From: jya@pipeline.com (John Young)
Date: Wed, 2 Oct 1996 23:04:23 +0800
To: cypherpunks@toad.com
Subject: NYT on IBM GAK
Message-ID: <199610021114.LAA20303@pipe3.ny2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The New York Times, October 2, 1996, pp. D1, D8. 
 
 
   Compromise Is Offered on Computer Security Codes 
 
   By John Markoff 
 
 
   The Clinton Administration offered a compromise to the 
   computer industry yesterday by holding out the possibility 
   of removing all export restrictions on data-scrambling 
   technology for companies that accept a new approach to 
   allow law enforcement officials to unscramble coded 
   messages. The new system is being recommended by an 
   alliance led by I.B.M.. 
 
   The approach is to be announced today and has passed muster 
   with the Central Intelligence Agency. It would enable law 
   enforcement officials to unscramble computer communications 
   -- provided they have a warrant -- without having to obtain 
   a mathematical key to the code. 
 
   Instead, the agents could use the warrant to obtain the 
   cooperation of outside parties to help unscramble portions 
   of code accompanying a message. This information would then 
   allow law enforcement officials to draw mathematical 
   inferences enabling them to decipher the scrambled 
   messages. 
 
   By making it at least a two-step process to decipher a 
   scrambled, or encrypted, message, and by requiring the 
   cooperation of at least two outside parties designated by 
   the code users themselves, the approach is supposed to 
   address the main criticisms against data-scrambling systems 
   previously endorsed by the Government. 
 
   But some industry executives and privacy-rights advocates 
   said yesterday that the new approach would not satisfy 
   their objections to a Government-backed eavesdropping 
   system. Critics contend that any such system could 
   compromise the privacy of United States citizens and hinder 
   the ability of American high-technology companies to sell 
   their most sophisticated data-security products overseas. 
 
   Executives of the International Business Machines 
   Corporation said late yesterday that they were still lining 
   up the final list of companies in the alliance. Those 
   involved will include Digital Equipment and smaller 
   data-security companies including RSA Data Security, Cylink 
   and Trusted Information Systems. 
 
   The computer industry and the Clinton Administration, as 
   well as factions within the Administration, have been at an 
   impasse for years over export policy for data-scrambling 
   technology. Intelligence and law enforcement agencies, 
   fearing that such technology can be used by terrorists and 
   criminals to conspire with impunity, have insisted on a 
   system for cracking the coded messages under certain 
   circumstances. 
 
   Seeking to end the deadlock, I.B.M. set in motion the new 
   compromise earlier this year when it demonstrated its 
   experimental approach to the C.I.A. Director, John Deutsch. 
 
   Mr. Deutsch then took an active role in the internal 
   Administration debate, in which Justice Department and 
   F.B.I. officials had previously taken a hard line against 
   loosening export controls, according to several people 
   familiar with the talks. 
 
   In a public statement issued yesterday Vice President Al 
   Gore said that if the I.B.M. data-deciphering technology 
   proved workable, there would no longer be export 
   restrictions on the strength of the data-scrambling 
   technology or on the type of software algorithms -- or 
   mathematical formulas -- employed. 
 
   The Administration is calling the I.B.M. approach a "key 
   recovery" system. The designation is meant to distinguish 
   it from previously proposed "key escrow" systems, like one 
   called Clipper that the Government put forth a few years 
   ago. 
 
   In an escrow system, one or more Government or 
   private-industry escrow agents would hold keys for 
   unlocking coded messages, which could be used by 
   law-enforcement agents with a warrant. The drawbacks, 
   according to I.B.M., are that the storage of the keys can 
   become a record-keeping nightmare and can also make the 
   system vulnerable to unauthorized use of the keys. 
 
   The I.B.M. approach is intended to eliminate this 
   vulnerability by giving no third party an actual key to the 
   code. Instead, at least two "trusted agents" would be 
   required to help unscramble encrypted information in the 
   header of each message. Only after this portion of the 
   message is deciphered, I.B.M. said, would law-enforcement 
   agents be able to unscramble the contents of the message 
   itself by recreating the original key to the code. 
 
   "Our theory is this should work the same way as your filing 
   cabinet," said Kathy Kincaid, an I.B.M. computer security 
   executive. "You wouldn't give law enforcement the keys to 
   your filing cabinet unless they had a search warrant." 
 
   And yet, even one of the companies that I.B.M. is counting 
   on as an alliance member said yesterday that new approach 
   did not go far enough beyond the old Clipper plan, in terms 
   of privacy protection. 
 
   "The Government announcement is disastrous," said Jim 
   Bidzos, chief executive of RSA Data Security, one of the 
   country's leading developers of data-scrambling software. 
   "We warned I.B.M. that the National Security Agency would 
   try to twist their technology." 
 
   The Clinton Administration also angered executives at the 
   software company Netscape Communications, who warned that 
   even the new Government plan would continue to hinder the 
   American industry's ability to compete internationally. 
 
   Peter Harter, Netscape's public-policy lawyer, contended 
   that the Administration was playing favorites among 
   computer companies, rewarding those willing to go along 
   with its approach by removing export restrictions that 
   might be retained for companies not willing to incorporate 
   the "key recovery" system in their products. 
 
   "This is tantamount to making public policy by extorting 
   high-tech companies," Mr. Harter said. 
 
   But some computer hardware makers were more conciliatory. 
 
   "From my perspective the process has been much better this 
   time," said Eric Schmitt, Sun Microsystem's chief 
   technology officer. "The question is still, 'How will 
   industry implement key recovery?' It's still too early to 
   say." 
 
   [End]