Feb. 19, 1993 Letter To George Tenet on Clipper.

SECRET
US Justice Department
Federal Bureau of Investigation

February 19, 1993

Mr. George J. Tenet
Special Assistant to the President
Senior Director for Intelligence Programs
National Security Council
Old Executive Office Building
Suite 300
Washington, D.C.

Dear Mr. Tenet:

Reference my letter dated February 9 , 1993

Attached please find a briefing document entitled "Encryption:
The Threat, Applications, and Potential Solutions," which
responds to your request for additional information concerning
the various encryption applications now being used and the
potential approaches and methodologies to deal with them.  As
set out in referenced letter, this is the second of three
subject areas you requested to have more fully developed and
discussed.  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXX  BLACKED OUT AS STILL SECRET  XXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXX  PER NSA  XXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
This document is the product of a working group, comprised of
representatives of the Federal Bureau of Investigation, NSA and
the Department of Justice.

We hope that the information provided in the attached document
is useful for you, your staff, and others in reviewing and
acting upon the issues identified therein.  Further, we stand
prepared at your request to provide any additional information
of details you deem necessary in order to address this matter.

Sincerely yours,

William S. Sessions
Director

1 - Director NSA

SECRET

SECRET
Encryption:  The Threat, Applications, and Potential Solutions

Executive Summary

I.  Introduction

II.  Importance of Electronic Surveillance

III.  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

IV.  Implementation Platforms for Encryption

         a.  Hardware Based Encryption

         b.  Software Based Encryption

V.  Applications for Encryption

         a.  Voice Communications

         b.  Data Communications

         c.  Information Storage

VI.  Exceptions

VII.  Legislation

VIII.  Decryption Solutions Summary

SECRET
Executive Summary

Electronic surveillance is one of the state and Federal law
enforcement's most important and effective investigative
techniques.  Its use and viability are crucial to effective law
enforcement, to preserving the public safety and to maintaining
the national security.  Like certain advanced digital
telecommunications technologies, encryption threatens to impair,
and in many instances preclude, the effective conduct of
electronic surveillance, particularly the real time acquisition
of intelligible communications content.

Encryption is being employed at ever increasing rates as the
perceived need to protect commercially sensitive, proprietary,
and personal communications and as information grows.
Correspondingly, encryption is being more widely employed as an
adjunct to digitally transmitted voice and data communications
and information, particularly with regard to cellular and other
cordless telecommunications media devices, dangerous criminals
and hostile intelligence agents will undoubtedly acquire and use
them, XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXX

Encryption can be, and is being, used to secure many forms of
communications and information.  It is invariable implemented in
either hardware or software.  Hardware based encryption is more
secure and operates at higher transmission speeds, making it
most useful for all telephonic and many high speed transmission
computer (data) based applications.  Data Encryption Standard
(DES) and other, proprietary encryption applications are now
being employed  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  The NSA has developed a
hardware (chip) based encryption alternative and potential
solution which provides both stronger cryptographic strength
than DES and a methodology for real time decryption by law
enforcement agencies acting pursuant to court order or other
statutory authorization.

Software based encryption is most typically used in computer
(data) based applications where high transmission speeds are not
critical, such as single (low volume) file transfers or storage,
electronic messaging ("E-Mail") and facsimile applications.
Software based encryption is fundamentally less secure than
hardware based encryption, and is susceptible to both
intentional alteration and tampering and to unintentional,
undetectable permutations occasioned by use with different
types of microprocessors, computers, etc.  Software encryption
is sold both as a specific program and as a feature of mass
market software packages, and because it is inexpensive, user
friendly, and versatile, it is proliferating throughout the
business and computer user communities.  Of the computer and
data based applications, there is particularly great growth in
the use of E-Mail and facsimile communications.  With this
growth, law enforcement anticipates encountered encryption in
facsimile and E-mail communications in the very near future.  At
this time XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  PARAGRAPH BLACKED OUT AS  XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  STILL SECRET PER NSA      XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  PARAGRAPH BLACKED OUT AS  XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  STILL SECRET PER NSA      XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  PARAGRAPH BLACKED OUT AS  XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  STILL SECRET PER NSA      XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  PARAGRAPH BLACKED OUT AS  XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  STILL SECRET PER NSA      XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


