National Academies Press: OpenBook

Cryptography's Role in Securing the Information Society (1996)

Chapter: L - Other Looming Issues Related to Cryptography Policy

« Previous: K - Cryptographic Applications Programming Interfaces
Suggested Citation:"L - Other Looming Issues Related to Cryptography Policy." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 477

L Other Looming Issues Related to Cryptography Policy

L.1 DIGITAL CASH1

National economies are based on money. The most basic form of money is cash. Coins, originally made of valuable metals, had intrinsic value and came to be more or less universally acceptable. Paper money (bills) came to substitute for coins as the value of transactions increased and it became physically impractical to carry ever-larger volumes of coins. However, paper money was originally backed by stores of precious metals (gold and silver). In 1971, the United States abandoned its last effective link to the gold standard, and paper money—with no intrinsic value— came to represent value that was backed by the integrity and solvency of the (increasingly international) banking system. Other mediums of exchange have come to supplement cash, including paper checks written by consumers; bank-to-bank financial interactions that are electronically mediated; nonretail business transactions conducted through electronic data interchange among customers, vendors, and suppliers; and credit and debit cards used to make retail purchases.

Today, interest in so-called digital cash is increasing. Digital cash is similar to paper cash in the sense that neither the paper on which paper

1 This section draws heavily on Cross Industry Working Team, Electronic Cash, Tokens, and Payments in the National Information Infrastructure, Corporation for National Research Initiatives, 1895 Preston White Drive, Suite 100, Reston, Va., 1994; available on-line at info-xiwt@cnri.reston.va.us.

Suggested Citation:"L - Other Looming Issues Related to Cryptography Policy." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 478

BOX  L.1
Characteristics of Digital Cash Tokens

• Monetary value. Electronic tokens must have a monetary value; they must represent either cash (currency), a bank-authorized credit, or a bank-certified electronic check.

• Exchangeability. Electronic tokens must be exchangeable as payment for other electronic tokens, paper cash, goods or services, lines of credit, deposits in banking accounts, bank notes or obligations, electronic benefits transfers, and the like.

• Storability and retrievability. Electronic tokens must be able to be stored and retrieved. Remote storage and retrieval (e.g., from a telephone or personal communications device) would allow users to exchange electronic tokens (e.g., withdraw from and deposit into banking accounts) from home or office or while traveling. The tokens could be stored in any appropriate electronic device that might serve as an electronic ''wallet."

• Tamper-resistance. Electronic tokens should be tamper-proof and be difficult to copy or forge. This characteristic prevents or detects duplication and double spending. Counterfeiting poses a particular problem, since a counterfeiter may, in network applications, be anywhere in the world and consequently be difficult to catch without appropriate international agreements. Detection is essential to determine whether preventive measures are working.

SOURCE: Adapted from Cross Industry Working Team, Electronic Cash, Tokens, and Payments in the National Information Infrastructure, Corporation for National Research Initiatives, Reston, Va., 1994.

money is printed nor the string of bits that represents digital cash has intrinsic value; value is conferred on a piece of paper or a particular string of bits if, and only if, an institution is willing to accept responsibility for them. The basic characteristics of digital cash are described in Box L.1.

Public interest in digital cash is driven largely by pressures for electronic commerce. For example, cash is usually the medium of choice in conducting low-value transactions; present mechanisms for conducting transactions at a distance make economic sense only when the value is relatively high (the average credit card transaction is several tens of dollars). In addition, these mechanisms generally require a preexisting arrangement between vendors and credit card companies: completely spontaneous transactions between parties without such arrangements are not possible with credit cards as they are with cash. Instant settlement when conducting financial transactions at a distance and reducing the cost of managing physical cash are still other advantages.

Both cryptography and information technology, including computer

Suggested Citation:"L - Other Looming Issues Related to Cryptography Policy." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 479

hardware and software, underlie the feasibility of digital cash. Strong cryptographic technologies and secure network architectures are necessary to give users of a digital cash system confidence in its security and integrity, while the exponentially improving price-performance ratio of computer hardware is needed for the extensive computation required for strong cryptography in a mobile environment. Moreover, important advances in making electronics tamper-proof—another feature needed to ensure confidence—may be in the hands of any number of users. Box L.2 describes the properties that a digital cash system must have.

Digital cash raises many basic questions. For example, if electronic cash is legal tender, who should be authorized to issue it and how should the public be assured that a particular issuing authority is legitimate? How does a digital U.S. dollar affect the U.S. position in the world economy? How will the money supply be controlled or even measured with digital cash

BOX L.2
Essential Properties of a Digital Cash System

It is widely accepted that a digital cash system must have the following properties:

• Authentication. Users must be assured that digital cash tokens cannot be easily forged or altered and that, if they are altered, evidence of this tampering will be apparent immediately.

