CYBERWIRE DISPATCH: U.S. Loses in Encryption Market
President Clinton call your spooks, get FBI Director Louis Freeh on the phone. Tell them to order in pizza. Bill, it's going to be a long night. All your plans to hold the U.S. crypto market hostage have just been fucked... and you didn't even get kissed. A virtual tactical nuke was hurled into the arcane subculture of encryption technology recently when RSA President Jim Bizdos revealed that his company's Japanese subsidiary had developed a monster chipset capable of scrambling voice and data real time with a so-called "key length" of up to 1024 bits. That key length stuff is just so much gibberish to those playing without a scorecard, so let me drill down on it for you. Basically, the longer the key length, the harder it is for a message to be broken by "brute force" automated attacks. Current U.S. laws prohibit the export of any encryption device with a key length longer than 40-bits, or roughly the equivalent of Captain Crunch decoder ring. For hardcore math types, I'm told that a 1024-bit key length is 10 to the 296th power more difficult to break than 40 bits. Bizdos, speaking during lunch time at the Electronic Privacy Information Center (EPIC) 6th Cryptography and Privacy conference, told how his Japanese based company, Nihon-RSA, developed a set of two chips capable of scrambling messages at a level that will make the guys from the Puzzle Palace (the National Security Administration) cough up hair balls that would make the First Cat Socks envious. Bizdos seems to have found crypto's magic bullet: a legit way to essentially give the finger to U.S. export laws for crypto product. For years now the White House has been locked into a kind of crypto war. The Administration insists that strong encryption products must not be exported for fear that "terrorists, child pornographers and drug barons" and a rabble of assorted "bad guys" would snag the technology and proceed to plot the destruction of the "World As We Know It"... or at least Western Democracy, if the Iranians got in line first. The White House crypto-fascist team, led by the NSA, FBI and assorted military hawks, have offered braindead compromise plans, including three versions of the "Clipper Chip." This is a plan whereby you can buy strong locks for your data with the simple caveat that when you buy and use the products, you have to put the decoding key "in escrow." This way if a law enforcement agency ever has the need to unscramble any of your messages -- without you knowing it -- they can simply ask for these escrowed keys and have them handed over. Yes, even your local sheriff's department can ask for the keys. Now, the government promises it will use this power only for good and never for evil. Honest, that's what they say. Of course, the Justice Department, in writing the rules for getting the keys, totally absolves any law enforcement agency of all harm if this power is abused in any way. Oh.. and if that power is abused, the sheriff or the FBI or fucking Park Police for that matter, can still use any "evidence" they gin up on you. Honest, I'm not making any of this stuff up. So the battle has raged. The industry has been loathe to develop such products only for the American market because the cost of producing essentially duplicate products for domestic and foreign markets just wouldn't be cost effective. So, you and I are stuck having to use some pretty tedious encryption technologies, such as PGP (Pretty Good Privacy), which is great, but tough to use. Or we can use the Captain Crunch Decoder ring equivalents available off the shelf. In the meantime, other countries are happily making and distributing robust encryption technologies, at a possible loss of up to $60 billion for U.S. companies. In fact, it's a crime even to put a program like PGP on your laptop and go overseas. The State Department calls that "exporting." The government recently dropped a case against Phil Zimmermann, the inventor of PGP, after putting him through several hellish years in which they threatened to toss his ass in jail. There Phil would no longer be a threat to society at-large, but instead become a "girlfriend" for a 265 pound felon named Spike. Phil's "crime"?? That somehow his PGP app had been uploaded on to the Internet and whisked around the world. Phil didn't do it, but the U.S. government cried "export violation," anyway, eventually telling him, "Oh, never mind." So Bizdos, tired of fighting the wars here, enlisted the help of the Japanese. After setting up his Japanese unit, he hired a crack team of Japanese crypto experts who essentially "reverse engineered" the company's own U.S. crypto product, according to Kurt Stammberger, RSA director of technology marketing. It was a brilliant move. Bizdos can't be slammed by the State Department for violating crypto export laws because, well, he didn't export a damn thing, except some U.S. greenbacks, which of course, could have gone to U.S. cryptographers, but let's not quibble about jobs. Anyone want to kick around the subject of global competitiveness? What's happened here is the Japanese have now trumped the entire world on the crypto market. What's more, Clinton's brain-dead allegiance to the FBI, et al., has now allowed the Japanese government, which still owns a large share of NTT, which owns a minority share of RSA's Japanese subsidiary, to have a lock on the world's strongest encryption technology. Can you say "Remember the VCR" or "Remember the Semiconductor" or how about "Thanks, Bill. We're fucked." The boys in the Pentagon made a stink a few years ago when a Japanese company made a play for Fairchild, a top defense contractor. It was feared that the Japanese, by swallowing up the U.S. company, would also gain access to technologies vital to the U.S. military. The deal was squashed. Natch... now it looks like the G.I.'s with the stars on their shoulders have just put their spit-shined combat boots up their own ass by supporting Clinton and his continued ban on crypto exports. "We truly have ceded this market Japanese companies," Bizdos said. "It's almost too late to turn it around." Some 15 countries have already placed orders for these chips, Bizdos said, adding that the Japanese will not build the chips with a key escrow function. EPIC Director Marc Rotenberg said he was told by a Japanese representative that the country's constitution wouldn't allow key escrow because it doesn't allow wire-tapping. Umm... maybe the Japanese just don't have really bad guys like the FBI assumes we have here. What's more, Bizdos says the deal with NTT is "no coup." He says the Germans and French "aren't far behind" in developing similar technologies. The RSA bombshell "fuels the argument that this stuff can't be contained in our own borders," said PGP's Zimmermann. Just how the relationship between NTT and RSA works out isn't set, Bizdos acknowledged. "They'll pay us a royalty for the chips they sell," he said. "We're working it all out." Meanwhile, from my office window here in DC I've already counted 17 Domino's Pizza delivery bikes go screaming by on their way to the White House. Through my telescope I can see the White House balcony; it looks like Bill is sick, like he's just heard some "really bad news." And behind him, just inside the double-doors, on a Persian rug placed there by Warren G. Harding, I think Socks the Cat has just coughed up a hairball... or maybe it was Louis Freeh. From this angle, I just can't be sure.