Politech mailing list archives
FC: RSA 2000 day 3 conference report from "Ralph" (The Potato Salad Fallout continues)
From: Declan McCullagh <declan () well com>
Date: Thu, 20 Jan 2000 15:02:14 -0500
********** Declan, Discretion ruled today. Several folks were ill and/or recovering from food poisoning like symptoms, so I did not cover the full conference today. I was told the Intel Keynote was good, but this is hearsay. The afternoon sessions were sparsely attended; the ones I attended in the implementers track were very low on technical detail; they were "Crypto Due Diligence" and "Security: ROI". The Due Diligence brief was good, but the technical level could have been more rigorous; well delivered and put together. The ROI brief was at too high a level to do anything with. Attendance overall seemed lighter than previous days, based on the lack of crush in the concourse. We are going to try to make it through the Gala this evening ... Will write back on that. Ralph **************
From: "Cabe Franklin" <cabe.franklin () pnicg com> To: <declan () well com> Subject: RSA 2000 Day 2 addendum Date: Wed, 19 Jan 2000 10:51:21 -0800 X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal Hi Declan - thanks again for the ideas of recipients for the software last night. i'm afraid I was a little last-minute in compiling them and as a result we ended up going to Brian Gladman in the UK, who you may know or at least know of. It was an easy connection to make and those who know him say he will be thrilled to get the email - as this is not true of many people to whom you send an unsolicited 6MB attachment, we decided to go with it. feel free to edit/forward this as you see fit. -- Picking up where Ralph left off as I didn't make it to lunch, so was not incapacitated by exposure to RSA potato salad - I won't pretend not to be writing from a vendor perspective - but for any politechnical this is true; the show always reminds you it's a small world. First few people I saw were an industry analyst who had jumped to start up his own for-profit firm (Ted Julian from Forrester, who acquired L0pht Heavy Industries); a former colleague who had disappeared a few months ago, now working in a competitor's booth; a former colleague who had left over a year ago, who had gone to a startup that never started and is now happily working for us again; and another analyst, still wearing her analyst hat but somehow spending the show in a for-profit booth, wearing their polo and handing out their business cards. Co-branding, I suppose. For me the PGP export event was obviously the focus - it came off much better than I had expected. We had gotten commitments from the critical folks earlier in the day, but the scheduling was so tight I wasn't optimistic it was really going to work. We had reserved a big room at the Fairmont in San Jose, and did a decent job of filling it - our event folks said we had about 500 people through during the party, and I think the majority were present for the actual export. The program started with Dave Balenson, a cryptographer in our research labs who was marking his 9th RSA show - he told the story of Phil Z coming to him in 1986 with a proposal for "standards for securing email messages" using the RSA algorithm. Dave actually dug up the proposal, which he held up during his talk, along with the business card Phil was toting at the time - for (I think) "Boulder Software Engineering." Kelly Blough, our director of government relations, then got up and brought Cong. Lofgren and Goodlatte on stage, and announced that they would commemmorate the new regs by being the first to export PGP. The crowd was a little unprepared for this and laughed heartily. (actually, I'm going out of order - first she greeted "anyone from the FBI and NSA who might be in attendance - which met with equally surprised and boisterous laughter.) Kelly then brought Phil Z. up on stage, and announced that Phil had asked if he could finally grant permission to the Congressmen to export PGP. The crowd got a kick out of this, and the mood was high. Without further ado, Goodlatte and Lofgren took their positions at the computer (the monitor was linked to a giant projection screen so the crowd could see what was going on) - Lofgren attached the PGP executable, addressed it, typed a note saying "this is the first export of PGP software, from U.S. Congressman Bob Goodlatte and Congresswoman Zoe Lofgren, sent 1/18/2000" and clicked Send, and it was done. Wild applause. Alan Davidson of the Center for Democracy and Technology (who, as we discussed, was instrumental in making this event happen) spoke briefly about how this was a victory not just for security but for privacy. And Phil Z. closed by speaking for a bit about the past ridiculousness of clicking Send being considered a felony crime, and with remarkable good humor about how he wished "my prosecutor and the customs agents who attempted to incarcerate me were here tonight." And that was that. There was an AP freelance photographer on hand so hopefully the image of the export moment will show up soon in a daily near you. I took a couple digital shots and I know Dave Balenson did as well, and I think Alan is planning to post those on the CDT site as soon as I can get them to him. The rest of the evening was typical trade show. I had a good conversation with a trade reporter who had just faced the MSFT contact he had hassled via phone for months, and found him to be a much nicer guy than he had a right to be given how hard the reporter had been on him in the past. Tried to catch up with a friend at the Entrust party (which had standup video games) but I think those attendees were all smoked out by the XCert party next door (which had cigars) so I called it a night and made the long drive back up to the City. Now that the conference has outgrown the San Jose Convention Center (or, more critically, the IBM Cryptographer's Gala Ball has reached capacity at the San Jose Arena) it sounds like we are heading for April 2001 at Moscone in San Francisco. As the glory days of mini-booths in the basement of the SF Fairmont (which gave the conference a great high-school science fair feel) are long gone, I suppose the best that can be said for the move to Moscone is that there will be more party venues at night. I, for one, can't wait for the Cryptographer's Gala 2001 