A Road Map Through This Report
This report responds to a request made in the Defense Authorization Act of FY 1994 by the U.S. Congress for the National Research Council to conduct a comprehensive study of national cryptography policy, a subject that has generated considerable controversy in the past few years.
This report is organized into three parts. Part I frames the policy issues. Chapter 1 outlines the problem of growing information vulnerability and the need for technology and policy to mitigate this problem. Chapter 2 describes possible roles for cryptography in reducing information vulnerability and places cryptography into context as one element of an overall approach to ensuring information security. Chapter 3 discusses needs for access to encrypted information and related public policy issues, specifically those related to information gathering for law enforcement and national security purposes.
Part II of this report describes the instruments and goals of current U.S. cryptography policy and some of the issues raised by current policy. Chapter 4 is concerned primarily with export controls on cryptography, a powerful tool that has long been used in support of national security objectives but whose legitimacy has come under increasing fire in the last several years. Chapter 5 addresses escrowed encryption, an approach
aggressively promoted by the federal government as a technique for balancing national needs for information security with those of law enforcement and national security for information gathering. Chapter 6 discusses other dimensions of national cryptography policy, including the Digital Telephony Act of 1995 (also known as the Communications Assistance for Law Enforcement Act) and a variety of other levers used in national cryptography policy that do not often receive much attention in the debate.
Part III has two goalsenlarging the space of possible policy options and offering findings and recommendations. Chapter 7 discusses a variety of options for cryptography policy, some of which have been suggested or mentioned in different forums (e.g., in public and/or private input received by the committee, or by various members of the committee). These policy options include alternative export control regimes for cryptography and alternatives for providing exceptional access capabilities when necessary. In addition, Chapter 7 addresses several issues related to or affected by cryptography that will appear on the horizon in the foreseeable future. Chapter 8 describes the committee's findings and recommendations.
A set of appendixes provides more detail where needed.