RSA blasts (but also supports) government encryption policy

It was a theatrical way to kick off the RSA Data Security Conference here two weeks ago. Dressed in rap "gangsta" attire and shades, and accompanied by real rap artists - The Sugarhill Gang - a disguised Jim Bidzos, RSA Data Security, Inc.'s (RSA) president, danced onstage to rap lyrics condemning the U.S. government's encryption policies.

"Do encryption without going to jail," sang Bidzos, alluding to government rules that generally make it illegal to export products with strong encryption unless you agree to give law enforcement a way to easily unscramble data.

The 3,000 or so security professionals in attendance loved Bidzos' act. But few seemed to realize that although the company continues to lobby hard in Washington, D.C. against the kind of government-mandated key-recovery laws FBI Director Louis Freeh wants, in reality, RSA really is singing a different tune.

The next version of the RSA encryption tool kit, BSAFE 4.0, will force those building products with anything over 56-bit strength encryption to use a key-recovery center for exportable products. The centers are approved by the U.S. government to store the equivalent of master keys.

Corporations buying products made with BSAFE 4.0, which is due out midyear, may be allowed to operate their own key-recovery centers for key storage, if the government approves.

"As far as cryptoservice providers go, the signature is mandatory. It enforces a law enforcement policy," said Kevin Kingdon, RSA technical director.

BSAFE 4.0 will be based on an Open Group standard devised by Intel Corp. called the Common Data Security Architecture (CDSA) 2.0, with key-recovery extensions from IBM called KeyWorks.

KeyWorks is based on RecoverKey technology from Trusted Information Systems, Inc. (TIS).

RSA agreed to adopt CDSA and KeyWorks as part of a broad-based security alliance with Security Dynamics, Inc., RSA's owner. Under the alliance, IBM will resell the Security Dynamics ACE/Server authentication products.

Ironically, RSA is now also betting on the Digital Signature Standard and the Secure Hash Algorithm, technologies it fought over with the govern-ment four years ago before they became government standards.

One RSA licensee, TimeStep Corp., said it does not like where RSA is going with BSAFE. "Our customers don't want key-recovery," said Tony Rosati, TimeStep vice president of marketing.

Phil Zimmermann, founder of Pretty Good Privacy, Inc. (PGP) and now a "fellow" at Network Associates (which acquired PGP), hopes PGP software will "never" be based on government key-recovery software. PGP also is an RSA licensee.

However, TIS said corporations are adopting government-approved key-recovery. Dutch Shell Oil is allowed to operate its own key-recovery center in Holland, said TIS lawyer Ken Mendelson, also noting that TIS is acting as a government- certified key-recovery center for Sears, Inc.

At the RSA conference, one after another of the cryptoexperts said government key-recovery is unworkable on a large scale. It also will increase costs for the end user, who will end up paying for the new software complexity and key-recovery center costs.

Matt Blaze, principal research scientist at AT&T Laboratories, told the RSA audience that research completed by a group of cryptographers, including Whitfield Diffie of Sun Microsystems, Inc., found that "large-scale key-recovery on the scale envisioned by the government in the key-management infrastructure proposals lies beyond the current competency in the field."

TIS President Steve Walker disputed the findings, saying the cryptographers' panel "had looked only at the worst possible scenarios." Office of Management and Budget official Bruce McConnell told conference attendees that the government has tested 13 applications using a variety of key-recovery methods from Entrust Technologies, Inc., TIS, IBM's Secret Agent and VeriSign, Inc.

"We showed, yes, you can make key-recovery work," said McConnell, adding that the report's findings will be published in March.