Go vernmental Restrictions on the Development and Dissemination of
Cryptographic Technologies: The Controversy Over NIST Standardization on
DSS and Related Intellectual Property Issues

Twentieth Annual Telecommunications Policy Research Conference Solomons
Island, Maryland September 12 - 14, 1992

David L. Sobel Computer Professionals for Social Responsibility 666
Pennsylvania Avenue, S.E. Washington, DC 20003 (202) 54 -9240 Internet:
sobel@washofc.cpsr.org


On August 30, 1991, the National Institute of Standards and Technology
("NIST") published a notice in the Federal Register proposing a federal
digital signature standard ("DSS").  The NIST proposal, and details of the
standard setting process that recently have come to light, raise substantial
questions concerning the future of U.S. information policy in general and
cryptographic technology in particular.

The DSS provides a means of authenticating the integrity of electronically
transmitted data and the identity of the sender.  According to NIST, the
standard is "applicable to all federal departments and agencies for the
protection of unclassified information, " and is "intended for use in
electronic mail, electronic funds transfer, electronic data interchange,
software distribution, data storage, and other applications which require
data integrity assurance and data origin authentication."/

/1/ With governmental and commercial transactions increasingly dependent upon
the reliability and integrity of such telecommunications applications,
authentication techniques are in dispensable.  As NIST's Associate Director
for Computer Security, Lynn McNulty, has said, digital signature technology
"will be an important part of re-engineering the business practices that we've
used for so many years in government and other parts of society.

...  The signature will be absolutely critical in certain areas where, because
of statute or practice, we currently require a written signature on paper."/

/2/While use of the proposed DSS would be mandatory only for federal agencies,
its adoption by the government would have a su bstantial impact on the private
sector.  Vendors will need to offer products for the government that meet the
federal standard and are thus likely to design all of their products to
conform to its re qu irements.

/3/ Thus, the Data Encryption Standard ("DES"), which was adopted by NIST's pr 
edecessor, the National Bureau of Standards, as a government standard in 1977,
was quickly adopted by the American National Standards Institute and became
the worldwide industry standard.

In its Federal Register notice, NIST stated that it had selected the DSS after
evaluating several alternatives and that the agency had "followed the mandate
contained in section 2 of the Computer Security Act of 1987 that NIST develop
standards and guidelines to ' ...  assure the cost-effective security and
privacy of sensitive information in Federal systems.  '"/4/

The reference to the Computer Security Act was significant because, in 
enacting the statute, Congress sought to vest civilian computer security
authority in NIST and to limit the role of the National Security Agency
("NSA").

/5/ When Congress enacted the le gislation, it expressed particular concern 
that NSA, a military in telligence agency, would improperly limit public 
access to in formation in a manner in compatible with civilian standard
setting.

/6/ The House Report notes that NSA's natural tendency to restrict and even 
deny access to in formation that it deems important would disqualify that 
agency from being put in charge of the protection of non-national security in
formation in the view of many officials in the civilian agencies and the
private sector.

NSA's reputation for excessive secrecy is well-known and well- deserved.  In 
the years following the Second World War, the making and breaking of secret 
codes became in creasingly important to the U.  S.  national security es ta 
blishment.

/7/ The National Security Agency, based at Fort George C.  Meade, Maryland, 
was created by order of President Truman in 1952 and tasked with primary
responsibility for co mm unications in telligence (COMINT) - - intercepting
and deciphering the secret communications of foreign governments.  By some
accounts, NSA is capable of acquiring and automatically scanning most, if
not all, of the electronic messages that enter, leave or transit the United
States.

/8/ The agency itself refuses to confirm or deny published information 
concerning its capabilities.

In the 40 years since its creation, NSA has enjoyed a virtual monopoly in the 
area of cryptographic technology within the United States.  Believing its 
mission requires that such technology be closely held, the agency has actively 
sought to maintain its monopoly and to suppress the private, non-governmental 
de velopment and dissemination of cryptography.  The motivation behind NSA's
efforts to suppress cryptographic know-how is obvious -- as the ability to
securely encrypt in formation becomes more widespread, the agency's collection
work becomes more difficult and time-consuming.

NSA's efforts to maintain its monopoly have extended into the area of export
and trade policy.  The export of software products containing cryptographic
features is governed by the International Traffic in Arms Regulations
("ITAR"), administered by the Office of Defense Trade Controls at the
Department of State.  

/9/ In addition to software products sp ecifically designed for military
purposes, the ITAR "Munitions List" includes a wide range of commercial
software containing encryption capabilities.  

