The Internet Files
The network is the story: News on the latest Internet standards and struggles
Internet Files index
At the Scrambling for Safety conference held Monday at the London School of Economics, speaker after speaker warned that any of the proposed schemes that require users to deposit their encryption keys with some third party will be insecure and will have little or no impact in detecting crime.
Most of their anger was aimed at the United Kingdom's government's recently published discussion paper which proposes the use of trusted third-party companies to hold encryption keys.
Defending the proposals were two officials from the U.K. Department of Trade and Industry, who insisted that trusted third parties offer a good balance between the need for privacy and the need to prevent crime.
But Ross Anderson from Cambridge University's Computer Laboratory said the proposal was "an attempt to centralize trust, and to make it easier for the intelligence services." He said the previous Conservative government had conceived the scheme "to help their friends in the city (the financial sector)," since it would result in most people paying a fee, probably to a bank, to hold their encryption key. "Encryption is marginal to law enforcement," he said, adding that access to the content of private messages, through phone-tapping, had played a role in only one criminal conviction in London during the last 12 years.
Whitfield Diffie, a distinguished engineer at Sun Microsystems Inc. and a pioneer in the cryptography field, said that the interests of business coincide with those of individual citizens when it comes to cryptography. "For successful business to thrive, we need to have trusted communications," Diffie said. Legitimate businesses would be deterred from using communications that they felt could be tapped, while illegal businesses would find their own encryption schemes to avoid detection, he said.
Alistair Kelman, a lawyer who has defended several people accused of computer-related crime, wondered about who could really be trusted to hold encryption keys. "With their low public image and history of falsely denying that that their own systems could be breached, who could trust the banks?" he asked. "And if not the banks, can we put more trust in accountants, or even lawyers?"
Phil Zimmermann, the creator of the PGP (Pretty Good Privacy) encryption software, also made a passionate call for governments to stay out of private telecommunications. Zimmermann, who spent three years fighting to avoid imprisonment by the U.S. government for creating PGP, said his software is used around the world by people battling against oppressive regimes.
He said PGP has used in the Balkans by people fearing government oppression, by those in Central America by those documenting human rights abuses, and is even now being deployed by resistance groups in Burma, who use it to encrypt information in their jungle camps. "I recently met with some of those people and gave them help with using PGP," Zimmermann said, "In doing that I was committing a federal crime because it is illegal to offer cryptographic advice to foreign nationals."
Further condemnation of the government proposals (both U.S. and U.K.) came from the commercial world.
Carl Ellison of Cybercash said the idea of a global Public Key Infrastructure will be technically inadequate to avoid two people with the same name being mistaken for each other, and it will do nothing to reduce fraud. And he disliked the power it gave governments over individuals. "Any mechanism that gives government access works against the citizen's right to attempt to keep a secret," said Ellison, "What we have to ask is whether it is right for the government to have unrestricted covert access, and is it anti-social to have a private conversation?"
In the meantime, it looks as if there will be little progress in getting global agreement on how to manage encryption.
John Dryden, an official with the Organization for Economic Cooperation and Development, said that although the OECD produced guidelines in March, it would be premature to expect any concrete proposals soon.
-- Ron Condon, IDG News Service, London Bureau
Back to index
Founding members of the group, called IOPS.ORG, are ANS Communications Inc., AT&T, BBN Corp., EarthLink Network Inc., GTE Corp., MCI Communications Corp., Netcom Inc., PSINet Inc. and UUNet Technologies Inc.
"It's been very clear as the network gets bigger that we need considerably more" cooperation between ISPs, said Vint Cerf, senior vice president for Internet architecture and engineering at IOSP member MCI. "We all recognize that unless you cooperate on the basic framework ... nobody benefits."
One focus of IOPS.ORG will be to prevent and resolve network integrity problems, according to Ira Richer, interim executive director of IOPS.ORG. "If a problem occurs it's possible that it could spread from one ISP to another," Richer said. "If there was a routing problem, it takes cooperation to make it not propagate."
The group will also work to determine and address issues that require technical coordination and information-sharing among ISPs. For example, when ISPs experience internal technical difficulties, they internally issue a "trouble ticket" which outlines the problem, according to Richer. "One of the first things we're going to do is put in place a system for exchanging trouble tickets between providers," he said.
IOPS.ORG will also work on putting procedures in place to facilitate the handling problems, such as having standing conference bridge so that people can easily call a number to join a conference call. "People still need to talk, even with the Internet," Richer said.
