From 17362MRR@msu.edu Mon Mar 7 09:35:04 1994 Received: from msu.edu (ibm.cl.msu.edu) by scss3.cl.msu.edu (4.1/4.7) id AA14762; Mon, 7 Mar 94 09:35:03 EST Received: from MSU.BITNET by msu.edu (IBM VM SMTP V2R2) with BSMTP id 0307; Mon, 07 Mar 94 09:34:53 EST Received: by MSU (Mailer R2.08 PTF008) id 7029; Mon, 07 Mar 94 09:34:52 EST Date: Mon, 07 Mar 94 09:34 EST To: mrr@ripem.msu.edu From: "Mark_R.Riordan" <17362MRR@msu.edu> Subject: Information Highway Beautificati Status: OR ----------( Forwarded letter 1 follows )---------------------------------------- Received: by TAOMLR2@MSU ; Fri, 04 Mar 94 12:36:32 Received: by MSU (Mailer R2.08 PTF008) id 5248; Fri, 04 Mar 94 12:36:30 EST Resent-Date: Fri, 04 Mar 94 12:36:21 EST Resent-From: Rich Wiggins Resent-To: Mark Riordan <17362MRR@MSU> Received: from MSU by MSU.BITNET (Mailer R2.08 PTF008) with BSMTP id 5176; Fri, 04 Mar 94 10:12:11 EST Received: from radio.com by msu.edu (IBM VM SMTP V2R2) with TCP; Fri, 04 Mar 94 10:12:10 EST Received: from town.hall.org by radio.com with SMTP (5.65/IDA-940223.01) id AA01177; Fri, 4 Mar 94 04:01:57 -0500 Received: from localhost (root@localhost) by town.hall.org (8.6.5/ccg.940125.01) id EAA29653; Fri, 4 Mar 1994 04:01:33 -0500 Date: Fri, 4 Mar 1994 04:01:33 -0500 Message-Id: <199403040901.EAA29653@town.hall.org> To: "Announcements" From: "Carl Malamud" Org: Internet Multicasting Service Channel: Internet Town Hall Subject: Information Highway Beautification Fund FYI /r ----------------------------Original message---------------------------- The Information Highway Beautification Fund Abstract: A Proposal To Turn on the Lights on the Information Superhighway This document outlines some of the background on the Clipper proposals and shows how Clipper is just one example of the underlying public key technology. We argue that in the Clipper debate has concentrated on national security and individual privacy and we may have lost sight of other fundamental constitutional issues, the need to promote commerce and establish a safe and secure information highway. Businesses will not open their doors to cyberspace until we provide clean, well-lit streets in the global village. This document proposes a royalty-free licensing pool for the technology, obtaining public use of the public key patents through the use of eminent domain or other mechanisms. The document then proposes a license for users of the public key technology, the proceeds of which would be placed in an Information Highway Beautification Fund. The license allows an individual or corporation (presumably with different fees structures for each type of user) the right to use the basic public key technology. The proceeds from the license fee would be used to pay back the original patent holders and to fund public works projects on our National Information Infrastructure. A crucial aspect of this proposal is that the license plates be on a per-person basis, not on a per-certificate basis. People must be able to change their certificates on a frequent basis: the license is a right to use the technology not a fee for a single certificate. This is not an invitation to have a single government certification hierarchy or to register the certificates. The license is a right to use the technology, not an invitation to form a universal ID system or a rigid, inflexible certification bureaucracy. In fact, it is possible (and often desirable) to use the basic public key technology without using a certificate at all. Background: The Clipper Controversy The current debate on cryptography and computer security centers around two often-conflicting government functions embodied in our constitution: maintaining our national security and preserving the rights to personal privacy. The public debate on the Clipper issue has revolved around the question of whether government should have a "back door" into a cryptographic chip. Should the government be able, under appropriate court orders, to decode a conversation? Should criminals be able to hide themselves behind a mask of strong cryptography? The Clipper proposal requires government users to purchase a chip that has a special key that is kept in the custody of two government agencies, a concept known as "key escrow." Under appropriate conditions, the government can decode a conversation that was encoded using the Clipper chip. The Clipper proposals use the theory that government, by purchasing large numbers of these chips, will encourage private users to adopt the same scheme, thus leading to lower prices from higher volumes and also leading to a standard for the use of cryptography on the information highway. While the national security and law enforcement goals are clear, there are strong reasons why this proposal may not work. The efficacy of a key escrow scheme and the ability of the government to keep these crucial secrets hidden has been questioned by computer and legal experts. Civil liberties experts have questions the constitutional propriety of a back door. Leaving aside the basic constitutional issues, the idea that the government will lead through its purchasing power has been shown to be flawed in a number of other situations. In the area of the Government OSI Profiles (GOSIP), for example, NIST and other agencies attempted to lead the market through purchases but ended up far behind the technology curve as government and business alike flocked to solutions that were more practical and cost effective. Just because the government purchases lots of $600 hammers doesn't