/10/ Under the export licensing scheme, the NSA reviews license applications
for "information security technologies" covered by ITAR./11/

While the agency denies the charges, industry representatives claim that 
NSA-imposed restrictions are stifling innovation in an area that is in 
creasingly important to the computer industry.  They further contend that the 
controls on the export of encryption technology are forcing U.S.  companies to 
lose markets to foreign competitors.  As economics writer Robert Kuttner has 
noted, restricting the ability of domestic manufacturers to commercialize and 
export new technologies no longer assures that advanced technologies will stay 
out of unfriendly hands: it only diverts the business to Japanese or European 
ma nu facturers who don't share America's view of technological security.

This has the most far-reaching implications for American competitiveness, 
because it is precisely the most militarily sensitive technologies -- super- 
computers, semiconductor architecture and fabrication, fiber-optics, advanced 
machine tools, cryptography -- that are also key to the competitiveness of
America's commercial industry.

/12/ Considerations of "national security" can also play a role in the patent 
system and inhibit the technological innovation that system is intended to 
foster.  The Invention Secrecy Act, a little-known provision enacted in 1952 
(the year of NSA's birth), authorizes the Commissioner of Patents and 
Trademarks to withhold a patent and order that aninvention be kept secret "for 
such period as the national interest requires." Violation of a patent secrecy 
order is punishable by two years' imprisonment and a $10,000 fine.  

/13/ As a Justice Department representative told a congressional subcommittee 
in 1980, "what the Invention Secrecy Act says in effect is that there are some 
inventions that are too dangerous to be disclosed in the way that a patent 
normally discloses the invention
...."

/14/ The number of secrecy orders issued under the Invention Secrecy Act 
remained relatively constant from 1952 until 1979.  Since then, the number of 
active secrecy orders has increased: a total of 4,685 orders were in effect in 
1986 compared with 3,513 in 1979.  

/15/ While in formation concerning the substance of patent secrecy orders is
obviously difficult to obtain, cryptographic technology clearly has been the
subject of many such orders issued at the insistence of NSA.  

/16/ These re strictions in effect exempt cr yptography from the underlying
purpose of the patent system: to "stimulate ideas and the eventual de
velopment of further significant advances in the art."

/17/ NSA's objective has been to suppress, rather than stimulate, advances in 
civilian cr yp tography.  As noted, Congress was cognizant of NSA's propensity 
toward excessive secrecy when it passed the Computer Security Act and sought 
to remove the impediments to technological innovation in the civilian sector.  
Congress sp ecifically intended to "greatly restrict" the influence of the 
military in telligence agencies "while at the same time providing a statutory 
mandate for a strong security program headed up by [NIST], a civilian agency."

/18/ The House Report on the legislation noted that NSA's involvement in the 
development of civilian computer standards could have a chilling effect on the 
vigorous research and development that is on-going in the academic community 
and our domestic computer industry.  This industry has been one of the most 
viable segments of our economy.  Its rapid technological advances have been 
due in large part to being free to openly exchange ideas without government 
interference.  NSA's inherent tendency to classify everything at its highest 
level is bound to conflict with this broader goal.  The de velopment of the 
digital signature standard is, to a large extent, the first real test of the 
Computer Security Act. Unfortunately, in formation that has recently come to
light suggests that the barrier Congress sought to erect between the civilian
and military agencies can easily be breached.

The Federal Register notice announcing the proposed DSS last August made no
explicit reference to NSA and clearly implied that NIST had developed the
standard.  In an effort to analyze the federal standard setting process,
Computer Professionals for Social Responsibility ("CPSR") submitted a Freedom
of In formation Act request to NIST for records related to DSS.  In response
to the request, the agency initially asserted that all of the materials
related to the evaluation of technology in choosing a digital signature
standard for computer security are documents that are advisory and pr ed
ecisional in nature, and are therefore exempt from disclosure under [FOIA].
In addition, some of the materials pertain to pending patent ap plications and
are withheld under [FOIA] ...  [and] are also protected under the provisions
of [patent law].

/19/ After CPSR filed suit in federal court to compel disclosure of the DSS
materials, NIST ac knowledged for the first time that the bulk of relevant
documents in its possession in fact originated with NSA - - 142 pages of
material were created by NIST while 1,138 pages were created by NSA.

/20/ For reasons not explained by the agency, NIST dropped its FOIA exemption
claims and released 140 pages of its own material and referred the remaining
documents to NSA for processing.

