DR. CLINTON C. BROOKS
NATIONAL SECURITY AGENCY
TESTIMONY BEFORE THE
HOUSE SCIENCE, SPACE AND TECHNOLOGY COMMITTEE'S
TECHNOLOGy, ENVIRONMENT, AND AVIATION SUBCOMMITTEE
MAY 3, 1994




Good afternoon. I am pleased to have the opportunity to speak with you 
about NSA's views on encryption and its involvement with the 
Administration's key escrow encryption program which encourages the use 
of the government designed encryption microcircuits, commonly referred 
to as CLIPPER chips. These microcircuits, or chips, provide high quality 
privacy protection, but also enable law enforcement organizations, when 
lawfully authorized, to obtain the key that unlocks the 
encryption and thereby maintain the present ability to conduct 
electronic surveillance. The President's program advances two 
seemingly conflicted interests -- preserving critical law enforcement 
capabilities, on the one hand, and providing excellent 
information systems security, on the other. I will discuss NSA's role in 
support of this program and NSA's interests with respect 
to the President's program.



NSA's Role In the President's Initiative



Our role in support of this initiative has been that of a technical 
advisor to the National Institute of Standards and 
Technology (NIST) and the FBI.



As the nation's cryptographic experts and signals intelligence (SIGINT) 
authority, NSA has long had a role to advise 
other government organizations on issues that relate to the security of 
communications systems or the conduct of


electronic surveillance. Our function as an advisor in the field of 
information security became more active with the passage of the 
Computer Security Act of 1987. The Act authorizes the National Bureau of 
Standards (now NIST) to draw upon the technical 
advice and assistance of NSA. It also provides that NIST must draw upon 
NSA's computer system technical security guidelines 
to the extent that NIST determines such guidelines to be consistent with 
the requirements for protecting sensitive information in 
federal computer systems. This statutory framework is the basis for 
NSA's involvement with the key escrow program.

Subsequent to the passage of the Computer Security Act, NIST and NSA 
formally executed a memorandum of understanding (MOU) that created a 
Technical Working Group to facilitate our interactions. The FBI, though 
not a signatory to the MOU, regularly participated in the working group 
meetings. The FBI recognized that certain technologies posed a threat to 
law enforcement capabilities in this country. Specifically, the FBI 
realized that the use of encryption and other technologies in 
communications and computer systems could prevent effective use of court 
authorized wiretaps, a critical weapon in their fight against crime and 
criminals. In subsequent discussions, the FBI and NIST sought our 
technical advice and expertise in cryptography to develop a means to 
allow for the proliferation of robust encryption technology without 
sacrificing law enforcement's current capability to access 
communications under lawfully authorized conditions.



We developed a theoretical key escrow concept and then undertook a 
research and development program to demonstrate that it could be 
implemented. The program led to the development of two microcircuits or 
chips. The first was an allpurpose chip with encryption, public key 
exchange, digital signature, and hashing functions. The second contained 
the encryption function only and was designed for use in devices in 
which digital signature and hashing are not needed and key exchange is 
provided by some means outside the chip.

2


Throughout the design and development of the key escrow encryption 
system, we placed an emphasis on providing for the protection of users' 
privacy. We focused on ways in which we could preserve law enforcement's 
existing capabilities without undermining privacy rights and protections 
embodied in current law.



One of the technical solutions to these privacy concerns is the split 
escrowed key. All chips have been designed to be programed with their 
own identification number and a unique key that could be used to unlock 
the encryption. Because the chip-unique keys can be used to unlock the 
encryption, we also devised a means to split the keys and to keep each 
part with a different custodian. Neither part is useful without the 
other. The parts of each chip's unique key are separately escrowed with 
two trusted custodians at the time the chip is programmed. Thus, when 
law enforcement officials conduct a court-authorized wiretap and 
encounter this encryption, they can identify the chip being used and, 
with the court authorization, obtain the corresponding chip-
unique key components from each of the custodians. This concept of 
splitting the key into two or more parts is a sound security technique 
which provides a safeguard against unlawful attempts to obtain keys and 
illegal access to protected communications. This also provides security 
against the risk that a single custodian might lose control of the keys, 
making the corresponding chips vulnerable to decryption.



In addition to splitting the key, the system has been designed so that 
the chipunique key components are encrypted. Neither the custodians nor 
law enforcement of officials know even a portion of the unique keys. The 
unique keys are only decrypted in a special device used to decrypt 
communications encrypted with key escrow chips. These devices are, of 
course, kept under strict control to ensure they are used only in 
connection with authorized wiretaps.

