Subject: Absent NIST Criticized on Cryptography Panel 06/04/92 WASHINGTON, D.C., U.S.A., 1992 JUN 4 (NB) -- A panel, discussing the relative merits of cryptography standards, criticized the National Institute of Standards and Technology both for its support of the Digital Signal Standard (DSS) and its seeming reluctance to publicly defend its reasons for supporting the standard. The panel, appearing at the 2nd annual Computer Professionals for Social Responsibility (CPSR) Cryptography and Privacy Conference and composed of Dorothy Denning, computer science chair, Georgetown University, Allison Fischer of Fischer International, David Sobel of CPSR, and Ron Rivest of the Massachusetts Institute of Technology, compared DSS and the signature features of the Rivest, Shamir, and Adleman standard (RSA) developed at MIT. The differences were discussed not only from technical vantage point but also in relation to export trade and public policy implications. Denning, in the course of explaining the technical design of the two systems, mentioned that she had invited NIST personnel to the meeting to participate in the panel but had been turned down. Denning also said that NIST personnel had been helpful in answering questions relating to her impending presentation. Fischer attacked NIST's role in the controversy, saying that it was merely parroting the wishes of the National Security Agency (NSA) which actually designed DSS. Fischer said that DSS is slower, less secure and that its adoption, over arguments from such firms as IBM, Microsoft, and General Electric, is putting US firms at a trade disadvantage. He said: "When NIST announced DSS as a standard completely different from what was already in effect --RSA, it was as though it impose 'cubits' as a system to replace the metric system and then mandated that it be used in all dealings with the government. It just doesn't make sense." Fischer added that, since US firms can not export software with encryption contained within, the entire American industry is losing business to the Europeans who can distribute the same protection software that we can use at home but not export. David Sobel told the group that CPSR, "attempting to bring NSA's role out into the open," has filed a Freedom of Information suit to try to bring the reasons behind NSA and NIST's choice of DSS. Sobol said: "I leave it to the technical people to determine whether DSS is a good standard or not. I am concerned about the motivation in the decision to promote DSS." Riverst said that he was also concerned with the policy side of the issue. He said: "DSS is a weak standard. It is not what I would want in a standard -- the point of the issue, however, is that the DSS proposal has a fundamental cryptography policy underlying it. It calls for a marginal security standard, one that can be broken with enough computer power." Riverst continued: "The important question is how secure a standard do we want to have? We must decide this. When we do, we can leave it to the technologists to implement it. It is the policy which must be agreed on." In response to a Newsbytes question as to whether any of the approximately 70 in the room could take NIST's part, John Potter of Public Signature Co., which has implemented DSS, said that a major difference in the systems is that DSS is open and is available to anyone wishing to use it, while RSA is proprietary and requires that a royally or lease is paid to RSA when the system is used. Potter then asked who on the panel stood to make money from RSA -- Riverst and Fischer raised their hands. Potter went on to say that it has never been NIST's intention to make money from distributing RSA. (Barbara E. McMullen & John F. McMullen/Press Contact:David Banisar, Computer Professionals For Social Responsibility, 202-544-9240 (voice); banisar@washofc.cpsr.org (e-mail)/19920602)