In response to news media scrutiny, NSA has now also acknowledged the leading
role it played in developing the proposed DSS.  In a letter to MacWeek
magazine, NSA's Chief of In formation Policy acknowledged that the agency
"evaluated and provided candidate algorithms including the one ultimately
selected by NIST."

/21/ While NSA steadfastly insists that its role in developing the digital
signature standard is consistent with the letter of the Computer Security Act,
the fact that the agency actually "provided" the DSS algorithm to NIST raises
questions as to whether the spirit of the legislation has been followed.

At least one authoritative observer does not believe it has. Rep. Jack Brooks,
who was a driving force behind the Computer Security Act while serving as
Chairman of the House Government Operations Committee (and who now serves as
Chairman of the Judiciary Co mmittee), recently held hearings on DSS.  He
noted that under the Computer Security Act of 1987, the Department of Commerce
[through NIST] has primary responsibility for establishing computer security
standards including those dealing with cryptography.  However, many in
industry are concerned that in spite of the Act, the NSA continues to control
the Commerce De partment's work in this area.  For example, Commerce (at the
urging of the National Security Agency) has proposed a "digital signature
standard" (DSS) that has been severely criticized by the computer and
telecommunications industry.

/22/ The criticism of DSS alluded to by Rep.  Brooks goes to the heart of the
matter -- whether NSA's in volvement in the standard setting process has
resulted in the adoption of a flawed standard.  Comments submitted to NIST by
industry and academic cryptography experts were overwhelmingly critical of the
proposed DSS.  The vast majority of these experts expressed the view that the
proposed standard is inferior to the established and widely used RSA
public-key te chnology, which many have ch ar acterized as the de facto
international standard.

/23/

Professor Martin Hellman of Stanford University, the co-inventor of publi-key 
cryptography, wrote that he was "deeply concerned by faults in the technical 
specifications of the proposed DSS and by its development process." He noted 
that NIST has lost considerable credibility with the non-military cr yp 
tographic research community and, unless the revision process of DSS is 
carried out in a much more rapid and open fashion, NIST is likely to become 
totally in effective in the setting of cryptographic standards.

/24/ NIST documents released to CPSR under the Freedom of Information Act 
suggest that the agency's own experts recognized the superiority of the 
existing RSA technology and its status as an emerging de facto authentication
standard.  An internal NIST evaluation of existing technology conducted in
late 1989 noted that the RSA technique is "widely known and widely used" and
is "a most versatile public-key cryptosystem."

/25/ Indeed, IEEE Spectrum magazine recently reported that the RSA technique 
had been readied by NIST as the [federal] standard for several months and was 
dropped in December 1989 with no al ternative in sight.  Not until early 
spring of 1991 did NSA present the algorithm of choice to NIST.  Even on
background, sources declined to detail reasons behind the decision, although
one mentioned that legitimate national security factors had come into play.

/26/ The questions surrounding DSS -- both technical and procedural -- are so
significant that even NIST's Computer System Security and Privacy Advisory
Board has expressed reservations about the proposed standard.  The Board has
called for a "national level public review" of cryptography policy and has
deferred approval of the proposed DSS "pending progress on the national
review."

/27/ The Undersecretary of Commerce for Technology, Dr. Robert M.  White, 
agreed with the Board's recommendation and called upon NIST to organize a 
public workshop on cryptography issues.  A three-day session is scheduled to 
begin on September 15 at NIST's headquarters in Gaithersburg, Maryland.

This review of national cryptography policy comes at a critical time.  In the 
Cold War atmosphere that prevailed for 45 years, cryptography was seen as a 
vital national interest and most policymakers were willing to permit the 
National Security Agency and the military establishment to maintain a monopoly 
in the field.  With the end of the Cold War, the military and intelligence
considerations have changed.  Indeed, Congress recognized the need for reform
when it enacted the Computer Security Act in 1987, even before the demise of
the Soviet Union.

Electroniccommunications are now widely used in the civilian sector and have 
become an integral component of the global economy.  Computers store and 
exchange an ever increasing amount of highly personal in formation, including 
medical and financial data.  In this electronic environment, the need for 
privacy- enhancing technologies is apparent.  Communications applications such 
as electronic mail and electronic funds transfers require secure means of 
encryption and authentication -- goals that can be achieved only through the 
robust development and dissemination of cryptographic technology free of 
military interference.  To that end, the role of the National Security Agency 
in civilian cryptography should be eliminated and NIST should be granted the 
authority and resources to assist, rather than hinder, the development of
civilian cryptography in the United States.

