Mr Gibson -- I'm afraid that I must disagree with your editorial in the October 14th issue of PC Week titled "Encryption Law Change: Good News" <http://www.pcweek.com/opinion/1014/14edit.html>. This is not a good change, but rather another attempt by the government to get it's "key escrow" (now renamed 'key recovery') agenda added to commercial software products. Let's start with the facts. A) This is not a change in the law. There is no law regarding export of encryption software. Congress has never passed any such law. These are State Department regulations, and presidential decrees. These regulations, which have the force of law to you and me, were never debated or voted upon by our elected representatives. They can be changed tomorrow the same way. In fact, they can be changed and the public need not even be notified. B) The Clinton administration agreed to allow the export of unescrowed encryption that used 56 bit keys for six months (with up to three six month renewals) on the following conditions: 1) That the companies shipping the software agree (in principle) to incorporate 'key recovery' features in their software. 2) That the companies shipping the software make status reports to the government every 6 months as to their progress towards a key recovery scheme. If they are making satisfactory progress, their export license will be renewed for another six months. 3) That after two years, they discontinue selling their 56 bit software, and only sell the 'key recovery' software. Condition #1 is what the Clinton Administration has been fighting for since 1993 when it first announced the Clipper chip, the ability to recover the plaintext of any encrypted communication. Condition #2 puts these companies at the mercy of a government panel which will decide, every six months, whether or not an internal project is proceeding 'satisfactorily'. If not, the company will be unable to sell its' encryption products abroad. This is a _big_ stick that the government can use to influence companies' actions. Condition #3 requires the companies to obsolete their products in two years, because they will no longer be able to sell the "unescrowed" software abroad, and because one of the goals of "key recovery" is that it will not interoperate with software that does not support "key recovery". B) Your editorial states:

Previous administrations have turned a deaf ear to industry pleas, as had the Clinton administration for three and a half years. Until now, the White House has toed the line drawn by law enforcement officials, which equated powerful encryption technology with munitions. Now, the administration has, under high-tech standard-bearer Vice President Al Gore, done a complete about-face.

Even if this was, as you wrote, a "complete about face", and there were no other conditions (such as key recovery) involved, it would still be inadequate. A paper written this year by a group of noted cryptologists titled "Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security" recommends that the minimum key length for security today was at least 75 bits, and for data that needs to be secured for the next twenty years, at least 90 bit keys should be used. The entire paper is availiable at <ftp://ftp.research.att.com/dist/mab/keylength.txt> (ASCII) and <ftp://ftp.research.att.com/dist/mab/keylength.ps> (PostScript). It is fascinating reading. You also wrote:

The administration plan also calls for private companies to surrender encryption keys should court orders demand them.

This is incomplete and misleading. The original Clipper press release, (availiable at <http://www.epic.org/crypto/clipper/white_house_statement_4_93.txt> ) states:

Q: Suppose a law enforcement agency is conducting a wiretap on a drug smuggling ring and intercepts a conversation encrypted using the device. What would they have to do to decipher the message?

A: They would have to obtain legal authorization, normally a court order, to do the wiretap in the first place. They would then present documentation of this authorization to the two entities responsible for safeguarding the keys and obtain the keys for the device being used by the drug smugglers. The key is split into two parts, which are stored separately in order to ensure the security of the key escrow system.

Please note the word "normally". The Clinton Administration, even though repeatedly asked, has never explained what consitutes an abnormal case, and what they would consider authorization in that case. This was not a typo. This Q&A was part of an official White House press release. C) What exactly is "key recovery"? How does it work? No one knows. The White House press release doesn't say. The idea is that the 11 vendor coalition will work out the methodology, and the White House will "approve" it. This is, in my mind, one of the slickest moves in the whole situation. The administration has taken a problem that they have been unable to solve to the satisfaction of the computer industry (access to all encrypted communications), and suddenly, it's not the administration's problem any more! It's the computer industry's problem!

From an article in a recent ComputerWorld: (<http://www.computerworld.com/search/AT-html/9610/961014SL42crypto.html>)

And speaking of failures to communicate, take IBM, which recently teamed with 10 companies to develop technology for a "key-recovery" system intended to satisfy the new export criteria.

Through some mysterious process, the scheme will allow the government to get encryption keys when it needs them, without having to hold them "in escrow" the Clipper approach.

Why "mysterious? IBM's press release announcing the initiative was four pages of self-congratulatory drivel with almost no information about what the companies would develop or how it would work.

Reminded of the secret Clipper algorithm, I sought details from IBM. I asked a spokeswoman why the company hadn't just put out a nice, snappy white paper explaining its new approach to key recovery.

"We spent three months trying to do that, quite literally," the spokeswoman said. "It's pretty confusing stuff, and whenever we get it on paper, we aren't happy with it."

Observers believe that if the 56-bit experiment proves successful, relaxation of the restriction that still covers 128-bit key software will follow. This could take place two years hence.

Who are these "observers"? They don't seem very observant to me. The government has stated that the export of unescrowed 56 bit encryption software is a temporary measure, and will be prohibited again (at the very latest) on Jan 1, 1999. At that time, the only (medium or) strong encryption software that will be allowed to be exported will be that which supports "key recovery". In conclusion, this is not a "refreshing change of direction" for the Clinton administration. This was "more of the same", albeit better disguised. The 11 companies who signed up for this coalition are receiving very little (56 bit export for at most two years), in exchange for giving up control of their encryption technologies to the government forever. If hou have any questions, I would be glad to speak to you further. -- Marshall Marshall Clow Aladdin Systems <mailto:mclow@mailhost2.csusm.edu> "It is not the function of our Government to keep the citizen from falling into error; it is the function of the citizen to keep the Government from falling into error." --Justice Robert Jackson, _American Communication Association v Douds_, 343 U.S. 306, 325 [1952] [via ed.nelson@SYSLINK.MCS.COM]