mean that corporate users will necessarily follow suit. The real problem with the Clipper debate, however, is that we have neglected some much more fundamental issues: the question of how we deal with public key cryptography. Public key cryptography, the underlying technology behind the Clipper chip, does much more than simply encrypt data, it is a building block for our information highway. The Importance of Public Key Cryptography Public key cryptography is a fundamental technology that provides a basic security fabric for the national information infrastructure. The most important function it provides is authentication, the ability to know who another person or computer or program is in cyberspace. Public key cryptography is the basic stuff from which we make streetlights for the information highway. Authentication and privacy of data are two functions of a security infrastructure, but there are others. For example, public key cryptography allows us to append a digital signature to a document, a method that allows us to verify the integrity of the document and assure the recipient that the document was not changed since it was originally generated. Public key cryptography also allows us to provide services such as non-repudiation, a way of verifying that a document was actually received (analogous to a delivery receipt from a registered letter). Public key cryptography thus provides a bundle of extremely fundamental services: authentication, privacy, message integrity, and non-repudiation, among others. This technology is so basic that it must be embodied throughout our computer networks in a way as fundamental as the deployment of steel in a building. Public key cryptography is one of the basic building blocks for computer networks. Many people feel that they need to decide how this technology should be applied. The Clipper proponents, for example, feel that public key cryptography is to be used to encrypt bits on the wire. Another community is advocating a particular style of electronic mail, known as Privacy Enhanced Mail (PEM). A building block as fundamental as public key cryptography must be deployed throughout the infrastructure. No one person or group will know in advance everywhere we need to use something so basic. Take PEM for example. Even if PEM is your messaging solution, there are a host of other applications ranging from remote login to file transfer to listening to radio or making a telephone call. The important point is that we don't know now all the ways that we use a general-purpose infrastructure. We will only know as we deploy it and we can't deploy the technology until we get the basic tools to make it secure. We cannot make security a special service. We cannot make security a government program or the responsibility of a particular group. We must build security into the very framework of the NII or the streets of the global village will remain unpopulated. Without a fundamental security infrastructure, businesses will not conduct commerce on the NII, but will have to build special-purpose networks for each function. Sharing an infrastructure is essential if we are to realize the cost savings of an information highway and even more essential if we are to provide the framework that will encourage small, mom-and-pop digital delis open their doors for business. The current policy debate ignores the fundamental economic importance of services such as authentication. We cannot open our doors for business until we can see who is knocking at the door. We can't sell a fax for two cents or a movie on demand for a dollar or do any of the fundamental transactions of an economy without this basic technology. Commerce in the real world requires a multitude of different models and methods. Cash, barter, purchase orders, credit cards, and checks are just a few of the methods. There is no reason to think that we can avoid the same real-world motley technology in cyberspace. We need to build the fundamental technologies of public key cryptography into the very fabric of our infrastructure, applying security throughout the NII at all layers. How Public Key Works To understand why public key is so fundamental, it helps to have a basic idea of how it works. The public key technology is based on two related keys: a private key and a public key. You keep your private key secret and let people know your public key. A piece of data encoded with the private key can be only decoded with the public key and vice versa. The most obvious application of this technology is privacy. I take your public key and encode a message. You have your private key and can decode the message. Alternatively, I take my own private key and encode the message. You have my public key and can decode the message. In reality, public key cryptography is a very slow way of encoding and decoding an entire message. Instead, we use public key cryptography to exchange a shared secret: a symmetric key that we both know about and use to do encoding and decoding. For example, a common encryption algorithm is the Data Encryption Standard (DES). DES is very fast, but requires both parties to know the same DES key. In a typical scheme, we would use the public key method to exchange the DES key and then use the DES key to encode the message. For example, I could generate an arbitrary DES key and hide it by encoding it with your public key. You would then "unwrap" the package with your private key and use the resulting shared secret to quickly and efficiently decode my message