*F ootnotes*

1 56 Fed.  Reg. 42981 (August 30, 1991).

2 "Lynn McNulty on Infosecurity Standards: A Talk with NIST's Protection
Point Man, " ISPNews, (September/October 1992) at 6.

3 See Wright, The Law of Electronic Commerce (Little, Brown 1991) at 192-193.

4 56 Fed.  Reg. 42981 (August 30, 1991).

5 See "The Computer Security Act of 1987 (P.L.  100-235) and the Memorandum of 
Un de rstanding Between the National Institute of Standards and Technology 
(NIST) and the National Security Agency (NSA)," the Subcommittee on Le 
gislation and National Security, Committee on Government Operations, House of 
Representatives, May 4, 1989 (testimony of Marc Rotenberg, CPSR Washington
Office Director) reprinted in Military and Security Control of Computer
Security Issues, 101st Cong., 1st Sess.  (1989) at 80.

6 H. Rep.  No. 153 (Part 2), 100th Cong., 1st Sess. 21 (1987).

7 See generally Kahn, The Codebreakers (Macmillan 1967).

8 Burnham, The Rise of the Computer State (Random House 1980), at 126.  See 
generally Bamford, The Puzzle Palace (Houghton Mifflin 1982); "The National 
Security Agency and Fourth Amendment Rights," Hearings before the Senate 
Select Committee to Study Governmental Operations with Respect to Intelligence
Activities, 94th Cong., 1st Sess.  (1975).

9 22 CFR Parts 120- 130.

10 See generally, Greguras and Black, "The Encryption Export Maze: Red Tape, 
Requirements, Re strictions," INFOSecurity Product News (June 1992).

11 Adam, "C ry ptography = Privacy?," IEEE Spectrum, August 1992 at 34 
(reprinted statement of NSA).

12 Kuttner, "Spooks and Science: An American Dilemma," The Washington Post, 
August 20, 1989, at B8.  See, also Kuttner, "How 'National Security' Hurts 
National Competitiveness, " Harvard Business Review, January - February 1991,
at 140.

13 35 U.S.  C. $ 181 et seq.

14 "The Government's Classification of Private Ideas," Hearings before a
Subcommittee of the House Committee on Government Operations, 96th Cong.  ,
2d Sess.  (1980) (hereinafter cited as "Private Ideas") at 258 (testimony of
H. Miles Foy, Office of Legal Counsel, Department of Justice).

15 Hausken, "The Value of a Secret: Compensation for Imposition of Secrecy
Orders under the Invention Secrecy Act," 119 Military Law Review (Winter 1988)
at 202 n.10 (446 new orders were issued in 1986 compared with 293 in 1979).

16 See "Private Ideas" at 406-431; see also Gilbert, "Patent Secrecy Orders: 
The Unconstitutionality of Interference in Civilian Cryptography under Present 
Procedures," 22 Santa Clara Law Review 325 (1982).

17 Kewanee Oil Co. v. Bicron Corp., 416 U.S. 470, 481 (1974).

18 H. Rep.  No. 153 (Part 2), 100th Cong., 1st Sess. 7 (1987).

19 Letter from NIST to CPSR dated September 11, 1991.

20 CPSR v. NIST, Civil Action No.  92-0972 (D.D.C.) (agency affidavits filed 
in support of motion to stay proceedings).

21 Letter from Michael S.  Conn (NSA) to Mitch Ratcliffe (MacWeek), October 
31, 1991.

22 Opening Statement of Rep.  Jack Brooks, Threat of Foreign Economic 
Espionage to U.S. Corporations, House Judiciary Subcommittee on Economic and
Commercial Law, May 7, 1992 at 2.

23 See, e.g., Comments submitted to NIST by Fischer In te rnational Systems 
Corp., dated November 26, 1991.  See also "Debating Encryption Standards, " Co 
mm unications of the ACM, July 1992 at 34 ("After years of testing and proven 
re liability, RSA is now used by the majority of software makers around the
world, including IBM, Apple, Lotus, Sun and Mi crosoft").

24 Comments submitted to NIST by Professor Martin E.  Hellman, dated November 
12, 1991, reprinted in Communications of the ACM, July 1992 at 47-49.

25 Memorandum from Roy Saltman to Lynn McNulty dated December 22, 1989.

26 Adam, "Cryptography = Privacy?," IEEE Spectrum, August 1992 at 29.

27 Computer System Security and Privacy Advisory Board, Re solutions No. 1 and 
3, March 18, 1992.