Tales of the crypto
In a welcome sign of realistic thinking, the administration has
backed off its rigid approach to encryption and data security policy. To underscore this
change, the Defense Department and General Services Administration established a security
infrastructure program management office. The SI-PMO should help move the crypto debate
from its semi-religious grounds to more practical ones.
It's no accident that Deane Irwin is a SI-PMO co-chair. He's also co-chair of the
electronic commerce PMO. The two offices are mutually dependent. For the government to get
into electronic commerce in a big way, it must adopt security and encryption methods that
are accepted by and familiar to vendors. Frankly, the government is behind the times with
respect to EC. The feds aren't really in a position to enforce a new crypto standard--as
they have been finding out for the last two years of the Clipper debate.
Irwin is no wide-eyed idealist. An experienced federal manager, he knows the waters
he's navigating. Recently he acknowledged that products and standards from RSA Data
Security Inc. are out there and in wide use.
But the crypto debate isn't about RSA. Although the government couldn't establish
Clipper as the only effective way to protect data, it should not capitulate to the early
market dominance or public relations of any single company.
Irwin and his co-chair, Tom Burke of GSA, are wise to concentrate SI-PMO's initial
efforts in two areas: 1) interoperability among encryption implementations and 2)
improving relations between the government and all of the security vendors. Accomplishing
No. 2 no doubt will speed along No. 1.
The aforementioned religious debates centered around privacy. That the FBI could
wiretap Clipper-protected data transmissions and telephone conversations enraged numerous
groups. This issue is an important one, but the arguing parties are like irresistible
forces and immovable objects.
In the meantime, the government has a compelling need to get on with electronic
commerce, and this requires digital signatures and encrypted, secure communications.
Whether acceptance of a world beyond Clipper is a tactical retreat or a permanent
scuttling of an untenable position, it should help the government get off the electronic