NSA report details risks of key-recovery technology

The National Security Agency has prepared a report that may be the first federal government documentation of the potential risks posed by the encryption technology that has been at the center of a raging debate between the Clinton administration and industry.

The report details the potential threats of following a key-

recovery technology, which is an encryption system that uses a so-called back door, which allows users to retrieve the key needed to unscramble encrypted data should they lose the key. Key recovery also would allow law enforcement agents to decode encrypted data after obtaining a court order or other authorization. The FBI has been a forceful proponent of key-recovery technology, arguing that investigations would be impeded without it.

The Clinton administration intends to make a market for key-recovery technology by urging federal agencies to use these encryption systems. At least one bill that is now being considered by Congress would require federal agencies to purchase key-recovery encryption systems for securing data.

But the report, "Threat and Vulnerability Model for Key Recovery," pointed out that certain law enforcement agents and officials operating key-recovery centers could pose the greatest threat to a key-recovery system— and to the users' data, which is encrypted by the system— if proper security mechanisms were not in place.

"A rogue key-recovery agent, because of his high level of access, poses the most formidable threat, although [he] may lack the motivation and risk-tolerance to exploit this access," the report stated. "The law enforcement agent is also trusted with a high degree of access during the recovery process and may be more motivated to exploit this access since he is already in the 'wiretap business.' "

The report said organized crime, foreign intelligence and hackers represent a low risk to key-recovery systems because these individuals lack access. However, a rogue key-recovery agent is more likely to sell his high level of access to these groups or individuals than to work on his own behalf, the report concluded.

Dave Banisar, staff counsel for the Electronic Privacy Information Center, said NSA's report is the first public documentation from a federal entity that outlines potential risks associated with key-recovery technology. A group of leading encryption experts in May 1997 issued a report noting that widespread key-recovery systems would be extraordinarily difficult and expensive to build. That report also noted that the risks of unauthorized disclosures are much higher in a key-recovery system than a system without key-recovery features.

"It certainly raises a lot of issues when you add it to the cryptographers' report," Banisar said. "[NSA is] finally now admitting that there are serious problems with key recovery. It raises the question: Why they have been promoting it all these years." The report was prepared by an NSA analyst at the request of a public/private advisory committee working to develop a standard for federal agency use of key-recovery technology.

The threat that anyone poses to key-recovery systems is a function of how well the application has been designed and operated to address the potential security concerns, according to a statement NSA provided to FCW.

"Key recovery, like any other application, is secure against attacks to the extent that it was properly designed, implemented and operated," according to the statement. "If due consideration is given to the threats and vulnerabilities identified in the paper and appropriate countermeasures are employed for each of the factors identified, there would be minimal risk posed to the resulting key-recovery system."

The major factor in assessing the overall security of a key-recovery system would be the strength of the countermeasures applied "against the full spectrum of threats and vulnerabilities," the report stated.

Peter Neumann, principal scientist at SRI International, Menlo Park, Calif., and one of the cryptographers who authored the report on key-recovery risks, said key-recovery systems are "inherently risky" because of overall weaknesses in the computer operating systems and networking products.

"If they put a total air gap between all the key-recovery systems in the world and the rest of the world, then they could reduce the risks," Neumann said. "As soon as the government creates any access whatsoever to the key-recovery systems, they're vulnerable to the fact that the computer security and network protocols stink."