In addition, IOPS.ORG will have face-to-face meetings at least two times a year, participate in frequent conference calls, and will establish working groups to address particular problems, such as the exchanging of trouble tickets, Richer said.
The group plans to extend membership to other ISPs, including international ones, and will make its conclusions public, he said. "There's no intent here to do work that's proprietary to IOSP," Richer said.
-- Rebecca Sykes, IDG News Service, Boston Bureau
Back to index
"The concept of the NAP is that we can keep the regional traffic in Latin America within Latin America, thus giving people better quality of access, faster speeds for Web pages," said Sandy Fitchet, vice president of marketing at CAIS.
CAIS and GTE Codetel plan to locate the NAP in the Dominican Republic because the country is already a major gateway for international voice telecommunications traffic, Fitchet said. They expect the NAP to be up and running next month.
The meeting will be held in Santo Domingo on May 20 through May 22. Representatives from 28 countries are expected at the meeting, including Argentina, Bolivia, Chile, Colombia, Costa Rica, Dominica, Granada, Honduras, Panama, Puerto Rico, and Venezuela, officials said.
The NAP will likely reduce costs for ISPs in Latin America, who now must link with a NAP in the U.S., said Frank Dzubeck, president of Communications Network Architects, a Washington, D.C.-based consulting firm. While it will improve Internet access somewhat in the region, there is still more room for improvement, he said. "They're putting it in Santo Domingo," Dzubeck said. "You really want one in Sao Paulo, where you've got 22 million people, mostly business users."
-- Sari Kalin, IDG News Service, Boston Bureau
Back to index
-- Elizabeth Heichler, IDG News Service, Boston Bureau
Back to index
While legislation that would lift restrictions on encryption-technology exports is making its way through congressional subcommittees, many legislators are advocating a go-slow approach toward regulating everything from taxes, to pornography on the Internet, according to government insiders speaking here.
Just this week there has been movement on several encryption bills in the U.S. Congress, noted speakers here.
On Wednesday, the Security and Freedom Through Encryption Act (SAFE), whose chief sponsor is U.S. Representative Bob Goodlatte, a Republican from Virginia, passed through the U.S. House subcommittee on courts and intellectual property, according to Mitchell Glazier, a chief counsel on the committee. It is expected to go to the full House judiciary committee in June, he said. "We don't expect a problem in the full committee, and it should be through the full committee and be ready to go out to the floor for a vote in June," said Glazier.
U.S. government policy adopted in December allows vendors to export encryption technology with up to 56-bit keys. SAFE would lift the 56-bit limit and would prohibit mandatory key recovery systems.
Meanwhile, a similar U.S. Senate bill that also seeks to ease encryption export controls, the Promotion of Commerce On-Line in the Digital Era (Pro-CODE) bill -- whose chief sponsor is U.S. Senator Conrad Burns, a Republican from Montana -- is moving forward. "We're going to [final editing] in June; we've picked up a couple of key co-sponsors, and it's just a matter of time before it proceeds to a vote on the floor," said Mike Rawson, advisor to Senator Burns on encryption issues.
Legislators here also took the opportunity to appeal to members of the ITAA, a technology vendor trade and lobbying group, for their support on key proposed legislation. "This is a time of key kinds of issues, where your presence can make a difference," said U.S. Senator Ron Wyden, a Democrat from Oregon.
Wyden, along with U.S. Representative Chris Cox, a Republican from California, in March introduced the Internet Tax Freedom Act, a pro-Internet Service Provider measure that would pre-empt state taxation policy by imposing a moratorium on state and local taxes of Internet transactions.
While a hands-off regulatory approach is being advocated by more and more legislators these days, there is still much debate about issues such as taxation, encryption, and pornography, said Wyden.
"Certainly members [of Congress] are going to be bombarded with opinions and it's very easy to block something in Congress these days. That's why we need to create some sort of juggernaut," he said.
Wyden proposed the moratorium on taxes to give Congress a chance to study tax issues in depth. "We proposed a moratorium on new state and local taxes so that the federal government doesn't contribute to mistakes on taxation of electronic commerce. Now's the perfect time to say, at a minimum, 'Let's have the federal government take a deep breath and step back?" said Wyden.
Wyden, along with other government insiders here, said that initial, broadly restrictive legislation such as last year's Communications Decency Act was largely a result of lack of knowledge on the part of Congressional leaders.
