FC: RSA 2000 day 3 conference report from "Ralph" (The Potato Salad Fallout continues)

[Declan McCullagh <declan () well com>]

**********

Declan,
Discretion ruled today. Several folks were ill and/or recovering from food
poisoning like symptoms, so I did not cover the full conference today. I
was told the Intel Keynote was good, but this is hearsay. The afternoon
sessions were sparsely attended; the ones I attended in the implementers
track were very low on technical detail; they were "Crypto Due Diligence"
and "Security: ROI". The Due Diligence brief was good, but the technical
level could have been more rigorous; well delivered and put together. The
ROI brief was at too high a level to do anything with. Attendance overall
seemed lighter than previous days, based on the lack of crush in the
concourse.
We are going to try to make it through the Gala this evening ... Will write
back on that.
Ralph

**************

> From: "Cabe Franklin" <cabe.franklin () pnicg com>
> To: <declan () well com>
> Subject: RSA 2000 Day 2 addendum
> Date: Wed, 19 Jan 2000 10:51:21 -0800
> X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0
> Importance: Normal
>
> Hi Declan - thanks again for the ideas of recipients for the software last
> night.  i'm afraid I was a little last-minute in compiling them and as a
> result we ended up going to Brian Gladman in the UK, who you may know or at
> least know of.  It was an easy connection to make and those who know him say
> he will be thrilled to get the email - as this is not true of many people to
> whom you send an unsolicited 6MB attachment, we decided to go with it.
>
> feel free to edit/forward this as you see fit.
>
> --
>
> Picking up where Ralph left off as I didn't make it to lunch, so was not
> incapacitated by exposure to RSA potato salad -
>
> I won't pretend not to be writing from a vendor perspective - but for any
> politechnical this is true; the show always reminds you it's a small world.
> First few people I saw were an industry analyst who had jumped to start up
> his own for-profit firm (Ted Julian from Forrester, who acquired L0pht Heavy
> Industries); a former colleague who had disappeared a few months ago, now
> working in a competitor's booth; a former colleague who had left over a year
> ago, who had gone to a startup that never started and is now happily working
> for us again; and another analyst, still wearing her analyst hat but somehow
> spending the show in a for-profit booth, wearing their polo and handing out
> their business cards.  Co-branding, I suppose.
>
> For me the PGP export event was obviously the focus - it came off much
> better than I had expected.  We had gotten commitments from the critical
> folks earlier in the day, but the scheduling was so tight I wasn't
> optimistic it was really going to work.
>
> We had reserved a big room at the Fairmont in San Jose, and did a decent job
> of filling it - our event folks said we had about 500 people through during
> the party, and I think the majority were present for the actual export.  The
> program started with Dave Balenson, a cryptographer in our research labs who
> was marking his 9th RSA show - he told the story of Phil Z coming to him in
> 1986 with a proposal for "standards for securing email messages" using the
> RSA algorithm.  Dave actually dug up the proposal, which he held up during
> his talk, along with the business card Phil was toting at the time - for (I
> think) "Boulder Software Engineering."
>
> Kelly Blough, our director of government relations, then got up and brought
> Cong. Lofgren and Goodlatte on stage, and announced that they would
> commemmorate the new regs by being the first to export PGP.  The crowd was a
> little unprepared for this and laughed heartily.  (actually, I'm going out
> of order - first she greeted "anyone from the FBI and NSA who might be in
> attendance - which met with equally surprised and boisterous laughter.)
>
> Kelly then brought Phil Z. up on stage, and announced that Phil had asked if
> he could finally grant permission to the Congressmen to export PGP.  The
> crowd got a kick out of this, and the mood was high.  Without further ado,
> Goodlatte and Lofgren took their positions at the computer (the monitor was
> linked to a giant projection screen so the crowd could see what was going
> on) - Lofgren attached the PGP executable, addressed it, typed a note saying
> "this is the first export of PGP software, from U.S. Congressman Bob
> Goodlatte and Congresswoman Zoe Lofgren, sent 1/18/2000" and clicked Send,
> and it was done.  Wild applause.
>
> Alan Davidson of the Center for Democracy and Technology (who, as we
> discussed, was instrumental in making this event happen) spoke briefly about
> how this was a victory not just for security but for privacy.  And Phil Z.
> closed by speaking for a bit about the past ridiculousness of clicking Send
> being considered a felony crime, and with remarkable good humor about how he
> wished "my prosecutor and the customs agents who attempted to incarcerate me
> were here tonight."  And that was that.
>
> There was an AP freelance photographer on hand so hopefully the image of the
> export moment will show up soon in a daily near you.  I took a couple
> digital shots and I know Dave Balenson did as well, and I think Alan is
> planning to post those on the CDT site as soon as I can get them to him.
>
> The rest of the evening was typical trade show.  I had a good conversation
> with a trade reporter who had just faced the MSFT contact he had hassled via
> phone for months, and found him to be a much nicer guy than he had a right
> to be given how hard the reporter had been on him in the past.  Tried to
> catch up with a friend at the Entrust party (which had standup video games)
> but I think those attendees were all smoked out by the XCert party next door
> (which had cigars) so I called it a night and made the long drive back up to
> the City.
>
> Now that the conference has outgrown the San Jose Convention Center (or,
> more critically, the IBM Cryptographer's Gala Ball has reached capacity at
> the San Jose Arena) it sounds like we are heading for April 2001 at Moscone
> in San Francisco.  As the glory days of mini-booths in the basement of the
> SF Fairmont (which gave the conference a great high-school science fair
> feel) are long gone, I suppose the best that can be said for the move to
> Moscone is that there will be more party venues at night.  I, for one, can't
> wait for the Cryptographer's Gala 2001 on Alcatraz.