to you. The fundamental benefit that public key gives us is authentication: knowing who we are talking to. If I know your public key, you can use your private key to send me a "certificate." I know that only you could have generated this certificate, since I am able to decode it successfully using your public key. Certificates ultimately only work if public keys are widely deployed and well-known. The scheme proposed by many is to define a standard certificate, containing a public key and information about the certificate holder, such as the name or institutional affiliation. Validation of certificates is done using a certificate hierarchy. If there are a few very well known public key, say for the federal government or for MIT, that key combination can be used to certify other public keys. I know that your public key is really yours because MIT certifies that it is and everybody knows the MIT key. There are thus two aspects to a security infrastructure. First, there must a wide deployment of public-key based certificates. Second, there must be many different kinds of programs throughout the computer network that understand what a certificate is and how to use it. One program might use the keys as the basis for encrypting data on the wire or in an electronic mail message. Another set of services might use keys as the basis for allowing access to telecommunications service or for deciding the type of access to libraries a person should get. The Current Status of Public Key Cryptography Public key cryptography has its roots in research conducted at Stanford by Diffie and Hellman and at MIT by Rivest, Shamir, and Adleman. In both cases, the academic research efforts spun off commercial companies. In the case of Stanford, the company Cylink was formed and in the case of MIT a company called RSA Data Security, Inc. was formed. The basic patents that govern public key cryptography are thus owned by four entities: MIT, Stanford, Cylink, and RSA. Because the basic technology is so intertwined, one cannot really do effective work in the field without using pieces of several different patents. To resolve licensing problems, the four entities formed Public Key Partners, which handles licensing of the technology. A commercial entity that wants to use public key technology needs a license from Public Key Partners. Because the basic technology was developed with federal dollars, the federal government has the right to use the technology. In addition, in many international jurisdictions the technology is widely available, to the extent that the basic algorithms can be downloaded anonymously from a variety of locations. To address the question of non-commercial use, RSA has worked with the Internet Engineering Task Force on the PEM proposals. In the case of PEM, there are versions of the software that are available for federal and academic institutions. It should be noted that the reference implementation that RSA provides for non-commercial users is specifically restricted to PEM- like mail systems and does not apply to general-purpose uses of the technology. Commercial users, of course, must use a licensed version from a software developer or negotiate a license directly with Public Key Partners. Commercial entities in the United States, groups that include software developers, computer hardware companies, and telecommunications companies, must secure a license from Public Key Partners. Public Key Partners has pursued a strategy that has resulted in a number of large corporations licensing the technology, including DEC, Lotus, and many others. However, commercial deployment has been limited because of the lack of the ability to build the technology into multi-vendor standards and because of the lack of a certificate system. More importantly, small businesses have often avoided the technology because of fears of high licensing costs. To complicate matters, the National Institute of Standards and Technology (NIST) has proposed a public key standard that is related to the RSA algorithms. In order to get around potential patent conflict problems, the commercial rights to this technology go to Public Key Partners. Public Key Partners thus has an exclusive grasp on this basic technology in the commercial realm. The current patent situation is very much like the situation earlier this century for vacuum tubes and for Frequency Modulation (FM). In both those cases, the fundamental patents were so intertwined that no progress was made in the field. In both cases, the federal government stepped in to help lead us towards a solution. A Proposal: The Information Highway Beautification Fund The main problem with the current situation is that it requires every developer to obtain a license. Licenses are priced high enough that small, ad hoc developers can be easily discouraged. More importantly, it leaves the decision on how to use the technology in the hands of a few entities, such as NIST or Public Key Partners. The decision on who gets a license is an appropriate one for some technologies, but not for one as basic as public key. We need the engineers building our NII to be able to use fundamental tools without asking each time they come up with a new application. Public key cryptography is a classic public good. If we can universally deploy certificates, there is a tremendous public benefit, benefits that are not reflected in a system based on commercial licensing of monopoly patents. Public key-based certificates are the license plates for the information highway, the