[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
my clipper letter
Matthew Blaze
55 River Drive South
Jersey City, NJ 07310
September 25, 1993
National Institute for Standards and Technology (NIST)
ATTN: Proposed FIPS for Escrowed Encryption Standard
Technology Building, Room B-154
National Institute of Standards and Technology
Gaithersburg, MD 20899
Dear Director:
I am writing to express my opposition to the Proposed Federal
Information Processing Standard (FIPS) for an Escrowed Encryption
Standard, docket #930659-3159.
First, let me state my qualifications in this area. I hold a Ph.D. in
computer science in the area of large-scale systems from Princeton
University. I am presently employed as a Principal Investigator /
Member of Technical Staff in the Computing Systems Research Laboratory
of AT&T Bell Laboratories. My research focuses on the design of
cryptographically secure networked computing and communications
systems and I have published several research papers in this field. I
must emphasize, however, that I am making these comments as a private
citizen; nothing in this letter should be construed as representing
the opinion or position of my employer or any other organization. I
state my affiliation only for the purpose of identification.
I believe that adoption of the proposed Escrowed Encryption Standard
would be harmful to the national interest in at least two ways.
First, it will harm us economically, putting our computing and
communications technology at a significant disadvantage against
foreign competition. Second, it will hinder, rather than promote, the
increasingly vital efforts to improve the security of our information
infrastructure.
Several aspects of the proposed standard render the system inadequate
for our competitive and information security needs. First, because
the proposed system relies on the use of a special, tamper-resistant
computer chip, it is impossible to manufacture equipment or design
systems that have their cryptographic security functions based
entirely in software. The implementation of cryptographic systems in
software has only recently been made feasible by advances in computer
speed and has significant advantages over hardware (chip)-based
encryption. Software encryption can be included in digital voice and
computer communications equipment, such as cellular telephones, at
virtually no increase in marginal cost. Hardware-based encryption
(based on technologies such as the proposed standard), on the other
hand, can add over a hundred dollars to the end price of each unit.
This could represent an increase of several times the original price
for typical low-end consumer communications products. Clearly,
devices that include the proposed standard will be at a significant
disadvantage compared with equivalent products (possibly from foreign
competitors) that employ software-based encrypFrom owner-cypherpunks Tue Sep 28 06:46:18 1993
Received: by toad.com id AA03637; Tue, 28 Sep 93 06:41:30 PDT
Received: by toad.com id AA03607; Tue, 28 Sep 93 06:38:21 PDT
Return-Path: <[email protected]>
Received: from transfer.stratus.com ([134.111.1.10]) by toad.com id AA03603; Tue, 28 Sep 93 06:38:18 PDT
Received: from lectroid.sw.stratus.com by transfer.stratus.com (4.1/3.14-jjm)
id AA14444; Tue, 28 Sep 93 09:38:16 EDT
Received: from ellisun.sw.stratus.com by lectroid.sw.stratus.com (4.1/3.10-jjm)
id AA29408; Tue, 28 Sep 93 09:38:15 EDT
Received: by ellisun.sw.stratus.com (4.1/SMI-4.1)
id AA25476; Tue, 28 Sep 93 09:38:15 EDT
Date: Tue, 28 Sep 93 09:38:15 EDT
From: [email protected] (Carl Ellison)
Message-Id: <[email protected]>
To: [email protected]
Subject: Re: saturation tactics?
>From: "George A. Gleason" <[email protected]>
>Subject: saturation tactics?
>Message-Id: <[email protected]>
>Date: Sun, 26 Sep 1993 01:50:31 -0700
>lots and lots of people & companies applying for those arms export licenses,
>"saturation," which involves lots and lots of people scrupulously obeying an
>unfair or controversial law to the point where it starts to swamp the
>system.
I'd much rather not do it. There won't be enough people out there to
really swamp the system. Meanwhile, it lends credence to the stupid notion
that S/W crypto is arms. I much prefer the statements in the READMEs at
soda.berkeley.edu ....
The official Stratus line on this issue, BTW, is that we don't want to deal
in munitions. We have no intention of selling arms to anyone. We sell
much of our product overseas and we sell only freely available crypto --
the stuff which is so widely documented and available that no terrorist or
unfriendly government could possible not already have it. In particular,
we sell software DES and a few simpler systems for our customers to use as
they will.
Of course, ye olde US Gov't still forces not to export this except to
financial institutions (which is a reasonable fraction of our business) but
there are other customers pissed at us because we obey the stupid US export
laws. Needless to say, Stratus as a company wants to see the export laws
changed.
- Carl
Disclaimer: I don't speak for Stratus. For the official company policy,
see the company's letter to NIST re: Skipjack. [I certainly hope these
will be available to the public.]