SECRET
INTRODUCTION

The successful conduct of electronic surveillance is crucial to
effective law enforcement, to the preservation of the public
safety, and to the maintenance of the national security.  Recent
advances in communications technology, particularly
telecommunications technology, and the increased availability
and use of encryption threaten to significantly curtail, and in
many instances preclude, effective law enforcement XXXXXXXXXXXX
XXXXX - LINE BLACKED OUT PER NSA AS STILL TOP SECRET XXXXXXXXXX
Efforts have been made to develop, where available, technical
solutions to the problems posed by advanced communications
technologies and encryption in order to preserve the electronic
surveillance technique.

XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX
XXXXXXXXX - BLACKED OUT PER NSA AS STILL TOP SECRET XXXXXXXXXXXX
XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX

Encryption is, or can be used in a number of applications to
secure voice and data communications and stored information.
The type of encryption used and the way it is implemented varies
depending upon the nature of the application.  Encryption
applications are available to secure communications transmitted
both in analog and digital formats.  Digital communications, in
particular, support and accommodate the use of encryption.
Thus, encryption can be, and is, employed easily and
inexpensively in computer based applications.  To date, its use
has been somewhat limited in certain areas such as in voice
communications XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX 
XXXXXXXXX - BLACKED OUT PER NSA AS STILL TOP SECRET XXXXXXXXXXXX
XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX
However, as the transition proceeds from analog telephony to
digital telephony, and as consumers migrate from wireline (e.g.,
basic telephone) to wireless (e.g., cordless or cellular
telephone) communications devices, the use of encryption by
telecommunications service providers and end-users can be
expected to increase markedly in the near future.  Hence, it is
expected that encryption will soon be more widely available and
more widely used with all communications applications.

This document responds to a National Security Council (NSC)
request for additional information concerning the use of
encryption in the various communications and information
applications.  Additionally, this document briefly describes
potential technical and legislative solutions to the problems
posed by the various encryption applications.

By letter dated February 9, 1993, from FBI Director William S.
Sessions to Special Assistant to the President George Tenet,
NSC, a detailed discussion of the "Clipper" encryption
methodology was provided.  The "Clipper" hardware (chip) based
technical solution was discussed in the context of the AT&T TSD
3600 telephone encryption device.  It was noted in the enclosed
document to that communication that the "Clipper" chip
methodology provided a solution to various hardware-based
encryption applications (such as telecommunications, data or pure
storage).  Consequently, in this document, discussion of the
capability and methodology of "Clipper" and its efficacy in
providing a hardware-based technological solution will be
abbreviated.  

II.  Importance of Electronic Surveillance

Electronic surveillance is one of state and Federal law
enforcement's most important and effective investigative
techniques.  The use of electronic surveillance by state and
Federal authorities, in a number of instances, has been essential
in preventing murders; saving human life put at risk through
planned terrorism attacks; dismantling entrenched organized
crime groups which severely harm the economy through extortion,
fraud and corruption; and attacking the major national and
international drug importation and distribution cartels and
networks whose activities cause incalculable personal and
economic injury in our society.  Over the past decade, court
authorized interceptions have directly resulted in the arrest of
over 35,000 dangerous felons and the conviction of nearly 20,000
dangerous criminals.  It should be noted that aside from Federal
law enforcement agencies, electronic surveillance is utilized by
state law enforcement agencies in 37 states.

Statistics for the FBI alone during the period of 1985 to 1991
illustrate the impact of this extremely important investigative
technique.  Court authorized interceptions conducted by the FBI
during this period for all criminal investigations have played
an important role in:

- 7,324 felons being convicted;
- $295,851,162 in fines being levied;
- $756,363,288 in court ordered recoveries, restitutions and
  forfeitures; and,
- $1,862,414,937 in prevented potential economic loss.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  PARAGRAPH BLACKED OUT AS  XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  STILL SECRET PER NSA      XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  PARAGRAPH BLACKED OUT AS  XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  STILL SECRET PER NSA      XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

III.  Threat Posed By Encryption

Securing communications and information through the use of high
grade and robust cryptography can be a mixed blessing for both
the Government and society.  On the one hand, it is essential
and extremely beneficial when used to protect classified
Government communications and information.  Similarly, it is
very important, and sometimes crucial, when used to secure
sensitive, unclassified Governmental and commercially sensitive
and proprietary business communications and information.  On the
other hand, the use of strong cryptographic products by the
myriad array of criminals and hostile intelligence agents poses
an extremely serious and unacceptable threat to effective law
enforcement, the public safety and the national security.

