NSA What Is The Price?

On June 20 and June 24 the NSA responded to TWO Freedom of Information Requests (FOIA) by SOFTWAR seeking all associated material to Clipper, Vince Foster and Hillary Clinton. It seems the NSA has come around and is now willing to search for their own material for evidence of corruption. However, there is one catch:

"We estimate the cost involved in the search for material responsive to your request will be approximately $4,200... Our policy is to request advance payment prior to initiating the search." RONA Lerner - NSA Activing FOIA officer - June 20, 1997 response to FOIA on Foster and Clipper.

"We estimate the cost involved in the search for material responsive to your request will be approximately $2,300... Our policy is to request advance payment prior to initiating the search." RONA Lerner - NSA Activing FOIA officer - June 27, 1997 response to FOIA on plans to NATIONALIZE the US computer security industry.

So, the NSA does Freedom of Information but not for FREE. In order to proceed with either FOIA we must now deliver a certified check made out to the Treasury of the United States. At this point, with the over-whelming evidence of corruption spilling out of the Commerce Department, continuing our case outside of Court against the NSA seems to be an expensive choice. I would be willing to cut some sort of deal, such as exclusive rights to any article/book, to pursue the FOIA against the NSA. Any help will be greatly appreciated.

Still, the NSA was never one to worry about cash, considering their secret budget is estimated to consume up to half the $29 billion dollars a year spent on Intelligence here in the U.S. Their Clipper project was funded by money confiscated during the Drug war. This little slush fund made it possible to finish the research and development without Congressional oversight. Even then, the final cost was kept from public view and is now available through previous FOIA requests against the Commerce Dept.



The following summarizes the estimated costs associated with the proposed Escrowed Encryption Standard. The costs include one-time costs as well as procurement and operational costs. The costs are to government organizations responsible for standards development, device development, key escrowing, and decryption of intercepted communications (when authorized) as well as to all the anticipated users of products meeting the standard. Estimates of the costs are provided in two tables. Some of the estimates are based on information provided during informal discussions with other government agencies and vendors. The estimates should be considered as very preliminary cost projections based on many assumptions which may or may not prove valid.

The categories of expected costs and a short description of them are outlined as follows:

Escrowed Encryption Standard Development

This is the cost of developing, coordinating and publishing the specifications of the standard.

Implementation/Acquisition of Secure Equipment/Software

Basic Electronic devices (e.g., MYK-78 "CLIPPER", MYK-80 "CAPSTONE") - One time costs include overall design, development, prototype, and initial manufacturing costs of EES devices. Procurement costs include per device sales price for expected volume production (sales price is less per unit if large, e.g., 100,000 units, volume is purchased).

Secure Equipment containing the Electronic Devices (e.g., Secure Telephone Terminal) - The electronic chips are designed to be integrated into secure terminal equipment for specific applications such as secure voice or FAX communication as well as into general purpose equipmment such as computer work stations or servers. Most, but not all, of this cost is independent of the escrowed key features. The estimate includes only additional costs for special hardware for incorporating the key escrow features.

Secure Application (e.g., secure mail communication) - Software will be required to support the key escrow features in certain applications such as secure mail, secure EDI, etc. if such features are to be used. Stored, encrypted data may require additional storage facilities for escrowed keys which can be used to decrypt the data when so lawfully authorized. Additional costs in a secure application are included because of the special requirements of key escrowing and Law Enforcement Access Field (LEAF) processing in the application.

Key Management Infrastructure

Initial Operational Capability - Includes the computer systems for generating and certifying the keys used to establish secure associations (e.g., telecommunications sessions) among secure application equipment

Supporting Service - Includes the people, telecommunications services and related equipment needed to identify and authenticate users and security devices and then generate and distribute the needed keys, certificates and certificate revocation lists.

Key Escrow

Escrow Agent Equipment and Facilities - Each of the two escrow agents requires very secure computer equipment and facilities to store and process key components. A level of protection equivalent to Department of Defense SECRET has been chosen. Triply redundent equipment and doubly redundant storage facilities with remote backup have been chosen.

Programming Equipment and Facilities - Special Security Device (e.g., "CLIPPER" and "CAPSTONE" chips") programming equipment and facilities are required to individually program (personalize) each device during the end of the device manufacturing process. The initial facility for the first device (MYK-78) is in California. Additional programming equipment and facilities will be required if other manufacturers of secure devices are obtained.

Key Component Generation and Installation - At least one escrow officer from each of the two escrow agent organizations is needed to be present in the programming facility during device programming. Initial experience shows this requires two officers from each agent must be available during each shift. Two shifts are often supported during device programming.

Key Component Distribution to Law Enforcement Officials - Escrow officers must be available at each escrow agent organization to process requests for access to escrowed key components. This operational capability is expected to be needed continuously once the system is fielded.

Law Enforcement Decryption

Decryption Equipment: Decryption equipment must be available whenever and wherever intercepted data is to be decrypted. This equipment must be able to obtain the escrowed key components securely from each escrow agent. It must then combine the components to obtain the device unique key of the targeted security device, decrypt the LEAF to obtain the session key used to encrypt the data and then be able to decrypt the data.

Decryption Facilities and Operational Support: People, communications support, maintenance and secure processing capability must be available to support the decryption equipment in a widely distributed environment. This cost will be supported by law enforcement authorities.

One-Time VS Operational Costs

The cost categories outlined above include one-time costs and continuous operational costs. One-time costs include design and development of equipment and facilities. Procurement costs include the purchasing price of basic security devices, additional costs of security equipment due to the special security device and additional costs of the application in supporting LEAF processing. Operational costs includes people (salaries, benefits), communication, travel, maintenance, etc. The following tables are estimates of the one-time costs and per year costs associated with the Escrowed Encryption Standard.

One Time Costs

Escrowed Encryption Standard Development Costs        $ 2.0M

Implementation Costs

  Basic security devices (Chip Design)                $ 4.0M

Key Management Infrastructure Costs

  Initial Operational Capability                      $15.0M

Key Escrow System Costs

  Escrow Agent Equipment/Facilities                   $ 4.0M

  Programming Equipment/Facilities                    $10.0M

Decryption Facilities Costs

  Equipment Development                               $ 5.0M

  Facilities                                          $10.0M

TOTAL (ONE TIME)                                      $50.0M

Initial Procurement and Operational Costs (per year)

Device and Equipment Procurement Costs

Basic security devices - $20 x 50K            $ 1.0M

Basic security devices - $60 x 200k          $12.0M

Secure Equipment - $150 x 50K                $ 7.5M

Secure Applications - 4100 x 200K            $20.0M

Key Management Infrastructure Operation

Supporting Services                          $15.0M

Key Escrow System Operation

Key Component Programming                    $10.0M

Key Component Distribution                   $6.0M

Decryption Operations

Equipment Procurement ($5K x 300)            $1.5M

Operations                                   $10.0M

TOTAL (PER YEAR)                             $82.5M

All content COPYRIGHT SOFTWAR (C) 2000. Any reproduction or use of content herein must be approved by SOFTWAR.