Page 677
Index
A
Access, 353
control, 26-27
facilitators, 60-65
see also Back door access
inhibitors, 58-60
Advanced Research Projects Agency (ARPA), 237n
Memorandum of Agreement with Defense Information Systems Agency and National Security Agency (text of), 633-636
AECA, see Arms Export Control Act (AECA)
Algorithm, 378
and key length, 353
American National Standards Institute (ANSI), 486
ANSI, see American National Standards Institute (ANSI)
Applications programming interfaces, see Cryptographic applications programming interfaces (CAPI)
Arms Export Control Act (AECA), 114-116, 118, 255
text of, 558-573
ARPA, see Advanced Research Projects Agency (ARPA)
Assurance, 353
Asymmetric cryptography, 53-54, 63, 75, 313n, 353, 365-367, 375-377, 385-388
Clipper phones, 174-175
Secure Telephone Unit (STU), 74-75, 235
Surity Telephone Device, 175
Attacks on cryptographic systems
for asymmetric cryptography, 63
brute-force search, 62-63, 124, 276, 287, 381
chosen plaintext, 381-382
exploitation of design factors, 60-62
exploitation of operational errors, 383
known ciphertext, 390
known plaintext, 381
shortcuts, 63
for symmetric cryptography, 63
timing attacks, 63
work factor, 64n, 181, 214, 288
see also Information warfare (IW); Strong encryption
Page 678
Auditing, 354
Authentication
of an identity, 354, 367-370, 374, 450, 468
defined, 354
of digital cash tokens, 478-479
of a file, 354
infrastructure for, 338-339
see also Audit trails
Authenticity, 354
Availability, 354
B
Back door
access, 56
defined, 354
open, 276-277
see also Escrowed encryption
Banking and finance services, vii, 23, 35-36n, 57, 123, 179, 312, 455-458, 470;
see also Credit cards; Digital cash
Binary digit, 354
Biometric identifiers, 368-369
Bit, 354
Bit stream, 355
Bollinger, Lee, 344
Bush, President George, 100
see also National Security Directive 42
C
CALEA, see Communications Assistance for Law Enforcement Act of 1995 (CALEA)
Cantwell bill, 254-255
CAPI, see Cryptographic applications programming interfaces (CAPI)
Capstone/Fortezza initiative, 10, 176-177, 179, 355
Caracristi, Ann, 344
CCL, see Commerce Control List (CCL)
Cellular phones, 11, 67, 217, 295, 327-328
Central Intelligence Agency (CIA), 91n, 95, 100, 403, 422-423, 428-429
see also Executive Order 12333 and Executive Order 12472
CERT, see Computer Emergency Response Team (CERT)
Certificate
authorities, 75-77, 355, 450-454
infrastructure, 232-234
Certification, 355
Certification authority, 355
Checksum, 367
CIA, see Central Intelligence Agency (CIA)
Circumventing laws against unescrowed encryption, 269, 330
Civil liberties, viii, 44n, 44-46
Civiletti, Benjamin R., 344-345
CJ, see Commodity jurisdiction (CJ)
Cleartext, 355
Clinton, President William, 95, 100
Clinton Administration, 41, 170, 235, 265-266, 303, 376
Clipper
see also Escrowed Encryption Standard (EES)
CMVP, see Cryptographic Module Validation Program (CMVP)
CoCom, see Coordinating Committee (CoCom) nations
Code grabbers, 42n
Collateral cryptography, 356
Commerce Control List (CCL), 8n, 115, 117, 122, 125n, 135, 160n, 260
see also Export controls
Commerce Department, see Department of Commerce
Commodity jurisdiction (CJ), 8n, 115, 165, 260, 638-640
Communications, xii, 20, 53-54
Communications Assistance for Law Enforcement Act of 1995 (CALEA), 216-221, 278, 281, 503, 510-511
text of, 540-550
Competitive access providers, 356
Computer Emergency Response Team (CERT), 241-242
Computer Science and Telecommunications Board (CSTB), xviii-xix, 20n, 73n
Page 679
Computer Security Act of 1987, 235-236
text of, 551-557
Computer System Security and Privacy Advisory Board (CSSPAB), 242
Conference on Computers, Freedom, and Privacy, xvii, 45n, 219n
