[ISN] NAI/PGP FlipFlop Back to Pro Key Recovery Group

From: mea culpa (jerichoat_private)
Date: Fri Nov 13 1998 - 05:53:56 PST

  • Next message: mea culpa: "[ISN] Convicted hacker offline ... and may be on the run"

    NAI Back in Key Recovery Group
    Wired News Report
    Computer-security giant Network Associates Inc. has quietly rejoined a
    global coalition promoting a controversial technology that could give the
    US government access to encrypted data. 
    Network Associates [ http://www.nai.com/ ], which owns cryptography
    software firm PGP and firewall vendor Trusted Information Systems, dropped
    out of the Key Recovery Alliance [ http://www.kra.org/ ] last December to
    protect the PGP brand, which some civil-liberties advocates say was
    tainted by its association with the alliance. 
    Activists charge that the alliance promotes technology that poses a threat
    to civil liberties. The alliance says it is not a lobbying group but does
    support the concept of key recovery, a system in which a copy of the
    secret key that unlocks scrambled data is placed in escrow. 
    "We would assume that the acquisition of Trusted Information Systems would
    be a contributing factor with the change of that policy," said David Sobel
    of the Electronic Privacy Information Center. 
    "TIS is widely regarded as the originator of the whole concept of key
    escrow," Sobel said. Several executives are former employees of the
    National Security Agency, which is believed to be a prime advocate of key
    recovery in Washington. 
    Currently, the Clinton administration bars the export of strong encryption
    products that do not include a key-recovery component. The policy has long
    irked security software companies who see the policy as giving foreign
    competition an unfair advantage. 
    Civil liberties advocates dislike key recovery because they feel it is the
    start of a slippery slope toward so-called mandatory key recovery, which
    would give the government access to private data. 
    While the Key Recovery Alliance says it is not a political action
    committee or lobbying group, the group is often held up by politicians as
    an example of industry support for the administration's policy. 
    Last December, a Network Associates executive said the Key Recovery
    Alliance created a misunderstanding about the company's position on the
    "We want people to understand that Network Associates' position and PGP's
    position is to encourage the government and industry to move towards a
    policy that allows export of strong cryptography without mandatory key
    recovery," Gene Hodges, director of product management at Network
    Associates, told Wired News last December. 
    An attorney with the Center for Democracy and Technology said that Network
    Associates opposes mandatory key recovery, but that the company may be
    hedging its bets against future shifts in Administration policy. 
    "There are other companies in the Key Recovery Alliance who are
    steadfastly opposed to the administration's policy and mandatory key
    recovery, yet I think they are part of the alliance because they feel they
    need to be,"  said Alan Davidson
    Lynn McNulty, director of government affairs for RSA [ http://www.rsa.com/
    ] Data Security, said the company is likely not expecting negative
    political fallout, one year after the PGP acquisition. 
    "The commercial [version of] PGP has kind of been absorbed [into Network
    Associate's product line]," McNulty said. "The personal verison kind of
    enjoys folklore status among the civil libertarians." 
    No representative from either Network Associates or the Key Recovery
    Alliance was available for comment Thursday. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:11:11 PDT