Skip to main content /TECH with /TECH

Master key encryption plan abandoned


By Brian Fonseca

(IDG) -- As concern grows over the vulnerability of government and industry organizations, a familiar and controversial battle has been revisited on Capitol Hill: the question of whether government should have control of encrypted messages.

"Key escrow" -- a system whereby digital keys are generated and copies are acknowledged with a third party that keeps them in escrow until recovered -- was bandied about in the aftermath of the September 11 bombings. The attackers are suspected of having used encryption during their preparations.

A spokesman for Sen. Judd Gregg, Republican of New Hampshire, has announced that the Senator has abandoned his stance in pushing legislation that would give law enforcement entities a "master key," granting full backdoor access to all encryption products made in the United States.

Officials of the Computer & Communications Industry Association (CCIA), which outlined its disapproval of Gregg's plan in a letter to the Senator shortly after the news was first made public, say they're pleased with the abrupt turnaround.

Related Stories
Visit an IDG site search

"We are happy to learn that Senator Gregg has decided against efforts to implement new controls on encryption technology," Jason Mahler, CCIA vice president and general counsel of the Washington-based lobbying group, says in a statement. "Without strong encryption technology, all Americans would be at risk of exposure of their most sensitive information."

Before Gregg's proposed anti-encryption legislation was introduced, it had been strongly criticized by many on grounds of privacy issues and technical concerns.

"I have not found anybody in the private sector that does not understand the value of encryption without hidden keys and vulnerabilities without hidden access," says Ed Blake, president and CEO of CCIA. "The bombing attacks basically woke up and rekindled something that should be in deep hibernation."

Black says the temptation to abuse key escrow or create a mass repository of stored keys would pose a single point of security risk unlike ever before. Furthermore, he says fear of its abuse could have a chilling effect on people's sense of privacy and security, forcing users to shy away from the very technology created to safeguard their transmitted messages.

The key escrow debate mirrors a dropped effort on the part of the government to institute a "Clipper chip" a few years ago. The chip was a device to be included in telephones in government departments and corporate enterprises. It was designed to reserve the right for the government to review any information passing through the device.

"Clipper was a heavy-handed way of forcing a particular design into things, and the reason Clipper failed is the same reasons that this will fail," says John Pescatore, vice president and research director of network security at Stamford, Connecticut-based Gartner. "Users lose out if cryptography is weakened or ineffective or much harder to use."

Pescatore says law enforcement, national intelligence agencies, businesses, and end-users need to seek common ground on encryption by increasing the investment on new techniques to break encryption.

Encryption vendors argue that techniques such as key escrow and key recovery fundamentally weaken systems built around them.

"It's never a good idea to increase complexity of cryptographic processes unnecessarily," says Alex Van Someren, CEO of Woburn, Massachusetts-based nCipher. "It's considered likely any unintentional side effects could occur which can be dangerous and potentially undermines security of any system employing those techniques."


• Computer & Communications Industry Association
• U.S. Senate

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top