Making firewall fit the world Trusted's RecoverKey called a compromise with the government; 'Universal' encryption aim; Glenwood engineer turns NSA experience into thriving business

If you get stuck in traffic headed toward the local mall this holiday season, Steve Walker has good news for you.

This year could be the last time.


The 53-year-old chief executive of Trusted Information Systems Inc. may go down in Christmas history as the person who made Internet shopping practical. But there's a bittersweet side: In the same stroke, one of the Internet's pioneers may turn out to be the one who began paving over the defiant libertarianism that helped make the Net what it is.

Both legacies have their root in a decision that helped make Walker worth up to $40 million when his company went public in October. After helping lead the fierce resistance to the Clinton administration's 1993 "Clipper chip" proposal, which barred export of most systems to encrypt computer files, the soft-spoken engineer from Glenwood decided to compromise with the government.


If an encryption system includes a descrambler like Trusted's RecoverKey, it will be exportable. But if it doesn't have RecoverKey or something like it, the best modern encryption has to stay in the country. And if a technology can only be used here, history says a global economy will ignore it.

"By making [encryption] exportable, we make it universal," Walker said. And that's what online retailers say they need to convince consumers that shopping online doesn't mean exposing credit card numbers to hackers.

Walker says new technology can make it "hundreds of millions of times harder" to steal information passing over the Internet. Players as big as Hewlett-Packard Co. and Microsoft Corp. are betting it will help revolutionize Internet commerce, an industry that aggressive estimates see reaching $144 billion in sales by 2000.

"There's enough media coverage of the medium, combined with concern about anything new, to make it an issue until we convince people it's not," said Mike Minigan, an America Online Inc. marketing vice president.

Private trustee

But the question nags: Did Walker gain his fortune by selling his techie soul?

Some determined computer people hint that he did. Under the the Clipper chip proposal, encryption could be exported only if the government were given the mathematical keys needed to unlock encrypted files; Walker's technology calls for keys to be placed with a private trustee in some cases.

The federal government won't have the keys in-house, as they would have under Clipper, where civil libertarians feared the government would use them for leisurely fishing expeditions into citizens' lives. But they'll still be available if officials get a search warrant or a subpoena.


"The fundamental question is whether citizens have the right to seek privacy from the government or not," said John Gilmore, a board member of the Electronic Frontier Foundation. "The ability to use cryptography is the right to seek privacy. They're trying to make that, if not illegal, practically impossible."

Fighting words, and they wound Walker some. But he's been working on the Internet since it was a Pentagon plaything, and he's confident enough to shrug them off.

"Very untrue and very unfair," he insists. "When you get what you want and don't have to give anything up, that's not a compromise. That's a good deal."

Walker an early entry

Steve Walker came to computer security early, as a Northeastern University electrical engineering major in the 1960s. He landed a temporary job at the National Security Agency through Northeastern's cooperative education program. He says his father, who was in military intelligence, was skeptical. But at Fort Meade the son found "thousands of computers" and, in them, a calling.

After NSA, Walker moved to the Advanced Research Projects Agency, where he spent three years supervising the Pentagon's contract with the firm that built the ARPANet, the computer network often described as the forerunner of the Internet. Then he moved to the office of the secretary of the Defense Department, where he helped build a defense data-sharing network that presaged the sprawling corporate networks known intranets.


Walker spent nine years in Washington, but didn't move there and certainly never developed a politician's sharp elbows. Cheerfully informal, he has a sly wit hinted at by the display on his office wall of mocked-up business cards representing industrial titans -- including Rockefeller, Carnegie, Ben Franklin and Steve Walker. He is also exceptionally good at the delicate art of explaining technology to the uninitiated without talking down to them.

In all, he comes across a lot like Dave Thomas, founder and TV pitchman of the Wendy's fast-food chain.

'Such a nice person'

"He's such a nice person; I really like him," said Dorothy Denning, a Georgetown University computer science professor. "He'd be really nice to work for. The fact that he got all those people to move to Glenwood is amazing."

Yes, Glenwood, about the least likely place imaginable for a big company. While at NSA, Walker had bought an old house in the southwestern Howard County town of 1,229. Suffice to say it was country when country wasn't cool.

"We used to have a brochure that was proud to say the nearest traffic light was 10 miles away," Walker said. Now the nearest traffic light is three miles away. But they still have short cycles."