Confidentiality, 17, 53-54, 123-125, 371-373
of communications, 356
relative levels of, 181, 183, 254, 314
reliance upon authentication, 373
see also Cryptography; encryption
Congress, see U.S. Congress
Constitutional issues regarding laws on encryption, viii, 7, 85n, 160-161n, 271-273, 304
Coordinating Committee (CoCom) nations, 231, 251n, 310, 356, 434-436, 442, 639
Countermeasure, 356
Crime prevention, xv, 10, 47, 323, 472-473, 480
Criminalizing use
of cryptography for criminal purposes, 12, 94, 273-274, 332-333
of unescrowed cryptography, 192, 265-273
Crook, Colin, 345
of 40-bit encryption algorithms, 8n, 63, 73n, 115-117, 120-124, 276, 314-317
of 56-bit encryption algorithms, 8, 63, 71n, 121, 172, 288-289, 312, 316-318
defined, 356
see also Data Encryption Standard (DES); Strong encryption
Cryptographic
defined, 356
applications programming interfaces (CAPI), 259-262, 311, 474-476
systems, 374-377
attacks on, 378-383
see also Modularity; Key
Cryptographic Module Validation Program (CMVP), 233
Cryptography
for authentication, 3-4, 10, 55-56, 176, 324-327,469-472
for confidentiality, 3-4, 8-9, 54, 176, 296, 470-472
for criminal purposes, 3-4, 10-11, 43-43n, 84,91,303-304
for data integrity, 3-4, 10, 55, 176, 324-327, 472-473
defined, 356
domestic availabilty of, 72-74, 135, 138, 299, 310
foreign availabilty of, 4, 214, 308
history of, xii-xiii, 52-54, 149-150, 202, 364-365
in information security products, 65-66, 476
foreign, 132-133
market for, xii, 66-72, 135-136, 145-152, 310
for nonrepudiation, 55
as one element of information security, 10, 296, 298
regulations relevant to (text of), 637-677
see also Encryption
Cryptography policy, 16
adopting standards, 7, 222, 290, 316
committee recommendations on, viii-xvii, 1, 5-13, 303-339
current U.S. policies, xi, 6, 15, 111-112, 249, 298, 301
history of, 414-420
international dimensions of, 243-244, 430-431,438-449
process of formulating, viii, 226
public debate over, xvii, 4, 7, 297-298
urgency regarding, xv-xvi, 39-40, 151-152
proper objectives for, 57, 68, 297-303
role of executive and legislative branches, 7, 305
see also Executive branch; Legislative branch; Standards; U.S. Congress
CSSPAB, see Computer System Security and Privacy Advisory Board (CSSPAB)
CSTB, see Computer Science and Telecommunications Board (CSTB)
Page 680
D
Dam, Kenneth W., Committee Chair, xv-xix, 343
DARPA, see Defense Advanced Research Projects Agency (DARPA)
Data
aggregation, 459-460
versus data storage, 323-324, 528-529
Data Encryption Standard (DES), 72, 207, 223, 228-232, 288, 314-318, 334, 357, 365, 388-389, 417-420
triple-DES, 178, 203n, 214-215
Date/time stamping, 57, 357, 371n
see also Back door access; Cryptanalysis
Decryption algorithm, 374
Defense Advanced Research Projects Agency (DARPA), 241
Defense Department, see Department of Defense
Defense Information Systems Agency (DISA), 237-237n
Defense Intelligence Agency (DIA), see Executive Order 12333
Denial of service, 357
Department of Commerce, 73, 117, 128n, 173, 176
see also Executive Order 12472; Commerce Control List (CCL)
Department of Defense, 158, 187n, 237-238, 487n
see also Executive Order 12333; Executive Order 12472
Department of Energy, see Executive Order 12333
Department of Justice, 274
Department of State, 114-117, 121-122, 126, 142-144, 162, 321
see also Executive Order 12333; Executive Order 12472
Department of the Treasury, 173, 176, 190, 468
see also Executive Order 12333
DES, see Data Encryption Standard (DES)
Deutch, John, 97-98
DIA, see Defense Intelligence Agency (DIA)
Differential work factor cryptography, 264, 287-288; see also Attacks on cryptographic systems
Digests, 357
Digital
signatures, 57, 226-227, 261, 326, 357, 367, 370
