NAI Back in Key Recovery Group http://www.wired.com/news/print_version/technology/story/16219.html?wnpg=all Wired News Report Computer-security giant Network Associates Inc. has quietly rejoined a global coalition promoting a controversial technology that could give the US government access to encrypted data. Network Associates [ http://www.nai.com/ ], which owns cryptography software firm PGP and firewall vendor Trusted Information Systems, dropped out of the Key Recovery Alliance [ http://www.kra.org/ ] last December to protect the PGP brand, which some civil-liberties advocates say was tainted by its association with the alliance. Activists charge that the alliance promotes technology that poses a threat to civil liberties. The alliance says it is not a lobbying group but does support the concept of key recovery, a system in which a copy of the secret key that unlocks scrambled data is placed in escrow. "We would assume that the acquisition of Trusted Information Systems would be a contributing factor with the change of that policy," said David Sobel of the Electronic Privacy Information Center. "TIS is widely regarded as the originator of the whole concept of key escrow," Sobel said. Several executives are former employees of the National Security Agency, which is believed to be a prime advocate of key recovery in Washington. Currently, the Clinton administration bars the export of strong encryption products that do not include a key-recovery component. The policy has long irked security software companies who see the policy as giving foreign competition an unfair advantage. Civil liberties advocates dislike key recovery because they feel it is the start of a slippery slope toward so-called mandatory key recovery, which would give the government access to private data. While the Key Recovery Alliance says it is not a political action committee or lobbying group, the group is often held up by politicians as an example of industry support for the administration's policy. Last December, a Network Associates executive said the Key Recovery Alliance created a misunderstanding about the company's position on the issue. "We want people to understand that Network Associates' position and PGP's position is to encourage the government and industry to move towards a policy that allows export of strong cryptography without mandatory key recovery," Gene Hodges, director of product management at Network Associates, told Wired News last December. An attorney with the Center for Democracy and Technology said that Network Associates opposes mandatory key recovery, but that the company may be hedging its bets against future shifts in Administration policy. "There are other companies in the Key Recovery Alliance who are steadfastly opposed to the administration's policy and mandatory key recovery, yet I think they are part of the alliance because they feel they need to be," said Alan Davidson Lynn McNulty, director of government affairs for RSA [ http://www.rsa.com/ ] Data Security, said the company is likely not expecting negative political fallout, one year after the PGP acquisition. "The commercial [version of] PGP has kind of been absorbed [into Network Associate's product line]," McNulty said. "The personal verison kind of enjoys folklore status among the civil libertarians." No representative from either Network Associates or the Key Recovery Alliance was available for comment Thursday. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:11:11 PDT