In the last week in January, the one that followed the Super Bowl, RSA Data Security Inc. staged a championship match of a different kind, with a more ambiguous outcome.

Irresistible free-market forces met up against some immutable regulatory tendencies of government regarding controversial data encryption issues. This game went into overtime and is still undecided.

The occasion was RSA's seventh annual conference in San Francisco on data security technology, a unique assemblage of technology marketers, computer scientists, and experts in the mathematics of cryptography; of government regulators and law enforcement officials and intelligence gatherers; of bankers and brokers and entrepreneurs of many stripes.

They were about 2,500 strong, double the number a year earlier, reflecting the spiraling of activity on, if not yet revenues from, the Internet. Their interests converged on issues of security and privacy and ways to bring the techniques of data encryption to bear on both.

Of course, nobody is against security or privacy. It's the surrounding rules that cause contention.


In the center of it all was James Bidzos, the puckish, sometimes pugilistic president of RSA Data Security, Redwood City, Calif.

"I thought all my friends in the world who knew anything at all about cryptography were here three years ago," he said, marveling at the sea of faces in the Masonic Auditorium, which had to serve as the main meeting venue because no San Francisco hotel could contain it.

When in his battling mode, Mr. Bidzos rails against U.S. government policies restricting the free flow of cryptography products like those developed, and widely licensed by, RSA.

His conference has a tradition of giving the national administration a fair chance to be heard-the opening keynote speech last Tuesday was by the diplomat David Aaron, whom President Clinton has designated special envoy on cryptography. RSA also invited to a panel discussion Dorothy Denning, a Georgetown University computer science professor who stands apart from most other academics by taking the government position.

Ms. Denning was essentially drowned out, and it was generally open season on her ilk.

But while Mr. Bidzos and his private-sector allies who favor stronger forms of encryption have numbers on their side, people like Mr. Aaron have the power.

The result is a standoff in the encryption realm's mother of all battles.


Mr. Aaron referred to "several important instances"-including the Aldrich Ames spy case and child pornography and drug-trafficking investigations-in which perpetrators used data encryption. The implication was that if their technology were more sophisticated, the crimes would have gone unsolved.

"In developing its policy on encryption, the government has made a good- faith effort to balance the obligations and interests involved," Mr. Aaron said.

Rather than "seek to expand the powers of law enforcement or reduce the privacy protections of individuals," the ambassador added, "the intent is to maintain, in the face of technological change, the current legal instruments (government) has and continues to require ... in the interest of public safety."

After Mr. Aaron was gone, Mr. Bidzos seized on the notion that soon only "dumb criminals" will be caught using the weaker, easily breakable forms of encryption. He asked, "Aren't we going to catch the dumb criminals anyway?"


The Clinton administration's recent tilt toward flexibility-it has allowed the first exports of encryption systems with 56-bit keys, which are much harder to crack than the previously allowed 40-bit limit-has not come fast or far enough to suit the critics.

Where financial institutions and money are concerned, key lengths are generally not limited. The longer the key, the longer it takes for a would- be criminal to test all the possible combinations to break into the message or steal the money.

But the export restrictions do cost. Terisa Systems Inc., which offers a tool kit for implementing the RSA-based Secure Electronic Transactions protocol for Internet credit card transactions, doubles the price for its export version, to about $200,000.

"That includes support in applying for export licenses on the customer's behalf," said Ken Mohr, the Los Altos, Calif., company's product marketing manager. "That is very human-resources-intensive. It can be a three- to four-month process."


Export rules, and the related question of whether the government should require the neutral safekeeping, or escrow, of those codebreaking keys, are flash points in the debate. The pro-encryption hawks want every incentive to improve security technology, and they don't want to lose business to unfettered foreigners.

The restrictions came about because of concerns that foreign enemies or terrorists could use encryption to keep our armed and intelligence forces at bay. Cryptographic algorithms were thus classified as munitions and their exports policed by the State Department. (In the recent loosening, jurisdiction was transferred to the Commerce Department.)

Pointing to a legalistic irony of crypto going mass-market, Mr. Bidzos said, "WebTV suddenly discovered they were in the arms business-an interesting thing to happen to a consumer products company."


Metaphorically speaking, Mr. Bidzos has accused the government of wanting no less than access to the keys of all businesses' file cabinets.

He brought a new analogy to the conference last week: "We do business today with signatures for identification and sealed envelopes for privacy. Imagine if we had to throw all that away and send all our communications on typewritten postcards that anybody can read and forge.

"The Internet is equally impossible to imagine without encryption."

He also noted that a secure E-mail protocol, called S/MIME, is poised to be included in the next release of Netscape Navigator.

The overnight addition of 40 million World Wide Web users "could be one of the biggest events in the history of cryptography," Mr. Bidzos said. "There is no precedent for such an explosion in privacy. It will happen automatically and transparently. It will get the whole world using encryption and will get the government fired up. I can't wait."


Mr. Aaron didn't stay for questions from a largely adversary audience. Even before he began speaking, the deck began to be stacked against him as four congressional critics of the administration preached by teleconference to the converted.

