NAI Back in Key Recovery Group
http://www.wired.com/news/print_version/technology/story/16219.html?wnpg=all
Wired News Report
Computer-security giant Network Associates Inc. has quietly rejoined a
global coalition promoting a controversial technology that could give the
US government access to encrypted data.
Network Associates [ http://www.nai.com/ ], which owns cryptography
software firm PGP and firewall vendor Trusted Information Systems, dropped
out of the Key Recovery Alliance [ http://www.kra.org/ ] last December to
protect the PGP brand, which some civil-liberties advocates say was
tainted by its association with the alliance.
Activists charge that the alliance promotes technology that poses a threat
to civil liberties. The alliance says it is not a lobbying group but does
support the concept of key recovery, a system in which a copy of the
secret key that unlocks scrambled data is placed in escrow.
"We would assume that the acquisition of Trusted Information Systems would
be a contributing factor with the change of that policy," said David Sobel
of the Electronic Privacy Information Center.
"TIS is widely regarded as the originator of the whole concept of key
escrow," Sobel said. Several executives are former employees of the
National Security Agency, which is believed to be a prime advocate of key
recovery in Washington.
Currently, the Clinton administration bars the export of strong encryption
products that do not include a key-recovery component. The policy has long
irked security software companies who see the policy as giving foreign
competition an unfair advantage.
Civil liberties advocates dislike key recovery because they feel it is the
start of a slippery slope toward so-called mandatory key recovery, which
would give the government access to private data.
While the Key Recovery Alliance says it is not a political action
committee or lobbying group, the group is often held up by politicians as
an example of industry support for the administration's policy.
Last December, a Network Associates executive said the Key Recovery
Alliance created a misunderstanding about the company's position on the
issue.
"We want people to understand that Network Associates' position and PGP's
position is to encourage the government and industry to move towards a
policy that allows export of strong cryptography without mandatory key
recovery," Gene Hodges, director of product management at Network
Associates, told Wired News last December.
An attorney with the Center for Democracy and Technology said that Network
Associates opposes mandatory key recovery, but that the company may be
hedging its bets against future shifts in Administration policy.
"There are other companies in the Key Recovery Alliance who are
steadfastly opposed to the administration's policy and mandatory key
recovery, yet I think they are part of the alliance because they feel they
need to be," said Alan Davidson
Lynn McNulty, director of government affairs for RSA [ http://www.rsa.com/
] Data Security, said the company is likely not expecting negative
political fallout, one year after the PGP acquisition.
"The commercial [version of] PGP has kind of been absorbed [into Network
Associate's product line]," McNulty said. "The personal verison kind of
enjoys folklore status among the civil libertarians."
No representative from either Network Associates or the Key Recovery
Alliance was available for comment Thursday.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Fri Nov 13 17:30:02 1998