Cryptography's Role in Securing the Information Society [Hardcover]

Committee to Study National Cryptography Policy (Author), National Research Council (Author), Kenneth W. Dam (Editor), Herbert S. Lin (Editor)

Book Description

Publication Date: October 25, 1996

For every opportunity presented by the information age, there is an opening to invade the privacy and threaten the security of the nation, U.S. businesses, and citizens in their private lives. The more information that is transmitted in computer-readable form, the more vulnerable we become to automated spying. It's been estimated that some 10 billion words of computer-readable data can be searched for as little as $1. Rival companies can glean proprietary secrets, anti-U.S. terrorists can research targets, network hackers can do anything from charging purchases on someone else's credit card to accessing military installations. With patience and persistence, numerous pieces of data can be assembled into a revealing mosaic. "Cryptography's Role in Securing the Information Society" addresses the urgent need for a strong national policy on cryptography that promotes and encourages the widespread use of this powerful tool for protecting of the information interests of individuals, businesses, and the nation as a whole, while respecting legitimate national needs of law enforcement and intelligence for national security and foreign policy purposes. This book presents a comprehensive examination of cryptography - the representation of messages in code - and its transformation from a national security tool to a key component of the global information superhighway. The committee enlarges the scope of policy options and offers specific conclusions and recommendations for decision makers. "Cryptography's Role in Securing the Information Society" explores how all of us are affected by information security issues: private companies and businesses; law enforcement and other agencies; people in their private lives.This volume takes a realistic look at what cryptography can and cannot do and how its development has been shaped by the forces of supply and demand. How can a business ensure that employees use encryption to protect proprietary data but not to conceal illegal actions? Is encryption of voice traffic a serious threat to legitimate law enforcement wiretaps? What is the systemic threat to the nation's information infrastructure? These and other thought-provoking questions are explored. "Cryptography's Role in Securing the Information Society" provides a detailed review of the Escrowed Encryption Standard (known informally as the Clipper chip proposal), a federal cryptography standard for telephony promulgated in 1994 that raised nationwide controversy over its "Big Brother" implications.The committee examines the strategy of export control over cryptography: although this tool has been used for years in support of national security, it is increasingly criticized by the vendors who are subject to federal export regulation. The book also examines other less well known but nevertheless critical issues in national cryptography policy such as digital telephony and the interplay between international and national issues. The themes of "Cryptography's Role in Securing the Information Society" are illustrated throughout with many examples - some alarming and all instructive - from the worlds of government and business as well as the international network of hackers. This book will be of critical importance to everyone concerned about electronic security: policymakers, regulators, attorneys, security officials, law enforcement agents, business leaders, information managers, program developers, privacy advocates, and Internet users.

Editorial Reviews

Book Description

For every opportunity presented by the information age, there is an opening to invade the privacy and threaten the security of the nation, U.S. businesses, and citizens in their private lives. The more information that is transmitted in computer-readable form, the more vulnerable we become to automated spying. It's been estimated that some 10 billion words of computer-readable data can be searched for as little as $1. Rival companies can glean proprietary secrets . . . anti-U.S. terrorists can research targets . . . network hackers can do anything from charging purchases on someone else's credit card to accessing military installations. With patience and persistence, numerous pieces of data can be assembled into a revealing mosaic. Cryptography's Role in Securing the Information Society addresses the urgent need for a strong national policy on cryptography that promotes and encourages the widespread use of this powerful tool for protecting of the information interests of individuals, businesses, and the nation as a whole, while respecting legitimate national needs of law enforcement and intelligence for national security and foreign policy purposes. This book presents a comprehensive examination of cryptography--the representation of messages in code--and its transformation from a national security tool to a key component of the global information superhighway. The committee enlarges the scope of policy options and offers specific conclusions and recommendations for decision makers. Cryptography's Role in Securing the Information Society explores how all of us are affected by information security issues: private companies and businesses; law enforcement and other agencies; people in their private lives. This volume takes a realistic look at what cryptography can and cannot do and how its development has been shaped by the forces of supply and demand. How can a business ensure that employees use encryption to protect proprietary data but not to conceal illegal actions? Is encryption of voice traffic a serious threat to legitimate law enforcement wiretaps? What is the systemic threat to the nation's information infrastructure? These and other thought-provoking questions are explored. Cryptography's Role in Securing the Information Society provides a detailed review of the Escrowed Encryption Standard (known informally as the Clipper chip proposal), a federal cryptography standard for telephony promulgated in 1994 that raised nationwide controversy over its "Big Brother" implications. The committee examines the strategy of export control over cryptography: although this tool has been used for years in support of national security, it is increasingly criticized by the vendors who are subject to federal export regulation. The book also examines other less well known but nevertheless critical issues in national cryptography policy such as digital telephony and the interplay between international and national issues. The themes of Cryptography's Role in Securing the Information Society are illustrated throughout with many examples -- some alarming and all instructive -- from the worlds of government and business as well as the international network of hackers. This book will be of critical importance to everyone concerned about electronic security: policymakers, regulators, attorneys, security officials, law enforcement agents, business leaders, information managers, program developers, privacy advocates, and Internet users.