"We don't have a Congress where every member is up on all the issues," said Wyden. Other government representatives agreed. "We got a Communications Decency Act in this country because people were afraid of something they didn't understand," said Larry Irving, assistant secretary for communications and information at the National Telecommunications and Information Administration, and a chief advisor to President Clinton on communications issues.
But oral argument in March against the CDA before the U.S. Supreme Court was strong, agreed several speakers. "The general consensus is that [the Supreme Court] is going to strike down the CDA," said Rawson. However, pornography on the Internet will remain a hot issue, and other bills similar in nature to the CDA are expected to be proposed, said Rawson.
But while the debate on Internet pornography rages, the White House will try to stay away from regulating audio and video technology itself, assured Irving. "No other form of media has grown as fast as the Internet and the reason is because the government has stayed away, has not regulated it," said Irving. "I asked last year on behalf of the president that the [U.S. Federal Communications] Commission not regulate use of the Internet to provide telephone service and I feel strongly about regulating audio and video," said Irving. "We're going to continue to tell the FCC to stay away from the 'Net," he added.
Speakers here got no argument, at least in public, from ITAA members, since on the whole vendors want as little government regulation as possible. "It drives us crazy that legislators keep trying to figure out ways to tax the Internet," said Marc Pearl, vice president of government affairs and general counsel at the ITAA.
-- Marc Ferranti, IDG News Service, New York Bureau
Back to index
Large European carriers are evaluating customer demand for Internet telephony, which may call into question the current telecommunications pricing structure, where calls are charged on the basis of distance covered rather than quality of service.
The report published by the London-based market research company Philips Tarifica Ltd. estimated that after 2000, Internet usage will be widespread enough to create a demand for cheap Internet telephony. If Internet telephony is charged at current local call rates it will eat into the long-distance call revenues of telecommunication companies, especially when there is a gulf between the price paid for a local and an international call.
Tarifica has calculated that France Telecom stands to lose US$94 million in revenues from its international calls market to Internet telephony, while British Telecommunications may lose around $105 million. Of the three big European telecom companies, Deutsche Telekom will see the biggest cut in revenues: the report forecasts the German carrier will lose $173 million to Internet telephony.
France Telecom has already bought rights to Internet telephony technology from Lucent Technologies Inc. and three other companies and is testing the products in its research departments.
In order to bear the burden of Internet telephony calls across its network, the French operator would have to increase the capacity of its backbone, which is already set to climb from 34 megabits per second to 155 megabits per second by the end of this year, a spokesman said. And if the company sinks funds into upping bandwidth capacity, tariffs will have to change to cover costs, the spokesman said.
France Telecom did not say how it will bill customers for Internet telephony, but rather than charging on the basis of distance, the company could consider making customers pay on the basis of quality of service. "France Telecom may set up two services of variable quality, provided regulators allow them," said Jahaniger Raina, a telecom consultant with Philips Tarifica.
But for now the France Telecom spokesman judged Internet telephony to be "more of a source for revenues for consultants than for operators."
BT said it is too early to judge how the market for the technology will develop, and it is weighing a range of technologies with its corporate fiancee, MCI, including how to integrate voice into data. But the company, which together with MCI, claims to carry 40 percent of the world's Internet traffic, may just see itself exchanging one kind of traffic for another, a BT spokesman said.
And the carrier's spokesman agreed that the way customers pay for calls is shifting. "Normal voice telephony structures are flattening out and moving away from distance," he said.
In Finland, where Telecom Finland introduced a pilot Internet telephony service last December, customers currently pay the price of local calls even for international calls. But all that will have to change if Telecom Finland wants to make money from the service, said a company spokesman.
The Finnish company will publish a report on who uses its new service and why in the third quarter of this year, the spokesman said. Once the company has evaluated how Internet telephony is used, it may reconsider how to charge for it. But the company declined to say what sort of tariff system it will introduce.
Deutsche Telekom is set to be harder hit by Internet telephony charged at local call rates than both BT and France Telecom because of the wider gap that exists between the price of its international and local calls.
Deutsche Telekom, which is also weighing the viability of Internet telephony, last year lowered its charges for international calls and raised its local tariffs, a company spokesman said. But the company has no plans to further reduce the difference between its local and international call rates. "Prices are decided by the company and the regulator. When the market opens to competition...a price cut system may be [put] in place," said a Deutsche Telekom spokesman.
--Joanne Taaffe, IDG News Service, Paris Bureau
Back to index
The move highlights the Internet's continuing evolution from a government-subsidized resource into a money-making venture driven by business principles.