The essence of the cryptographic threat is that high grade and
robust encryption products effectively prevent law enforcement
XXXXXXXXXXXXXXXX agencies from carrying out their statutorily
based missions and responsibilities.   XXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  PARAGRAPH BLACKED OUT AS  XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  STILL SECRET PER NSA      XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  PARAGRAPH BLACKED OUT AS  XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  STILL SECRET PER NSA      XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


IV.  Implementation Platforms for Encryption

Encryption can be used to secure many forms of communications
and information.  However, the cryptography used to protect such
communications and information is implemented in either hardware
or software based formats.

A.  Hardware Based Encryption

Hardware based cryptography (a $150 million/year industry)
employs the use of electronic circuitry and computer chip
technology to provide the ability to encrypt communications and
information.  Hardware based cryptography offers several
advantages.  It is able to operate at very high speeds; thus, it
is able to efficiently process large amounts of information.
Consequently, it is well suited for voice encryption and other
encryption applications where processing delays are
unacceptable.

In addition, hardware based encryption can be made very secure,
so as to prevent tampering and alteration.  Because the
encryption algorithm exists in hardware, it can be made
extremely difficult, if not impossible, to access and analyze
the information embedded in the chip.  It is this very quality
that allowed for the creation of the hardware based "Clipper"
technique.  The anti-tampering, and anti-reverse engineering
features that can be employed in hardware also permit the
continued secrecy of the NSA developed classified algorithm used
in "Clipper".

However, for some applications, hardware based encryption may
not be the method of choice for many, if not most, end-users,
because it is more expensive than software based encryption and
because it is not easy to make it interoperable with other
systems.  

B.  Software Based Encryption

Software based encryption is generally marketed as either a
special software program designed to encrypt information or as a
feature within a mass market software package (e.g.
WordPerfect).  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  PARAGRAPH BLACKED OUT AS  XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  STILL SECRET PER NSA      XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  PARAGRAPH BLACKED OUT AS  XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  STILL SECRET PER NSA      XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Secondly, software encryption, by its very nature, runs at
speeds many times slower than hardware based encryption.  As a
result, it is not well suited for voice and similar applications
that require minimal processing delays, or in uses requiring
large volume processing (e.g.  bulk disk encryption).

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  PARAGRAPH BLACKED OUT AS  XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  STILL SECRET PER NSA      XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  PARAGRAPH BLACKED OUT AS  XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  STILL SECRET PER NSA      XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  PARAGRAPH BLACKED OUT AS  XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  STILL SECRET PER NSA      XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

SECRET

V.  Applications for Encryption
A.  Voice Communications

In terms of communications media, the public communicates
primarily by voice through the telecommunications network.
Similarly, voice communications also continue to be the
principal form of media communications for criminals and foreign
intelligence agents.  Hence, the Government's electronic
surveillance requirements are most acute, generally speaking,
with regard to telephonic voice communications.  Further,
because of the need to understand and act upon such
communications (e.g. to respond to communications related to an
imminent murder or to a soon-to-be held espionage meeting/drop),
the requirement for real-time interception and clear text
acquisitions of communications content is crucial.  Generally,
there area two main categories of telephonic voice
communications:  wireline and wireless.

To date, with the exception of certain Governmental
communications, there has been relatively little use of
encryption to secure wireline voice communications.  Although
we are unaware of any studies or statistics which discuss the
actual use of encryption, it does not appear that there has been
much emphasis placed upon the use of encryption by wireline
users.  It is our assessment that most users either do not give
much thought to the use of encryption, or do not believe that
there is much likelihood of their voice communications being
intercepted, or, in any event, do not believe that the nature of
their communications justifies the cost or bother of employing
encryption.  