Two Republicans-Sen. Conrad Burns of Montana and Rep. Robert Goodlatte of Virginia-and two Democrats-Sen. Patrick Leahy of Vermont and Sen. Ron Wyden of Oregon-claimed growing bipartisan support for bills to clear encryption restrictions away. They contended it would be in keeping with free-market principles and help the U.S. maintain its technology leadership.

"Key escrow just won't work," said Sen. Burns, a leader of the congressional strong-encryption camp. "Bad people won't register their keys with the FBI or anyone else."

Rep. Goodlatte said he preferred to view encryption as "a terrific tool to fight crime" because it prevents "attacks against financial institutions, nuclear power plants, medical records."

Support for freer encryption policies "transcends partisan politics and ideology," the Virginian added. "The American Civil Liberties Union and National Rifle Association are both interested in this legislation."

Sen. Wyden said the administration adheres to an "old school, top down" mentality that is "not going to work. It's the same as the pornography debate. We are all against pornography but we ought to avoid federal censorship and instead deploy the technology and software to deal with it."

"Just because the president and vice president log onto their computers and do things doesn't mean they are experts," said Sen. Leahy. "They are about five miles behind that bridge (to the 21st century) at the moment."


On the first morning of the conference, RSA issued one of its periodic challenges to break encryption keys at various lengths from 40 bits on up. Within three and a half hours, Ian Goldberg, a graduate student across San Francisco Bay at the University of California with 250 high-powered workstations at his command, claimed a $1,000 prize for solving a 40-bit algorithm.

Mr. Goldberg, who has succeeded at other 40-bit breaks, was piped into the Masonic Auditorium by telephone and told Burt Kaliski of RSA Laboratories that this once-standard key length is "basically useless" in the face of readily available computing power. "Obviously, you wouldn't use a 40-bit key size unless the government wanted you to."

He said he also took a quick stab at RSA's 48-bit challenge, which would have paid a bigger bounty, but decided he could not justify the time and university resources it would take to succeed. In other words, the slight increment in key size made the hidden message considerably more secure from "brute force" computing attacks.

But when Mr. Kaliski suggested that Mr. Goldberg's 40-bit effort cost more than the $1,000 he would collect, the hacker replied that it cost next to nothing: "I used cycles on machines that were idle. An idle cycle is a wasted cycle."


Bruce Schneier of Counterpane Systems in Minneapolis, author of a classic text in the field, "Applied Cryptography," said, "Never underestimate the time, money, and effort someone will put into breaking a system."

He said it didn't occur to Netscape Communications Corp. that anyone would go to the trouble of breaking 40-bit encryption. When that was accomplished by a French hacker, it woke an entire industry up to the threat.

He added that in on-line commerce, systems require constant vigilance and purposeful attacks-as in the RSA challenge-to stay ahead of the criminal element. This contrasts with the fact that in real-world commerce, "solutions don't always have to be perfect to work. Credit cards, for example, are a broken protocol from a security point of view, but the system works. It's good enough."


Although crypto purists may regard key escrow as a "broken protocol," vendors are saying it is reality and has to be dealt with. They tend to focus on the variant known as key recovery, the ability to reconstruct lost keys. The government requires recoverability in any of the 56-bit algorithms it allows to be exported.

"We view key escrow and key recovery as being different," said International Business Machines Corp. information technology security director Kathy Kincaid. In the latter, "no one holds your key ... There is no third-party setup" that could be prone to theft.

IBM announced its SecureWay key recovery product. Separately, the Key Recovery Alliance that it organized last year has attracted more than 50 members, including its own competitors, to promote strong encryption and interoperability.

Also last week, SourceFile, an Oakland, Calif., records storage company, said it was the first private company to gain federal approval as a key recovery agent. It said it would perform that role for Trusted Information Systems of Glenwood, Md., a leading international data security vendor, which in turn is providing a piece of IBM's SecureWay framework.


David Luther, president of Security First Technologies' network security division, provided a rare glimpse into a pioneering Internet bank's security preparedness.

Security First Network Bank prides itself on its "military-grade encryption." But because customers log into Security First via their Web browsers, the encryption between customer and bank is not that air-tight. And Security First has not yet gone in for the digital certificates that could add a layer of security-though also complexity-in the authentication of customers.

But Mr. Luther pointed out that key-breaking is not a major risk because keys change with every transaction. "It's not easy to crack a key, whether 40 bits or 128 bits," he said.

He was more concerned about preventing insider attacks, which are said to be the source of most computer crimes, and the constant irritant of "hackers and students dabbling."

"Some break-in attempts we wouldn't know about," Mr. Luther conceded. But "there has been no organized threat against the bank," he said. The company posts a strongly worded, on-screen warning to deter hackers, and has sent "nasty letters" to those it has detected.

Security First has been on the lookout for people trying to break into the sessions of customers who are logged into the bank. Also, there is the threat of "spoofing" the Web site, creating a fake Security First with a slightly different Internet address in hopes of snatching the names and passwords of customers who make typographical errors.

"Once they start using our bank, most customers 'bookmark' it so they don't have to type the URL (uniform resource locator) again," Mr. Luther said. "The (site-spoofing) risk is low" and "we haven't seen anybody try," Mr. Luther said.

Subscribe Now

Access to authoritative analysis and perspective and our data-driven report series.

14-Day Free Trial

No credit card required. Complete access to articles, breaking news and industry data.