23 February 1998
Date: Sun, 22 Feb 1998 21:34:52 -0500
From: Will Rodger <rodger@WORLDNET.ATT.NET>
Subject: I@W/ZDNN exclusive: industry encryption group says no to FBI wish
list.
Comments: To: cryptography@c2.net
To: CYBERIA-L@LISTSERV.AOL.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Readers of this list doubtless are aware of the key-recovery alliance
(http://www.kra.org) - the industry group that stepped up to the
plate to build in encryption backdoors for the FBI little more than a
year ago in exchange for expedited export licenses.
Since then, both feds and companies have sworn this would be a
"market-driven" effort. Many were skeptical, predicting that the
fruits of the group's labors would not be what the market wanted, but
what the police demanded.
Well, guess what the KRA says it won't produce? How about hardware
for wiretapping phone calls? That's just the beginning..........
From: http://www.zdnet.com/zdnn/content/inwo/0220/286871.html
Crypto crack-up
By Will Rodger
Inter@ctive Week Online
February 20, 1998 2:08 PM PST
Members of a computer-industry alliance designed to comply with U.S.
government restrictions on data-scrambling exports now say efforts to
develop encryption products that meet federal demands are faltering.
Sources close to the industry group say difficulties within the so-
called Key Recovery Alliance have been building for months. But
longtime privacy activists and industry analysts were floored today
by statements from industry and government alike indicating the
alliance has abandoned several major government objectives in favor
of their customers' demands.
"We think key recovery is beginning to take hold, and as it does, we
believe it's beginning to address the needs of government," said IBM
Public Policy Director Aaron Cross Thursday. "It's time for
government to step aside."
The latest positions amount to a dramatic reversal from just 14
months ago, when IBM Corp. and dozens of other companies agreed to
produce "market-driven" systems that would presumably give law
enforcement secret access to encrypted telephone conversations and
stored data within hours. The move also puts the group on a collision
course with FBI Director Louis Freeh, who since last summer has
openly called for strict controls on the privacy-protecting
technology.
The ongoing battle over encryption has grown dramatically in recent
years, as consumers and businesses alike have looked to encryption as
their primary, and in some cases only, way to keep e-mail private,
credit-card transactions secure and computers safe from outside
hackers.
Under terms of Commerce Department regulations issued in December
1996, more than 60 software and hardware companies agreed to develop
encryption technologies that would give law enforcement access to
encoded e-mail, computer disks and telephone calls when presented
with a court order. In return, they were promised the ability to
export medium-strength encryption without key recovery until the end
of this year, at which point the federal government would begin
requiring that all exports include the "key recovery" technology.
The Clinton administration has pushed for the so-called "key
recovery" technology on the grounds that encryption technologies pose
a threat to its ability to wiretap and search computer disks during
investigations.
But major tenets of the government-industry agreement now appear
unreachable, said Stephen Walker, president and chief executive
officer of key recovery pioneer Trusted Information Systems Inc. The
alliance, he said, is no longer developing systems to allow
eavesdropping on telephone conversations since businesses have little
use for listening in on their own wiretap-resistant telephones. Also,
he said, alliance members will not develop systems that hand
encryption descrambling keys to government agencies without notifying
the users that their keys have been surrendered to others.
"We're not building a key recovery specification for Louis Freeh,"
Walker said. We're building a system for the marketplace."
A host of interests from software developers and civil libertarians
to conservative groups like the Eagle Forum and Americans for Tax
Reform fear an Orwellian surveillance state could emerge from current
proposals. Since Americans rely on secured computers and e-mail for a
mushrooming proportion of their activities, handing unscrambling keys
to government officials would invite abuse and invasion of privacy on
an unprecedented scale, regardless of the legal safeguards taken to
prevent it.
Online advocacy groups said the change in industry's position
reflects a broader deterioration in government policy.
"It's significant," said Alan Davidson, staff counsel to the Center
for Democracy and Technology. "The government's [plan] won't work,
and industry explained why. The choice to use key recovery has to be
an individual choice, not one imposed by government."
Lauren Hall, chief technologist at the Software Publishers
Association, called the latest developments "important." "It sends a
message to government that this isn't what business wants."
Administration officials downplayed the apparent difficulties in
their 1996 policy.
"From the beginning, administration policy was determined to be a
market-driven approach," one official close to policy makers said.
"There are legislative approaches that would encourage the
development of those things because they'll make it clear that
government purchase would have a greater role."
One of those approaches, the Secure Public Networks Act, would forbid
the federal government from purchasing or funding any encryption
research that did not include key recovery mechanisms. If the bill
became law, the official said, it might well generate enough business
to induce companies to produce all the features the government wants.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQA/AwUBNPDgS9ZgKT/Hvj9iEQKPKQCdFOtCHGfiLhalGEfSncd3G5Mv5G8AoMAK
zMQb0RaTg6AaiKwr17WfMlyd
=O6r/
-----END PGP SIGNATURE-----
Will Rodger Voice: +1 202-408-7027
Washington Bureau Chief Fax: +1 202-789-2036
Inter@ctive Week http://www.interactiveweek.com
A Ziff-Davis Publication http://www.zdnn.com
PGP 5.0: 584D FD11 3035 0EC2 B35C AB16 D660 293F C7BE 3F62
PGP 2.6.2: D83D 0095 299C 2505 25FA 93FE DDF6 9B5F