Consequently, the need for and use of wireline voice encryption
have generally been limited to businesses, especially those
which perceive a need to secure commercially sensitive and/or
proprietary information.  The devices purchased by such
businesses  are typically either scrambling or true encryption
devices.  Previously, such devices tended to be relatively
expensive ranging from $1,500 to $7,000 per unit) and only
moderately user-friendly; and the scrambled or encrypted
transmissions were often obvious rather than transparent.  Some
of the principal manufacturers are Motorola, AT&T and Cycom.

Since voice communications typically require concurrent
encryption processing, a hardware (chip) based methodology is
usually employed.  Data encryption Standard (DES) encryption is
commonly used; however, individualized, proprietary forms of
encryption appear to dominate in hardware applications.  As
previously noted, the Government has developed a hardware based
encryption product, the "Clipper" chip, which affords both high
level encryption security (vastly superior to DES encryption) to
voice communications and also permits real time decryption to
law enforcement, acting pursuant to legal process.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  PARAGRAPH BLACKED OUT AS  XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  STILL SECRET PER NSA      XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  PARAGRAPH BLACKED OUT AS  XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  STILL SECRET PER NSA      XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

SECRET

In recent years, the biggest growth in voice communications has
been in the area of wireless communications.  Such wireless
communications are based, at least in part, upon a radio
frequency transmission link.  Examples of such wireless voice
communications include cordless and cellular telephones,
airphones, satellite based telecommunications devices and soon
to be developed personal communications networks (PCNs) and PCN
telephone devices.  The user mobility afforded by such wireless
devices and their increasing affordability have made these
devices very attractive to the public, and in particular, to
some segments of the criminal community (e.g. drug dealers).

Wireless telecommunications devices, such as cordless telephones
and cellular telephones, however are vulnerable to unauthorized
interception, as some recent cases of renown (e.g.  the Governor
Wilder case) demonstrate.  Consequently, there is a fundamental
need to apply some form of enhanced security to wireless
telephone devices.  As a result, there appears to be a
widespread and growing recognition that additional security
features, such as encryption, need to be incorporated into these
devices.  In this vein, the Privacy and Technology Task Force
submitted a report in May 1991 to Senator Leahy, the Chairman of
the Subcommittee on Privacy and Technology, Senator Judiciary
Committee, which recommended that cordless telephones be
afforded privacy protection under Title III (cordless telephones
currently are not statutorily protected because of the ease
with which they can be intercepted).  The Task Force noted that
is is projected that cordless phones will be in 68% of American
households by the end of the decade (the year 2000).  The
report also states that a number of task force members indicated
that "technical privacy enhancing features for radio based
systems should be more rapidly deployed by manufacturers and
service providers."  Currently, AT&T, Motorola, and other
service providers and manufacturers are offering encryption for
cellular devices or service.

Law enforcement's decryption requirements, particularly real
time intelligibility of communications content, are the same for
wireless and wireline voice communications.  Also, as noted the
area of wireless telecommunications.  Hence, a solution to the
threat posed by encryption in wireless, as well as wireline,
devices is imperative.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  PARAGRAPH BLACKED OUT AS  XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  STILL SECRET PER NSA      XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


B.  Data Communications

As used here, data communications are comprised of textual
information transmitted in an electronic format.  Data
communications are typically used in business environments for
user-to-user communications over local and wide area networks,
and for transport of large volumes of electronic records or other
information.  Recent industry projections indicate that while
voice communications are expected to grow at an annual rate of
3% a year, data communications are expected to grow at an annual
rate of 30%.  Hence, many corporations are now requiring that
all computer systems that they purchase must have an integrated
security system, including some type of encryption.

For purposes of this discussion, data transmissions can be
viewed in terms of low speed and high speed transmissions.
Examples of applications utilizing low speed transmissions
include facsimiles, electronic messaging or "E-Mail" and slow
scan video.  High speed transmissions encompass multiplexed or
"bundled" individual communications, bulk (voluminous) file
transfers and full motion video.