3


The U.S., with its key escrow concept, is presently the only country 
proposing a technique that provides its citizens very good privacy 
protection while maintaining the current ability of law enforcement 
agencies to conduct lawful electronic surveillance. Other countries are 
using government licensing or other means to restrict the use of 
encryption. We have gone to great lengths to provide for both individual 
privacy and law enforcement interests, and I think we have developed the 
best technical approach possible. When you consider that most people 
currently use no encryption, the key escrow encryption concept 
presents a system that actually enhances privacy protections. Widespread 
use of CLIPPER will make it easy for people to take advantage of the 
benefits offered by high quality encryption.



NSA's INFOSEC INTERESTS



NSA has a mission to devise security techniques for government 
communications and computer systems that process classified information 
or are involved in certain military or intelligence activities. In 
keeping with the Computer Security Act of 1987, we also make available 
to NIST the benefits of our security expertise so they can, as 
appropriate, use it to promulgate the security standards applicable to 
the systems under their purview, i.e. federal systems that process 
sensitive unclassified information. Through our support of NIST and the 
promulgation of standards for federal systems, we advance a goal we all 
share -- assuring that Americans have available to them the products 
they need to secure their communications and computer 
systems.



The NSA Information Systems Security, or INFOSEC, organization is 
constantly working to understand the threats to information systems and 
to devise new or improved methods to protect against those threats. 
While most of us only consider the security of our systems when there is 
a much publicized case of computer hacking or intercepted cellular 
calls, NSA's INFOSEC people recognize the

4


                        





threats are ever present. They possess a unique sensitivity to the 
nature and the extent of these threats. They combine this 
sensitivity and awareness of the threats with insights into information 
system vulnerabilities to form the foundation for building 
information systems security products. NSA has applied this knowledge 
and unrivaled cryptographic expertise for over 40 years 
in designing security products for U.S. communications and information 
systems that are second to none.



Key escrow technology advances our INFOSEC interests. For one thing, the 
key escrow encryption microcircuits provide excellent security -- 
better, by far, than the Data Encryption Standard (DES). We will use 
these chips in products to secure information systems for which we are 
responsible. I1D the extent that we can use commercial technology as a 
basis for securing these systems, the cost to all users will decline and 
the likelihood of use will go up. We are also pleased to see such 
robust security available for voluntary use by all Americans. Moreover, 
widespread use of these products will enhance the interoperability of 
systems among all users. All of this is to the good of INFOSEC concerns.



NSA's VIEWS ON ENCRYPTION EXPORTS


From a signals intelligence standpoint, we are only concerned with the 
use of encryption by targets of our foreign intelligence efforts. 
Clearly, the success of NSA's intelligence mission depends on our 
continued ability to collect and understand foreign communications. 
Encryption, a technique for scrambling communications so that unintended 
recipients cannot understand their contents, can disrupt our ability to 
produce foreign signals intelligence. Controls on encryption exports are 
important to maintaining our capabilities.



At the direction of the President in April, 1993, the A lministration 
spent ten months carefully reviewing its encryption policies, with 
particular attention to those

5


issues related to export controls on encryption products. The 
Administration consulted with many industry and private sector 
representatives and sought their opinions and suggestions on the entire 
encryption export control policy and process. As a result of this 
review, the Administration concluded that the current encryption export 
controls are in the best interest of the nation and must be maintained, 
but that some changes should be made in the export licensing process in 
order to maximize the exportability of encryption products and to reduce 
the regulatory burden on exporters. These changes will greatly ease the 
licensing process and allow exporters to more rapidly and easily export 
their products.


In addition, the Administration agreed at the urging of industry that 
key escrow encryption products would be exportable. Our announcement 
regarding the exportability of key escrow encryption products has caused 
some to assert that the Administration is permitting the export of key 
escrow products while controlling competing products in order to force 
manufacturers to adopt key escrow technology. These arguments are 
without foundation.



Many non-key escrow encryption products have long been licensed for 
export. Such products will continue to be approved for export 
notwithstanding the fact that key escrow encryption products are 
becoming available. Moreover, we will continue to review proposed 
exports of new encryption products and will license them for export in 
any case in which the export is consistent with national interests. 
Finally, as I mentioned earlier, the Administration is in the process of 
implementing reforms of the licensing process to speed licensing and 
reduce the licensing burdens on encryption exporters. These reforms will 
benefit exporters of key escrow and nonkey-escrow encryption alike. In 
short, we are not using or intending to use export controls to 
force vendors to adopt key escrow technology.

6


CONCLUSION


In conclusion, I believe the President's key escrow encryption 
initiative is a well-reasoned and equitable response to a very difficult 
set of issues. It accommodates users' interests in privacy and system 
security and maintains the law enforcement interest to unlock encryption 
when lawfully authorized. The procedures for escrowing key are being 
developed to ensure the security of the devices is not compromised by 
the escrow system. Though there remain some details to be defined, I am 
confident they will be worked out very quickly, so that the President's 
initiative can be implemented.


I would be pleased to answer any questions you may have.

7