• Nonrefutable. Users must also be able to verify that exchanges have taken place between the intended parties, despite any complications that may result from delivery of services over long periods of time, interruptions in service, or differences in billing and collection policies of various service providers. ("Nonrepudiable" is the term used in traditional computer and network security work.)

• Accessible and reliable. Users must find the exchange process to be accessible, easy to effect, quick, and available when necessary, regardless of component failures in other parts of the system.

• Private. Users must be assured that knowledge of transactions will be confidential within the limits of policy decisions made about features of the overall system. Privacy must be maintained against unauthorized parties.

• Protected. Users must be assured that they cannot be easily duped or swindled, or be falsely implicated in a fraudulent transaction. Users must be protected against eavesdroppers, impostors, and counterfeiters. For many types of transactions, trusted third-party agents will be needed to serve this purpose.

All of these features depend on cryptography and secure hardware in varying degrees.

SOURCE: Cross Industry Working Team, Electronic Cash, Tokens, and Payments in the National Information Infrastructure, Corporation for National Research Initiatives, Reston, Va., 1994.

Suggested Citation:"L - Other Looming Issues Related to Cryptography Policy." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 480

in circulation? Apart from such questions, digital cash also raises policy issues that are part of cryptography policy writ large. Based largely on the reference in footnote 1, the discussion below sketches some of the main issues.

L.1.1 Anonymity and Criminal Activity

The technology of digital cash will support essentially any degree of anonymity desired. Digital cash can be designed so that it is as closely associated with the user as electronic funds transfer is today (i.e., highly nonanonymous) or in a way that disassociates it entirely from the user (i.e., more anonymous than physical cash is today). Intermediate levels of anonymity are technically possible as well: for example, transactions could be anonymous except when a court order or warrant compelled disclosure of the identities of parties involved in a transaction. Furthermore, the various parties—payer, payee, and bank—could be identified or not, depending on policy choices.

Many privacy advocates support digital cash because such a system can provide high levels of anonymity for electronic transactions comparable to the anonymity of face-to-face transactions made with physical cash. Such anonymity is not generally possible for other types of electronic payment vehicles. On the other hand, anonymous perpetrators of crimes cannot be identified and apprehended. To the extent that digital cash facilitates the commission of anonymous crimes, it raises important social issues. Box L.3 describes what might be considered a "perfect crime" possible with anonymous digital cash. Fraud, embezzlement, and transportation of stolen property and information products are other crimes of direct concern. Highly anonymous digital cash may also facilitate money laundering, a key element of many different types of criminal activity. Law enforcement officials consider financial audit trails an essential crime-fighting tool; a digital cash system designed to support the highest levels of anonymity may put such tools at risk.

The important policy issue for digital cash is the extent to which the anonymity possible with physical cash in face-to-face transactions should also be associated with electronic transactions. Note that the question of the appropriate degree of anonymity for a digital cash system replays to a considerable degree the debate over the conditions, if any, under which law enforcement officials should have access to encrypted communications.

L.1.2 Public Trust

Public confidence in the monetary system is a prerequisite for its success. Most members of the public have sufficient confidence in the

Suggested Citation:"L - Other Looming Issues Related to Cryptography Policy." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 481

BOX L.3
A Perfect Crime Using Digital Cash

Anonymous digital cash provides the user with anonymity and untraceability, attributes that could be used, in theory, to commit a "perfect crime"—that is, a crime in which the financial trail is untraceable and therefore useless in identifying and capturing the criminal.

A famous kidnapping case in Tokyo in the early 1970s serves to illustrate the concept. A man opened a bank account under the false name Kobayashi and obtained a credit card drawing on the account. He kidnapped the baby of a famous actor and demanded that a 5 million yen ransom be deposited in the account. The police monitored automated teller machines (ATMs) drawing on Kobayashi's bank, and when Kobayashi later tried to withdraw the ransom money using his card, they arrested him.

Kobayashi's use of a physical token, the credit card, unambiguously linked him to the account. Anonymous digital cash presents the opportunity to eliminate this link. Creation of anonymous cash involves a set of calculations performed in turn by the user who requests the cash and a bank. The user's calculations involve a blinding factor, chosen and known only by him or her. These procedures yield digital cash that the merchant and bank can verify is valid when it is presented for a purchase, while simultaneously making it impossible to trace the cash to the user who originally requested it from the bank.

