[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GAK by TIS



   Network World, August 26, 1996, Page 1 
 
 
   Key-escrow firewall ready to leave the country 
 
   by Ellen Messner, Washington D.C. 
 
 
   After months of talk about exporting encryption software, 
   there will finally be action. 
 
   Fulfilling the Clinton Administration's vow to end export 
   restrictions on strong encryption products if they use 
   key-escrow features, the U.S. government this week is 
   expected to permit Trusted Information Systems, Inc. 
   (TIS) to sell its Data Encryption Standard (DES)-equipped 
   Gauntlet firewall overseas. 
 
   Such exports will allow U.S.-based companies to 
   standardize on an encrypting firewall for all global 
   operations. 
 
   The Department of Commerce is granting mass-market export 
   status to a specific version of the Gauntlet firewall 
   based on a key-escrow scheme that gives U.S. law 
   enforcement access to a master key for decrypting IP 
   datastreams. 
 
   The master key for each firewall will reside at Oakland, 
   Calif.-based Source Files, Inc., the third-party private 
   key holder chosen under the government's groundbreaking 
   plan. 
 
   Vice President Al Gore has supported the Defense 
   Department's view that unbreakable encryption should be 
   controlled because it is a powerful weapon and subject to 
   misuse by criminals and terrorists. However, Gore 
   recently said the government will allow mass export of 
   64-bit encryption products if they use key escrow. The 
   agreement with TIS is the first evidence that the policy 
   is being put into practice. 
 
   Until now, few companies other than banks could get the 
   State Department and National Security Agency (NSA) to 
   let them export 56-bit and higher Data Encryption 
   Standard (DES) products. Only 40-bit products, easily 
   broken with available computer resources, were allowed 
   for mass-market export. 
 
   "We're on the verge of a major shift," said TIS president 
   Steve Walker last week. TIS expects to unveil a raft of 
   other vendors in the network industry that will license 
   the TIS data recovery method for accessing data encrypted 
   with a session key. 
 
   The government is also considering approving other third- 
   party keyholders in addition to Source File, which has 
   traditionally held source code in escrow on behalf of 
   companies worried about the long-term viability of their 
   suppliers. 
 
   Just say no 
 
   Not all are key-escrow converts, however. In fact, it is 
   painfully clear that corporations will continue to balk 
   at the prospect of their encryption keys being held by a 
   third party or the government. 
 
   Netherlands-based Royal Dutch Petroleum Co., with 
   hundreds of subsidiaries and offices all over the world, 
   is looking to ditch dedicated private lines and send 
   encrypted IP traffic over the Internet instead. 
 
   The State Department's mass-market license for the 
   Gauntlet means TIS can compete to provide Royal Dutch 
   Petroleum with its encrypting firewall. But Homayoon 
   Tajalli, TIS vice president, acknowledged that the Dutch 
   oil conglomerate is unwilling to hand its encryption keys 
   over to Source File. 
 
   Hence, as part of negotiations with the U.S. and Dutch 
   governments, Royal Dutch Petroleum agreed to operate its 
   own data recovery center for the Gauntlet master keys. 
   Royal Dutch Petroleum would hand over the master 
   encryption keys to to Dutch law enforcement, which in 
   turn would give the keys to U.S. authorities "if the 
   government shows up with a valid warrant," Tajalli said. 
 
   TIS went to great lengths to broker the international 
   arrangement, and hopes that not every firewall export 
   will entail such laborious negotiations. 
 
   Some firewall users are extremely ambiguous about the 
   government's key-escrow plan. 
 
   "I'm not sure I want the government to have that 
   ability," said Doug Miller, information systems manager 
   at Bluestone Corp. "At all cost, we've got to keep the 
   government out of business operations." 
 
   [End] 
 
   Thanks to BC.