IP: Press Release on Key Recovery Alliance

[Dave Farber <farber@central.cis.upenn.edu>]

Date: Wed, 2 Oct 1996 14:12:55 -0700
To: farber@central.cis.upenn.edu
From: "--Todd Lappin-->" <telstar@wired.com>




Dave,


Here's the press release that's been released by the new "Key Recovery
Alliance" spearheaded by IBM.  Looks like the administration is pursuing a
divide and conquer strategy with the industry on key escrow and export
controls.


RSA's participation is extremely surprising... I've spoken with them today,
and they seem, well, unsure as to how they ended up here.  Jim Bidzos has
not been available for comment.


It'll be interesting to see how Jim Barksdale from Netscape will respond
to all this.


Best,


--Todd Lappin-->
Section Editor
WIRED Magazine


-----------------------------------


(From www.ibm.com)


High-tech leaders join forces to enable international strong encryption




NEW YORK AND PARIS, Oct. 2, 1996 -- Eleven major information technology
vendors and user organizations today announced the formation of an
alliance to develop an exportable, worldwide approach to strong
encryption. The goal of the alliance is to enable companies to conduct
secure international electronic commerce.


The alliance was formed in response to demand from customers who are
conducting more and more of their business processes electronically.
Internationally available strong encryption would enable these firms to
send sensitive information securely over the Internet and other
international networks.


The companies forming the alliance will achieve this by developing
modern, high-level cryptographic "key-recovery" solutions that meet the
requirements of business and could allow easing of restrictions of
cryptographic import/export around the world.


Members of the alliance are Apple Computer, Inc., Atalla, Digital
Equipment Corporation, Groupe Bull, Hewlett-Packard, IBM, NCR Corp.,
RSA, Sun Microsystems, Inc., Trusted Information Systems and UPS. The
alliance is also open to other companies with an interest in key
recovery.


"Keys" are strings of computer code that lock and unlock data. Key
recovery is an approach that permits the recovery of lost or damaged
keys without the need to store or "escrow" them with a third party. This
approach could also meet the needs of law enforcement to act under the
authority of a court order without risking the confidentiality of
business data.


Modern, high-level cryptography works to ensure four critical elements
of security -- Confidentiality: prevents against unauthorized parties
from seeing information; Integrity: determines that information has not
been changed during transit; Authentication: verifies the identity of
the user and the user's eligibility to access and use information;
Non-Repudiation: provides evidence that a transaction took place, for
example, that a customer actually placed an order.


"Key recovery will truly open the Internet for serious business," said
Irving Wladawsky-Berger, general manager, IBM Internet Division. "Once
businesses are confident that their electronic transactions are safe and
they control the recovery of keys, a flood of new market opportunities
will open. The Internet is rapidly shifting from a place to browse for
information to an environment for conducting real business."


Quotes from Alliance Members


"Apple recognizes and supports the need for key
recovery, and we are pleased to be a part of the alliance," said Ellen
Hancock, chief technology officer and executive vice president of R&D
for Apple Computer, Inc. "We believe that this alliance will help in
dustry lead in developing solutions for secure transactions while
prompting the evolution of the Internet as a business environment."
Atalla "Securing commerce over the Internet using strong encryption
technologies will require a common set of standards and approaches to
fundamental security issues such as key recovery and key management,"
said Robert Gargus, Atalla president and general manager. "Once these
standards are accepted and globally deployed, public networks such as
the Internet will provide a secure, multi-national commercial trading
environment for worldwide electronic commerce."


"The alliance has struck a balance between government and
business needs," said CommerceNet Chairman Marty Tenenbaum. "Allowing
encryption to this degree opens the door to the proliferation of
electronic commerce."


"Strong encryption is a necessary element
in delivering secure network business solutions to our customers
worldwide. Key recovery is a mechanism that addresses government policy
concerns about the export of strong encryption while at the same time
meeting growing commercial needs," said Sam Fuller, vice president and
chief scientist for Digital Equipment Corporation. "Digital sees this
alliance as an effective means to develop open and interoperable key
recovery standards."


"Electronic Commerce is planned to be $1T by the year 2010
according to experts. The capability to have secured transactions is a
prerequisite for the market," said Alain Couder, senior executive vice
president of Groupe Bull. "Groupe Bull had been actively involved in the
search for a solution to provide a balance between the legitimate need
for users to have privacy, for corporations to protect their trade
secrets and relationships and for governments to maintain national
security. Bull has the ambition to be a leading provider of this
capability with key encryption technology, smart cards and its Internet
products and services."


"HP is pleased to be a founding member of the alliance,"
said Richard W. Wevcik, HP vice-president and general manager of the
Systems Technology Group. "Exportable strong encryption is a key enabler
for international electronic commerce and provides businesses with the
ability to perform secure transactions and other communications
regardless of geography. Key recovery is one of several technologies
that will be important."


"Export controls are a fact of life," said Jim Bidzos, president of
RSA Data Security. "The key recovery alliance's approach will allow
companies to use cryptography with differing levels of security in an
interoperable way. When the alliance implements this technology it will
give the user a new level of flexibility that did not exist before. In
an imperfect world this technique will at least allow you to take
advantage of what governments around the world will allow."


"We're delighted to be part of the alliance
because we believe the adoption of a worldwide standard for key recovery
is essential to solving current network security problems," said Stephen
T. Walker, president and CEO of TIS. "User-controlled key recovery
systems including our own products have already demonstrated that user
privacy concerns and exportability requirements can be successfully
addressed. But there must be worldwide interoperability. And it is our
hope that the alliance will be able to accomplish that."


 "The work of the alliance could have a profound impact on conducting
international business over the Internet," said Joe Pyne, UPS vice
president of marketing. "UPS is committed to improving the movement of
both information and packages in secure and time sensitive manners. The
alliance allows us to combine our expertise, energies and financial
strength to quickly develop standards that will open the door for rapid
development of products and services."


###