Matthew Blaze 55 River Drive South Jersey City, NJ 07310 September 25, 1993 National Institute for Standards and Technology (NIST) ATTN: Proposed FIPS for Escrowed Encryption Standard Technology Building, Room B-154 National Institute of Standards and Technology Gaithersburg, MD 20899 Dear Director: I am writing to express my opposition to the Proposed Federal Information Processing Standard (FIPS) for an Escrowed Encryption Standard, docket #930659-3159. First, let me state my qualifications in this area. I hold a Ph.D. in computer science in the area of large-scale systems from Princeton University. I am presently employed as a Principal Investigator / Member of Technical Staff in the Computing Systems Research Laboratory of AT&T Bell Laboratories. My research focuses on the design of cryptographically secure networked computing and communications systems and I have published several research papers in this field. I must emphasize, however, that I am making these comments as a private citizen; nothing in this letter should be construed as representing the opinion or position of my employer or any other organization. I state my affiliation only for the purpose of identification. I believe that adoption of the proposed Escrowed Encryption Standard would be harmful to the national interest in at least two ways. First, it will harm us economically, putting our computing and communications technology at a significant disadvantage against foreign competition. Second, it will hinder, rather than promote, the increasingly vital efforts to improve the security of our information infrastructure. Several aspects of the proposed standard render the system inadequate for our competitive and information security needs. First, because the proposed system relies on the use of a special, tamper-resistant computer chip, it is impossible to manufacture equipment or design systems that have their cryptographic security functions based entirely in software. The implementation of cryptographic systems in software has only recently been made feasible by advances in computer speed and has significant advantages over hardware (chip)-based encryption. Software encryption can be included in digital voice and computer communications equipment, such as cellular telephones, at virtually no increase in marginal cost. Hardware-based encryption (based on technologies such as the proposed standard), on the other hand, can add over a hundred dollars to the end price of each unit. This could represent an increase of several times the original price for typical low-end consumer communications products. Clearly, devices that include the proposed standard will be at a significant disadvantage compared with equivalent products (possibly from foreign competitors) that employ software-based encrypFrom owner-cypherpunks Tue Sep 28 06:46:18 1993 Received: by toad.com id AA03637; Tue, 28 Sep 93 06:41:30 PDT Received: by toad.com id AA03607; Tue, 28 Sep 93 06:38:21 PDT Return-Path: <cme@ellisun.sw.stratus.com> Received: from transfer.stratus.com ([134.111.1.10]) by toad.com id AA03603; Tue, 28 Sep 93 06:38:18 PDT Received: from lectroid.sw.stratus.com by transfer.stratus.com (4.1/3.14-jjm) id AA14444; Tue, 28 Sep 93 09:38:16 EDT Received: from ellisun.sw.stratus.com by lectroid.sw.stratus.com (4.1/3.10-jjm) id AA29408; Tue, 28 Sep 93 09:38:15 EDT Received: by ellisun.sw.stratus.com (4.1/SMI-4.1) id AA25476; Tue, 28 Sep 93 09:38:15 EDT Date: Tue, 28 Sep 93 09:38:15 EDT From: cme@ellisun.sw.stratus.com (Carl Ellison) Message-Id: <9309281338.AA25476@ellisun.sw.stratus.com> To: cypherpunks@toad.com Subject: Re: saturation tactics?

From: "George A. Gleason" <gg@well.sf.ca.us> Subject: saturation tactics? Message-Id: <93Sep26.015035pdt.14005-3@well.sf.ca.us> Date: Sun, 26 Sep 1993 01:50:31 -0700

lots and lots of people & companies applying for those arms export licenses,

"saturation," which involves lots and lots of people scrupulously obeying an unfair or controversial law to the point where it starts to swamp the system.

I'd much rather not do it. There won't be enough people out there to really swamp the system. Meanwhile, it lends credence to the stupid notion that S/W crypto is arms. I much prefer the statements in the READMEs at soda.berkeley.edu .... The official Stratus line on this issue, BTW, is that we don't want to deal in munitions. We have no intention of selling arms to anyone. We sell much of our product overseas and we sell only freely available crypto -- the stuff which is so widely documented and available that no terrorist or unfriendly government could possible not already have it. In particular, we sell software DES and a few simpler systems for our customers to use as they will. Of course, ye olde US Gov't still forces not to export this except to financial institutions (which is a reasonable fraction of our business) but there are other customers pissed at us because we obey the stupid US export laws. Needless to say, Stratus as a company wants to see the export laws changed. - Carl Disclaimer: I don't speak for Stratus. For the official company policy, see the company's letter to NIST re: Skipjack. [I certainly hope these will be available to the public.]