BOX 5 Pros and Cons of Escrowed Encryption

The primary benefit of escrowed encryption for law enforcement and national security is that, when properly implemented and widely deployed, it provides legitimate users with high degrees of assurance that their sensitive information will remain secure but nevertheless enables law enforcement and national security authorities to obtain access to escrow-encrypted data in specific instances when authorized by law. Escrowed encryption also enables businesses and individuals to recover encrypted stored data to which access has been inadvertently lost, and businesses to exercise a greater degree of control over their encrypted communications. In addition, by meeting demands for better information security emanating from legitimate business and private interests, escrowed encryption may dampen the market for unescrowed encryption products that would provide similar security without features for government exceptional access that law enforcement and national security authorities could use for legitimate and lawfully authorized purposes.

Some participants in the public debate appear to believe that escrowed encryption is necessarily equivalent to weak encryption, because it does not prevent third parties from having access to the relevant plaintext. But this is a mischaracterization of the intent behind escrowed encryption, since all escrowed encryption schemes proposed to date are intended to provide very strong cryptographic confidentiality (strong algorithms, relatively long keys) for users against unauthorized third parties, but no confidentiality at all against authorized third parties who have exceptional access.

The risks of escrowed encryption are also considerable. Escrowed encryption provides a potentially lower degree of confidentiality than does properly implemented unescrowed encryption, because escrowed encryption is specifically designed to permit external access and then relies on procedures implemented and executed by human beings to prevent unauthorized use of that access. While policy makers have confidence that procedures can be established and implemented without a significant reduction of information security, skeptics place little faith in such procedural safeguards. Maintaining system security is difficult enough without the deliberate introduction of a potential security hole, and the introduction of another route of attack on procedures simply complicates the job of the information defender. In addition, the widespread adoption of escrowed encryption, even on a voluntary basis, would lay into place mechanisms, procedures, and organizations that could be used to promulgate and/or enforce more restrictive cryptography policies. With such elements in place, some critics of escrowed encryption fear that procedural safeguards against government abuse that are administrative in nature, or that rest on the personal assurances of government officials, could be eviscerated by a future administration or Congress.

Address questions/comments to cstb@nas.edu
Last Updated on 05/29/96