Key Escrow

Since its announcement in April 1993, the Clipper Chip initiative has met with widespread criticism from the computer industry and the Internet community. Believing that much of the criticism grew out of the fact that government agencies would serve as "escrow agents" and hold spare encryption keys, the Administration has sought to find more acceptable variations of the key-escrow concept.

Begining in 1994, the administration issued a series of proposals calling for the development of escrow-based software (also called "key management" and "key recovery") by industry. Under the proposals, a spare set of keys would be given to a "trusted third party" who had been approved by the government and who would turn over keys in investigations. This software could then be freely exported to most countries. At the same time, Justice Department officials has been pressuring international groups such as the Organization for Economic Cooperation and Development and the European Union to adopt key escrow as a standard.

• U.S. Official Says Key-Escrow Crypto is Inferior. In a government document obtained by EPIC, a high-ranking U.S. official acknowledges that "key-escrow" encryption is "more costly and less efficient" than non-escrowed products. See EPIC's press release for more details.
  
• Europe Rejects Key-Escrow. In a major blow to U.S. policy on encryption, the European Commission has issued a policy paper that is highly critical of key-escrow encryption proposals and crypto regulation generally.
  
  
• Leading Cryptographers Question Key Escrow. Several distinguished cryptographers and computer scientists have released a new report, "The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption." The report follows an earlier recommendation of the OECD that the risks of key escrow encryption be considered before key escrow infrastructures are established. The report concludes "The deployment of a global key-recovery-based encryption infrastructure to meet law enforcement's stated specifications will result in substantial sacrifices in security and greatly increased costs to the end-user."
  
  
  
• "Key Recovery" -- Clipper 4.0. The Clinton Administration announced yet another encryption initiative on October 1.

   

   

• Netizen article on US efforts to pressure OECD to adopt key escrow.

   

• Vice President Gore announced on July 12 continued White House support for the controversial (and highly unpopular) Clipper key-escrow encryption plan. Bob Dole issued a statement criticizing the Administration's encryption policies.

   

• The National Research Council report on cryptography criticized current efforts at pushing key escrow stating "The risks of ecrowed encryption are considerable." Read the NRC press release and check the NRC site for additional information.

   

• Interagency Working Group on Cryptography Policy policy paper, "Enabling Privacy, Commerce, Security and Public Safety in the Global Information Infrastructure" (May 17, 1996).

   

• Sen. Conrad Burns' press release criticizing the Administration's policy paper on encryption policy (May 20, 1996).

   

• Attorney General Janet Reno called for establishment of key escrow encryption at the Commonwealth Club in San Francisco (June 14, 1996).

   

• Letter from 27 House members criticizing the Administration's policy paper on encryption policy (May 15, 1996).

   

• The Libertarian Party platform on key escrow.

   

• EPIC statement on NIST key escrow criteria (December 5, 1995).

   

• Netscape statement opposing NIST's key escrow plan.

   

• Business Software Alliance testimony concerning the Administration's "new" key-escrow proposal -- "the government is pursuing a 'Son of Clipper' strategy" (September 6, 1995).

   

• NIST Notices on Key-Escrow Issued on November 6, 1995.

   

• The National Institute of Standards and Technology (NIST) issued a press release on August 17, 1995, announcing a "new" government policy on key-escrowed encryption. The agency announced that two public workshops would be convened to address relevant issues (see below).
  •  
  • The first issue NIST has identified is addressed in a "discussion paper" titled "Issues -- Export of Software Key Escrowed Encryption."

     

  • The second issue is addressed in a NIST paper titled "Desirable Characteristics for Key Escrow Agents."

     

  • The third issue is addressed in a NIST paper titled "Export Criteria Discussion Draft -- 64-bit Software Key Escrow Encryption." This document describes the ten criteria initially identified by the government for the export of key-escrow products.

   

• Vice President Gore's letter to Rep. Maria Cantwell in July 1994 indicated that the Administration would explore alternative key-escrow techniques.
  •  
  • EPIC statement on the Gore letter (July 21, 1994).

     

  • Sen. Patrick Leahy's statement on the Gore letter (July 21, 1994) .

   

• NSA responses to written questions submitted by the Senate Judiciary Subcommittee on Technology and the Law. Includes discussion of government objectives with respect to key-escrow encryption.

   

• Trusted Information Systems produced a paper in January 1995 titled "Commercial Key Escrow" describing software implementations of key-escrow with non-governmental entities serving as escrow agents.

  Last Modified: April 14, 1998