From: jya@pipeline.com (John Young)
To: cypherpunks@toad.com
Message Hash: 5093adbcccc1c05c300c6a736a6ae150b6047e0b60ab33136573e1f5fd2d9be0
Message ID: <199610021114.LAA20303@pipe3.ny2.usa.pipeline.com>
Reply To: N/A
UTC Datetime: 1996-10-02 15:04:23 UTC
Raw Date: Wed, 2 Oct 1996 23:04:23 +0800
From: jya@pipeline.com (John Young)
Date: Wed, 2 Oct 1996 23:04:23 +0800
To: cypherpunks@toad.com
Subject: NYT on IBM GAK
Message-ID: <199610021114.LAA20303@pipe3.ny2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain
The New York Times, October 2, 1996, pp. D1, D8.
Compromise Is Offered on Computer Security Codes
By John Markoff
The Clinton Administration offered a compromise to the
computer industry yesterday by holding out the possibility
of removing all export restrictions on data-scrambling
technology for companies that accept a new approach to
allow law enforcement officials to unscramble coded
messages. The new system is being recommended by an
alliance led by I.B.M..
The approach is to be announced today and has passed muster
with the Central Intelligence Agency. It would enable law
enforcement officials to unscramble computer communications
-- provided they have a warrant -- without having to obtain
a mathematical key to the code.
Instead, the agents could use the warrant to obtain the
cooperation of outside parties to help unscramble portions
of code accompanying a message. This information would then
allow law enforcement officials to draw mathematical
inferences enabling them to decipher the scrambled
messages.
By making it at least a two-step process to decipher a
scrambled, or encrypted, message, and by requiring the
cooperation of at least two outside parties designated by
the code users themselves, the approach is supposed to
address the main criticisms against data-scrambling systems
previously endorsed by the Government.
But some industry executives and privacy-rights advocates
said yesterday that the new approach would not satisfy
their objections to a Government-backed eavesdropping
system. Critics contend that any such system could
compromise the privacy of United States citizens and hinder
the ability of American high-technology companies to sell
their most sophisticated data-security products overseas.
Executives of the International Business Machines
Corporation said late yesterday that they were still lining
up the final list of companies in the alliance. Those
involved will include Digital Equipment and smaller
data-security companies including RSA Data Security, Cylink
and Trusted Information Systems.
The computer industry and the Clinton Administration, as
well as factions within the Administration, have been at an
impasse for years over export policy for data-scrambling
technology. Intelligence and law enforcement agencies,
fearing that such technology can be used by terrorists and
criminals to conspire with impunity, have insisted on a
system for cracking the coded messages under certain
circumstances.
Seeking to end the deadlock, I.B.M. set in motion the new
compromise earlier this year when it demonstrated its
experimental approach to the C.I.A. Director, John Deutsch.
Mr. Deutsch then took an active role in the internal
Administration debate, in which Justice Department and
F.B.I. officials had previously taken a hard line against
loosening export controls, according to several people
familiar with the talks.
In a public statement issued yesterday Vice President Al
Gore said that if the I.B.M. data-deciphering technology
proved workable, there would no longer be export
restrictions on the strength of the data-scrambling
technology or on the type of software algorithms -- or
mathematical formulas -- employed.
The Administration is calling the I.B.M. approach a "key
recovery" system. The designation is meant to distinguish
it from previously proposed "key escrow" systems, like one
called Clipper that the Government put forth a few years
ago.
In an escrow system, one or more Government or
private-industry escrow agents would hold keys for
unlocking coded messages, which could be used by
law-enforcement agents with a warrant. The drawbacks,
according to I.B.M., are that the storage of the keys can
become a record-keeping nightmare and can also make the
system vulnerable to unauthorized use of the keys.
The I.B.M. approach is intended to eliminate this
vulnerability by giving no third party an actual key to the
code. Instead, at least two "trusted agents" would be
required to help unscramble encrypted information in the
header of each message. Only after this portion of the
message is deciphered, I.B.M. said, would law-enforcement
agents be able to unscramble the contents of the message
itself by recreating the original key to the code.
"Our theory is this should work the same way as your filing
cabinet," said Kathy Kincaid, an I.B.M. computer security
executive. "You wouldn't give law enforcement the keys to
your filing cabinet unless they had a search warrant."
And yet, even one of the companies that I.B.M. is counting
on as an alliance member said yesterday that new approach
did not go far enough beyond the old Clipper plan, in terms
of privacy protection.
"The Government announcement is disastrous," said Jim
Bidzos, chief executive of RSA Data Security, one of the
country's leading developers of data-scrambling software.
"We warned I.B.M. that the National Security Agency would
try to twist their technology."
The Clinton Administration also angered executives at the
software company Netscape Communications, who warned that
even the new Government plan would continue to hinder the
American industry's ability to compete internationally.
Peter Harter, Netscape's public-policy lawyer, contended
that the Administration was playing favorites among
computer companies, rewarding those willing to go along
with its approach by removing export restrictions that
might be retained for companies not willing to incorporate
the "key recovery" system in their products.
"This is tantamount to making public policy by extorting
high-tech companies," Mr. Harter said.
But some computer hardware makers were more conciliatory.
"From my perspective the process has been much better this
time," said Eric Schmitt, Sun Microsystem's chief
technology officer. "The question is still, 'How will
industry implement key recovery?' It's still too early to
say."
[End]
Return to October 1996
Return to “Lucky Green <shamrock@netcom.com>”