[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
GAK by TIS
Network World, August 26, 1996, Page 1
Key-escrow firewall ready to leave the country
by Ellen Messner, Washington D.C.
After months of talk about exporting encryption software,
there will finally be action.
Fulfilling the Clinton Administration's vow to end export
restrictions on strong encryption products if they use
key-escrow features, the U.S. government this week is
expected to permit Trusted Information Systems, Inc.
(TIS) to sell its Data Encryption Standard (DES)-equipped
Gauntlet firewall overseas.
Such exports will allow U.S.-based companies to
standardize on an encrypting firewall for all global
operations.
The Department of Commerce is granting mass-market export
status to a specific version of the Gauntlet firewall
based on a key-escrow scheme that gives U.S. law
enforcement access to a master key for decrypting IP
datastreams.
The master key for each firewall will reside at Oakland,
Calif.-based Source Files, Inc., the third-party private
key holder chosen under the government's groundbreaking
plan.
Vice President Al Gore has supported the Defense
Department's view that unbreakable encryption should be
controlled because it is a powerful weapon and subject to
misuse by criminals and terrorists. However, Gore
recently said the government will allow mass export of
64-bit encryption products if they use key escrow. The
agreement with TIS is the first evidence that the policy
is being put into practice.
Until now, few companies other than banks could get the
State Department and National Security Agency (NSA) to
let them export 56-bit and higher Data Encryption
Standard (DES) products. Only 40-bit products, easily
broken with available computer resources, were allowed
for mass-market export.
"We're on the verge of a major shift," said TIS president
Steve Walker last week. TIS expects to unveil a raft of
other vendors in the network industry that will license
the TIS data recovery method for accessing data encrypted
with a session key.
The government is also considering approving other third-
party keyholders in addition to Source File, which has
traditionally held source code in escrow on behalf of
companies worried about the long-term viability of their
suppliers.
Just say no
Not all are key-escrow converts, however. In fact, it is
painfully clear that corporations will continue to balk
at the prospect of their encryption keys being held by a
third party or the government.
Netherlands-based Royal Dutch Petroleum Co., with
hundreds of subsidiaries and offices all over the world,
is looking to ditch dedicated private lines and send
encrypted IP traffic over the Internet instead.
The State Department's mass-market license for the
Gauntlet means TIS can compete to provide Royal Dutch
Petroleum with its encrypting firewall. But Homayoon
Tajalli, TIS vice president, acknowledged that the Dutch
oil conglomerate is unwilling to hand its encryption keys
over to Source File.
Hence, as part of negotiations with the U.S. and Dutch
governments, Royal Dutch Petroleum agreed to operate its
own data recovery center for the Gauntlet master keys.
Royal Dutch Petroleum would hand over the master
encryption keys to to Dutch law enforcement, which in
turn would give the keys to U.S. authorities "if the
government shows up with a valid warrant," Tajalli said.
TIS went to great lengths to broker the international
arrangement, and hopes that not every firewall export
will entail such laborious negotiations.
Some firewall users are extremely ambiguous about the
government's key-escrow plan.
"I'm not sure I want the government to have that
ability," said Doug Miller, information systems manager
at Bluestone Corp. "At all cost, we've got to keep the
government out of business operations."
[End]
Thanks to BC.