From: Michael Elder <melder@descartes.coker.edu>
Date: Sat, 28 Feb 1998 11:21:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: HP Crypto Export
Message-ID: <3.0.2.32.19980228141822.006aee98@descartes.coker.edu>
MIME-Version: 1.0
Content-Type: text/plain



>From the NY Times online (www.nytmes.com)

February 28, 1998




Hewlett-Packard Granted License
For Encryption System 

By PETER WAYNER 

The Commerce Department has granted Hewlett-Packard an export license for
its VerSecure encryption architecture allowing the company and its
licensees to export strong encryption tools, the company announced Friday.
The catch is that the products must take their orders from a central
computer system that will dictate how all the products will behave in each
country. 

The company hopes that the solution would break the deadlock between the
Clinton Administration, which continues to restrict the export of secure
computer technology throughout the world, and the computer industry, which
contends that foreigners are not interested in buying products that don't
protect their secrets. 

The new solution effectively disconnects the problem of distributing
encryption technology from the process of determining the policy for
government access to information. The heart is a new class of trusted
hardware cards and chips that take their orders from a central company
known as a Security Domain Authority or SDA. In countries, like France,
that require people to keep a record of keys for unlocking data, the SDA
would only allow the computers to encrypt information if it complied with
the laws. In countries with no laws about encryption usage like the United
States, Germany and Great Britain, the SDA would allow users to encrypt in
whatever manner they choose. 



------------------------------------------------------------------------
"It is very hardware-specific with the flexibility of software and that
gives us a lot of strength in terms of tamper resistance" 

Feisal Mosleh, 
business development manager at Hewlett-Packard 


------------------------------------------------------------------------



Hewlett-Packard sees the solution as a win for the industry, which will be
able to build one set of hardware and software that can be shipped
throughout the world. The SDA's will set the local rules because the
computers will not encrypt information without first getting permission
from the SDA.

Doug McGowan, one of the director of Hewlett-Packard's efforts, said in a
telephone interview, "Never before has a general purpose cryptography tool
been exportable from the United States, with or without key recovery. We're
opening a huge market for American industry to enable commerce on a
worldwide basis." 

The price for this flexibility is the need for specialized hardware that
treats the SDA as its master. In an ordinary computer, the owner can
control all aspects of what the computer does. This extra hardware will
raise the price of machines and is bound to be more expensive than software
which can be distributed at minimal cost. 

Feisal Mosleh, a business development manager at Hewlett-Packard, pointed
out that specialized hardware can offer faster performance and more
security. "It is very hardware-specific with the flexibility of software
and that gives us a lot of strength in terms of tamper resistance" he said
in a phone interview.

Many security experts continue to point out that general-use microcomputers
and their operating systems are dangerously insecure. In one recent attack,
hackers were able to begin transfers from a bank account by manipulating
accounting software. Off-loading the process to specialized hardware makes
it simpler to ensure that the system is secure because the special hardware
has only one job.

Hewlett-Packard says that it is licensing the architecture to a number of
different computer vendors and announced that IBM, Motorola, CertCo,
Trusted Information System, Microsoft and RSA Data Securities had already
signed licenses. The vendors will be free to choose how they implement the
special computer hardware, but most will probably use firmware with an
embedded microprocessor. The initial version will reportedly include DES,
triple-DES, RSA, RC2, RC4 and Diffie-Hellman algorithms. Each of these
solutions can be sped up by specialized hardware, but only a general
microprocessor can handle all of them with equal agility. 

The specialized hardware will also be tamper-proof to prevent people from
circumventing the commands of the SDA. When an encryption card is first
started up, it cannot begin working until it has received instructions from
an SDA in its country. This information is contained in a "policy token."
Joe Beyers, general manager of Hewlett-Packard's Internet Software business
unit, explained, "The token says, 'You can use this amount of key, this
amount of strength for this amount of time.'"

Beyers went on to say, "The aspect of time allows the government to evolve
their policy. Time limits are one of the attributes that made it attractive
to the U.S. government." It would be possible for a government to change
policy with the system from time to time, perhaps forcing citizens to use
long keys in time of war to protect themselves and then relaxing the policy
after peace emerged. 

In the current plan, policy tokens would be good for one year, forcing
computers to re-register with an SDA in order to keep working. The SDA
would have no control of a token after it was issued and would only be able
to change policies at the renewal. 

The relationship between the SDA and the key recovery program is more
difficult to describe. The SDA would not keep any records of any keys that
would allow the police to eavesdrop on calls. But the policy tokens would
force the embedded hardware to obey the local laws that might include key
recovery. The FBI has asked Congress to mandate key recovery systems that
give it clear access to all communications. 

The yearly interrogation between the SDA and the individual computers does
not mean that the system will be foolproof. Someone could simply carry a
laptop from a country that allows personal privacy to a country with more
invasive laws and use it freely until the policy token runs out. Also, it
may be possible to spoof the token authorization procedure by pretending
that the request came from one country instead of another. 

Some critics found the use of special hardware to be problematic. Jim
Lucier, a policy analyst for the Americans for Tax Reform, a Republican
think tank, pointed out that specialized hardware was ignored by the
marketplace in the past. "None of it ever works" he said, "because the more
obvious solution, which is end-to-end encryption, is already there."

Lucier also pointed out that specialized hardware is more complicated to
engineer and much more expensive to distribute than software. "Atoms cost
more than bits, it just comes down to that," he said. In a press conference
Friday morning, Beyers promised that the new hardware was "months, not
years away" and also promised that the hardware costs would be as low as
possible. 

Marc Rotenberg, director of the Electronic Privacy Information Center,
suggested that replacing the current export control bureaucracy with a
network of SDA's was not a significant advance. "Government efforts to
regulate crypto will only slow the development of commerce," he said.

In fact, the decision by the United States government to grant a license to
Hewlett-Packard's architecture is far from liberating. Companies making
VerSecure products can only ship them to countries approved by the United
States government, a list which at this time is limited to the United
Kingdom, Germany, France, Denmark and Australia. More countries will become
open if and when they create an SDA infrastructure that is acceptable to
the United States. 

Hewlett-Packard has gone to great lengths to prevent rogue nations from
setting up their own unauthorized SDA's by cloning hardware. The
infrastructure uses CertCo's secure certificate servers to restrict the
ability to create the software necessary to build the tokens. Beyers says
that no one person at Hewlett-Packard has the ability to do this in order
to reduce the potential for corruption and theft.

Hewlett-Packard is also working heavily with foreign countries to assure
them that the system does not include back doors that might be accessible
by the United States government. Beyers said that the company had retained
an international group of cryptographic experts to vet the system and allay
any fears of hidden back doors. 

A press release from Hewlett-Packard quoted William A. Reinsch,
undersecretary of commerce, as saying, "We are pleased to support HP's
effort to develop and market encryption products that encourage the use of
key recovery in providing robust, secure encryption. This approval and our
ongoing dialogue with the industry are consistent with the Clinton
Administration's goal of allowing the market to develop recoverable
encryption products."

Peter Wayner at pwayner@nytimes.com welcomes your comments and suggestions.


Copyright 1998 The New York Times Company