From: John Young <jya@pipeline.com>
To: cypherpunks@toad.com
Message Hash: 25200e5f9f85dd31c08f17349f319e88eceb0572dd3d73e86b142dedc959575f
Message ID: <199509271151.HAA03534@pipe4.nyc.pipeline.com>
Reply To: N/A
UTC Datetime: 1995-09-27 11:52:01 UTC
Raw Date: Wed, 27 Sep 95 04:52:01 PDT
From: John Young <jya@pipeline.com>
Date: Wed, 27 Sep 95 04:52:01 PDT
To: cypherpunks@toad.com
Subject: HP KEscrew
Message-ID: <199509271151.HAA03534@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain
The Wall Street Journal, Sept 27, 1995
Hewlett Lobbies for Its Encryption Plan That Would
Satisfy Tough Export Rules
By Don Clark
Hewlett-Packard Co. is pushing an unusual plan to
protect electronic transactions around the world
without running afoul of U.S. export laws.
The Palo Alto, Calif., computer maker said it has been
lobbying government agencies for more than a year to
gain support for its proposal, which uses a
data-scrambling technology to protect transactions
from tampering or theft of data. Strong encryption
technologies ordinarily fall under tough export rules
that limit technologies which could impede U.S.
wire-tapping capabilities, a source of continuing
friction between the government and high-technology
companies.
H-P, in a plan developed with the French company
Gemplus SCA, wants to split the code-making
technologies into two pieces that would be approved
under different government standards. One device,
which could fit in a standard computer, would contain
a basic encryption capability that is designed to be
broadly exported without the need to seek a separate
export license for each foreign user.
Would Help Industry
That device, dubbed an encryption engine, would be
useless without the addition of another tiny piece of
hardware that contains a code-making formula set at a
specific strength. The second device, called a policy
card, would be separately reviewed by the U.S. State
Department for each customer.
Government agencies, including codebreakers at the
National Security Agency, would still have a say over
the strength of encryption exports. But customers
could build commercial applications around the
proposed encryption engine, knowing that it will work
with any code-making formula that governments might
adopt in the future. Now they run the risk that their
work will become obsolete amid policy changes in
Washington, D.C., and other countries.
State Department officials weren't immediately
available for comment. Stewart Baker, a former NSA
general counsel who now practices law in Washington,
D.C., termed the H-P plan a clever answer to the
problem of shifting government policy.
"There was a lot of skepticism when H-P first proposed
it," said Lynn McNulty, a former encryption specialist
at the National Institute of Standards and Technology.
"But it looks to me that they are well on the way to
the next step."
H-P Confident of Approval
Doug McGowan, an H-P manager involved with the
project, said he expects to receive U.S. approval by
next year to begin shipping the encryption engine
freely to Western Europe and Canada. "We believe we
will receive relaxed export controls," he said.
H-P's plan fits some of the NSA's objectives. For one
thing, its technology embeds encryption technology in
microchips that can't easily be modified by computer
hackers or terrorists. H-P's policy cards also could
be adapted for a controversial Clinton administration
proposal called key escrow, in which mathematical keys
to break codes could be stored for later use by law
enforcement or intelligence agencies, Mr. McGowan
said.
The plan complements a parallel H-P effort to develop
a new generation of "smart" data cards to let
consumers buy goods and services around the world
electronically. Gemplus, a huge supplier of credit and
debit cards in Europe, is supplying technology to that
effort along with Informix Corp., a database software
maker in Menlo Park, Calif.
Jeff Hudson, an Informix vice president, said the
partners' proposed cards could store money and a
database worth of personal information, such as
medical records. That approach could eliminate the
need to connect to multiple companies or agencies to
manage such information, since it would be stored on
each card, the companies said.
[End]
Return to September 1995
Return to “John Young <jya@pipeline.com>”
1995-09-27 (Wed, 27 Sep 95 04:52:01 PDT) - HP KEscrew - John Young <jya@pipeline.com>