Sprint Corp. and UUNet Technologies Inc. recently informed several midsize Internet service providers (ISPs) that later this year they intend to terminate an agreement with the Commercial Internet Exchange (CIX), an ISP industry association that maintains network access points, by which traffic was exchanged at no cost.
That practice contrasts with so-called peering agreements through which ISPs exchange Internet traffic with each other. Under these agreements, if there is an imbalance between traffic received and sent, one company -- usually the smaller ISP -- pays a fee to the other company as compensation.
But some backbone providers such as Sprint have been providing free access to some midsize ISPs, a practice that will end soon because of the rising cost of maintaining and upgrading Internet backbones. "Right now, we have a T1 connected to CIX," said Brad Hokamp, director of advanced data services for Sprint in Reston, VA. "We've upgraded our backbone network to DS3 and OC3 trunking, and we want all connections at our backbone to be at those speeds."
He added that CIX is not able to operate at those speeds -- 45 megabits per second and 155 megabits per second -- and that because use of the CIX T1 line is low, it will be terminated as of May 1.
Officials at UUNet declined to comment on that company's plans to terminate its interchange agreement with CIX.
One midsize national ISP notified of the change by UUnet said that the action will put UUNet's customers at a disadvantage. "UUNet's customers are more affected by this than our customers," said John Russo, president of GeoNet Communications, a Redwood City, CA-based ISP. "It is as if Sprint would call AT&T to say, "We are no longer routing your calls.'"
Russo rejected the argument that smaller ISPs are trying to get a free ride. "The concept that the little guy is getting something for free is just a trumped-up argument," he said. "We invested millions of dollars in our own backbone."
One industry observer said the issue should not be overplayed. "It's no big issue, just a change," said Harry Fenik, vice president at Zona Research Inc., also in Redwood City. "Small ISPs have always been charged, while midsize ISPs haven't, since they deliver lots of traffic."
Fenik said the notion that the Internet is free defies economic logic.
"Major backbone providers need to harmonize both their economic and network resources, given the backbone expansion required to keep pace with growing demand," he said.
While some ISPs hope the government will eventually take a stand on the matter, Fenik said he doubted the likelihood that this will happen. "With the general drive toward deregulation, the government will not step in and try to regulate," he said.
--Torsten Busse and Sari Kalin, IDG News Service, San Francisco Bureau
Back to index
Having received approval by the U.S. Commerce Department, Netscape said it is working towards obtaining approval to export products based on 128-bit encryption technology.
Currently the U.S. government has banned the export of encryption technology using anything higher than 40-bits worrying it could be used by foreign entities for spying purposes. U.S. software vendors are saying the export ban puts them at a disadvantage with foreign security software providers not limited to U.S. export rules.
At the beginning of this year the U.S. government changed its policy and said it would grant export approval for companies that prove they will develop products within the next two years that enable key recovery. Under key recovery government-approved third parties would hold the keys to encrypted data and the U.S. government would be able to get access to encrypted data with proper court documents.
Until today, Netscape was restricted to exporting software with only 40-bit encryption to its international customers outside of the U.S. and Canada.
"While we are very pleased to unveil our cryptography plan today, the fact remains that the U.S. government's export control rules are causing serious difficulties for U.S. corporations selling security enabled software products abroad," Peter Harter, global public policy legal counsel at Netscape, said in a statement.
The second part of Netscape's encryption plan for which the company is seeking approval would allow financial institutions and U.S. corporations with international offices to obtain 128-bit enabled server products, Netscape officials said.
Part three of Netscape's plan is to get approval from the U.S. government to export 128-bit enabled client software.
Release of 56-bit enabled products is anticipated in the next few months, Netscape officials said.
--Torsten Busse, IDG News Service, San Francisco Bureau
Back to index
The ISP/C's board had originally voted to back the IAHC proposal, even though the board members supporters of the Network Solutions Inc. (NSI) plan for domain names among its ranks, according to Deb Howard, ISP/C's president.
But the board, which had to rush its original decision to back the Internet Society's proposal, has since decided that the future of Internet domain names was too critical not to open the vote to all ISP/C members.
"It's very important that the membership decide, there's too much at stake," Howard said.
The ISP/C will post the results of its membership poll before 5 p.m. PDT May 31 on its Website (http://www.ispc.org), Howard said.
Should ISP/C's members vote for the IAHC proposal, the group will still be able to offer its backing after the IAHC signing ceremony has taken place in Geneva this week, Howard said.
If you have technical problems with this magazine, contact firstname.lastname@example.org