--------------------------------- Gesellschaft fuer Informatik e.V. PRESS NOTICE --------------------------------- ---------------------------------------------------------------------- Governmental Restrictions on Encryption Products Put Security at Risk ---------------------------------------------------------------------- Bonn, 1996-04-30 In current political discussions there are some ongoing demands to legally restrict encryption, i.e. import, export, and production of cryptographic tools and their use. In Germany steps are undertaken towards legal regulations, but there are concerns; for example the German Society for Informatics (Gesellschaft fuer Informatik - GI), - with more than 18.000 members the largest German association of professionals working in information technology (IT) - makes the following statement: Anybody participating in communication must be assured their messages are not tampered with (integrity) and are not disclosed to unauthorized recipients (confidentiality). It has always been an aim of secure reliable communication to comply with these requirements. The more the information society becomes a reality, the more enterprises, administrations and private persons urgently need this assurance. To achieve this, so called "strong" cryptography is available. Several encryption tools based on strong cryptoalgorithms are in the public domain and offered on the Internet, others are integrated within commercial products. A different technique for confidential and even unobservable communication is to use steganography, where secret data are hidden within larger inconspicuous every day data in a way that third parties are unable to even detect their very existence. Hence there is no way of preventing unobservable secret communication. To improve law enforcement and national security by enabling police and secret services to decipher messages in digital networks, certain people demand the escrowing (bonding) of the secret keys used. But for the reasons given above, key escrow cannot guarantee effective monitoring. Moreover, key escrow (bonding) poses an additional risk for the secrecy of the keys and therefore for the secrecy of the data. This risk is exacerbated by central escrowing and back ups of the keys. Effective electronic surveillance is practically impossible within digital networks. In particular closed groups such as organized crime will use steganographic techniques. A technically feasible way of effectively fighting organized crime could be to monitor those terminals on a selective basis, where the messages are shown in clear. This could legally enable police and secret services to gather suspicious message contents. Restrictions on encryption do not help the fight against organized crime, but they do endanger the essential security of business and private secrets. Further Information: Gesellschaft fuer Informatik e.V. Wissenschaftszentrum Ahrstrasse 45, D-53175 Bonn Tel. +49-228-302-145 Fax -167