[ISN] Programmer faces Crypto Probe

From: mea culpa (jerichoat_private)
Date: Fri May 29 1998 - 18:32:41 PDT

  • Next message: mea culpa: "[ISN] Security bug in MS Outlook"

    Forwarded From: Kjell Wooding <kwoodingat_private>
    Programmer faces crypto probe 
    By Tim Clark
    Staff Writer, CNET NEWS.COM 
    May 22, 1998, 11:40 a.m. PT 
    URL: http://www.news.com/News/Item/0,4,22415,00.html 
    A Silicon Valley programmer on Tuesday is slated to respond to a subpoena
    by an arm of the Commerce Department investigating whether a security
    plug-in that can be downloaded from his Web site violates U.S. laws barring
    the export of strong encryption. 
    Charles Booher of Sync Systems, who wrote the SecureOffice encryption
    module while recovering from his third bout with cancer, said he will show
    up at the San Jose, California, offices of the Office of Export
    Enforcement, as ordered. 
    "Sync Systems is basically me and a program I put together that nobody's
    paid attention to so far except for the export administration," Booher said
    in an interview. "I've got a regular 9 to 5 job. I do disk drive testers
    for a living. Crypto is just sort of like a hobby for me." 
    Commerce Department officials declined to comment on the matter, citing
    departmental policy not to discuss issues that may or may not be under
    However, a copy of the subpoena posted on Booher's site indicates the
    government is investigating whether his Sync Systems has distributed
    168-bit triple DES (data encryption standard) crypto software. 
    U.S. laws generally require government approval to distribute encryption
    technology that is stronger than 56 bits outside the U.S. except to
    financial institutions. Even government approvals often require a promise
    that the seller will initiate a "key recovery" system within several years. 
    Key recovery and key escrow systems give law enforcement agencies--with
    court approval--and businesses access to cryptographic keys that can be
    used to decrypt scrambled data. 
    Booher's subpoena requires him to turn over business records, notes of
    phone conversations and meetings, email messages, fax transmissions, and
    export documents that might shed light on where the encryption software may
    have been distributed. 
    But Booher said he doesn't have most of the requested information. 
    "Basically, the documents aren't there," he said. 
    SecureOffice hasn't been a hot-selling product, Booher said. The download
    from his Web site allows 40 free uses of the software, but users then can
    request a key to unlock the software for future uses. So far, two people
    have requested that key, and Booher isn't charging for it. 
    "Basically, there has been zero interest. It has not been an overwhelming
    response," he said. Except from the Commerce Department, which requested
    Booher's source code. 
    He has declined to turn it over so far. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:54:22 PDT