Commerce group to release key-recovery draft plan

A group in the Commerce Department expects to release soon a draft standard on key recovery, a system that enables users to recover encrypted data through a so-called back door should they lose their key.

The Technical Advisory Committee (TAC) to Develop a Federal Information Processing Standard for the Federal Key Management Infrastructure for Requirements for Key-Recovery Products has submitted a draft standard and plans to release for comment a document that offers guidance on how to ensure that applications using different key-recovery systems—or none at all—can continue to interoperate, and that product security and interoperability can be evaluated by government-certified labs.

As agencies increasingly turn to encryption to protect information stored in databases or sent over the Internet, the government has recognized the need for a standardized approach to key recovery, making the need for a standard clear, said Steve Kent, chief technical officer of GTE CyberTrust and TAC chairman.

"Any organization using encryption technology to protect stored data would be negligent if it didn't have a key-recovery plan," he said. The motivations for key recovery with communications arise from law enforcement and national security needs.

The concept "is important enough that some form of standard will have to be developed, either...a FIPS or something equivalent," agreed Richard Guida, the Government Information Technology Services Board's security champion.

The Defense Department, which in the past has expressed support of federal key-recovery standards efforts, recognizes the importance of key recovery but has not yet worked through all the policy elements, such as where the process will be mandatory, said Richard Schaeffer, the director of infrastructure and information assurance within the Office of the Assistant Secretary of Defense for Command, Control, Communications and Intelligence.

The technology-neutral draft standard proposes a set of functions that any compliant key-recovery system must meet, Kent said. This allows for modular key-recovery systems composed of multiple products, each of which may manage a different function, to meet the standard. Each function corresponds to a set of security requirements.

The report also sets interoperability requirements, primarily applicable to end-user products, Kent said. It is imperative that the introduction of key-recovery features into products not "break the interoperability" the products would otherwise have had, he said. But the proposed specification does not attempt to guarantee the overall security of key-recovery systems.

The document also defines three levels of assurance requirements so a lab can determine if a product manages security functions properly with a level of assurance, Kent said.

Vendors already are including key-recovery features in their products and services. VeriSign Inc., for example, started shipping a key-recovery service this quarter as part of its Onsite offering, said Nick Piazzola, the company's vice president for federal markets.

The last big debate about key recovery occurred in the context of the ill-fated Clipper chip initiative. The program was introduced in 1993 to give law enforcement agents access to the keys needed to unscramble encrypted data.