Page 488

to the extent that a FIPS is based on existing private sector standards, it codifies standards of existing practice with all of the benefits (and costs) described above. A second reason is that a FIPS is often taken as a government endorsement of the procedures, practices, and algorithms contained therein and thus sets a de facto ''best-practices" standard for the private sector. A third reason is related to procurements that are FIPS-compliant as discussed in Chapter 6.

Products such as computers and communication devices that are intended to interoperate with other equipment are of little value if they are based on a standard few others use—there is no one to communicate with. For this reason, interoperability standards often foster a sudden acceleration in market share growth—a bandwagon effect—in which users afraid of being left out rush to adopt a standard once it appears clear that most other users will adopt that standard. The flip side of this phenomenon is the potential for significant delay in development of a market prior to this takeoff point: users put off purchasing products and services that might become "orphaned" in the future. During a period in which more than one competing standard exists, the entire market's growth may be adversely affected. The failure of a consumer market for AM stereo receivers, for example, was largely due to the lack of a dominant standard.7

Competing standards developed in the private and public sectors could be slowing the spread of cryptographic products and services. The two cryptography-related FIPSs most recently produced by NIST were not consistent with existing de facto industry standards. As discussed previously, the Escrowed Encryption Standard was adopted as FIPS 185 despite the overwhelmingly negative response from private industry and users to the public notice in the Federal Register.8 The Digital Signature Standard was also adopted despite both negative public comments and the apparent emergence of a de facto industry based on RSA's public-key algorithm.9

7 For further discussion of the interactions between interoperability standards and development of markets for goods and services, see Stanley Besen and Joseph Farrell, "Choosing How to Compete: Strategies and Tactics in Standardization," Journal of Economic Perspectives, Volume 8(2), Spring 1994, pp. 1-15; and Joseph Farrell and Garth Saloner, "Competition, Compatibility and Standards," Product Standardization and Competitive Strategy, H. Landis Gabel, ed. Elsevier Science Publishers B.V., Amsterdam, 1987.

8 Susan Landau et al., Codes, Keys, and Conflicts: Issues in U.S. Crypto Policy, Association for Computing Machinery Inc., New York, 1994, p. 48.

9 Landau et al., Codes, Keys, and Conflicts, 1994, pp. 41-43.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement