For every opportunity presented by the information age, there is an opening to invade the privacy and threaten the security of the nation, U.S. businesses, and citizens in their private lives. The more information that is transmitted in computer-readable form, the more vulnerable we become to automated spying. It's been estimated that some 10 billion words of computer-readable data can be searched for as little as $1. Rival companies can glean proprietary secrets, anti-U.S. terrorists can research targets, network hackers can do anything from charging purchases on someone else's credit card to accessing military installations. With patience and persistence, numerous pieces of data can be assembled into a revealing mosaic. "Cryptography's Role in Securing the Information Society" addresses the urgent need for a strong national policy on cryptography that promotes and encourages the widespread use of this powerful tool for protecting of the information interests of individuals, businesses, and the nation as a whole, while respecting legitimate national needs of law enforcement and intelligence for national security and foreign policy purposes. This book presents a comprehensive examination of cryptography - the representation of messages in code - and its transformation from a national security tool to a key component of the global information superhighway. The committee enlarges the scope of policy options and offers specific conclusions and recommendations for decision makers. "Cryptography's Role in Securing the Information Society" explores how all of us are affected by information security issues: private companies and businesses; law enforcement and other agencies; people in their private lives.This volume takes a realistic look at what cryptography can and cannot do and how its development has been shaped by the forces of supply and demand. How can a business ensure that employees use encryption to protect proprietary data but not to conceal illegal actions? Is encryption of voice traffic a serious threat to legitimate law enforcement wiretaps? What is the systemic threat to the nation's information infrastructure? These and other thought-provoking questions are explored. "Cryptography's Role in Securing the Information Society" provides a detailed review of the Escrowed Encryption Standard (known informally as the Clipper chip proposal), a federal cryptography standard for telephony promulgated in 1994 that raised nationwide controversy over its "Big Brother" implications.The committee examines the strategy of export control over cryptography: although this tool has been used for years in support of national security, it is increasingly criticized by the vendors who are subject to federal export regulation. The book also examines other less well known but nevertheless critical issues in national cryptography policy such as digital telephony and the interplay between international and national issues. The themes of "Cryptography's Role in Securing the Information Society" are illustrated throughout with many examples - some alarming and all instructive - from the worlds of government and business as well as the international network of hackers. This book will be of critical importance to everyone concerned about electronic security: policymakers, regulators, attorneys, security officials, law enforcement agents, business leaders, information managers, program developers, privacy advocates, and Internet users.

Average Customer Review: ( 3 customer reviews )
Write an online review and share your thoughts with other customers.

It has two flaws, one minor and inevitable, the other more serious. The first stems from the fact that the National Research Council undertakes studies like this only at the request of the US government. The federal government is notorious for its belief that anything worth saying should be said in the dullest possible bureaucratese. I know the staff members who produced the actual text of this book; they are excellent writers, and did their best to make the book readable within the constraints imposed by government mindset, but it's still dull and tedious to read. Compared to the Federal Register, however, it's a model of expository clarity.

The second flaw is the very cursory treatment given to one of the most serious problems in using cryptography for information security. The great majority of civilian computers, and even some military computers, are vulnerable to a wide variety of viruses, worms and trojan horses, and in most cases the users and system administrators are unaware of how vulnerable they are.

Cryptography is completely useless as a protective mechanism if cleartext or keys can be retrieved and transmitted from an originating or destination computer by a program inserted by an attacker. Equally serious, if the attacker substitutes trojan horse code for the encipherment/decipherment techniques employed, the whole system is wide open. I regard this as the current greatest weakness in the use of cryptography for information security, except within certain parts of the military. I dn't have any good ideas at all about how to plug this weakness, but it deserves much more careful attention than it gets in this book. If you are responsible for any aspect of computer or communications security, think hard about this problem.

4 of 4 found the following review helpful:

A valuable reference.Nov 27, 1999
By Adam Scoville
A thorough, and unbiased inquiry, commissioned by congress, of the importance of cryptography to the information economy. Still highly useful, despite being increasingly dated.

3 of 3 found the following review helpful:

Not obsolete yetJan 29, 2000
By J. G. Heiser
Excellent overview of social & organizational issues that affect use of encryption. Some of the material is becoming quickly dated, but the chapters on "Roles, Market & Infrastructure," "Crypto Primer," "Public Key Infrastructure," and "[Applicability of Encryption by] Industry" will be useful for years.