stream, 355
Digital Signature Standard (DSS), 176, 222-223, 225n, 229-230, 259, 301, 357, 418, 488
Digital Telephony Act, 357
see also Communications Assistance for Law Enforcement Act (CALEA)
DISA, see Defense Information Systems Agency (DISA)
Disassembly, 156n, 204, 215, 357
Disclosure of data, 357
DNA computing, 393-394
DOD, see Department of Defense
Double encryption. See Multiple encryption
DSS, see Digital Signature Standard (DSS)
Dual-use system, 358
E
EAA, see Export Administration Act (EAA)
EAR, see Export Administration Regulations (EAR)
Economic
competitiveness
of U.S. industry and businesses, 1-2, 37-40, 99
of U.S. information technology industry, x, 38-39, 73, 128-129, 155-156
ECPA, see Electronic Communications Privacy Act (ECPA)
EES, see Escrowed Encryption Standard (EES)
Electromagnetic emissions, monitoring, 64, 397-398
Electronic
commerce, vii, 24-26, 413, 478
surveillance
defined, 587
Page 681
legal requirements for, 84-88, 396-410
and minimization requirement, 218n, 219, 400-401,513
see also Foreign Intelligence Surveillance Act of 1978; U.S.Intelligence Activities; Wire and Electronic Communications Interception and Interception of Oral Communications Act
Electronic Communications Privacy Act (ECPA), 396-403, 412-413
Elliptic curve cryptographic systems, 394
Encryption, 15-16
technicalities in legal definitions of, 269-270, 273-274, 303, 332
see also Confidentiality
Encryption algorithm, 374
Error-correction, 366n
Escrow
agents, 77
affiliation of, 180, 189-193, 444
certification of, 175
liability of, 191, 197-198, 330, 452-454
number of, 180, 183n, 188n, 189-194, 212
responsibilities of, 180, 194-198, 330, 444-447, 452
trustworthiness of, 190
Escrowable encryption products, 182, 262
Escrowed encryption, 15-16, 61, 81, 298, 359
benefits of, 170
contract-based, 191-193, 263-264
defined, 167-169
economic implications, 177-182, 271, 330
government control of, 158, 266-268, 328-332
law enforcement benefits, 4, 9, 11, 184-187
mandatory versus voluntary use, 185-188, 199, 265, 320-321
policy issues associated with, 170
proper escrowing, 177-178, 188, 213-214, 250n
and signals intelligence, 175, 202-203
versus strong encryption, 169
weaknesses of, 183
see also Unescrowed encryption
Escrowed Encryption Standard (EES), xvi, 9, 168-175, 181, 223, 301, 358, 419-420, 488
Evaluation, 358
Exceptional access, 16, 80-81, 109
business or corporate, 104-107
time scale of operations, 94, 103
voice versus data communications, 281-284
Executive branch, role of, 7, 189-190, 231, 291-292, 305
Executive Order 12333 (U.S. Intelligence Activities), 573-589
Executive Order 12472 (Assignment of National Security and Emergency Preparedness Telecommunications Functions), 612-620
Executive Order 12958 (Classified National Security Information), 589-612
Export Administration Act (EAA), 114-115, 118, 255, 415
Export Administration Regulations (EAR), 115, 415-416
Part 779, Technical Data (text of), 656-677
Export controls, 7-9, 15, 249-251, 298, 307-322
circumvention of, 133
corporate perceptions of, 152-153
cryptography exemptions from, xi, 120-125, 144, 188, 256
description of, 114-122
dimensions of choice in, 252-253
of dual-use items, 8, 118, 162, 264, 310
economic impact of, 40, 153-154
effect on national security, 157-165
effect on sales, 145-153
effectiveness of, 127-134
and end-use certification, 320
export defined, 142
Page 682
history of, 414-415
impact on authentication products, 123-125
international harmonization of, 8, 243-244, 256-257, 443, 447-449
and liberal consideration, 117, 256-262, 317-318
licensing practices, current, 117, 122-127, 249-250
licensing process for, 9, 114, 142-144, 647-653, 667-669