>
> below is one trade writeup of the export event, and the view from the show
> at large.
>
> One last thing, you know from past shows that RSA likes to bring a band in.
> Last year it was the Sugar Hill Gang, who gave us the history of crypto.
> This year (as reported to me) it was Jefferson Airplane, who did a custom
> version of White Rabbit:
>
> "One key's very lengthy
> and one key's very small...
>
> and the ones that you can export
> don't do anything at all...
>
> just ask Goodlatte"
> etc.
>
> cheers
> Cabe
>
> --
> Crypto community celebrates new export rules in style
> By Jim Kerstetter, PC Week Online
> January 19, 2000 10:26 AM ET
>
> SAN JOSE, Calif. -- If the Wicked Witch of the West were a government
> regulator among the cryptographers here, she'd be melting into a pool of
> water right about now.
>
> A week after the Clinton administration announced it was lifting most export
> restrictions on cryptography, the security crowd gathered here for the RSA
> Conference 2000 danced, celebrated and -- you'll have to pardon them, this
> has been a long fight -- gloated over the federal government's apparent
> change of heart.
>
> "This feeling is really good, you know?" said Phil Zimmermann, the inventor
> of the PGP encryption algorithm who was once threatened with a federal jail
> sentence. "I wish my prosecutor and the customs agents who attempted to
> incarcerate me were here tonight."
>
> Zimmermann, as much as anyone in the computer industry, personifies the
> battle over encryption export regulations. Nearly five years ago,
> Zimmermann, now a fellow at Network Associates Inc., defied encryption
> export restrictions and used his PGP encryption across international
> borders.
>
> At the time, this was nothing short of treason -- at least in the eyes of
> federal regulators. Until 1998, encryption was considered a munition -- a
> weapon of war. So allowing strong encryption -- that is, encryption strong
> enough to thwart any head-on attack -- to cross international borders was
> akin to selling explosives to the enemy. To make a long story short,
> Zimmerman just barely escaped going to the slammer for a very long time.
>
> Since his act of civil disobedience, Zimmermann has sold his company, Pretty
> Good Privacy Inc., to Network Associates. He's also achieved rock star
> status in the tech community. It's not uncommon, as was the case Tuesday, to
> find him posing with fans for a photograph.
>
> And finally, last night at the swanky Fairmont Hotel in downtown San Jose,
> Zimmermann had the last laugh.
>
> He finally got to do what he always wanted to do: send an encrypted message
> across international borders and do it legally. But not only did he get to
> do it, he got to do it with style. The encrypted Yahoo e-mail message was
> sent to a Ministry of Defense official in the United Kingdom. Zimmermann's
> cohorts in this newly legal transmission: U.S. Representatives Zoe Lofgren
> (D-Calif.) and Bob Goodlatte (R-Va.).
>
> "It was a thrill to export that crypto," Lofgren told a cheering audience of
> security experts.
>
> Behind the scenes
>
> While Zimmermann gained notoriety and the ire of federal officials, it was
> people like Lofgren, Goodlatte, industry lobbyists and William Crowell, the
> president and CEO of Cylink Corp., who did much of the fighting on Capitol
> Hill.
>
> Three years running, Goodlatte introduced a bill that would have relaxed
> export restrictions. This year, it looked like it would pass.
>
> But regulators in the U.S. Commerce Department, which controls encryption
> exports, beat them to the punch. The new regulations, as explained last
> week, allow for the unfettered export of strong, commercial encryption to
> all but terrorist nations. That's a huge change from before, when nothing
> with more than 56-bit encryption keys -- keys that can be solved with heavy
> computer processing -- could be exported without a lengthy approval process.
>
> Crowell, a former deputy director of the National Security Agency, knew both
> sides of the coin. As a former government security honcho, he understood
> fears about criminal and terrorist use of encryption. But, as he often
> pointed out to regulators, the idea that limiting American encryption
> exports -- while allowing use of strong encryption within U.S. borders and
> providing no regulation of encryption in other countries -- was hopelessly
> naïve.
>
> With his ties to industry and Capitol Hill, and his behind-the-curtain
> knowledge of America's spy agencies, Crowell became the chairman of the
> President's Export Committee, Subcommittee on Encryption.
>
> "My committee was quite vocal about what needed to be done," said Crowell.
> And what needed to be done, according to the committee, was a complete
> relaxation of export restrictions, except to those governments and anyone in
> the five countries designated terrorist nations by the U.S. State
> Department.
>
> Eventually, it appears, the administration listened.
>
> Back to the gloating
>
> Jim Bidzos, the chairman of RSA Security Inc. and a longtime critic of
> encryption export regulations, said he finally believes that the computer
> industry will no longer have to worry about encryption regulations.
>
> "This time, they've gone so far they can't turn back," Bidzos told reporters
> here earlier this week.
>
> Some analysts estimate that could cut security development costs by as much
> as 50 percent, because companies will no longer be forced to create domestic
> and exportable versions of their software.
>
> Ron Rivest, the co-inventor of the RSA algorithm that's used in nearly every
> browser and most encrypted e-commerce transactions, said he long thought it
> was an insult, a downright infringement on his freedom of expression, that
> he couldn't put his public key encryption algorithm on his Web site. He
> added that the Clinton administration's change of heart is welcome.
>
> "It was ridiculous," Rivest said. "The horse has been out of the barn for a
> long time."
>
> --
> Cabe Franklin
> Porter Novelli Convergence Group
> for Network Associates, Inc.
> (415) 975-2223



--------------------------------------------------------------------------
POLITECH -- the moderated mailing list of politics and technology
To subscribe: send a message to majordomo () vorlon mit edu with this text:
subscribe politech
More information is at http://www.well.com/~declan/politech/
--------------------------------------------------------------------------