Cryptography export policy
See also TBTF for 2000-02-06, 1999-10-05, 08-30, 08-23, 08-16, 07-26, 05-22, 05-08, 04-21, 03-01, 01-26, more...
Rumors have been circulating that the White House was preparing yet another proposal requiring the escrow of cryptographic keys -- the Grandson of Clipper -- after two earlier key-escrow proposals were, respectively, laughed out of Washington and ignored. On Friday 5/17, 27 members of the House of Representatives sent the President a letter (see , press release at ) asking him the status of any such proposal and urging him to back the more liberal export restrictions embodied in the bill H.R. 3011  . On Saturday Inter@ctive Week shed some more light on the President's plans. At 4:09 pm Will Rodger <rodger at interramp dot com>, Washington Bureau Chief of Inter@ctive Week, posted a note to the Cypherpunks mailing list announcing an article he had just published . Someone had leaked to him a draft white paper describing the rumored Grandson of Clipper proposal. See  for a response posted by Timothy C. May <tcmay at got dot net&>, one of the original Cypherpunks; it raises a number of questions about the reported key-encryption proposal. The note, with some clarifications that Will Rodger added at 11:40 Sunday morning, appears on the TBTF archive by permission.
Our expectations are shaped by silicon. The silicon that constitutes CPUs and memory chips has with boring regularity continued to get faster and cheaper -- along with disk drives, video displays, printers, and all the with-its associated with commodity computers. A BOTEC: Moore's Law, formulated by Gordon Moore at Fairchild in 1964, states that the density of circuits on computer chips doubles every year. In fact the silicon business has maintained a Moore coefficient of about 1.5, not 2.0, for a couple of decades -- density doubling every 18 months. As a result circuits are some 40,000 times more compact than in 1970. The Moore coefficient for bandwidth has been closer to 1.25, we telecommunicate "only" 262 times faster than we did 25 years ago. To catch up to Moore's silicon curve, telecommunication speed would have to improve overnight by a factor of 152. (If it waits till next year, it must improve 228-fold.) In round numbers, give me 4.5 mbps and I'll be happy.
ISDN is a nonstarter in this game, promising in theory and at most a 4.4-fold performance increase at a price that varies across the U.S by a factor of 110. (See my article  on a year's experience with consumer-level ISDN.) What alternatives exist, and are any of the technologies capable of delivering a 150-fold improvement in bandwidth?
In late 1994 a group of chip and modem companies developed a specification called V.70, or Digital Simultaneous Voice and Data. Running over ordinary telephone lines, DSVD packs data into the silences in a normal conversation; when the humans shut up completely data can move at 28.8 kbps. The chips began appearing in commercial modems -- including models from Hayes, U.S. Robotics and Boca Research -- in the fall of 1995. External V.70 modems cost in the neighborhood of $360. Recently a number of other manufacturers, including IBM, Lucent, and Motorola, have announced backing for V.70, so supply should expand and prices fall soon. This technology represents no leapfrog in available bandwidth but merely an incremental improvement in the 28.8.kbps V.34.
PairGain Technologies of Tustin, CA claims to be the market leader in HSDL (high-bit-rate digital subscriber line) with over 250,000 units installed worldwide. PairGain is working with US West's !NTERPRISE Networking Services to test their 768 kbps "Megabit Modem" in Boulder/Denver and Minneapolis/St. Paul . This unit, which delivers 27 times the speed of a 28.8 kbps modem, is available today and runs over the existing copper wiring. I could not find any information on pricing for the modem, and the phone companies' price structure for putative HDSL service, when and if available, is anybody's guess.
I wrote about the promise of ADSL in TBTF for 1995-07-30 . Turns out ASDL is the way Microsoft is betting.
AT&T's Paradyne subsidiary had developed a technology it calls CAP, or carrierless amplitude and phase modulation, to support both ADSL (asymmetric digital subscriber line) and HDSL from the same chipset. A number of companies have licensed the CAP technology including Westell Technologies of Oswego, IL.
