Protecting Us from OurselvesIn 1973, one particularly secret branch of the American government, the National Security Agency, was asked to help establish a standard encryption scheme for nationwide use. Along with the supersecret National Reconnaissance Organization, which mostly handles America's spy satellites, the shadowy National Security Agency is one of the most clandestine parts of the American government. Charged with protecting America's secrets and penetrating foreign secrets, it was created surreptitiously, without congressional debate, by President Truman on Monday, December 29, 1952. For many years, the government even denied that it existed. Over forty years later, even the presidential memorandum authorizing its creation remains top secret. Not until Sunday, March 9, 1991, did the agency even deign to put up a sign in front of its headquarters in Fort Meade, Maryland.
The agency---which measures the number of its computers in acres and has, essentially, a city of fifty thousand people all to itself---reputedly has more computers than any other group on the planet. It allegedly produces twenty tons of classified waste per day and employs more high-powered mathematicians than anyone else in the world. It's much more secretive than, say, the Central Intelligence Agency, and has, it is rumored, ten times the budget. It's so secret that even the number of its employees is hidden. Some say that its initials NSA mean ``Never say anything''; others say they stand for ``No such agency.''
Of all the contenders for a standard encryption scheme back in 1973, the agency eventually chose one designed at IBM, which had invested seventeen person-years trying, unsuccessfully, to break it.
For fifteen years or more, some critics contended that IBM had been forced to put in the equivalent of a skeleton key to let the agency decrypt any encrypted information in the system without having a secret key. This belief was based on the secrecy surrounding the analysis of certain important parts of the system. Over two decades later, that secrecy is still intact. Critics also believed that the key length was too short. Although IBM had originally suggested a much longer one, the agency vetoed it. Of course, that made many critics even more suspicious. Many believed the agency wanted keys long enough for normal security but short enough for the government to break.
Yet despite those protests, nobody publicly broke the system, and in 1977 it became the United States Data Encryption Standard. Since then, it's received massive government funding and, despite many attacks, has apparently remained unbroken. Many institutions---banks, insurance companies, stock exchanges, hospitals---use it daily, rumors of insufficient key length and possible skeleton keys notwithstanding.
Fortunately, we now know that longer keys wouldn't make it significantly more secure, so it's possible that the government didn't seriously weaken it, if weaken it they did. Nonetheless, no one outside the highest government circles knows whether the system has a skeleton key. Curiously enough, the U.S. Department of Defense has never adopted it.