1996-11-16 - Re: San Jose Mercury News declares encryption battle over

Header Data

From: Hal Finney <hal@rain.org>
To: junger@pdj2-ra.F-REMOTE.CWRU.Edu
Message Hash: 18a858b5b62f16d217cf0c2697f24adebb8b8e009dd33e990a2abdb19db56be7
Message ID: <199611161913.LAA01571@crypt.hfinney.com>
Reply To: N/A
UTC Datetime: 1996-11-16 19:14:09 UTC
Raw Date: Sat, 16 Nov 1996 11:14:09 -0800 (PST)

Raw message

From: Hal Finney <hal@rain.org>
Date: Sat, 16 Nov 1996 11:14:09 -0800 (PST)
To: junger@pdj2-ra.F-REMOTE.CWRU.Edu
Subject: Re: San Jose Mercury News declares encryption battle over
Message-ID: <199611161913.LAA01571@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


>From the article
	<URL:http://www.sjmercury.com/business/compute/encrypt1115.htm>:

> Under the plan computer makers could equip their machines, including
> personal computers, with electronic ''locks'' of almost any strength. A
> single computer model with strong built-in encryption could legally be
> sold in both domestic and foreign markets.
> 
> The key is that the encryption circuitry would be inactive in exported
> machines, unless both buyer and seller obtained all legally required
> licenses to turn it on.
> 
> Domestic customers, and export buyers with a license, would get a special
> key card to turn on the encryption, according to HP. Manufacturers would
> thus be relieved of the burden of making different computers for export
> than for domestic use.

So it sounds like the idea is to build crypto around card tokens.  I think
HP has been pushing this for some time.  The question is, will this somehow
become the only way to get access to crypto?

Unlike the earlier IBM/CIA announcement, this time Netscape and Microsoft
have apparently been brought on board.  That is a lot worse because these
companies are where most people are going to get their crypto in the future.
If they have open standards, we can make good crypto available.  But if
this announcement signals some kind of closing of the system so that only
hardware tokens will be used, it could become a lot harder to make strong
crypto available.

There are also the economic questions about how much these key cards are
going to cost, and whether they are going to be routinely supplied with
computers or an extra cost item that consumers have to go out and buy.
If the latter, a lot of people won't bother, and we'll just have that much
larger a barrier to widespread use of crypto.

It is certainly very disturbing to see these new moves.  Obviously a great
deal of behind the scenes negotiations and pressure has been occuring.
You have to wonder why Netscape, for example, would forego the opportunity
to differentiate themselves from rival Microsoft by positioning their product
as the one which refuses to bow to government pressure on crypto.

It's also not clear what the hardware manufacturers get out of this.
Their sales overseas have never been blocked.  There has been no demand
for custom crypto hardware.  I don't see how they have been harmed by an
inability to ship computers with built-in encryption hardware.  Granted
there are some possible applications for such systems but I don't see the
market demand which would drive this decision.

Hal





Thread