NIST taps private sector for testing

The National Institute of Standards and Technology is preparing to release a request for information to expand private-sector participation in a pilot program testing methods to decode encrypted data.

The Emergency Access Demonstration Project is testing so-called key-recovery systems that make up the core technology embedded in the Clinton administration's controversial public-key recovery system announced in July. As proposed the system would allow organizations to voluntarily hand over their keys for accessing secured data to a trusted third party whom law enforcement agencies could then contact if given the legal authority such as a search warrant to access the data.

NIST is preparing the solicitations to learn more about how the private sector is using the technology and to encourage additional members of industry to participate in the project. Industry participants already in the project include GTE Corp. Netscape Communications Corp. Microsoft Corp. Lotus Development Corp. Motorola Inc. Tandem Computers Inc. Nortel Federal Systems Inc. and RSA among others.

"The government cannot dictate this market " said Bruce McConnell director of the Office of Management and Budget's Information Technology Branch. "The only way key recovery is going to come about is if there is a private-sector demand for it. We believe there is a market for this."

The $8 million demonstration project also is looking at several key-recovery systems. "We don't want to restrict it to just one method " said Patricia Edfors champion for security and privacy for the Government Information Technology Services Working Group. "It appears to us so far there are three or four ways to do it."

Edfors emphasized that the working group will not be recovering digital signature keys creating a key-management infrastructure limiting the technology used or mandating which cryptography is used.

Besides NIST agencies participating in the project include the departments of Energy Transportation and Treasury the Lawrence Livermore National Laboratory the Customs Service the National Technical Information Service the Social Security Administration and the Small Business Administration.

The projects include a diverse mix of federal government business applications. For example SSA will make available annual wage reporting forms via the Internet to 140 small businesses in Maryland and Connecticut. It also will provide users with a way to access Social Security benefit information.

SSA is the only agency providing public access to real data via the Internet said John Erwin program manager for electronic service delivery at SSA. Still the administration is grappling with how to secure on-line responses about benefit information.

"This agency is not in the business of opening up a data center for the world to look at records " he said. "Security is paramount. We need to know that the public is satisfied that we're protecting the movement of their very private information.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected