-Caveat Lector- from: http://www.eetimes.com/story/OEG19990423S0015 <A HREF="http://www.eetimes.com/story/OEG19990423S0015">Startup looks to commercialize powerful crypto </A> ----- Startup looks to commercialize powerful crypto technology By Junko Yoshida EE Times (04/26/99, 10:54 a.m. EDT) MONTEREY, Calif. — Anticipating a popular outcry for cell-phone, land-line and Internet communications that can't be eavesdropped upon, intercepted or illegally taped, a small fabless semiconductor startup here has spun a consumer version of a voice-encryption technology previously restricted to use by the U.S. military and diplomatic corps. "We will offer consumers point-to-point voice-encryption technology featuring the strongest cryptography known, [but] in a much better form factor" and with more palatable cost/performance for business and consumer users, promised Lee Caplin, president and chief executive officer of Starium (Monterey, Calif.). The startup's privacy gambit comes at an opportune time, as the U.S. government prepares to rethink an encryption policy that some privacy advocates say borders on the draconian. Indeed, tiny Starium may be ahead of two established giants in the field — AT&T and Motorola — in anticipating the relaxation of federal crypto controls. But some market watchers say the startup may be putting the cart before the horse, since few consumers have clamored for the level of protection Starium is pitching. The company will field an application-specific standard product that employs the 168-bit Triple DES and 2,048-bit Diffie-Hellman key-exchange technol-ogy used in STU-III, the National Security Agency's (NSA) third-generation Secure Telephone Unit. It is legal today to sell STU-III-level encryption units commercially on the U.S. domestic market without a key escrow. Most of the point-to-point voice-encryption systems currently available on the commercial market use scramblers or 40-bit encryption keys, said Bernie Sardinha, Starium's chief operations officer. "Nobody starts off with 2,000-bit keys like we do," he said. Starium this summer will leverage the ASSP to encapsulate all the functionality of the $3,000 STU-III in a portable voice-encryption unit, said to be half the size of a Palm Pilot, for less than $100. The unit can be deployed on a POTS handset to digitize a voice signal, clean it up, compress it, encrypt it and transmit it with virtually no delay (100 ms), according to the company. Longer term, Starium hopes to develop single-chip solutions for wireless and land-line phones that would add a "go secure" feature to the standard lineup of phone functions, including caller ID and modem. Sardinha said the startup's engineers made the software algorithm sufficiently compact to run on the embedded microprocessors commonly used in today's digital cell phones. Starium expects to roll out its single-chip solution, with embedded DRAM, within a year, Sardinha said. The aggressive plan could place a wake-up call to the company's heftier comms competitors as well as to defense contractors looking to convert technologies to consumer use. To date, none of the companies supplying STUs and related secure communications technologies to government customers has announced pending consumer-market versions. That is not to say that the companies haven't foreseen a market for such offerings. Many STU vendors, using homegrown DSPs and other hardware, stood poised to unleash high-level encryption technologies on the commercial market earlier in the decade. But they were compelled to put those projects on hold when the government demanded a "back door" key that would allow it to decrypt any traffic for law-enforcement and national-security purposes. The key-escrow flap that sank the controversial Clipper chip has since died down, and today the government appears prepared to lighten up its crypto policy. On April 14, Sen. John McCain (R-Ariz.), chairman of the Committee on Commerce, Science and Transportation, introduced legislation that seeks to encourage electronic commerce by facilitating the accessibility and export of encryption products. Specifically, the bill would direct the National Institute of Standards and Technology (NIST) to complete the establishment of an advanced encryption standard by Jan. 1, 2002, while allowing for immediate exportation of encryption of key lengths of up to 64 bits. Today, any products using 56-bit encryption or less can be exported without a license. Products over 56 bits require a license and may be ineligible for export to certain countries. McCain's bill would permit the exportation of non-defense encryption (above 64 bits) to responsible entities and members of NATO, the Association of Southeast Asian Nations and the Organization for Economic Cooperation and Development. William Reinsch, undersecretary of commerce for export administration, confirmed this past week that U.S. policymakers are "on the verge of a meeting" to discuss revising U.S. crypto export policies. "It's time to do this," Reinsch said. Starium's start Starium has roots in Communication Security Corp. (Santa Rosa, Calif.), formed in 1995 by a handful of engineers who had been fired up by the Clipper chip debate and were determined to bring secure telephones to the broader market. Among them were Eric Blossom, a veteran of Hewlett-Packard and Clarity Software, and Diffie-Hellman key-exchange co-inventor Whitfield Diffie, a Sun Microsystems distinguished engineer. Communication Security was merged into Starium last year, with Blossom remaining as chief architect and Diffie as director. Starium executives today claim that the company is ahead of its competitors by six months to a few years in readying crypto technology for the