About the Author

Kenneth W. Dam and Herbert S. Lin, Editors, Committee to Study National Cryptography Policy, National Research Council

Product Details

• Hardcover: 720 pages
• Publisher: National Academies Press (October 25, 1996)
• Language: English
• ISBN-10: 0309054753
• ISBN-13: 978-0309054751
• Product Dimensions: 9.3 x 6.3 x 2 inches
• Shipping Weight: 3 pounds (View shipping rates and policies)
• Average Customer Review: 3.7 out of 5 stars  See all reviews (3 customer reviews)
• Amazon Best Sellers Rank: #1,793,344 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

4 of 4 people found the following review helpful:

4.0 out of 5 stars Essential, but with two flaws, February 21, 2001

By 

Victor A. Vyssotsky "mandvav" (Orleans, MA USA) - See all my reviews
(REAL NAME)   

This review is from: Cryptography's Role in Securing the Information Society (Hardcover)

This book, prepared by the Committee to Study National Cryptography Policy of the Computer Science and Telecommunications Board of the National Research Council, is essential reading for anybody concerned with the role of crytography in information security. Written by experts, it surveys the topic dispassionately, and makes wise recommendations. No technical knowledge is required to read it, so it is suitable for everyone from policymakers to techies.

It has two flaws, one minor and inevitable, the other more serious. The first stems from the fact that the National Research Council undertakes studies like this only at the request of the US government. The federal government is notorious for its belief that anything worth saying should be said in the dullest possible bureaucratese. I know the staff members who produced the actual text of this book; they are excellent writers, and did their best to make the book readable within the constraints imposed by government mindset, but it's still dull and tedious to read. Compared to the Federal Register, however, it's a model of expository clarity.

The second flaw is the very cursory treatment given to one of the most serious problems in using cryptography for information security. The great majority of civilian computers, and even some military computers, are vulnerable to a wide variety of viruses, worms and trojan horses, and in most cases the users and system administrators are unaware of how vulnerable they are.

Cryptography is completely useless as a protective mechanism if cleartext or keys can be retrieved and transmitted from an originating or destination computer by a program inserted by an attacker. Equally serious, if the attacker substitutes trojan horse code for the encipherment/decipherment techniques employed, the whole system is wide open. I regard this as the current greatest weakness in the use of cryptography for information security, except within certain parts of the military. I dn't have any good ideas at all about how to plug this weakness, but it deserves much more careful attention than it gets in this book. If you are responsible for any aspect of computer or communications security, think hard about this problem.

4 of 4 people found the following review helpful:

3.0 out of 5 stars A valuable reference., November 26, 1999

By 

Adam Scoville (Denver, CO USA) - See all my reviews
(REAL NAME)   

This review is from: Cryptography's Role in Securing the Information Society (Hardcover)

A thorough, and unbiased inquiry, commissioned by congress, of the importance of cryptography to the information economy. Still highly useful, despite being increasingly dated.

3 of 3 people found the following review helpful:

4.0 out of 5 stars Not obsolete yet, January 28, 2000

By 

J. G. Heiser (Sunninghill, Berks) - See all my reviews
(REAL NAME)   

This review is from: Cryptography's Role in Securing the Information Society (Hardcover)

Excellent overview of social & organizational issues that affect use of encryption. Some of the material is becoming quickly dated, but the chapters on "Roles, Market & Infrastructure," "Crypto Primer," "Public Key Infrastructure," and "[Applicability of Encryption by] Industry" will be useful for years.