Low Speed Transmissions

Individuals using personal computers (PCs) or facsimile machines
to communicate with one another are using communications devices
which operate at low speed transmission rates.  To date, the
principle users of facsimile machines have been members of the
business community.  In both business and residential settings,
the use of facsimiles has grown dramatically over the past 10
years.  As an example, a recent trade magazine article stated
that nearly 50% of the after hours telephone traffic to the Far
East consisted of facsimile transmissions.  As these
transmissions carry an increasing amount of commercially
sensitive and proprietary business information, there will be
an increased demand for secure facsimiles.  TRW and Panasonic
are currently marketing secure facsimile machines which
incorporate DES or other, proprietary encryption.  At the
present time, these devices are relatively expensive ($4,000 -
$7,000 per unit), and have not been widely marketed.
Consequently, they do not pose the same degree of threat as
found in the AT&T 3600 voice encryption device that sells for
approximately $1,300.

PC communications, including E-mail, increasingly are being used
not only by businesses but also by individuals.  In 1992,
approximately 19 million E-Mail users sent nearly 15 billion
messages.  With increased computer networking and with the
recent acceptance of new E-mail standards, electronic messaging
will increase dramatically.  Existing E-mail standards generally
support text transmissions, however, emerging E-mail systems can
support voice, facsimile and video capabilities.  These
electronic communications are fast replacing real-time voice
conversations and consequently will increasingly become the
subject of electronic surveillance.  As these types of
communications are more frequently and widely used, the use of
encryption to protect the communication content can be expected
to increase.

Low speed data transmissions typically run at speeds less than
64 thousand bits of information per second (64Kb/s).  The use of
encryption of these low speed applications can be either
software or hardware based.  With respect to certain data
communications such as facsimile and E-mail, law enforcement
typically requires real-time access to these communications, the
the same way as it does for voice communications.

For the above mentioned data applications and others XXXXXXX  -
sentence blacked out as per NSA XXXX - Classified XXXXXX.
However, software based encryption is more widely used in these
low speed data transmission-related applications for the reasons
previously discussed:  cost and ease of use.  Encryption for
functions such as E-mail and individual (non-bulk) file
transfers across a local area network (LAN) can be provided and
typically is provided, as part of a communications software
package.  Thus, this encryption is essentially free to mass
market software publishers as previously discussed.  XXXX XXXX
XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX
XXXXXXX - remaining paragraph blacked out as per NSA - XXXX XXXX
Classified XXXXXXX.


SECRET

HIGH SPEED DATA TRANSMISSIONS:

As data networks expand and as the requirements to support
geographically widespread networks increase, there will be an
increased demand for the development of faster speed
transmissions to benefit from these high speed networks.  As a
result, users will be able to take advantage of these high speed
data highways to transmit increased amounts of data associated
with video, high volume data retrieval, and other high speed
data services.  These types of data services are typically used
by large commercial, banking and Government institutions.
Because of the sensitive banking data and personal information,
there is a need to utilize encryption.  By way of example, major
inter-bank data transmissions typically utilize DES-based or
comparable encryption.

High speed transmissions today typically run in the range of
10-50 Mbit/sec (10-50 million bits per second).  At these data
rates, hardware based encryption is the only feasible approach
to data security.  In this regard, the "Clipper" technique
offers a suitable solution.  In its current configuration,
"Clipper" is designed to run at speeds of 10 Mbits/sec and if
necessary, it can easily be engineered to run at speeds up to
100 Mbits/sec.

High speed transmissions can be viewed from a law enforcement
interception standpoint in two ways.  If, as with interceptions
of voice communications, the transmissions are comprised of
individual data communications that have be multiplexed or
bundled, law enforcement has a need for real time access to and
decryption of the specific communications that are the subject
of the interception.  If, on the other hand, the high speed
transmissions were of a bulk file or other voluminous information
transfer, it would not be physically possible or even desirable
to process or view the product of the interception in real time.
In these instances, access to the communications would be
practically obtained "after the fact," under circumstances where
the communications is no longer in transit but rather in
storage.

C.  Information Storage

As with data communications, both hardware and software based
encryption platforms are used to encrypt information on storage
media.  Generally, individual users of PCs typically store either
single files or a relatively low volume of files.  As PCs are
increasingly used in the furtherance of criminal activity, there
will be a tendency for individuals to encrypt the stored
information to protect it from seizure and from becoming
evidence which can be used against the individual.  For example,
a physical search in a recent "hacker" investigation in the Los
Angeles area disclosed a large volume of stored files that had
been encrypted to secure the contents and prevent law
enforcement from acquiring the stored information content.
Additionally, many searches in narcotics investigations have
revealed personal electronic files containing names and numbers
of associates that have been encrypted.  Consequently, law
enforcement will need to access and decrypt such files.

