Standards for Data Security — a Change of Direction

Standards for data security - the achievement of acceptable privacy and integrity in data communication and storage - have been in preparation for the last fourteen years, beginning with the US Data Encryption Standard (DES). The DES was adopted as a US federal standard (1) in 1977, followed by adoption as an ANSI standard (2) in 1981. Since 1980 work has been in progress to develop a correspond- ing International Standards Organization (ISO) text. For most practical purposes the IS0 text was identical with the ANSI text; the only significant departure was that the eight parity bits allo- cated to the key in the US standard were left unallocated in the IS0 text. The responsible IS0 body was at first Technical Committee 97 (information processing), Working Group 1, TC97/WG1, which was foll- owed by Sub-Committee 20 (data cryptographic techniques) of TC97, TC97/SC20. In May 1986 a discussion, followed by are solution, took place in TC 97, meetingin Washington, as a result of which a refer- ence was made to the central governing body of IS0 on which all national member bodies are represented, IS0 Council, to decide whether it was wise to proceed to publication of the IS0 standard. The outcome of this reference was that IS0 Council decided to abandon work on the DES as a potential international standard. The decision was taken very late in the process of preparing the standard text, publication had been imminent.