From: Will Rodger <rodger@interramp.com>
Date: Thu, 25 Jul 1996 07:54:18 +0800
To: cypherpunks@toad.com
Subject: Shell buys key escrow system from Trusted Info. Systems
Message-ID: <1.5.4.32.19960724205204.006741a0@pop3.interramp.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Administration officials didn't return calls for comment, but it's clear
that the Clinton-Gore team have their first "testbed" for trying out key
recovery, or key escrow, proposals.

Steven Walker, president of Glenwood, Md.'s Trusted Information Systems
Inc., told Inter@ctive Week late last week that TIS will supply his
company's Gauntlet Firewall technology, complete with commercial key escrow
capabilities, to an a large multinational with headquarters outside the
United States. The multinational company will self-escrow, that is handle
all encryption keys itself, in cooperation with the British government,
sources close to the deal said. 

Walker declined to name the company, but several Washington-based sources
confirmed the buyer is Royal Dutch Shell.

The deal represent the first time that a foreign buyer has purchased a US
key escrow product  without escrowing keys in the US. Indeed, TIS has sold
only one other system for export abroad, one which involved communications
between the US and the UK with US key escrow.

Walker, widely credited with devising the controversial commerical key
escrow system now being promoted by the current administration, claimed
"there really is an important issue here in finding a balance between the
interest of government and those of industry. A policy that says anyone who
wants to export strong encryption as long as there is key recovery is an
important development."

The success of the deal and others like it could figure heavily in the
Clinton administration's ability to sell it its latest proposals on
commercial key escrow; a recent report from the National Research Council
recently warned that such efforts were unproven and required serious
examiniation before they could be deployed. Long-time critics of the
proposal have, in turn, leveled the same criticisms.

Jim Bidzos, President of RSA Data Security Inc. and a long-time foe of
administration policy said he doubted the market would rush to purchase
products like Trusted Information Systems,' but said he was slightly more
hopeful for a resolution to the controversy than he had been previously.

"I've said all along that user key escrow is the only thing that makes
sense," Bidzos said. Users who hold their own keys "can comply with any
regulation in the world - if you want to give your keys to France or whoever
you can - that's your business. If it's good enough for the CIO, it's good
enough for the CIA."

Royal Dutch Shell officials said security considerations forbade confirming
a sale had been made, but freely admitted to having had talks with TIS. The
company's interest key escrow, computer security head Nick Mansfield said,
lay principally in getting access to records after keys had been lost,
stolen or otherwise disabled.

The Gauntlet firewall, nonetheless, encrypts and decrypts messages as they
arrive; it does not store messages in encrypted form.

"To us it's not a matter of 'going along' with key escrow, it's a matter of
doing business," Mansfield said.

*********

A shorter, slightly less jargon-laden  version of this story appeared in the
7/22 issue o fInter@ctive Week. An archived copy should be on our site
(http://www.zdnet.com/intweek)  by week's end.


Will Rodger
Washington Bureau Chief
Inter@ctive Week

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfa2sUcByjT5n+LZAQE4nAf7BA5X2f3LX1KQXXygkYtaGWc6qMgDEFWA
cYlQNtVw+KS+h8hNRmpZ4KWaUJS1iwHPfwaS0XqI40gVGyZE2mYBmF6RybAkLKKV
zGXEyIlAVxKOz2FsRQ35Tg1VV5Y8NaL+YxK3uUcutLHBK/Vxq7iLcnaqRn2klfYM
6ImSKecHMU2NzaB8JGIIJbAuG7NpGmLj/O4BEP3ccoNeA3NQ1fIAujMyL12gbdPF
TUZVUOLsj5eHG1dwqRmSUdsNHcwYoQ6WFX2waIdot0Ia/nph/ERpliVjkccIsKsz
q+qDeH0fz3ZoENS/zqUy9ilHwLcAdMoiyQzlm06dZBRf+O9rqpDjKA==
=RJjm
-----END PGP SIGNATURE-----