryption products would be exportable. Our announcement 
regarding the exportability of key escrow encryption products has caused 
some to assert that the Administration is permitting the export of key 
escrow products while controlling competing products in order to force 
manufacturers to adopt key escrow technology. These arguments are 
without foundation.



Many non-key escrow encryption products have long been licensed for 
export. Such products will continue to be approved for export 
notwithstanding the

fact that key escrow encryption products are becoming available. 
Moreover, we will continue to review proposed exports of new encryption 
products and will license them for export in any case in which the 
export is consistent with national interests. Finally, as I mentioned 
earlier, the Administration is in the process of implementing reforms of 
the licensing process to speed licensing and reduce the licensing 
burdens on encryption exporters. These reforms will benefit exporters of 
key escrow and nonkey-escrow encryption alike. In short, we are not 
using or intending to use export controls to force vendors to adopt key 
escrow technology.




CONCLUSION



In sum, I believe the President's initiative is a reasonable response to 
a very difficult set of issues. It accommodates users' interests in 
security and the law enforcement interest to unlock encryption when 
lawfully authorized. The procedures for escrowing key are being 
developed to ensure the security of the devices is not compromised by 
the escrow system. There are, to be sure, issues to be ironed out, but I 
am confident we will work out the wrinkles.



I would be pleased to answer any questions you may have.