limiting domestic availability, 7, 12, 134-138
of other nations, 257, 434-436
providing technical data, 9, 159-161, 313-314
rationale for, 113-114
stimulating foreign competition, 8, 155n, 155-159, 309
threshold between CCL and USML, 118-121, 138, 141, 254-255, 310-312, 415
of transnational corporations, 126
uncertainty of, 138-144, 251, 321-322
see also Arms Export Control Act (AECA); Commerce Control List (CCL); Export Administration Regulations (EAR); Foreign ownership, control or interest (FOCI); International Traffic in Arms Regulations (ITAR)
Export defined, 641
F
Facsimile communications, 2, 149
FAR, see Federal Acquisition Regulations (FAR)
FBI, see Federal Bureau of Investigation (FBI)
FCC, see Federal Communications Commission (FCC)
Fear, uncertainty, doubt, 225-227
Federal Acquisition Regulations (FAR), 187n
Federal Bureau of Investigation (FBI), 82-83, 88-90, 138n, 184, 236-237, 334n, 399, 423
see also Executive Order 12333
Federal Communications Commission (FCC), 220-221, 493
see also Executive Order 12472
Federal Emergency Management Agency (FEMA), see Executive Order 12472
Federal government, information security for, 289-292, 328-332
see also Computer Security Act of 1987
Federal Information Processing Standards (FIPS), 485-488
defined, 358
development of, 222-224
related to cryptography, 173, 176, 223, 418
Federal Reserve Board, 290-291
FEMA, see Federal Emergency Management Agency (FEMA)
Fermat numbers, 386-387
FIPS, see Federal Information Processing Standards (FIPS)
Firmware, 358
First party, 358
FISA, see Foreign Intelligence Surveillance Act (FISA) of 1978
FOCI, see Foreign ownership, control or interest (FOCI), U.S. companies under
Foreign Intelligence Surveillance Act (FISA) of 1978, 87-88, 173, 189, 403-410,494
text of, 511-526
Foreign ownership, control or interest (FOCI), U.S. companies under, 126n
Fortezza cards, 176-177, 225, 259-260, 468
Freeh, Louis, 92n-93n, 93-94, 268, 281
Freeware, 129n, 272
see also Internet
Fuller, Samuel H., 345-346
Functionality, 358
G
Gelb, Leslie H., 346
General Services Administration (GSA), see Executive Order 12472
GII, see Global information infrastructure (GII)
Global information infrastructure (GII), 439-441n, 483
Globalization, 27-29, 38, 50, 188, 308, 430
GOSIP, see Government Open Systems Interconnect (OSI) Profile (GOSIP)
Page 683
Government classification, xiii, 4, 238, 307
see also Executive Order 12958
Government Open Systems Interconnect (OSI) Profile (GOSIP), 224-225
Government procurement, 225, 487n
Graham, Ronald, xxxii, 346-347
GSA, see General Services Administration (GSA)
H
Hackers, 67n
Hardware
product implementations in, 65, 74, 205, 296, 369n
security advantages of, 130
security disadvantages of, 206-209
Hashes, 367
see also One-way hash function; Secure hash algorithm; Secure Hash Standard
Health care industry, 256, 457, 459-461
Hellman, Martin, 347
Hewlett-Packard, 261n
Homologation laws, 437
I
IDEA block cipher, 229
Identification, 358
Identification key, 358
IITF, see Information Infrastructure Task Force (IITF)
Implementation, 358
Import controls, 114-115, 436-438
Information
proprietary
potential value of, 153-154
government needs for, 10, 12, 46-48, 157-159, 240, 267, 302
private sector needs for, vii-viii, 12-13, 30-31, 40-46, 152-153, 302, 335-338
threats to, xii, 2-3, 32-38, 153-154, 239, 299
technologies, viii, xii, 19-21
need for research and development, 12
speed of change in, xv, 5, 281, 300-302
technology industry
and economic security, 22-23, 46, 67-68
and national security, vii, xv, 3-4, 9-11, 47-48, 94-104, 157-159
U.S. leadership in, x, 38-39, 73, 128-129, 155-156, 299, 308-311
theory, 364
Information Infrastructure Task Force (IITF), 41, 242, 335, 483