Ordinarily, the procedures by which digital cash is created occur in a real-time transaction between the user's and the bank's computers. However, a criminal such as the kidnapper Kobayashi could choose a set of blinding factors, perform the subsequent calculations, and mail the results to the bank along with the ransom demand. Kobayashi could insist that the bank perform its portion of the calculations and publish the results in a newspaper. He could then complete the procedures on his own computer. This would give Kobayashi valid, untraceable cash, without the need for any direct link to the bank (such as a visit to an ATM or a dial-in computer connection) that could reveal him to waiting authorities.

SOURCE: Adapted from Sebastiaan von Solms and David Naccache, "On Blind Signatures and Perfect Crimes," Building in Big Brother, Lance J. Hoffman (ed.), Springer-Verlag, New York, 1995, pp. 449-452.

exchange of physical cash and checks and of credit or debit cards to make the system work. However, the logic underlying these mediums of exchange is straightforward by comparison to the mathematics of digital cash, which are quite complex; a public understanding of how digital cash works may be essential to the success of any such system and to the infrastructure needed to support it.

A second major trust issue relates to the counterfeiting of digital cash. With paper money, the liability for a counterfeit bill belongs to the one who last accepted it because that person could have taken steps to check

Suggested Citation:"L - Other Looming Issues Related to Cryptography Policy." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 482

its legitimacy (e.g., check for a watermark) and thus may not disclaim liability by asserting that it was accepted in good faith. No such protection is available with counterfeit digital cash. An individual can rely only upon the cryptographic protection built into the digital cash system. A forged digital bank note that gets into circulation has by definition broken through that protection; thus, it is the bank that purportedly issued the note that must hold the liability.

L.1.3 Taxation

If a digital cash system is designed to support the highest levels of anonymity so that financial transactions are effectively untraceable, the collection of taxes may become problematic. Most taxes bear some relationship to a financial quantity that must be determined, such as the income collected in a year or the amount of a sales transaction. When money flows only between two parties, how will the government determine how much money has changed hands or even know that a transaction has occurred at all?

L.1.4 Cross-Border Movements of Funds

Governments find it desirable as an instrument of policy to be able to track money flows across their borders. Today, the "cross-border" movement of funds does not really transfer cash. Instead, messages direct actions in, for example, two banks in the United States and two banks in the United Kingdom to complete a transaction involving dollars-to-pounds conversion. Moving cash outside national borders has effects on the economy, and governments will have to come to terms with these effects.

L.2 CRYPTOGRAPHY FOR PROTECTING INTELLECTUAL PROPERTY

Much of the interest in a global information infrastructure comes from the prospect of transporting digitized information objects over communications lines without the need for transport of physical matter. At the same time, concerns are raised about the fact that digital information objects can be retransmitted in the same way by the receiving party. Thus, for example, the entertainment industry looks forward to the possibility of large-scale distribution of its products electronically but is concerned about how to ensure receipt of appropriate compensation for them. Even today, cable television vendors encrypt their transmissions domestically for that very reason. The software industry is concerned about the theft that occurs when a person buys one copy of a software package and

Suggested Citation:"L - Other Looming Issues Related to Cryptography Policy." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 483

duplicates it for resale. Thus, a global information infrastructure raises many questions about how best to compensate authors and producers of intellectual property for each use, as well as how to prevent piracy of intellectual property.2

One approach to protecting digital representations of intellectual property involves the use of cryptography to scramble a digital information object.3 Without the appropriate decryption key, the encrypted object is worthless. The basic notion is that vendors can distribute large digital objects in an encrypted form to users, who would then pay the vendor for the decryption key. Since the decryption key is in general much smaller than the digital object, the cost of transmitting the decryption key is much lower and, for example, could be performed over the telephone upon submission of a credit card number.

The Administration's Working Group on Intellectual Property Rights concluded the following:

Development of an optimal NII [national information infrastructure] and GII [global information infrastructure] requires strong security as well as strong intellectual property rights. Copyright owners will not use the NII or GII unless they can be assured of strict security to protect against piracy. Encryption technology is vital because it gives copyright owners an additional degree of protection against misappropriation.4

Using cryptography to protect intellectual property raises questions related to the strength of algorithms used to encrypt and decrypt digital objects. Specifically, the use of weak cryptography to protect exported digital objects could well result in considerable financial damage to the original creators of intellectual property.5 If it proves reasonable to protect intellectual property through encryption, pressures may well grow to allow stronger cryptography to be deployed worldwide so that creators of intellectual property can market their products safely and without fear of significant financial loss.

2 See Information Infrastructure Task Force (IITF), Working Group on Intellectual Property Rights, Intellectual Property and the National Information Infrastructure, U.S. Government Printing Office, Washington, D.C., 1995.