light that lets us know who we are talking to. While Public Key Partners may derive some benefit from selling the technology to a few large corporations, society (and under our proposal, Public Key Partners) will benefit even more from universal deployment. If we recognize the fundamental importance of this technology, there are some policy options that easily come to mind. The first policy outcome, the one essential to conducting electronic commerce on the Internet, is to make public key technology widely available. We propose here a royalty-free license pool for the public key patents. It is essential that the pool allow use of the technology without prior approval: no one bureaucracy or regulation can determine in advance how this technology can be used. Such a pool could be established by negotiation between the federal government and Public Key Partners, or could be established by more assertive techniques such as the use of eminent domain. The use of eminent domain recognizes that the patents are valuable property. Eminent domain says that your property is very nice, but unfortunately we need to build a freeway through it. Eminent domain recognizes the taking and requires the government to compensate the property owners. Eminent domain is an extreme way of reaching the goal of making the technology widely available, and there are other, less drastic solutions available. However, the key point is that the technology must become widely available to allow us to build it into the infrastructure of our information highway. Once the technology is available, we suggest that the government establish a license, a fee which is levied upon a user or corporation. We beg the question here of the format of the certificate (and feel strongly that a single certificate hierarchy or certificate format would be a grave technical and constitutional mistake). We suggest instead that the government resolve the more fundamental issue of placing the technology in an open pool and levying a per-user license fee. Once the basic principle is in place, the government can convene a set of hearings to flesh out details such as which agency collects the license fee and the fee structure. Presumably, the user fee would be a one-time fee of $100 or less and corporations would pay on a sliding scale that would encourage small enterprises. A crucial aspect of this proposal is that the license fee be on a per user basis, not on a per certificate basis. We cannot have a government hierarchy of certificates, or a requirement to keep certificates in some standard format, or to keep certificates around to allow an audit or to control how the certificate is used, In fact, there are many instances where public key technology would not use a certificate. The fee pays for a license to use the technology not a way to audit how the technology gets used. The revenues from the proposed license fee would be placed in the Information Highway Beautification Fund. Part of the proceeds of this fund would go to pay back Public Key Partners for the taking under eminent domain, and the remainder would go towards paying for public works projects on the NII. The public works part of the fund would be available to pay for things like information interstates, publicly funded information sources, and establishing equal access to the information highway from our inner cities, our hospitals, our libraries, and our schools. Making payment to Public Key Partners a function of individual and corporate fees could easily lead to a windfall for the current patent holders. We feel this is perfectly appropriate: universal deployment of public key technology will benefit society to the tune of billions of dollars. It is an enabling technology and even a few hundred million dollars going to those who established the technology is not unreasonable. While many maintain that the patents should not have been granted in the first place, we feel that this issue has already been decided and we look for creative solutions that move us beyond the current impasse. The choice we face now is a simple one. The NII is a general-purpose infrastructure, a set of streets and roads for the information superhighway. If we can't make those roads safe and secure, then business will never use them. Instead, our corporations will continue to build special-purpose infrastructures, dedicated networks for one community or another. The cost to society is orders of magnitude higher: a general-purpose infrastructure is what allows our corporations to increase their productivity and be competitive on a world market. More importantly, a general-purpose infrastructure allows new businesses to be quickly established. The information highway is crying for leadership. Our choices are policy choices, not technical ones. The Clinton/Gore administration and the current Congress have come down firmly in support of a National Information Infrastructure. Public key cryptography is an example of an area where our government can help lead us, providing the basic building blocks for an information economy. For More Information More information on the issue of public key cryptography and the Clipper issue is available from a variety of sources, including: WIRED Online Services Gopher: gopher.wired.com E-mail: infobot@wired.com ("send clipper/index" in the body) WWW: http://www.wired.com Electronic Freedom Frontier FTP: ftp.eff.org Gopher: gopher.eff.org WAIS: wais.eff.org National Institute of Standards and Technology Gopher: gopher-server.nist.gov