[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Markoff/NSA/RSA
Here's something to put in your FYI files...
6/28:PROFIT AND EGO IN DATA SECRECY
By JOHN MARKOFF
c.1994 N.Y. Times News Service
REDWOOD CITY, Calif. - If the web of thousands of computer networks around
the world can be thought of as an information superhighway, then Jim Bidzos
is one of its best-placed toll takers. Bidzos expects to become very rich -
unless the government has its way.
As president of a Silicon Valley company called RSA Data Security Inc.,
Bidzos, 39, controls the patents for software crucial to scrambling and
unscrambling computer messages so they can be sent confidentially.
Just about anyone using a computer network - whether for sending personal
messages, filing taxes electronically, or shopping from home with a credit
card - would want such confidentiality.
On the strength of its coding technology, RSA has sold more than four million
copies of its software, and it has won wide support from industry giants like
Apple Computer, AT&T, IBM, Lotus Development, Microsoft, Motorola, Northern
Telecom, Novell and Sun Microsystems.
Until recently cryptography, the science of sending secret messages, was a
province generally populated by the armed forces, governments and their
spies. But with the rise of commercial computer networks, cryptography has
become an essential ingredient in information-age services.
RSA's software is based on an innovation in cryptography that permits people
to exchange private messages without actually getting together beforehand and
arranging a secret password.
In the past, cryptography required that the two parties to a communication
first meet to exchange a large number that enabled them to encode and decode
messages.
RSA's system employs two keys, one for encoding a message, known as a public
key, and another for decoding it, called a private key. People who wish to
receive secret messages can freely distribute their public key, which enables
senders to encode a message. Only with the private key can the message be
decoded.
A company selling products on-line, for instance, might make its public key
widely available, which would enable customers to send in a coded message
containing their credit card numbers that could not be intercepted and read
by others. The company could decode those messages with its private key,
which has a mathematical relationship to the public one.
The government fears that should the RSA system become available abroad, it
would lose its ability to eavesdrop and wiretap in cases involving risks to
national security.
It would much prefer that the global standard be based on its own Clipper
encryption standard, which has a "backdoor" that law enforcement officials
can peek through.
Precisely because the RSA method has no backdoor, it is the choice of
industry.
But to some government officials, Bidzos is nothing short of a scheming
businessman.
"The government would like him not to exist," said Jeffrey Schiller, a
computer manager at Massachusetts Institute of Technology, who has negotiated
a licensing deal with Bidzos.
And Stuart Baker, who until several weeks ago was chief counsel of the
National Security Agency, observed, "My sense is that his motivation is no
more than trying to convince people to buy his products."
Officials at the National Institute of Standards and Technology, another
federal agency, say they want to create a standard that is not beholden to
the patents of one small company. And the National Security Agency and the
Justice Department want a standard that will allow law enforcement agencies
to eavesdrop on suspected criminals or violators of national security.
From Bidzos' perspective, Washington remains bound up in a cold war
mentality, and should simply get out of the way and let RSA Data go about its
business. What is more, he complains, any number of foreign companies are
developing encryption techniques just as hard to crack as his, so the
government's efforts to keep him from exporting his software are useless, and
perhaps counterproductive.
Notwithstanding the official concerns, RSA has developed a loyal following
among a wide range of computer, communications and software companies.
"They have the strongest technology and the best reputation in the
cryptography business," said William Ferguson, vice president of Semaphore
Inc., a maker of data-scrambling systems that licenses RSA's software.
Adding spice to this dispute is Bidzos' ability to outmaneuver the
government, most recently by snatching a crucial patent from under the noses
of officials who were planning to use it in an official standard they are
trying to establish.
Several years ago, two top computer scientists from the National Institute of
Standards and Technology traveled to Europe to meet with a German
mathematician, Claus Schnorr, who holds a key patent that the government's
coding system may violate.
When they returned to the United States, the scientists told their superiors
that the United States should license Schnorr's patent. But Washington was
slow to act.
So in March 1993, while Bidzos was on a trip to France, he met with Schnorr
for a four-hour lunch. By the end of the meal, Bidzos had a deal to use
Schnorr's patent.
Despite Bidzos' high profile in the world of encryption, RSA's revenue is
small - somewhere between $5 million and $10 million annually. But analysts
say that the company has the ability to grow substantially.
"They have a huge opportunity in the Internet," said Lisa Thorell, a
researcher at Dataquest in San Jose, Calif., referring to the global web of
computer networks that is regarded as a working but primitive model of a
global data highway.
RSA is also playing an increasing role in the $500 million
secure-communications business for equipment that permits safe financial
transactions and voice and data communications.
The issue clouding the future of the company is how severely it will suffer
from export controls and competing standards backed by the National Security
Agency. Last month the government made its own competing standard for signing
electronic documents mandatory for all federal agencies, and declared that
the digital signature standard, as it is known, did not violate RSA's
technology.
Bidzos thinks that Washington is infringing his patents, and, eventually, the
strength of his patent claims will be tested in court. Rather then sue the
government, Bidzos is likely to start with one of the small companies, like
Group Technologies Corporation in Tampa, that is making components under a
government contract, industry executives say.
Bidzos, who is a Greek citizen and a permanent resident of the United States,
was working at a small international marketing firm in 1985 when he decided
to move from Florida to the Silicon Valley to help a friend save a failing
business.
"I wanted to do deals and stay in luxury hotels," he said recently at his
office here. "I had no idea I'd be in the center of a political whirlwind."
When Bidzos joined the company in 1986, RSA was a shoestring operation about
to go into bankruptcy. With his help, RSA struck a deal with Lotus
Development in 1987, in which the software giant agreed to advance money for
the right to include RSA software in Lotus Notes, a program designed for work
groups of office employees.
A year later RSA was presented with an offer to be acquired by Rupert Murdoch
in a multimillion-dollar deal. A Murdoch subsidiary, the News Data
Communications Corp., was developing technology for Murdoch's Sky TV. So in
1988 Bidzos flew twice to Britain to attempt to negotiate a deal, but the
sides were far apart on price.
He says the offers to buy RSA still roll in. "I've received no less than five
firm, written offers in the last two years," he said.
He also says he doesn't think that the government can regain the upper hand
in the cryptography wars.
"They've fired every weapon they have at us now, and we're stronger than
ever," Bidzos said. "All they can do is try and get RSA legislated out of
business, and that will never happen, in my opinion."