-----BEGIN PGP SIGNED MESSAGE----- Administration officials didn't return calls for comment, but it's clear that the Clinton-Gore team have their first "testbed" for trying out key recovery, or key escrow, proposals. Steven Walker, president of Glenwood, Md.'s Trusted Information Systems Inc., told Inter@ctive Week late last week that TIS will supply his company’s Gauntlet Firewall technology, complete with commercial key escrow capabilities, to an a large multinational with headquarters outside the United States. The multinational company will self-escrow, that is handle all encryption keys itself, in cooperation with the British government, sources close to the deal said. Walker declined to name the company, but several Washington-based sources confirmed the buyer is Royal Dutch Shell. The deal represent the first time that a foreign buyer has purchased a US key escrow product without escrowing keys in the US. Indeed, TIS has sold only one other system for export abroad, one which involved communications between the US and the UK with US key escrow. Walker, widely credited with devising the controversial commerical key escrow system now being promoted by the current administration, claimed "there really is an important issue here in finding a balance between the interest of government and those of industry. A policy that says anyone who wants to export strong encryption as long as there is key recovery is an important development." The success of the deal and others like it could figure heavily in the Clinton administration's ability to sell it its latest proposals on commercial key escrow; a recent report from the National Research Council recently warned that such efforts were unproven and required serious examiniation before they could be deployed. Long-time critics of the proposal have, in turn, leveled the same criticisms. Jim Bidzos, President of RSA Data Security Inc. and a long-time foe of administration policy said he doubted the market would rush to purchase products like Trusted Information Systems,’ but said he was slightly more hopeful for a resolution to the controversy than he had been previously. "I’ve said all along that user key escrow is the only thing that makes sense," Bidzos said. Users who hold their own keys "can comply with any regulation in the world - if you want to give your keys to France or whoever you can – that’s your business. If it's good enough for the CIO, it's good enough for the CIA." Royal Dutch Shell officials said security considerations forbade confirming a sale had been made, but freely admitted to having had talks with TIS. The company’s interest key escrow, computer security head Nick Mansfield said, lay principally in getting access to records after keys had been lost, stolen or otherwise disabled. The Gauntlet firewall, nonetheless, encrypts and decrypts messages as they arrive; it does not store messages in encrypted form. "To us it’s not a matter of ‘going along’ with key escrow, it’s a matter of doing business," Mansfield said. ********* A shorter, slightly less jargon-laden version of this story appeared in the 7/22 issue o fInter@ctive Week. An archived copy should be on our site (http://www.zdnet.com/intweek) by week's end. Will Rodger Washington Bureau Chief Inter@ctive Week -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfa2sUcByjT5n+LZAQE4nAf7BA5X2f3LX1KQXXygkYtaGWc6qMgDEFWA cYlQNtVw+KS+h8hNRmpZ4KWaUJS1iwHPfwaS0XqI40gVGyZE2mYBmF6RybAkLKKV zGXEyIlAVxKOz2FsRQ35Tg1VV5Y8NaL+YxK3uUcutLHBK/Vxq7iLcnaqRn2klfYM 6ImSKecHMU2NzaB8JGIIJbAuG7NpGmLj/O4BEP3ccoNeA3NQ1fIAujMyL12gbdPF TUZVUOLsj5eHG1dwqRmSUdsNHcwYoQ6WFX2waIdot0Ia/nph/ERpliVjkccIsKsz q+qDeH0fz3ZoENS/zqUy9ilHwLcAdMoiyQzlm06dZBRf+O9rqpDjKA== =RJjm -----END PGP SIGNATURE-----