Interesting People mailing list archives
IP: The Interoperability Fight Inside the Administration
From: Dave Farber <farber () cis upenn edu>
Date: Wed, 20 Nov 1996 10:55:23 -0500
From: "Stewart Baker" <sbaker () mail steptoe com> Dave: I enclose a somewhat shortened version of a recent (Nov. 18)Journal of Commerce op-ed by me and Peter Lichtenbaum. It discusses a new debate inside the Administration over the meaning of the two-year DES export window. It is also on our "Law and the Net" web page. at the bottom of the piece. Stewart Baker There seems to be an iron law of Washington policy-making: If you solve a tough policy problem on Monday, when you come into work on Tuesday, you won't find one solved problem on your desk. You'll find a new problem that arises out of Monday's solution. Certainly the Clinton Administration's recent announcement of a new encryption policy suggests that this law is still in effect. The problem the Administration has been trying to solve is as vexing as any it has ever faced. Exports of encryption products -- powerful techniques to encode data and communications -- have long been a sore point between the Administration and industry. Industry argues that sophisticated data scrambling is needed to preserve business confidentiality and privacy in the computer age. The Administration argues that its ability to conduct law enforcement and intelligence operations will be severely compromised if strong encryption products spread around the world. ... A few weeks ago, the Administration announced a new solution to this dilemma. It would yield something to those who manufacture old-style encryption if they would agree to start building key-recovery encryption soon. A previously almost unexportable encryption product, known as DES or the Digital Encryption Standard, would now be broadly exportable. But the only companies that could benefit from this liberalization were those that made a commitment to develop and sell key recovery products within two years. Several big high-tech companies expressed interest in taking the government up on this offer. The policy remained controversial, but the Administration was understandably pleased with the reaction to its solution. But that was Monday. By Tuesday, the government had a new and equally difficult problem to solve. Remember that the ability to export old-style DES is only temporary -- lasting up to two years. For many companies seeking to export DES products during the two-year window, a critical question is what will happen to their customers once the two-year window closes. Specifically, will the old DES products work with the new key recovery products being developed? If not, customers buying the DES products could be stranded in two years. And that flies in the face of everything the computer industry has learned about its customers. Companies like Intel and Microsoft owe their success to "backward compatibility." Backward compatibility means that each new generation of Microsoft and Intel products not only does amazing new things -- it also runs all your old software, better and faster. So why is the U.S. government bucking this tide by asking producers and consumers to drop DES cold in two years? Well, try looking at it from the government's perspective. If the new key-recovery encryption works seamlessly with plain old-fashioned DES, then the old style of DES may never entirely disappear. Even if key recovery encryption sweeps the country, pockets of crooks can go on using their FBI-proof encryption systems without suffering even modest inconvenience. That is not a world that the FBI wants to live in. And so it argues for a strict cut-off at the end of two years. How will this debate turn out? We'd put our money on those arguing for flexibility and interoperability. The lesson taught by Microsoft and Intel is just too plain to be ignored. It takes a miracle to get customers to throw out their old hardware and software in one dramatic break with the past. If buying key-recovery encryption means customers must give up all of their legacy encryption systems, key recovery products will carry a near-fatal burden in many markets where encryption is now used widely. The transition to key recovery will have to be gradual or it won't happen at all. For the proponents of key recovery encryption, giving up their demand for a strict cut-off will be a setback, but perhaps only a temporary one. For the other lesson of the computer industry is that technologies can be orphaned -- just not immediately. Three years ago, no one in the PC world would have bought an operating system that didn't run MS-DOS. Three years from now, we'll be happy to buy an operating system that is backward-compatible with Windows 95 but not with MS-DOS. And then, at last, we'll throw out all our old DOS programs. The same could be true for key-recovery encryption -- but only if its proponents manage to show as much patience and market savvy as Bill Gates. ---- Copyright 1996 Steptoe & Johnson LLP Steptoe & Johnson LLP grants permission for the contents of this publication to be reproduced and distributed in full free of charge, provided that: (i) such reproduction and distribution is limited to educational and professional non-profit use only (and not for advertising or other use); (ii) the reproductions or distributions make no edits or changes in this publication; and (iii) all reproductions and distributions include the name of the author(s) and the copyright notice(s)included in the original publication. A version of this paper was first published by the Journal of Commerce on November 18, 1996. Any reproduction must contain credit to the Journal of Commerce. Requests for permission to copy portions of the document should be directed to: wbatterton () steptoe com.
Current thread:
- IP: The Interoperability Fight Inside the Administration Dave Farber (Nov 20)