23 February 1998
Date: Sun, 22 Feb 1998 21:34:52 -0500 From: Will Rodger <rodger@WORLDNET.ATT.NET> Subject: I@W/ZDNN exclusive: industry encryption group says no to FBI wish list. Comments: To: cryptography@c2.net To: CYBERIA-L@LISTSERV.AOL.COM -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Readers of this list doubtless are aware of the key-recovery alliance (http://www.kra.org) - the industry group that stepped up to the plate to build in encryption backdoors for the FBI little more than a year ago in exchange for expedited export licenses. Since then, both feds and companies have sworn this would be a "market-driven" effort. Many were skeptical, predicting that the fruits of the group's labors would not be what the market wanted, but what the police demanded. Well, guess what the KRA says it won't produce? How about hardware for wiretapping phone calls? That's just the beginning.......... From: http://www.zdnet.com/zdnn/content/inwo/0220/286871.html Crypto crack-up By Will Rodger Inter@ctive Week Online February 20, 1998 2:08 PM PST Members of a computer-industry alliance designed to comply with U.S. government restrictions on data-scrambling exports now say efforts to develop encryption products that meet federal demands are faltering. Sources close to the industry group say difficulties within the so- called Key Recovery Alliance have been building for months. But longtime privacy activists and industry analysts were floored today by statements from industry and government alike indicating the alliance has abandoned several major government objectives in favor of their customers' demands. "We think key recovery is beginning to take hold, and as it does, we believe it's beginning to address the needs of government," said IBM Public Policy Director Aaron Cross Thursday. "It's time for government to step aside." The latest positions amount to a dramatic reversal from just 14 months ago, when IBM Corp. and dozens of other companies agreed to produce "market-driven" systems that would presumably give law enforcement secret access to encrypted telephone conversations and stored data within hours. The move also puts the group on a collision course with FBI Director Louis Freeh, who since last summer has openly called for strict controls on the privacy-protecting technology. The ongoing battle over encryption has grown dramatically in recent years, as consumers and businesses alike have looked to encryption as their primary, and in some cases only, way to keep e-mail private, credit-card transactions secure and computers safe from outside hackers. Under terms of Commerce Department regulations issued in December 1996, more than 60 software and hardware companies agreed to develop encryption technologies that would give law enforcement access to encoded e-mail, computer disks and telephone calls when presented with a court order. In return, they were promised the ability to export medium-strength encryption without key recovery until the end of this year, at which point the federal government would begin requiring that all exports include the "key recovery" technology. The Clinton administration has pushed for the so-called "key recovery" technology on the grounds that encryption technologies pose a threat to its ability to wiretap and search computer disks during investigations. But major tenets of the government-industry agreement now appear unreachable, said Stephen Walker, president and chief executive officer of key recovery pioneer Trusted Information Systems Inc. The alliance, he said, is no longer developing systems to allow eavesdropping on telephone conversations since businesses have little use for listening in on their own wiretap-resistant telephones. Also, he said, alliance members will not develop systems that hand encryption descrambling keys to government agencies without notifying the users that their keys have been surrendered to others. "We're not building a key recovery specification for Louis Freeh," Walker said. We're building a system for the marketplace." A host of interests from software developers and civil libertarians to conservative groups like the Eagle Forum and Americans for Tax Reform fear an Orwellian surveillance state could emerge from current proposals. Since Americans rely on secured computers and e-mail for a mushrooming proportion of their activities, handing unscrambling keys to government officials would invite abuse and invasion of privacy on an unprecedented scale, regardless of the legal safeguards taken to prevent it. Online advocacy groups said the change in industry's position reflects a broader deterioration in government policy. "It's significant," said Alan Davidson, staff counsel to the Center for Democracy and Technology. "The government's [plan] won't work, and industry explained why. The choice to use key recovery has to be an individual choice, not one imposed by government." Lauren Hall, chief technologist at the Software Publishers Association, called the latest developments "important." "It sends a message to government that this isn't what business wants." Administration officials downplayed the apparent difficulties in their 1996 policy. "From the beginning, administration policy was determined to be a market-driven approach," one official close to policy makers said. "There are legislative approaches that would encourage the development of those things because they'll make it clear that government purchase would have a greater role." One of those approaches, the Secure Public Networks Act, would forbid the federal government from purchasing or funding any encryption research that did not include key recovery mechanisms. If the bill became law, the official said, it might well generate enough business to induce companies to produce all the features the government wants. -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQA/AwUBNPDgS9ZgKT/Hvj9iEQKPKQCdFOtCHGfiLhalGEfSncd3G5Mv5G8AoMAK zMQb0RaTg6AaiKwr17WfMlyd =O6r/ -----END PGP SIGNATURE----- Will Rodger Voice: +1 202-408-7027 Washington Bureau Chief Fax: +1 202-789-2036 Inter@ctive Week http://www.interactiveweek.com A Ziff-Davis Publication http://www.zdnn.com PGP 5.0: 584D FD11 3035 0EC2 B35C AB16 D660 293F C7BE 3F62 PGP 2.6.2: D83D 0095 299C 2505 25FA 93FE DDF6 9B5F