[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

TIS--Building in Big Brother for a Better Tommorrow



   To supplement TIS's Web site information on CKE, here's a
   mailing from Steve Walker earlier this month:


   TRUSTED INFORMATION SYSTEMS, INC.

   February 2, 1996


   There has been amazing progress on TIS's Commercial Key
   Escrow (CKE) initiative since my last status report.

   In November, we submitted a Commodity Jurisdiction (CJ)
   request to the U.S. Department of State for our Gauntlet
   Internet Firewall Product with CKE-based IP Encryption,
   which constitutes our Global Virtual Private Network (GVPN)
   system (see figure 1). Our Gauntlet system has had a
   Virtual Private Network (VPN) capability using the Data
   Encryption Standard (DES) algorithm to encrypt
   firewall-to-firewall communications for the past year. But
   because of U.S. export controls, we have not been able to
   sell this option outside of the U.S. and Canada. By adding
   CKE technology to our firewalls, the Gauntlet system with
   DES and CKE now meets the U.S. government requirements for
   export to most parts of the world.

   In the course of several meetings with U.S. government
   representatives. we were told that it will take a while
   longer for all the details of the CJ process to be worked
   out, but that the U.S. government was willing to consider
   a temporary (up to 4-year) export license until the CJ
   process is in place. In early December, we submitted such
   a request and on January 19, 1996, it was approved (see
   figure 2).

   While this temporary export license has limitations (there
   must be a Data Recovey Center in the U.S. as well as in the
   foreign country because reciprocal agreements do not yet
   exist between the U.S. and foreign governments), it
   represents the first export approval of a DES-based key
   escrow encryption system, a small step but a giant leap
   toward full exportability of good cryptography when
   equipped with user-controlled key recovery. We are now
   discussing Global Virtual Private Networks, based on our
   Gauntlet-CKE system, with several multinational companies.

   In December, I attended a special meeting of the
   Organization for Economic Cooperation and Development
   (OECD) in Paris to discuss the international ramifications
   of the U.S. key escrow initiative. The consensus of the
   meeting was that user-controlled key escrow provides the
   only workable solution to the long-standing dilemma between
   the private sector's need for encryption protection and
   governments' needs to be able to decrypt the communications
   of criminals, terrorists, and other adversaries. Other
   meetings will follow, but it appears that most major
   governments endorse the U.S. government's user-controlled
   key escrow initiative as the only practical way through the
   cryptography maze.

   In mid-January, Microsoft announced its long-awaited
   Cryptographic Application Programming Interface (CAPI).
   This development promises to finally provide a well-defined
   separation between applications calling on cryptography and
   the actual performance of the cryptography. Now users will
   be able to request cryptographic functions in hundreds of
   applications and select precisely which cryptography to use
   at the time of program execution rather than program
   purchase. Cryptographic Service Providers (CSPs) can now
   evolve independent of applications, and users can choose
   whatever cryptography is available wherever they are in the
   world. TIS is working closely with CSP vendors to ensure
   that CSPs with good cryptography are available in domestic
   and exportable versions as soon as possible based on the
   U.S. government's key escrow initiative.

   In a presentation at the recent RSA Conference, I tried to
   put all this in perspective by conducting a "thought
   experiment" (see attachment 3).

   +  Suppose the U.S. government had never thought of placing
      export controls on cryptography...

      We would now have widespread use of encryption, both
      domestically and worldwide; we would be in a state of
      "Utopia," with widespread availability of cryptography
      with unlimited key lengths. But, once in this state, we
      will face situations where we need a file that had been
      encrypted by an associate who is unavailable (illness,
      traffic jam, or change of jobs). We will then realize
      that we must have some systematic way to recover our
      encrypted information when the keys are unavailable.

      When we add a user-controlled key recovery capability to
      our Utopia, we find ourselves in an "Ultimate Utopia,"
      with unlimited key length cryptography, widely available
      through mass market applications, and user-controlled
      key recovery.