For PC encryption of individual files intended for storage on
magnetic media, software based encryption is the most frequently
used approach.  As previously discussed, the very concept of
storage implies a degree of permanence, and therefore stored
information typically does not require real time access or
decryption.  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  PARAGRAPH BLACKED OUT AS  XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  STILL SECRET PER NSA      XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Large volume electronic file storage is typically done on
mainframe storage devices in an institutional environment.  In
order to satisfy processing performance requirements, bulk
encryption of these files dictates the use of a hardware
approach.  The high data rates and large volumes of data
information to be encrypted cannot be accomplished efficiently
through software based encryption.  The hardware based "Clipper"
technique, with its ability to operate at high processing
speeds, would be a suitable candidate for bulk encryption.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  PARAGRAPH BLACKED OUT AS  XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  STILL SECRET PER NSA      XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


VI.  EXCEPTIONS

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXX  paragraph blacked out as still secret     XXXX
XXXXXXXXXXXXXXX  as per NSA orders  XXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

  In addition to the aforementioned applications or categories
of users for which an exclusion is appropriate, devices used by
the Government to encrypt and transmit classified national
security information should also be exempt from a technical or
legislative solution to law enforcement's electronic
surveillance decryption requirements.  With regard to this
category of devices, the Federal Government  has an obligation
to ensure that information involving national security is
adequately protected.  Under those circumstances where an
interception of such devices is needed, it would appropriately
be accomplished in concert with the appropriate Federal
Government agencies charged with safeguarding communications of
a national security nature, so as not to unnecessarily
jeopardize national security information.


SECRET

VII. LEGISLATION

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  PARAGRAPH BLACKED OUT AS  XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  STILL SECRET PER NSA      XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


VIII.  Decryption Solutions Summary

The foregoing information outlines the various encryption
applications with regard to typical governmental electronic
surveillance decryption requirements (real time and non real
time) and the viability of government hardware and software
based solutions.  As discussed, encryption based in hardware
allows for greater speed and versatility, as well as increased
protection from unauthorized tampering, modification, or reverse
engineering.  Encryption used on software, although inexpensive
and user friendly, will most always have inherent weaknesses,
such as processing speed constraints and security vulnerability.

In brief, the technical solutions and approaches developed to
satisfy law enforcement's decryption requirements with regard to
the main encryption applications are as follows:

Voice/Data Applications
XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX
XXXX XXXXXXX - Paragraph blacked out as per NSA - XXXX XXXX
Classified XXXXXX.  XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX

- Real time access to and decryption of voice/data
communications secured by software-based encryption XXXX XXXX
XXXX XXXXXXX - Paragraph blacked out as per NSA - XXXX XXXX
Classified XXXXXX.  XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX
in the near future. XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX
XXXX XXXXXXX - Paragraph blacked out as per NSA - XXXX XXXX
Classified XXXXXX.  XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX

Stored Information Applications

- Real time access to and decryption of stored electronic
information secured by hardware based encryption could be
performed utilizing the Clipper technique.

XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX
XXXX XXXXXXX - Paragraph blacked out as per NSA - XXXX XXXX
Classified XXXXXX.  XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX

XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX
XXXX XXXXXXX - Paragraph blacked out as per NSA - XXXX XXXX
Classified XXXXXX.  XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX

- Technical solutions, such as they are, will only work if they
are incorporated into all encryption products.  To ensure that
this occurs, legislation mandating the use of Government
approved encryption products or adherence to Government
encryption criteria is required.

The attached chart provides a graphic representation of the
information and summary provided above.

CHART WITH-HELD AS SECRET PER NSA.

Source: 1996 EPIC Privacy Notebook, page c-44. FOIA by Marc Rotenberg - EPIC EPIC - Areas that remain secret are marked with XXXXX


All content COPYRIGHT SOFTWAR (C) 2000. Any reproduction or use of content herein must be approved by SOFTWAR.