on Alcatraz. below is one trade writeup of the export event, and the view from the show at large. One last thing, you know from past shows that RSA likes to bring a band in. Last year it was the Sugar Hill Gang, who gave us the history of crypto. This year (as reported to me) it was Jefferson Airplane, who did a custom version of White Rabbit: "One key's very lengthy and one key's very small... and the ones that you can export don't do anything at all... just ask Goodlatte" etc. cheers Cabe -- Crypto community celebrates new export rules in style By Jim Kerstetter, PC Week Online January 19, 2000 10:26 AM ET SAN JOSE, Calif. -- If the Wicked Witch of the West were a government regulator among the cryptographers here, she'd be melting into a pool of water right about now. A week after the Clinton administration announced it was lifting most export restrictions on cryptography, the security crowd gathered here for the RSA Conference 2000 danced, celebrated and -- you'll have to pardon them, this has been a long fight -- gloated over the federal government's apparent change of heart. "This feeling is really good, you know?" said Phil Zimmermann, the inventor of the PGP encryption algorithm who was once threatened with a federal jail sentence. "I wish my prosecutor and the customs agents who attempted to incarcerate me were here tonight." Zimmermann, as much as anyone in the computer industry, personifies the battle over encryption export regulations. Nearly five years ago, Zimmermann, now a fellow at Network Associates Inc., defied encryption export restrictions and used his PGP encryption across international borders. At the time, this was nothing short of treason -- at least in the eyes of federal regulators. Until 1998, encryption was considered a munition -- a weapon of war. So allowing strong encryption -- that is, encryption strong enough to thwart any head-on attack -- to cross international borders was akin to selling explosives to the enemy. To make a long story short, Zimmerman just barely escaped going to the slammer for a very long time. Since his act of civil disobedience, Zimmermann has sold his company, Pretty Good Privacy Inc., to Network Associates. He's also achieved rock star status in the tech community. It's not uncommon, as was the case Tuesday, to find him posing with fans for a photograph. And finally, last night at the swanky Fairmont Hotel in downtown San Jose, Zimmermann had the last laugh. He finally got to do what he always wanted to do: send an encrypted message across international borders and do it legally. But not only did he get to do it, he got to do it with style. The encrypted Yahoo e-mail message was sent to a Ministry of Defense official in the United Kingdom. Zimmermann's cohorts in this newly legal transmission: U.S. Representatives Zoe Lofgren (D-Calif.) and Bob Goodlatte (R-Va.). "It was a thrill to export that crypto," Lofgren told a cheering audience of security experts. Behind the scenes While Zimmermann gained notoriety and the ire of federal officials, it was people like Lofgren, Goodlatte, industry lobbyists and William Crowell, the president and CEO of Cylink Corp., who did much of the fighting on Capitol Hill. Three years running, Goodlatte introduced a bill that would have relaxed export restrictions. This year, it looked like it would pass. But regulators in the U.S. Commerce Department, which controls encryption exports, beat them to the punch. The new regulations, as explained last week, allow for the unfettered export of strong, commercial encryption to all but terrorist nations. That's a huge change from before, when nothing with more than 56-bit encryption keys -- keys that can be solved with heavy computer processing -- could be exported without a lengthy approval process. Crowell, a former deputy director of the National Security Agency, knew both sides of the coin. As a former government security honcho, he understood fears about criminal and terrorist use of encryption. But, as he often pointed out to regulators, the idea that limiting American encryption exports -- while allowing use of strong encryption within U.S. borders and providing no regulation of encryption in other countries -- was hopelessly naïve. With his ties to industry and Capitol Hill, and his behind-the-curtain knowledge of America's spy agencies, Crowell became the chairman of the President's Export Committee, Subcommittee on Encryption. "My committee was quite vocal about what needed to be done," said Crowell. And what needed to be done, according to the committee, was a complete relaxation of export restrictions, except to those governments and anyone in the five countries designated terrorist nations by the U.S. State Department. Eventually, it appears, the administration listened. Back to the gloating Jim Bidzos, the chairman of RSA Security Inc. and a longtime critic of encryption export regulations, said he finally believes that the computer industry will no longer have to worry about encryption regulations. "This time, they've gone so far they can't turn back," Bidzos told reporters here earlier this week. Some analysts estimate that could cut security development costs by as much as 50 percent, because companies will no longer be forced to create domestic and exportable versions of their software. Ron Rivest, the co-inventor of the RSA algorithm that's used in nearly every browser and most encrypted e-commerce transactions, said he long thought it was an insult, a downright infringement on his freedom of expression, that he couldn't put his public key encryption algorithm on his Web site. He added that the Clinton administration's change of heart is welcome. "It was ridiculous," Rivest said. "The horse has been out of the barn for a long time." -- Cabe Franklin Porter Novelli Convergence Group for Network Associates, Inc. (415) 975-2223
-------------------------------------------------------------------------- POLITECH -- the moderated mailing list of politics and technology To subscribe: send a message to majordomo () vorlon mit edu with this text: subscribe politech More information is at http://www.well.com/~declan/politech/ --------------------------------------------------------------------------
Current thread:
- FC: RSA 2000 day 3 conference report from "Ralph" (The Potato Salad Fallout continues) Declan McCullagh (Jan 20)