Integrated product, 358
Integrity, 359
Intellectual property, protecting, 228-230, 465, 482-484
Intelligence community
and the intelligence cycle, 10, 425-429
regulation of, 87, 404-405n, 408, 423
see also Central Intelligence Agency (CIA); Executive Order 12333; Federal Bureau of Investigation (FBI); Foreign Intelligence Surveilllance Act (FISA) of 1978; National Security Agency (NSA); SIGINT
Interception, 286-289, 359, 399, 490, 492-510
Internal Revenue Service (IRS), 466-467
International aspects of cryptography policy, 243
similar and different national interests, viii-x, xiv-xv, 104, 431-434
U.S. cooperation with other nations, 102, 231-232, 331-332
see also Export controls; Import controls; Use controls
International Traffic in Arms Regulations (ITAR), 114-116, 120, 127, 133- 137, 142, 159-161, 256, 359, 415-416, 476
excerpts from Parts 120-123, 125, and 126 (text of), 637-655
Internet, 21, 34-35, 59, 64, 86n, 106n, 221, 282, 432n
growth of, 293
loan application by, 458
Page 684
software distributed on, 129-132, 268
see also Netscape Navigator; World Wide Web
Interoperability, 150, 178, 439, 443
see also Standards
Interpretation of digital streams, 220
IRS, see Internal Revenue Service (IRS)
ITAR, see International Traffic in Arms Regulations (ITAR)
IW, see Information warfare (IW)
J
Judicial branch, role of, 190
Justice Department, see Department of Justice
K
Katz, Ambassador Julius L., 347
KEAs, see Escrow agents
Key
distribution, 359
distribution center (KDC), 377
escrow. See Escrowed encryption
escrow agents (KEAs). See Escrow agents
escrow encryption, 359
length, 63, 214-215,287-288,319,353,380
management, 53, 74-75, 133, 173, 223, 280, 359, 376-377
retrieval, 284-285
Key Exchange Algorithm, 176
L
Latent demand, for cryptography products, 149-151
Law enforcement, 302
central decryption facility for, 285-286
impact of cryptography on, 3-4, 9-10, 90-94, 184-187, 322-335
impact of information technologies on, viii, 46-47, 333-335
infringing on civil liberties, viii, 45n, 93
requirements for escrowed encryption, 180, 194-197
and seizure of records, 81-83
technical center for, 334
wiretapping/electronic surveillance, see Electromagnetic emissions; Wiretapping
see also Communications Assistance for Law Enforcement Act of 1995 (CALEA); Federal Bureau of Investigation (FBI); Executive Order 12333
Law enforcement access field (LEAF), 171-173
Layered encryption, 277
see also Multiple encryption
LEAF, see Law enforcement access field (LEAF)
Legislative branch, role of, 7, 199
Link encryption, 11-11 n, 274-276, 279, 327-328
M
Manufacturing industry, 461-463, 469-470
see also Vendors
Market
development, 151-152
Master Card, see Credit cards
Microsoft Windows NT, 135, 259-260
Monitoring, 359
Multiple encryption, 58-59, 178, 215, 383
Mutual Law Enforcement Assistance Treaties, 331, 446
N
NACIC, see National Counterintelligence Center (NACIC)
National Communications System (NCS), see Executive Order 12472
National Computer Security Center (NCSC), 232-233
Page 685
National Institute of Standards and Technology (NIST), 228, 235-238, 335-337, 365, 418-420, 485-488
public-key infrastructure requirements, 450-454
see also Federal Information Processing Standards (FIPS)
National Security Act of 1947, see Executive Order 12333
National Security Agency (NSA), xi, xiv, 158, 227-228, 235-241, 289, 335, 338, 416-420, 422-423
role in export licensing, 123n, 126, 128n, 141-144, 162, 256
role in Skipjack/Clipper, 173n, 174
see also Executive Order 12333
National Security Council (NSC), see National Security Directive 42; Executive Order 12333
National Security Directive 42 (text of), 620-628
