STATEMENT The principal issue is the extent to which national security concerns should influence research, commercial development, publication, or discussion of cryptography in the non-governmental arena. This growing non-governmental interest in cryptography has been generated in part in the course of specific or general research (in some cases funded by the Government), and in some cases in pursuit of a commercial interest in developing cryptographic or other. telecommunications protection devices or systems, particularly those associated with computer or data transmissions. In some instances, increased activity in cryptography by persons and institutions in the non-governmental arena may have commercial and academic benefits. Work directly in cryptography or in related fields may have a beneficial impact on developments in mathematics, computer science, and engineering which have potential benefits to fields apart from cryptography. If aimed at recognized customer needs, some products developed in the course of this - activity can experience a commercial success and may provide meaningful telecommunications protection useful for both non-governmental and some governmental purposes. Although governmental efforts in the cryptologic sciences have traditionally led private efforts, private efforts may develop new techniques or insights that would benefit broader governmental interests. At the same time, however, extensive public work in cryptography and related fields can have a significant potential adverse impact in a number of related ways on the national security. This risk may become greater to the extent that work moves away from pure research into development and application. The first area of concern relates to the ability of the United States Government to gather foreign intelligence from the communications of foreign governments or other foreign parties. As information relative to cryptography proliferates, our potential sources of intelligence are reduced by making foreign governments or other foreign parties aware that their cryptographic systems are vulnerable to attack or by encouraging them to develop or adopt more sophisticated systems that are much more difficult for the United States to exploit. There is a second general area in which extensive work in public cryptography may have an adverse impact on our national security. Substantial work in the cryptographic and cryptanalytic fields, together with a wide-spread dissemination of resulting discoveries, could lead to the publication of cryptographic principles or applications similar to those used by the United States Government. Such work may enable foreign powers to more successfully engage in cryptanalytic attack upon U.S. telecommunications. [White House statement] 16 FEB 1979 1. 2. NATIONAL TELECOMMUNICATIONS PROTECTION POLICY The President has reviewed the results of the NSC Special The National Telecommunications Protection Policy shall a. b. C. d. Government classified information relating to Unclassified information transmitted by and between Nongovernmental information that would be useful to As a precautionary measure, the responsible agencies Further, the laws which protect against criminal The following activities should be pursued in support of a. The private sector telecommunications carriers should 2 4. b. C. d. The Secretary of Defense shall initiate through the industrial security mechanism, new and improved personal and telecommunications security measures among business organizations holding classified defense contracts. All departments and agencies shall revitalize programs of security training for U.S. government personnel who use telephones and other means of communication for both unclassified and classified purposes. Subject to continuous review of available technology (1) The Government shall conduct a multifaceted (2) (3) Phase I and II of the DUCKPINS cable program shall be completed as soon as possible. Executive Secure Voice Network (ESVN) systems shall be installed when appropriate high priority requirements can be validated. Management and policy review responsibilities for telecommunication protection, shall be organized as follows: a. The NSC Special Coordination Committee (SCC) shall 3 . b. C. d. f. and agencies: State, Treasury, Justice, Commerce, National Security Agency, and the National Security The Secretary of Defense shall act as the Executive The Secretary of Commerce shall act as the Executive Agent for Communications Protection for governmentderived unclassified information (excluding that relating to national security) and for dealing with the commercial and private sector to enhance their communications protection and privacy. It is recognized that there will be some overlap between the responsibilities of the Executive Agents, in that Defense will continue to provide some noncryptographic protection for government-derived unclassified information as it does now, and Commerce will have responsibilities in commercial application of cryptographic technology. The subcommittee will review such areas on a case-by-case basis and attempt to minimize any redundancies. The subcommittee should choose a future implementation strategy based on cost-benefit analysis, legal -considerations, and regulatory policy. The heads of all departments and agencies of the Federal Government shall organize and conduct their communications security and emanations-security activities as they see fit, subject to the provisions of law, the provisions of this policy and other applicable directives, and the decisions of the subcommittee. Nothing in this policy relieves the heads of the individual departments and agencies of their responsibilities for executing all measures required to assure the security of federal telecommunications and the control of compromising emanations. |