   +  But, unfortunately, the U.S. government *did* think of
      cryptographic export controls. And over the past several
      years, we have been frustrated by repeated unsuccessful
      attempts to resolve this dilemma...

      In 1992, the U.S. government allowed the export of
      40-bit keys, a solution so weak no one wanted it.

      In 1993, the U.S. government announced Clipper, an
      attempt to give users good cryptography while preserving
      the U.S. government's prerogatives. But almost everyone
      hated U.S. Government-controlled key escrow, including
      most foreign governments.

      In 1994, industry rebelled with the proposed Cantwell
      legislative initiative to remove cryptography from U.S.
      State Department control. And, behind the scenes, the
      U.S. government orchestrated a massive counterattack.
      The result: a study that acknowledged the widespread
      availability of foreign cryptography yet proposed no
      change in U.S. government policies on cryptographic
      exports.

   +  Then in 1995, the U.S. government announced its key
      escrow initiative: allow the export of up to 64-bit
      cryptography (a remarkable concession) when accompanied
      by an acceptable form of user-controlled key escrow
      (critical component to this policy being that "an
      acceptable escrow system" must have sufficient integrity
      to give the government confidence that, with a warrant,
      the keys will be available.)...

      Some in the computer industry labeled this just another
      form of Clipper and vowed to continue the fight against
      U.S. government regulation of encryption in any form -- 
      presumably forever. On the other hand, once the new
      escrowed encryption policy was announced, U.S.
      government agencies -- the FBI, NSA, White House, DoD,
      DoJ, NIST, and NSC -- closed ranks behind it and have
      shown little interest in discussing any other
      approaches. In addition, neither political party has
      shown any interest in taking up the argument in the
      Congress, probably because it is a complex issue and
      there is no obvious "winning" position. But, depending
      upon how the definition of user-controlled key escrow is
      resolved, the new escrow policy could just be the
      long-sought compromise between government and industry
      that gets us through this morass.

   +  If we can ensure that organizations can control the
      security of backup access to their encrypted information
      through well-designed commercial key recovery systems --
      yet also ensure that governments have access when
      justified via normal legal procedures -- we may have
      truly found the "Ultimate Utopia" solution to a dilemma
      that has existed all of our professional lives and
      threatens to continue through the next generation...

   Thus, in my thought experiment I have come to the
   conclusion that we (industry and government) are all
   heading towards the same objective, but on a different path
   from what some of us originally wanted. Yet, to my way of
   thinking, that path has to accomodate us all if we are ever
   to arrive at any mutually agreeable destination. When one
   group of participants raises insurmountable barriers for
   another group, it simply blocks everyone from progressing
   down any path, and the net result is that U.S. industry is
   not able to export any good crypto-based security.

   We at TIS are dedicated to finding a solution acceptable to
   all sides. We ask your help in this struggle. If you want
   exportable cryptography routinely available in your
   lifetime and believe that user-controlled key recovery is
   an important, if not vital, capability, please contact us
   at <[email protected]>. If you want to integrate exportable CKE
   into your product line, we are ready to help. If you want
   to buy internationally deployable good cryptography with
   your favorite applications, tell your application vendor
   you want escrow-enabled applications.

   We all have an opportunity to make a major difference here.
   The opportunity is ours to take or forgo. Help us make this
   happen. Visit our www site, at http://www.tis.com/, and
   learn more about this vital initiative.

   Sincerely,
   Stephen T. Walker

   Attachments:

   1. Global Virtual Private networks with CKE/Gauntlet
      transaction security diagram.

   2. CJ Application for "Escrow-enabled Gauntlet Firewall
      Model 3.2 with Gauntlet Data Recovery Center."

   3. Diagram of cryptography evolution from 1992 to 1995,
      with Yesterday, Today, "Utopia" and "Ultimate Utopia."

   -----