Privacy encryption, the kind found in such software as ViaCrypt/PGP, allows information to be completely hidden from anyone for whom it was not intended. Another popular form of digital cryptography is digital signature software. Rather than hiding your message, it attaches an encrypted "signature" to it, authenticating the electronic document.
Adopting a digital signature standard has been on the agenda of the US government since 1991. Both government and industry players agree that electronic commerce on the Net will not proceed apace until there's a reliable, and universal means of authenticating documents.
What's the holdup? You'll be sorry you asked.
The question leads straight into a quagmire of bureaucratic red tape and intellectual property disputes. At its heart is a conflict between the government and Public Key Partners, the company that holds the licensing rights to all the critical patents for public key encryption. PKP wants to license these patents to the government in exchange for an exclusive worldwide license of the government's digital signature algorithm patent. That patent was built, to further confuse things, as an "improvement patent" on top of PKP's existing patents for public key encryption.
What we have here is a standoff. The government can't move forward with its encryption technology plans without PKP's patents, and PKP won't license them to the government unless the government hands over the patent and agrees to royalty payments.
Are you following this? After much negotiating, the government and PKP seemed to have finally agreed upon a proposal for a cross-licensing plan - that is, until February 4, when the White House announced that it would be moving ahead with a "royalty-free digital signature standard." What standard is that, and when might we expect it? Nobody knows. Anne Enright Shepherd, a spokesperson for the National Institute of Standards and Technology, would only say that "at this time there is no standard, and negotiations with PKP are ongoing." She did reiterate that administration has determined that such a technology should not be subject to royalty payments.
In the meantime, on March 21, RSA Data Security, a partner company of PKP, jerked the government's chain by announcing that it was making its own digital signature software, called RIPEM/SIG (also based on PKP's patents), available free for noncommercial use and international export. Says Jim Bidzos, president of both PKP and RSA, "You want free signature software, you got it."
In the absence of government action, RSA-based signature (and encryption) software is becoming a de facto standard. Companies such as Apple and Lotus are licensing it for their commercial products. RIPEM/SIG is available at rsa.com.
ELECTRIC WORD
The Watergate Way-Back Machine
France's Jerry Lewis Media Policy in Action
Digital Signatures
