Cryptographic methods should be trustworthy in order to generate confidence in the use of information and communications systems. Users should have a right to choose any cryptographic method, subject to applicable law. Cryptographic methods should be developed in response to the needs, demands and responsibilities of individuals, businesses and governments. Technical standards, criteria and protocols for cryptographic methods should be developed and promulgated at the national and international level. The fundamental rights of individuals to privacy, including secrecy of communications and protection of personal data, should be respected in national cryptography policies and in the implementation and use of cryptographic methods. National cryptography policies may allow lawful access to plaintext, or cryptographic keys, of encrypted data. These policies must respect the other principles contained in the guidelines to the greatest extent possible. Whether established by contract or legislation, the liability of individuals and entities that offer cryptographic services or hold or access cryptographic keys should be clearly stated. Governments should co-operate to co-ordinate cryptography policies. As part of this effort, governments should remove, or avoid creating in the name of cryptography policy, unjustified obstacles to trade.
Key recovery systems are inherently less secure, more costly, and more difficult to use than similar systems without a recovery feature. The massive deployment of key-recovery-based infrastructures to meet law enforcement's specifications will require significant sacrifices in security and convenience and substantially increased costs to all users of encryption. Furthermore, building the secure infrastructure of the breathtaking scale and complexity that would be required for such a scheme is beyond the experience and current competency of the field, and may well introduce ultimately unacceptable risks and costs. Attempts to force the widespread adoption of key recovery through export controls, import or domestic use regulations, or international standards should be considered in light of these factors. We urge public debate to carefully weigh the costs and benefits of government-access key recovery before these systems are deployed. Abelson, Anderson, Bellovin, Benaloh, Blaze, Diffie, Gilmore, Neumann, Rivest, Schiller, Schneier. http://www.crypto.com/key_study/report.shtml
Their estimate of the cost of compliance ranges from $200,000,000 to $2,000,000,000 -- an order of magnitude difference. The total size of the (U.S.) encryption market in 1996 was $500,000,000-1,000,000,000. Taking the geometric mean of both estimates, we find that the cost of GAK is only slightly smaller ($632,000,000) than the total market size ($707,000,000).
Joseph M. Reagle
