Statement in Response to Blaze Key Escrow Paper

Contact: Anne Enright Shepherd, aeshep@nist.gov

June 2, 1994
Contact: Anne Enright Shepherd
301/975-4858

The draft paper by Matt Blaze* describes several techniques aimed
at circumventing law enforcement access to key escrowed
encryption products based on government-developed technologies.

As Blaze himself points out, these techniques only deal with the
law enforcement feature, and in no way reduce the key escrow
chips' inherent security and data privacy.

     --   "None of the methods given here permit an attacker to
          discover the contents of encrypted traffic or
          compromise the integrity of signed messages.  Nothing
          here affects the strength of the system from the point
          of view of the communicating parties...." p. 7.

Furthermore, Blaze notes that the techniques he is suggesting are
of limited use in real-world voice applications.  (See attached
quotes from draft report.)

     --   "28 minutes obviously adds too much latency to the
          setup time for real-time applications such as secure
          telephone calls." p. 7.

     --   "The techniques used to implement them do carry enough
          of a performance penalty, however, to limit their
          usefulness in real-time voice telephony, which is
          perhaps the government's richest source of wiretap-
          based intelligence." p. 8

Anyone interested in circumventing law enforcement access would
most likely choose simpler alternatives (e.g., use other non-
escrowed devices, or super encryption by a second device).  More
difficult and time-consuming efforts, like those discussed in the
Blaze paper, merit continued government review -- but they are
very unlikely to be employed in actual communications.

All sound cryptographic designs and products consider trade-offs
among design complexity, costs, time and risks.  Voluntary key
escrow technology is no exception.  Government researchers
recognized and accepted that the law enforcement access feature
could be nullified, but only if the user was willing to invest
substantial time and trouble, as the Blaze report points out.
Clearly, the government's basic design objective for key escrow
technology was met: to provide users with very secure
communications that will still enable law enforcement agencies to
benefit from lawfully authorized wiretaps.  It is still the only
such technology available today.

Today, most Americans using telephones, fax machines, and
cellular phones have minimal privacy protection.  The key escrow
technology -- which is available on a strictly voluntary basis to
the private sector -- will provide the security and privacy that
Americans want and need.

*    Statements from "Protocol Failure in the Escrowed Encryption
     Standard," May 20 draft report by Matt Blaze, AT&T Bell
     Laboratories