1995-09-27 - HP KEscrew

Header Data

From: John Young <jya@pipeline.com>
To: cypherpunks@toad.com
Message Hash: 25200e5f9f85dd31c08f17349f319e88eceb0572dd3d73e86b142dedc959575f
Message ID: <199509271151.HAA03534@pipe4.nyc.pipeline.com>
Reply To: N/A
UTC Datetime: 1995-09-27 11:52:01 UTC
Raw Date: Wed, 27 Sep 95 04:52:01 PDT

Raw message

From: John Young <jya@pipeline.com>
Date: Wed, 27 Sep 95 04:52:01 PDT
To: cypherpunks@toad.com
Subject: HP KEscrew
Message-ID: <199509271151.HAA03534@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The Wall Street Journal, Sept 27, 1995


   Hewlett Lobbies for Its Encryption Plan That Would
   Satisfy Tough Export Rules

   By Don Clark


   Hewlett-Packard Co. is pushing an unusual plan to
   protect electronic transactions around the world
   without running afoul of U.S. export laws.

   The Palo Alto, Calif., computer maker said it has been
   lobbying government agencies for more than a year to
   gain support for its proposal, which uses a
   data-scrambling technology to protect transactions
   from tampering or theft of data. Strong encryption
   technologies ordinarily fall under tough export rules
   that limit technologies which could impede U.S.
   wire-tapping capabilities, a source of continuing
   friction between the government and high-technology
   companies.

   H-P, in a plan developed with the French company
   Gemplus SCA, wants to split the code-making
   technologies into two pieces that would be approved
   under different government standards. One device,
   which could fit in a standard computer, would contain
   a basic encryption capability that is designed to be
   broadly exported without the need to seek a separate
   export license for each foreign user.

   Would Help Industry

   That device, dubbed an encryption engine, would be
   useless without the addition of another tiny piece of
   hardware that contains a code-making formula set at a
   specific strength. The second device, called a policy
   card, would be separately reviewed by the U.S. State
   Department for each customer.

   Government agencies, including codebreakers at the
   National Security Agency, would still have a say over
   the strength of encryption exports. But customers
   could build commercial applications around the
   proposed encryption engine, knowing that it will work
   with any code-making formula that governments might
   adopt in the future. Now they run the risk that their
   work will become obsolete amid policy changes in
   Washington, D.C., and other countries.

   State Department officials weren't immediately
   available for comment. Stewart Baker, a former NSA
   general counsel who now practices law in Washington,
   D.C., termed the H-P plan a clever answer to the
   problem of shifting government policy.

   "There was a lot of skepticism when H-P first proposed
   it," said Lynn McNulty, a former encryption specialist
   at the National Institute of Standards and Technology.
   "But it looks to me that they are well on the way to
   the next step."

   H-P Confident of Approval

   Doug McGowan, an H-P manager involved with the
   project, said he expects to receive U.S. approval by
   next year to begin shipping the encryption engine
   freely to Western Europe and Canada. "We believe we
   will receive relaxed export controls," he said.

   H-P's plan fits some of the NSA's objectives. For one
   thing, its technology embeds encryption technology in
   microchips that can't easily be modified by computer
   hackers or terrorists. H-P's policy cards also could
   be adapted for a controversial Clinton administration
   proposal called key escrow, in which mathematical keys
   to break codes could be stored for later use by law
   enforcement or intelligence agencies, Mr. McGowan
   said.

   The plan complements a parallel H-P effort to develop
   a new generation of "smart" data cards to let
   consumers buy goods and services around the world
   electronically. Gemplus, a huge supplier of credit and
   debit cards in Europe, is supplying technology to that
   effort along with Informix Corp., a database software
   maker in Menlo Park, Calif.

   Jeff Hudson, an Informix vice president, said the
   partners' proposed cards could store money and a
   database worth of personal information, such as
   medical records. That approach could eliminate the
   need to connect to multiple companies or agencies to
   manage such information, since it would be stored on
   each card, the companies said.

   [End]













Thread