Thanks to David Sternlight for posting pointer to this. -------------------- The Wall Street Journal September 19, 1994 p. B10 -------------------- RSA Data Security Says Exposed Code Poses No Threat By Ralph T. King Jr. Staff Reporter of The Wall Street Journal The anonymous dissemination over the last several days of a software code used to safeguard the privacy of electronic messages in no way threatens the security of existing computer networks, according to the code's owner and encryption experts. However, the defiant act is expected to trigger a trade-secret dispute between the culprit and RSA Data Security Inc., the Redwood City, Calif., company that developed the code. The act also raises thorny legal questions about how public data networks, collectively known as the Internet, may be used. An unidentified person used the Internet to post RSA's encryption code, called RC4, on electronic bulletin boards. The RC4 code works something like a padlock. But knowing how the lock works isn't enough to open it. The system user has an individualized combination or key that prevents access by other parties to private computer messages. RSA's code product is incorporated in numerous popular software programs, including those of Apple Computer Inc., Lotus Development Corp. and Microsoft Corp. Some reports published over the weekend indicated that the disclosure might jeopardize the integrity of computer systems that are equipped with these programs. "This doesn't compromise systems that are in use," says Jim Bidzos, president of closely-held RSA. "This is a misappropriation of our intellectual property. It's a legal issue and it will be pursued." Mr. Bidzos also said officials at U.S. Customs Service and the Federal Bureau of Investigation are investigating the matter. One analyst noted that disclosure of the formula may benefit RSA because some users have questioned whether its code contains the equivalent of secret trapdoors enabling people familiar with it to eavesdrop on private communications at will. As a result, some computer operators have turned to an alternative code whose formula is publicly available. Now it will be clear to interested parties that no such trapdoors exist, Mr. Bidzos said. In any case, RSA is about to release a new encryption code for use with the latest computer-chip architecture, he said. One possible effect of the disclosure is to shed light on the extent of legal liability that applies to people who make copyrighted or protected material freely available on the Internet. Those who use such material under license typically sign nondisclosure agreements. In this case, someone apparently violated a nondisclosure pact and in effect invalidated the protections of RSA, the formula's owner. -------------------- END