Walker learned to make the drive to the Pentagon in an hour, but he didn't learn to like it. And he was at the top of the government's pay scale. In 1982, he had had enough.

"Now I have a 250-foot commute," he said. "I like that very much."

It would be inspiring, but it wouldn't be true, to say Walker set out to build a company that would remake computer security and pioneer Internet commerce. His deal was simpler: start consulting in his house and find a client who would give him a full-time job.

Lawyer was clear

"My lawyer was very clear," he remembers. "Don't work for the government. They don't pay."

But it didn't turn out that way. Walker's work took him into the developing world of computer firewalls, software that keeps intruders out of sensitive networks. The government has a lot of those, especially at NSA and the Pentagon. By 1993, 95 percent of Trusted's work came from the government.


"There were two of us, then there were nine of us, then there were 18 of us," Walker said, so he began buying land around his house. He renovated a gas station by the main road, bought a nearby house, and built the building where Trusted has its headquarters now. Now Trusted has 250 employees in six offices, and about $25 million in 1996 sales.

Walker is studiedly unpretentious, but he had no lack of ambition. Government consulting was building him a nice little company, but it wasn't making him Bill Gates. Today, it's the least profitable part of Trusted's business.

The great trick of the software business is that once you've figured out how to make a new program, you can make practically infinite copies at practically no extra cost. That's how you make the big money, if you can spot the big market. And by 1993, Walker understood that the next big market was the Internet.

Civilians targeted

"People were starting to get seriously on the Internet without any protection at all," he said. So he began tinkering with the firewalls he had built for the government to come up with something for civilians.

In late 1993, Trusted began to give a firewall "tool kit" away over the Internet. Soon corporations wanted to buy more finished versions. "We said, 'How about $12,000?' and they said 'OK,' " he said. "So we said, 'how about $15,000?' "


Today, the Gauntlet Internet firewall is more than 45 percent of Trusted's business. And government contracting is down to 49 percent.

Still, Walker's lawyer was way wrong: Working for the government paid off huge. It let Trusted make a profit throughout its early years, which let Walker avoid selling most of the company to venture capitalists for development money. Hanging until the company went public saved Walker about $20 million.

"I have a strong belief the Lord is riding where I'm going," he said.

Trusted's big challenge is that Gauntlet now has stiff competition from firms like Israel-based Check Point Software Technologies Ltd., which claimed 40 percent of 1995 firewall sales. Walker said Trusted has 10 percent, in an industry projected to grow to $980 million in annual sales by 2000, from $160 million last year.

Even if Gauntlet just holds its own, however, Trusted's edge depends on what happens to RecoverKey. J. P. Morgan & Co. says RecoverKey will add $8 million to annual revenue by 1998, a figure Walker calls conservative.

'Gimme the keys'


During the battle over the Clipper chip, Walker's opposition was mostly commercial: He said foreign customers would not buy American software if encryption keys were handed over to authorities. Still, he says you also didn't have to be a radical to fear Washington would abuse its power.

"You could imagine a Nixon situation, where the president went to [the National Institute of Standards and Technology] and said, 'Gimme the keys,' " he said.

While the Electronic Freedom Foundation went to court, claiming the export controls violate free speech, Walker's team went to work on a technical solution that became RecoverKey.

RecoverKey means computer users don't have to count on one part of the government to keep their keys secret from agencies that have no right to see them, Walker said. The technology also gives a computer's owner the electronic means to snoop on a rogue employee or decrypt the files of a loyal lieutenant who loses his key or simply gets hit by a bus and takes it with him.

"Steve took a positive attitude instead of, 'Let's just fight the damn thing,' " said Clinton C. Brooks, encryption adviser to NSA director Kenneth A. Minihan.

Privacy advocates remain unimpressed, even though key recovery will only be required in certain cases when encryption is exported. Americans using encryption here don't have to disclose their key to anyone.


Electronic Frontier Foundation attorney Shari Steele said Walker's system still is government intrusion because the government still decides which computer users must register their keys.

"It's still a state action even if it's done privately," Steele said. "They [the government] have still said, 'Put a key in a safe place for our benefit, not yours.' "

However, the reward for Walker's search for middle ground on Clipper is that RecoverKey is the only key recovery system the U.S. government has approved for export. Furman Selz analyst Martin Pyykkonen expects strong patents to keep it that way for some time. "It's essentially a market they have to themselves," he said.

Pub Date: 12/08/96