National Security Telecommunications and Information Systems Security Committee (NSTISSC), see National Security Directive 42
NCS, see National Communications System (NCS)
NCSC, see National Computer Security Center (NCSC)
Netscape Navigator, 73n, 76, 124, 132n, 135, 208
Network Working Group, 280n
Network-based encryption, 199, 278-281
Networks, 149
applications of, 282-284
backward compatibility issues, 151n
vulnerabilities of, 52, 195, 274
Neumann, Peter G., 347-348
New Forum nations, 442;
see also CoCom nations
NII, see National information infrastructure (NII)
NIST, see National Institute of Standards and Technology (NIST)
Node, 359
Nonrepudiation, 359, 365, 370-371, 479
NSA, see National Security Agency (NSA)
NSTISSC, see National Security Telecommunications and Information Systems Security Committee (NSTISSC)
O
Object code, 360
Object linking and embedding (OLE), 360, 475
OECD, see Organization for Economic Cooperation and Development (OECD) nations
Office of Management and Budget (OMB), 335, 486-487
see also Executive Order 12958
OLE, see Object linking and embedding (OLE)
OMB, see Office of Management and Budget (OMB)
Omnibus Crime Control and Safe Streets Act, 396-397
One-way hash function, 360, 367
see also America Online; Compuserve; Netscape Navigator; Prodigy; World Wide Web
Operating system, 360
Oral communications, see Wire and Electronic Communications Interception and Interception of Oral Communications Act
Organization for Economic Cooperation and Development (OECD) nations, 244, 331, 442, 448
OSI, see Government Open Systems Interconnect (OSI) Profile (GOSIP)
Ozzie, Raymond, 348
P
Parallel processing, 63
Partial key escrow, 180
Password, 360
Patent and Trademark Office (PTO), 230
PCMCIA card (or PC-card), 176, 360, 468;
see also Fortezza cards
Pen Register and Traffic Analysis Act (text of), 526-540
Perry, William, 310
Personal identification number (PIN), 360
Petroleum industry, 463-465
Page 686
PGP, see Pretty Good Privacy (PGP)
Pharmaceutical industry, 200, 465-466
PIN, see Personal identification number (PIN)
Plaintext, 9, 53, 270, 355, 360, 374
Plug-in cryptography, see Cryptographic sockets
Pretty Good Privacy (PGP), 76, 163-164, 182
Private-key cryptography, 360, 375
Prodigy, 148
Products
certification and evaluation of, 70
integrated or general-purpose, 65-66
stand-alone or security-specific, 65, 149, 208-211
weaknesses in, 74
Proper escrowing, see Escrowed encryption
Proprietary algorithms, 70, 174, 203
verifying, 207n
Protocol, 73
analyzers, 62
negotiation, 71
Pseudorandom function, 367
PSTN, see Public switched telecommunications network (PSTN)
PTO, see Patent and Trademark Office (PTO)
Public Cryptography Study Group, 267-268
Public switched telecommunications network (PSTN), 11
counterintelligence access to, 534-535
national security/emergency preparedness (NS/EP) network, 35
vulnerability of, 34-37, 327-328
see also National Security Directive 42
Public-key certificate, 360-361
Public-key cryptography, 53, 70, 290, 296, 313, 353, 360, 375
see also NIST
Q
Quantum
computing, 392-393
cryptography, 394-395
R
RC2/RC4 algorithms, 361
Reagan, President Ronald, 99, 423
see also Executive Order 12333; Executive Order 12472
Real-time surveillance, 89-90, 103
Reliability, 361
Remailer, 361
Reverse engineering, 205, 210, 230, 361
Risks addressed by cryptography, 361, 469-473
RSA algorithm, 182, 227-229, 313n, 325, 361, 376
RSA Data Security Conference, 141n
S
Safety margins in key length, 361, 384-385
Satellite uplinks, 438
Schmults, Edward C., 348
Schneier, Bruce, 160n, 163-165
Second party, 361
Secrecy, xiii-xiv, 201-208, 307, 378
Secret-key
cryptography, 53, 171, 366, 375
Secure hash algorithm, 361-362, 370n