commercial and consumer markets. The industry, however, is split on size projections for the commercial high-level voice-encryption market. The more conservative prognosticators cite reservations about an industry whose success relies on public paranoia. But others place their faith in that same sense of unease, saying security remains foremost on analog and digital cell-phone makers' minds, though few dare to raise the issue with consumers. Starium executives insist that digital transmissions are not necessarily secure by mere virtue of their being digital, despite assurances to that effect by some manufacturers of digital cellular and PCS equipment. Absent encryption of the audio signal, a digital cell phone "is no more secure than a walkie-talkie," asserted Starium chief Caplin. But Ray Jodoin, senior analyst at In-Stat Group (Scottsdale, Ariz.), believes Starium has overstated the crypto mandate. "As far as I see it, encryption is the last thing that crops up [among consumers' concerns]," Jodoin said. Noting that "CDMA offers a pretty effective scrambler in and of itself," he added that he does not "perceive any widespread fear about [the privacy and security of] cell phones." As for business and industry users, "if you are [on the] board of directors at a $10 billion company and need to talk about trade secrets, the first thing you do is to look for a secure wireline phone," Jodoin said. "You wouldn't be sitting in a lobby at an airport, using your cell phone." Nonetheless, corporate executives are expected to be the first non-defense users to snap up phones that promise an extra measure of security. Earlier this year, the FBI warned that U.S. companies are under economic attack. The bureau claims to be aware of attempted theft of trade secrets and other intellectual property by entities in 23 countries, and it claims that U.S. companies combined are losing about $2 billion a month to corporate espionage resulting from illegal eavesdropping. Sardinha said Sun Microsystems has purchased roughly 30 units of Starium's first-generation systems as a beta-site customer. Yet it remains to be seen whether the general public will press for phones with high-level voice encryption. "It will probably take a major, well-publicized incident of critical information theft" before the public at large wakes up to the dangers of insecure voice communications, said John Gill, executive vice president of Technical Communications Corp. (TCC; Concord, Mass). TCC has distribution rights to AT&T-developed STU-III security products, including voice and fax encryption systems, and supplies the products to government agencies, the military and multinational companies. But the company has no immediate plans for bringing STU-III technology to the consumer market, Gill said. "Cost is one of the issues" holding back a move into the consumer space, he said, but "the real issue is education." Joel Young, vice president of sales and marketing at Transcrypt International Inc. (Lincoln, Neb.), echoed that sentiment. "Security is an issue of perceived threats; it's personal," Young said. Transcrypt supplies land mobile radio scramblers to the law-enforcement community. The company markets a 56-bit single DES digital system for $2,000 but has not considered entering the market for STU-III-level encryption technology. "There isn't a demand for it. The voice-security business tends not to be a widespread consumer market," said Young. STU-III vendor Motorola, however, may be embracing Starium's trickle-down approach. Motorola has announced its intention to deploy its high-level encryption technology in the satellite phones that will be used with the Iridium system. Starium sees the issue partly as one of cost, saying that business and even ordinary consumers will be more than willing to enhance the security of their voice communications if the price tag doesn't induce sticker stock. Cell-phone OEMs that find they can add a "go secure" button merely by running an encryption-algorithm upgrade on the embedded microprocessor already installed in their handsets are unlikely to spurn the idea, the startup argues. Looking beyond cell phones, Starium believes that voice-over-Internet Protocol will widen the demand for secure communications. "Once your voice communication is packetized in data, it can be tapped, cached and stored anywhere," said Sardinha. The startup plans to spin its cryptography products to Internet telephony and computer telephony with voice processing and fax, in addition to wireless and land-line POTS and PBX products. The eight-person company recently raised $2 million from a diverse list of individual investors in Silicon Valley and Washington. — Additional reporting by George Leopold ------------------------------------------------------------------------ All material on this site Copyright © 1999 CMP Media Inc. All rights reserved. Register Please become a registered user of EDTN. It is free and will make it easier for you to receive the information you need. ----- Aloha, He'Ping, Om, Shalom, Salaam. Em Hotep, Peace Be, Omnia Bona Bonis, All My Relations. Adieu, Adios, Aloha. Amen. Roads End Kris DECLARATION & DISCLAIMER ========== CTRL is a discussion and informational exchange list. Proselyzting propagandic screeds are not allowed. Substance—not soapboxing! These are sordid matters and 'conspiracy theory', with its many half-truths, misdirections and outright frauds is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRL gives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credeence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://home.ease.lsoft.com/archives/CTRL.html http:[EMAIL PROTECTED]/ ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om