The NSA has stated that it has no objection to the use of secure
cryptography by U.S. industry. It also has no objection to
cryptographic tools used for authentication, as opposed to privacy.
However, the NSA is widely viewed as following policies that have the
practical effect of limiting and/or weakening the cryptographic tools
used by law-abiding U.S. citizens and corporations.
The NSA exerts influence over commercial cryptography in several ways.
First, it controls the export of cryptography from the U.S. (see Question
3.1.6); the NSA generally does not approve export of products
used for encryption unless the key size is strictly limited. It does,
however, approve for export any products used for authentication only, no
matter how large the key size, so long as the product cannot be converted
to be used for encryption. The NSA has also blocked encryption methods from
being published or patented, citing a national security threat.
Additionally, the NSA serves an ``advisory'' role to NIST in the evaluation
and selection of official U.S. government computer security standards; in
this capacity, it has played a prominent, and controversial, role in the
selection of DES and in the development of the group of standards known as
the Capstone project (see Section 6), which includes DSS and the Clipper
chip. The NSA can also exert market pressure on U.S. companies to produce
(or refrain from producing) cryptographic goods, since the NSA itself is
often a large customer of these companies.
Cryptography is in the public eye as never before and has become the subject of national public debate. The status of cryptography, and the NSA's role in it, will probably change over the next few years.