Westell makes an ASDL modem called FlexCAP that can deliver data at up to 6 Mbps over standard copper wires. (The current models seem to run at 1.55 Mbps, reading between the lines of the US West !NTERPRISE press release  -- Westell is also participating in the Denver/Mineapolis trial.) The "asymetrical" in the name means that data doesn't flow back to the provider at the same rate. FlexCAP can talk back to the server today only at 16 to 64 kbps; Westell alludes to a 640 kbps backstream in the future.
Microsoft plans to interface its Windows NT remote-access server to FlexCAP . The press release  positions an ADSL-equipped Windows NT server as a platform for content providers, and doesn't talk about what kind of client support Microsoft is considering for subscriber ADSL modems. Neither Microsoft nor Westell was willing to comment about home modems but both hinted at an announcement in June. Two days before the Microsoft/ Westell release, Westell split its stock 2-for-1 .
In a future issue I'll do a survey of the cable-modem landscape. For now let's just note that most observers believe that cables will have to be upgraded to handle two-way traffic before they will be practical for Net channels... at a cost I've seen estimated as high as $60 billion.
The Cypherpunks mailing list announced a Palo Alto meeting IRL, in real life; in the flesh, to put it in an old-fashioned, DNA-centric way. Martin Minow <minow at apple dot com> was there and took notes. He reported to the Cypherpunks list on 1996-05-12 the following points from the front lines of the digital encryption battles.
- Eudora and Netscape will provide S/Mime encryption in future releases. PGP is going nowhere and S/Mime is becoming ubiquitous. PGP lost at these two critical companies because of ongoing legal problems with Phil Zimmermann and strong concern that companies can't use PGP without running into patent problems with RSA.
- PGP's Web of Trust model is not working; it's hard to map an e-mail address to a key. What's winning is digital signatures, and S/Mime will support Verisign. The next Netscape beta will feature five Certificate Authorities in addition to Verisign.
- S/Mime provides pretty good encryption but from the Cypherpunks' viewpoint has two flaws: (minor) the signer's name is not encrypted, and (major) enryption defaults to 40-bit, and there is no good way to negotiate for stronger encryption.
- Over 90% of all secure connections made today use 40-bit RC2.
See also TBTF for 1997-07-28, 01-11, 1996-08-25, 08-08, 05-20
>>From Computer Industry Daily (1996-05-14):
> Reflex Magnetics [a London-based security company] reports that
> a new strain of Word macro virus surfaced. The new Challenge
> virus takes advantage of an undocumented security hole in Word
> rather than the "auto" commands used by earlier macro viruses.
>>From Interactive Age Daily (1996-05-16):
> "The big difference we are seeing at this conference is the acceptance
> by big corporate users that Java is real, and it is universal. The
> announcements in the past month that both Microsoft and IBM are embed-
> ding Java in their operating systems has reduced users' concerns," said
> John McCormick, editorial director of the conference. He listed several
> large Java applications that are in the process of being implemented by
> large companies, including a parts-ordering application at National
> Semiconductor, a purchase acquisition service at Dun & Bradstreet, a
> sports database dynamic linkage service at ESPN, and an online database
> access program at R.R. Donnelly.
> "The term 'applet' may no longer be appropriate for Java development.
> These are full-scale applications," said McCormick.
The governor of Georgia recently signed into law legislation aimed at preventing fraud in cyberspace, but it could have unintended consequences. The new law may force Web developers to remove links to other pages: it criminalizes the act of "falsely identifying" yourself on the Net, and that of directing people to someone else's computer without the other person's explicit permission.
>>Computer Industry Daily -- mail email@example.com with subject: > Subscribe .
>>Interactive Age Daily -- contact a human at firstname.lastname@example.org or > call 1-800-292-3642 or 847-647-0940.