
The New York Times, October 2, 1996, pp. D1, D8. Compromise Is Offered on Computer Security Codes By John Markoff The Clinton Administration offered a compromise to the computer industry yesterday by holding out the possibility of removing all export restrictions on data-scrambling technology for companies that accept a new approach to allow law enforcement officials to unscramble coded messages. The new system is being recommended by an alliance led by I.B.M.. The approach is to be announced today and has passed muster with the Central Intelligence Agency. It would enable law enforcement officials to unscramble computer communications -- provided they have a warrant -- without having to obtain a mathematical key to the code. Instead, the agents could use the warrant to obtain the cooperation of outside parties to help unscramble portions of code accompanying a message. This information would then allow law enforcement officials to draw mathematical inferences enabling them to decipher the scrambled messages. By making it at least a two-step process to decipher a scrambled, or encrypted, message, and by requiring the cooperation of at least two outside parties designated by the code users themselves, the approach is supposed to address the main criticisms against data-scrambling systems previously endorsed by the Government. But some industry executives and privacy-rights advocates said yesterday that the new approach would not satisfy their objections to a Government-backed eavesdropping system. Critics contend that any such system could compromise the privacy of United States citizens and hinder the ability of American high-technology companies to sell their most sophisticated data-security products overseas. Executives of the International Business Machines Corporation said late yesterday that they were still lining up the final list of companies in the alliance. Those involved will include Digital Equipment and smaller data-security companies including RSA Data Security, Cylink and Trusted Information Systems. The computer industry and the Clinton Administration, as well as factions within the Administration, have been at an impasse for years over export policy for data-scrambling technology. Intelligence and law enforcement agencies, fearing that such technology can be used by terrorists and criminals to conspire with impunity, have insisted on a system for cracking the coded messages under certain circumstances. Seeking to end the deadlock, I.B.M. set in motion the new compromise earlier this year when it demonstrated its experimental approach to the C.I.A. Director, John Deutsch. Mr. Deutsch then took an active role in the internal Administration debate, in which Justice Department and F.B.I. officials had previously taken a hard line against loosening export controls, according to several people familiar with the talks. In a public statement issued yesterday Vice President Al Gore said that if the I.B.M. data-deciphering technology proved workable, there would no longer be export restrictions on the strength of the data-scrambling technology or on the type of software algorithms -- or mathematical formulas -- employed. The Administration is calling the I.B.M. approach a "key recovery" system. The designation is meant to distinguish it from previously proposed "key escrow" systems, like one called Clipper that the Government put forth a few years ago. In an escrow system, one or more Government or private-industry escrow agents would hold keys for unlocking coded messages, which could be used by law-enforcement agents with a warrant. The drawbacks, according to I.B.M., are that the storage of the keys can become a record-keeping nightmare and can also make the system vulnerable to unauthorized use of the keys. The I.B.M. approach is intended to eliminate this vulnerability by giving no third party an actual key to the code. Instead, at least two "trusted agents" would be required to help unscramble encrypted information in the header of each message. Only after this portion of the message is deciphered, I.B.M. said, would law-enforcement agents be able to unscramble the contents of the message itself by recreating the original key to the code. "Our theory is this should work the same way as your filing cabinet," said Kathy Kincaid, an I.B.M. computer security executive. "You wouldn't give law enforcement the keys to your filing cabinet unless they had a search warrant." And yet, even one of the companies that I.B.M. is counting on as an alliance member said yesterday that new approach did not go far enough beyond the old Clipper plan, in terms of privacy protection. "The Government announcement is disastrous," said Jim Bidzos, chief executive of RSA Data Security, one of the country's leading developers of data-scrambling software. "We warned I.B.M. that the National Security Agency would try to twist their technology." The Clinton Administration also angered executives at the software company Netscape Communications, who warned that even the new Government plan would continue to hinder the American industry's ability to compete internationally. Peter Harter, Netscape's public-policy lawyer, contended that the Administration was playing favorites among computer companies, rewarding those willing to go along with its approach by removing export restrictions that might be retained for companies not willing to incorporate the "key recovery" system in their products. "This is tantamount to making public policy by extorting high-tech companies," Mr. Harter said. But some computer hardware makers were more conciliatory. "From my perspective the process has been much better this time," said Eric Schmitt, Sun Microsystem's chief technology officer. "The question is still, 'How will industry implement key recovery?' It's still too early to say." [End]

On Wed, 2 Oct 1996, John Young wrote:
The New York Times, October 2, 1996, pp. D1, D8. Executives of the International Business Machines Corporation said late yesterday that they were still lining up the final list of companies in the alliance. Those involved will include Digital Equipment and smaller data-security companies including RSA Data Security, Cylink and Trusted Information Systems.
We are in deep trouble. --Lucky
participants (2)
-
jya@pipeline.com
-
Lucky Green