Secure Hash Standard, 176, 223, 362
Secure Sockets Layer protocol, 124
Secure Telephone Unit (STU), 74-75, 235
Security, 362
Security Policy Board (SPB), 241
Security-specific cryptography product, 362
SED, see Shipper's Export Declaration (SED)
Shannon, Claude, 364
Shareware, 362
Shipper's Export Declaration (SED), 119
SIGINT (Signals intelligence)
and cryptography, 101-102, 114, 317, 335, 428
historical examples of, 96-99, 427
utility of, 87-88, 100-101, 174-175, 421-423, 470-471
Skipjack algorithm, 171-172, 176, 201, 212n, 230, 362, 383, 391, 420
Slippery slope, 266
Smith, W.Y., Committee Vice Chair, 343-344
Page 687
Software
advantages of, 191-192
backward compatibility, 151n, 151-152
integrated, 148
object-oriented, 137n, 140, 165
product implementations in, 20-21, 65, 204-205
Source code, 362
SPB, see Security Policy Board (SPB)
Specification, 362
Spillover effect, 123-125
Stand-alone cryptography product, 362
Standards, 70-71, 197, 222, 232-234, 254, 306, 485-486n, 551-556
State Department, see Department of State
Stone, Elliot M., 348-349
Strategic intelligence, 97-101
Strong encryption, 101-102, 114, 123, 170, 254, 296, 382-383
STU, see Secure Telephone Unit (STU)
STU-III, 362
Symmetric
cryptography, 53-54, 172n, 362, 375-376
cryptosystem, 362
System, 362
T
Tactical intelligence, 96-97
Taxation, 482
TCP/IP, 225
Telephony, see Facsimile communications; Voice communications
TEMPEST techniques, 64
Third party access, 362-363
see also Exceptional access
Threat, 363
Time stamping, 357
Title III intercept, see Wire and Electronic Communications Interception and Interception of Oral Communications Act
Token, 363
TPEP, see Trusted Product Evaluation Program (TPEP)
Traffic analysis, see Pen Register and Traffic Analysis Act
Translucent cryptography, 277-278
Transparency, 185
Trap-and-trace devices, 84, 402
see also Pen Register and Traffic Analysis Act
Treasury Department, see Department of the Treasury
Trojan horses, 56n, 64-65n, 363
Trusted Product Evaluation Program (TPEP), 233
Turner, Stansfield, 98
U
Unescrowed encryption, 7, 181-183, 186-187, 199, 268-273, 303-304
United States Postal Service (USPS), 468
U.S. Code, Title 18, Chapter 119, see Wire and Electronic Communications Interception and Interception of Oral Communications Act (text of)
U.S. Code, Title 18, Chapter 121 and 206, see Pen Register and Traffic Analysis Act (text of)
U.S. Code, Title 22, Chapter 39, see Arms Export Control Act (AECA)
U.S. Code, Title 50, Chapter 36, see Foreign Intelligence Surveillance Act of 1978 (text of)
U.S. Congress, viii, 162, 187, 231, 305, 332-333
oversight by, 587
reports to, 508, 524-525, 539, 550, 561
see also Legislative branch, role of
U.S. Munitions List (USML), 114-117, 125-127, 135-137, 140, 162-163, 389, 644-646
separating cryptography products on, 264
Use controls on cryptography, 436-438
USML, see U.S. Munitions List (USML)
USPS, see United States Postal Service (USPS)
Page 688
V
Vendors, role of, 140, 149-153, 191, 206, 274
VeriSign, 76
Visa, see Credit cards
Voice communications, secure, 174, 278-280
vs data communications, 199, 221, 280-281
Vulnerabilities, 24, 57, 293-296, 363
W
Ware, Willis H., 349
Weak encryption, 29, 61-62, 101, 257-258, 276
Web of trust, 75-76
Windows NT, see Microsoft Windows NT
Wire and Electronic Communications Interception and Interception of Oral Communications Act (text of), 489-511
Wireless communications, vii-viii, 61, 275, 279-280; see also Cellular phones; Cordless phones
Wiretapping, 62, 103, 218-220, 439
legal framework governing, 84-88, 170
and protection of civil liberties, 44n, 285n, 285-286
utility of, 82-84
see also Electronic surveillance
World Wide Web, 65n
Z
Zimmerman, Philip, 163-164