Rather than a complete report (which will cover a lot of material people here already know), I will just give you my highlights from the forum. None of the people on the first panel have been asked to testify before either intelligence committee. (Panel was: Lori Fena, EFF; Craig Mundie, Microsoft; Eric Schmidt, Sun; and a substitute for Marc Andreessen from Netscape). Current government "Key Escrow" systems cost $200/key/year. [Craig Mundie] These systems can best be described as key-rental systems. "Crime prevention ought to be part of the FBI's mission. [Herbert Lin, National Research Council] Jim Omura [Cylink] spoke of specific business his company has lost to foreign competitors due to export licensing problems. He spoke of protecting US corporate links between China and the US. CompuServe losses are mostly overseas (in e.g. the former USSR) due to insecure communications and Telephone companies. [Tom Oren, CompuServe] PGP Inc bought ViaCrypt on Friday. [Phil Zimmermann, PGP Inc.] (Scooped by Ian Goldberg) Congresswoman Eshoo appeared not to have heard about PGP being used by human rights groups in e.g. Bosnia to protect their files. National Research Council report available from: www2.nas.edu/cstbweb A compromise on key length won't satisfy either side because those using encryption to protect their data want every single message to be secure (implying long keys and brute force times), while those monitoring communications need to quickly decide whether a message is interesting (implying short decrypt times). [Whit Diffie, Sun] We sell RC4, 40 bit decryption hardware (based on AMD29000) for $16K. FPGA devices for breaking DES in 7 days for $1M. [Eric Thompson, Access Data] NSA's problem is not crypto, but the explosive growth in the number of protocols. NSA needs to get out of the business of being a reputation agent for crypto (thru ITAR approval) and allow weak crypto to naturally appear in the market. [Ken Bass, Venabel, Baetjer, Howard and Civiletti] In the 1970s 50% of the wiretaps were of value, now only 17% are. [Barry Steinhardt, ACLU] The introduction of "Dorothy" as the canonical Key Escrow (GAK) holder. (To great hoots of laughter.) [I think this was Tom Parenty, Sybase, but I could be wrong.] When analyzing the crypto requirements of bad guys (e.g. terrorists) and good guys (e.g. digital commerce users), the bad guys are small, tight knit communities where the current, widely available, crypto systems work well. The good guys are not tight knit and need infrastructure we don't have, such as widely available software and certification. [Very broadly taken from Whit Diffie] ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz@netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA