The Department of Commerce's National Institute of Standards and Technology (NIST) announced today the approval of a voluntary standard that can be used by government agencies or the private sector to provide strong encryption protection for sensitive but unclassified voice, fax and data communications over telephone lines.
The Escrowed Encryption Standard was developed as a Federal Information Processing Standard (FIPS) in response to President Clinton's directive of April 16, 1993, which outlined an encryption and telecommunications security initiative.
The standard specifies a technology developed by the government to provide a mechanism for the secure escrowing of encryption "keys," or strings of computer data, which can be used to intercept messages only by government officials acting under proper legal authorization. The attorney general is announcing the key escrow agents as well as issuing the strict procedures for agents to follow when asked to provide the keys to authorized agencies. Key escrow technology was developed to address the concern that widespread use of encryption makes lawfully authorized electronic surveillance difficult.
The key escrow technology provided by this standard addresses the needs of the private sector for top-notch communications security and of U.S. law enforcement to conduct lawfully authorized electronic surveillance.
A public comment period following the July 30, 1993, announcement of the proposed standard generated numerous comments. After careful consideration of the comments, the secretary of commerce has concluded that the voluntary standard is technically sound and meets federal agency requirements for secure telecommunications.
"While the vast majority of comments were negative, many reflected misunderstanding or skepticism about the Administration's statements that the EES would be a voluntary standard," said Raymond G. Kammer, NIST deputy director. "This Administration has forthrightly restated its position that EES will be a strictly voluntary standard, available for federal and other agencies, as well as the private sector, to provide more secure telecommunications."
The EES relies on a key escrow chip programmed with the classified SKIPJACK algorithm, which a group of independent cryptographers were provided the opportunity to examine during the public review process. They found that the algorithm provides substantial protection and that there is no significant risk that the algorithm can be broken through a "trap door" or short-cut method of attack.
The voluntary EES does not replace the recently reaffirmed Data Encryption Standard. The approval of EES as a FIPS provides a mechanism allowing federal government agencies to specify key escrow encryption as a requirement in their telecommunications security procurement documents. Otherwise, agencies would have to formally waive the requirements of the DES if they wanted to use escrow encryption techniques.
As a non-regulatory agency of the Commerce Department's Technology Administration, NIST promotes U.S. economic growth by working with industry to develop and apply technology, measurements and standards.