RE: Pretty Good Privacy Not Looking So Great

Joe Barrera (joebar@MICROSOFT.com)
Fri, 5 Dec 1997 17:39:24 -0800


> BTW, what are Gates' views on hidden keys?

That's a good question. After a bit of searching, I finally found:

http://www.microsoft.com/corpinfo/7-28paper2.htm

This is a long document (or set of documents), but search for "key escrow"
and you will find the following paragraphs:

Until recently, encryption technology rested almost entirely within the
domain of national security agencies. Thus, countries such as the United
States and the United Kingdom limited the export of encryption technology
above a certain strength - 40-bit "key length" in the case of the United
States - in an attempt to keep this technology out of the hands of their
adversaries. Other countries, such as France and Russia, imposed cumbersome
registration schemes or outright bans on encryption-capable software. Still
others, including the United States, are now considering various forms of
"key escrow" or "key recovery" systems. Using this approach, one or more
agencies ("trusted third parties") would be given users' encryption keys, or
information on securing such keys, so that the government could obtain keys
and unscramble encrypted data or communications as needed.

The traditional rationales for regulating encryption, however, are outdated.
Strong encryption technologies are now available outside any particular
country's borders and over the Internet worldwide. As a result, controls on
encryption technology serve only to put domestic producers and businesses at
a competitive disadvantage to their international counterparts, who can
produce more secure products and protect their confidential data more
effectively. Furthermore, law-abiding businesses and individuals are
reluctant to trust third parties or governments with their encryption keys
or to deal with cumbersome and expensive administrative procedures that may
vary from country to country.

If the Internet is to become an established vehicle for electronic commerce,
businesses will need encryption technology that is sufficiently strong to
protect sensitive communications and transactions governed by workable,
internationally consistent regulatory schemes.

Governments should immediately remove export controls on encryption
technology. Free use and export of technologies such as the 56-bit data
encryption standard (DES) or equivalent-strength encryption, with a
2-bit-per-year upward adjustment to take account of improvements in
computing power, should be permitted immediately. Registration schemes and
outright bans on encryption technology should also be removed, as they put
domestic software producers and business users at a disadvantage in
international markets and do not keep encryption out of the hands of
criminals. Finally, because inconsistent national regulations are a major
roadblock to the development of electronic commerce on the Internet,
governments should cooperate in this area to reach internationally
consistent solutions.

- Joe

Joseph S. Barrera III <joebar@microsoft.com>
<http://research.microsoft.com/~joebar/>
Phone, Office: (415) 778-8227; Cellular: (415) 601-3719; Home: (415)
588-4801
The opinions expressed in this message are my own personal views and do not
reflect the official views of Microsoft Corporation.