Cryptology: Big Breakthrough Or Big Brother?

Washington may like key recovery, but privacy hawks don't

For the Royal Dutch/Shell Group, the electronic messages zipping among its 120 far-flung companies "represent the glue that holds the corporation together," says Shell encryption expert Nick Mansfield. But the messages must be kept from prying eyes. In the Dark Ages before computers, Shell sent sensitive telexes in code. And now, as the Netherlands-based oil and chemical giant launches a global network for its internal communications, piggybacked on the Internet, it is counting on sophisticated encryption technology to keep its secrets safe.

Shell is one of hundreds of companies that understand how critical cryptography is to a wired world. Without it, "we won't have real electronic commerce or electronic banking," says Kawika Daguio, technology maven at the American Bankers Assn. But Shell's new web isn't just on the cutting edge of the Information Age. It also offers hope that industry and government are finally finding a solution to a raging policy debate that pits the needs of law enforcement against the right to privacy.

The central question is what type and level of encryption U.S. companies are allowed to export. In recent years, encryption technology has become so sophisticated that a personal computer can apply codes that government experts can't crack. FBI officials and the code-breaking spooks at the National Security Agency fear that such unbreakable cryptography will be used by terrorists, child pornographers, and other nasty characters. As a result, the U.S. government has long tried to limit the spread of the technology around the world with strict export controls. It used the export restrictions to encourage domestic use of technologies that would give the government--in criminal investigations, for example--keys to decipher the code.

CUI BONO? In 1993, the Clinton Administration pushed a government-developed chip dubbed Clipper that gave law enforcers the key to a secret "backdoor," allowing them to read any coded message. Industry, fearing government intrusion, violently rejected it. The Administration made a series of small compromises, but they, too, were rejected. Finally, in October, the Clintonites decreed that firms could export even the strongest cryptography. The main condition was that companies maintain access to their own keys and agree to hand them over in response to warrants or court orders. "Two years ago, imagining that the government would allow exports of cryptography of unlimited strength was like imagining during the Cold War that the Berlin Wall would fall," says Stephen T. Walker, CEO of Trusted Information Systems (TIS) in Glenwood, Md.

Nevertheless, the new policy raised the hackles of everyone from right-wing conservatives and privacy advocates to some software executives. Republican representative Sonny Bono of California doesn't want the FBI to have access to keys because "I absolutely don't trust them," he says. And software execs argue they're losing foreign sales to overseas competitors who aren't bound by the restrictions.

Some of this opposition will never fade. Philip Zimmermann, creator of a legendary cryptography program called Pretty Good Privacy, would like to "roll back the clock to a time when every conversation was private." But many experts predict industry will eventually go along. Much of the current criticism, they contend, represents a simple lack of understanding of the companies' own need to access or "recover" encoding keys.

Most firms are only now beginning to think about how to ensure security as they hook up to public networks, says James Hurley, cryptography expert at the Aberdeen Group, a Boston consulting and research firm. They haven't yet gotten to the next stage of deciding how they are going to manage cipher keys. "When I talk to end users about this, they don't know key recovery from a hole in the wall," he says.

In contrast, savvier customers are realizing the importance of key-recovery technology. For Shell execs to maintain control of their vast empire, "they must be able to look at any of the messages that flow around the group of companies," explains Mansfield. "With encryption, that requires central control of keys."

Meanwhile,tomeet the anticipated demand, computer suppliers are launching new products that offer key access. Hewlett-Packard, for example, is about to announce a hardware system that allows customers to use whatever type of encryption or key management will fit their needs--and their government's policies. "We believe this solves the problem," says H-P Vice President Rick Sevcik.

ESCROW SCHEME. Today, most encryption schemes use so-called public-key cryptography. Complicated math allows senders to use one key, which is made public, to garble a message. But only the recipient with the corresponding private key can decipher it.

But what happens when employees lose their private keys or leave the company? How can companies gain access to their files? One method is to simply keep copies of every private key in escrow. For instance, each time Nortel Secure Networks' "Entrust" encryption product generates a new public and private key pair for a user, "the private key is backed up and put in the server," explains Brad Ross, director of business development for Nortel.

But this so-called key-escrow scheme isn't ideal. For one thing, the backup keys must be kept under tight security--and there are unanswered questions about liability if the security is breached. In addition, law enforcers who use a search warrant to obtain a private key would then have access to everything encoded by the key, not just a few relevant documents or messages.

TIS's Walker thought there must be a better way. So he came up with the notion not to save messages or private keys--but simply to give companies the ability to recover the keys used to encrypt messages. A company can then decrypt the key and decode just the relevant message. But the sender's key remains private, safe from both company execs and federal agents.

There are still practical hurdles before the technology can become widespread. Communications software must be adapted, and legislation will be needed to clarify the liability issues for key-recovery centers. The Administration is currently working on a draft bill. And whether key recovery becomes a global solution depends on whether other governments sign on to the idea.

But a trend is beginning to emerge. Administration critic James Bidzos, CEO of RSA Data Security Inc. in Redwood City, Calif., concedes, "we are seeing the market move to emergency access [of keys]. If the government wants to say "`we were right,' let them." No doubt the fight over cryptography will continue. But ultimately, today's battles may seem as distant as the Cold War.

Before it's here, it's on the Bloomberg Terminal. LEARN MORE