3 For example, see Carl Weinschenk, "Cablevision to Test Anti-Theft System," Cable World, February 6, 1995, p. 22.

4 IITF, Intellectual Property and the National Information Infrastructure, 1995.

5 For example, an article in the Wall Street Journal reports that pirates of direct digital satellite television broadcasts are able to obtain decoders that are capable of decrypting encrypted signals that are received, thus allowing these individuals to avoid the monthly fee for authorized service. See Jeffrey Trachtenberg and Mark Robichaux, "Crooks Crack Digital Codes of Satellite TV," Wall Street Journal, January 12, 1996, p. B1.

Suggested Citation:"L - Other Looming Issues Related to Cryptography Policy." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 484

Cryptography may also support the embedding of digital "watermarks" into specific pieces of intellectual property to facilitate tracing the theft to an original copy. Such a scheme would insert information that would not affect the use of the object but could be subsequently identified should ownership of that work be called into question. For example, a digital watermark might embed information into a digital representation of a photograph in such a way that it did not affect the visual presentation of the photograph; nevertheless, if the photograph were copied and distributed, all subsequent copies would have that hidden information in them.

Suggested Citation:"L - Other Looming Issues Related to Cryptography Policy." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 477
Suggested Citation:"L - Other Looming Issues Related to Cryptography Policy." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 478
Suggested Citation:"L - Other Looming Issues Related to Cryptography Policy." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 479
Suggested Citation:"L - Other Looming Issues Related to Cryptography Policy." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 480
Suggested Citation:"L - Other Looming Issues Related to Cryptography Policy." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 481
Suggested Citation:"L - Other Looming Issues Related to Cryptography Policy." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 482
Suggested Citation:"L - Other Looming Issues Related to Cryptography Policy." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 483
Suggested Citation:"L - Other Looming Issues Related to Cryptography Policy." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 484
Next: M - Federal Information Processing Standards »
Cryptography's Role in Securing the Information Society Get This Book
×
Buy Hardback | $80.00 Buy Ebook | $64.99
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

For every opportunity presented by the information age, there is an opening to invade the privacy and threaten the security of the nation, U.S. businesses, and citizens in their private lives. The more information that is transmitted in computer-readable form, the more vulnerable we become to automated spying. It's been estimated that some 10 billion words of computer-readable data can be searched for as little as $1. Rival companies can glean proprietary secrets . . . anti-U.S. terrorists can research targets . . . network hackers can do anything from charging purchases on someone else's credit card to accessing military installations. With patience and persistence, numerous pieces of data can be assembled into a revealing mosaic.

Cryptography's Role in Securing the Information Society addresses the urgent need for a strong national policy on cryptography that promotes and encourages the widespread use of this powerful tool for protecting of the information interests of individuals, businesses, and the nation as a whole, while respecting legitimate national needs of law enforcement and intelligence for national security and foreign policy purposes. This book presents a comprehensive examination of cryptography—the representation of messages in code—and its transformation from a national security tool to a key component of the global information superhighway. The committee enlarges the scope of policy options and offers specific conclusions and recommendations for decision makers.

Cryptography's Role in Securing the Information Society explores how all of us are affected by information security issues: private companies and businesses; law enforcement and other agencies; people in their private lives. This volume takes a realistic look at what cryptography can and cannot do and how its development has been shaped by the forces of supply and demand. How can a business ensure that employees use encryption to protect proprietary data but not to conceal illegal actions? Is encryption of voice traffic a serious threat to legitimate law enforcement wiretaps? What is the systemic threat to the nation's information infrastructure? These and other thought-provoking questions are explored.

Cryptography's Role in Securing the Information Society provides a detailed review of the Escrowed Encryption Standard (known informally as the Clipper chip proposal), a federal cryptography standard for telephony promulgated in 1994 that raised nationwide controversy over its "Big Brother" implications. The committee examines the strategy of export control over cryptography: although this tool has been used for years in support of national security, it is increasingly criticized by the vendors who are subject to federal export regulation.

The book also examines other less well known but nevertheless critical issues in national cryptography policy such as digital telephony and the interplay between international and national issues. The themes of Cryptography's Role in Securing the Information Society are illustrated throughout with many examples—some alarming and all instructive—from the worlds of government and business as well as the international network of hackers. This book will be of critical importance to everyone concerned about electronic security: policymakers, regulators, attorneys, security officials, law enforcement agents, business leaders, information managers, program developers, privacy advocates, and Internet users.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    Switch between the Original Pages, where you can read the report as it appeared in print, and Text Pages for the web version, where you can highlight and search the text.

    « Back Next »
  6. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  7. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  8. ×

    View our suggested citation for this chapter.

    « Back Next »
  9. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!