Interesting People mailing list archives
IP: The Interoperability Fight Inside the Administration
From: Dave Farber <farber () cis upenn edu>
Date: Wed, 20 Nov 1996 10:55:23 -0500
From: "Stewart Baker" <sbaker () mail steptoe com>
Dave:
I enclose a somewhat shortened version of a recent (Nov. 18)Journal of
Commerce op-ed by me and Peter Lichtenbaum. It discusses a new debate
inside the Administration over the meaning of the two-year DES export
window. It is also on our "Law and the Net" web page.
at the bottom of the piece.
Stewart Baker
There seems to be an iron law of Washington policy-making: If you
solve a
tough policy problem on Monday, when you come into
work on Tuesday, you won't find one solved problem on your desk. You'll
find a new problem that arises out of Monday's solution.
Certainly the Clinton Administration's recent announcement of a new
encryption policy suggests that this law is still in effect. The
problem the Administration has been trying to solve is as vexing as
any it
has ever faced. Exports of encryption products -- powerful
techniques to encode data and communications -- have long been a sore
point
between the Administration and industry. Industry
argues that sophisticated data scrambling is needed to preserve business
confidentiality and privacy in the computer age. The
Administration argues that its ability to conduct law enforcement and
intelligence operations will be severely compromised if strong
encryption products spread around the world.
...
A few weeks ago, the Administration announced a new solution to this
dilemma. It would yield something to those who manufacture
old-style encryption if they would agree to start building key-recovery
encryption soon. A previously almost unexportable encryption
product, known as DES or the Digital Encryption Standard, would now be
broadly exportable. But the only companies that could
benefit from this liberalization were those that made a commitment to
develop and sell key recovery products within two years.
Several big high-tech companies expressed interest in taking the
government
up on this offer. The policy remained controversial, but
the Administration was understandably pleased with the reaction to its
solution.
But that was Monday.
By Tuesday, the government had a new and equally difficult problem to
solve. Remember that the ability to export old-style DES is
only temporary -- lasting up to two years. For many companies seeking to
export DES products during the two-year window, a
critical question is what will happen to their customers once the
two-year
window closes. Specifically, will
the old DES products work with the new key recovery products being
developed? If not, customers buying the DES products could
be stranded in two years.
And that flies in the face of everything the computer industry has
learned
about its customers. Companies like Intel and Microsoft
owe their success to "backward compatibility." Backward compatibility
means
that each new generation of Microsoft and Intel
products not only does amazing new things -- it also runs all your old
software, better and faster.
So why is the U.S. government bucking this tide by asking producers and
consumers to drop DES cold in two years? Well, try
looking at it from the government's perspective. If the new key-recovery
encryption works seamlessly with plain old-fashioned DES,
then the old style of DES may never entirely disappear. Even if key
recovery encryption sweeps the country, pockets of crooks can
go on using their FBI-proof encryption systems without suffering even
modest inconvenience. That is not a world that the FBI wants
to live in. And so it argues for a strict cut-off at the end of two
years.
How will this debate turn out? We'd put our money on those arguing for
flexibility and interoperability. The lesson taught by
Microsoft and Intel is just too plain to be ignored. It takes a
miracle to
get customers to throw out their old hardware and software in
one dramatic break with the past. If buying key-recovery encryption
means
customers must give up all of their legacy encryption
systems, key recovery products will carry a near-fatal burden in many
markets where encryption is now used widely. The transition
to key recovery will have to be gradual or it won't happen at all.
For the proponents of key recovery encryption, giving up their demand
for a
strict cut-off will be a setback, but perhaps only a
temporary one. For the other lesson of the computer industry is that
technologies can be orphaned -- just not immediately. Three
years ago, no one in the PC world would have bought an operating system
that didn't run MS-DOS. Three years from now, we'll be
happy to buy an operating system that is backward-compatible with
Windows
95 but not with MS-DOS. And then, at last, we'll
throw out all our old DOS programs.
The same could be true for key-recovery encryption -- but only if its
proponents manage to show as much patience and market
savvy as Bill Gates.
----
Copyright 1996 Steptoe & Johnson LLP
Steptoe & Johnson LLP grants permission for the contents
of
this publication to be reproduced and distributed in full free of
charge,
provided that: (i) such reproduction and distribution is limited to
educational and professional non-profit use only (and not for
advertising
or other use); (ii) the reproductions or distributions make no edits or
changes in this publication; and (iii) all reproductions and
distributions
include the name of the author(s) and the copyright notice(s)included in
the original publication.
A version of this paper was first published by the
Journal of
Commerce on November 18, 1996. Any reproduction must contain credit to
the
Journal of Commerce.
Requests for permission to copy portions of the document
should be directed to: wbatterton () steptoe com.
Current thread:
- IP: The Interoperability Fight Inside the Administration Dave Farber (Nov 20)