| |
| Cypher
Wars : Pretty Good Privacy Gets Pretty Legal |
| by Steven Levy, Wired (02/11/1994) |
| |
| This article presents the early history
of PGP, a personal computer-based program that encrypts files and
electronic mail and was at first given away free over the internet,
while this apparently violated both intellectual property laws (RSA
Data Security Inc. had the sole property of the algorithm the software
was based on) and law enforcement regulations. Since then, PGP has
evolved to use an encryption engine from RSAREF, a cryptography toolkit
developed by RSA Data Security and released to the public as a freeware,
and is compliant with intellectual property laws. |
| |
| BSA
Letter to Interagency Working Group on Encryption |
| by Becca Gould, Business Software Alliance (08/11/96) |
| |
| Reaction of the Business Software
Alliance after the Administration's recent
decision to liberalize export controls for commercial encryption products.
According to this association, there are four major problems that
still need to be solved. First, in the domain of interim export control
relief, the government should not only draft and approve the new regulations
quickly, but also further the proposed policy by defining periodic
upward adjustments in key length and explicitly allowing the use of
128-bit encryption in financial applications. Second, the government
should make sure that any key recovery initiative is voluntary and
market-driven. Third, the government should adopt a more efficient
approach to obtain industry commitment to develop key recovery capacities
in the products, by allowing them to immediately begin exporting 56-bit
products, and by focusing only on a medium-term incentive that is
the possibility to export encryption programs with long key lengths
if the company's products satisfy the key recovery conditions in 2
years. Finally, the BSA urges the governement to allow companies to
export 56-bit products without key recovery even after 2 years, in
order to allow the functioning and further development of the installed
base in the future. |
| |
| BSA
Letter to Vice President Gore |
| by Robert W. Holleyman, Business Software Alliance
(02/12/1996) |
| |
| Letter of the BSA expressing the discontent
of the association because of the way the Administration has seemingly
backtracked since the October 1 encryption policy announcement. The
letter reiterates the position of the BSA, and ask for the necessary
government support in order to safeguard the international competitiveness
of the software industry. |
| |
| New
Encryption Technology on the Horizon : Companies scamper towards key
recovery schemes |
| by Neil Munro, INFOSec.com (1997) |
| |
| This article looks at the attitude
of numerous IT giants and small, specialized security companies trying
to jump-start the market for key-recovery technology, which is designed
to provide executives with spare keys to their company's data assets,
but would also allow the US government to seize those spare keys and
have an easy access to encrypted communications in the event of criminal
investigation. Due to the fact that the government has pressured companies
to split copies of their spare keys and leave them in storage with
two federal agencies for this purpose, the development of the technology
has been slowed down, although most potential corporate clients would
welcome the key-recovery technology. More recently though, the government
has tried to promote its development by allowing companies to export
products with electronic keys of more than 56 bits, against the promise
to have key-recovery products available by the end of 1998. However,
.he technology is still criticized by civil libertarians, encryption
proponents and by many industry executives concerned that the government's
encryption plans may hinder their international sales |
| |
| Sun
Dodges Crypto Export Limits |
| by Tim Clarke and Alex Lash, CNET News.com (19/05/1997) |
| |
| This article announces the future
availability of advanced security software based on Sun's SKIP (Simple
Key Management for the Internet Protocol) encryption and key management
protocol through a third party, a subsidiary of Sun based in Russia.
By doing so, Sun is pulling an end-run around U.S. limits on exporting
strong encryption. |
| |
| TIS
CEO Stephen Walker explains the critical issues of security and encryption |
| by Linda Radosevich, Info World Electric (01/09/1997) |
| |
| Interview of Stephen
Walker who is president, CEO, and founder of Trusted Information Systems
(TIS), and testified before Congress in July 1997 on the controversial
key escrow debate. His stance on government control over encryption
technology export is somewhat unique in the software industry: to
let companies develop their own key-recovery systems, then to integrate
the different systems and build a government-approved public key infrastructure. |
| |
| Letter
of Californian Companies CEOs to Senator Dianne Feinstein |
| Written on January 15, 1998 |
| |
| This letter presents the position
on encryption policy of 26 CEOs of Californian companies, who argue
that mandatory key recovery policies, domestically and for export,
will make the United States a second class nation in the Information
Age. It is maintaining United States leadership in the development
of state-of-the-art cryptography that is, according to them, in the
best interests of U.S. national security and law enforcement. |
| |
| RSA
Data Security blasts government encryption policy |
| by Ellen Messmer, Network World Fusion (16/01/1998) |
| |
| This article describes the attitude
of the Security industry as well as some global corporations in front
of the law enforcement requirements required by the government. Whereas
it seems that most security professionals are against government-approved
key-recovery schemes, and are often involved in lobbying efforts against
them, it is also true that most of the big corporations which are
involved in the development of encryption products are developing
products compliant with key-management infrastructures. Among them,
the case of RSA perfectly illustrates what has become a business necessity. |
| |
| U.S.
encryption policy costing billions of dollars in lost sales, report
claims |
| by Elinor Mills, IDG News Service (06/04/1998) |
| |
| Summary of a report written by an
independent think-tank, the Economic Strategy Institute (ESI) of Washington,
D.C., which estimates that the U.S. government's
encryption export policy is detrimental not only to the domestic applications
software business but also other IT sectors and could result in a
loss of between $35 billion and $95.9 billion over five years. The
loss would be due to lost encryption sales that are picked up by non-U.S.
vendors, slower growth in encryption-dependent industries like banking,
forgone cost savings and efficiency gains that could be earned from
greater Internet, extranet and intranet usage and finally, indirect
costs. |
| |
| Thirteen
Companies Support 'Private Doorbell' Encryption Alternative |
| by Nancy Weil, IDG News Service (13/07/1998) |
| |
| Position of
thirteen leading IT companies which are backing an alternative to
the controversial key recovery method, an encryption technology allowing
a network operator to access private information at the behest of
law enforcement agencies. "House key" encryption uses what
is called a "private doorbell" to enable law enforcement
agencies to gain access to encrypted information, only when law enforcement
agencies serve the network operator with a warrant or court order
to unlock the information. Technically speaking, the technology would
allow network administrators to encrypt documents when they are dispatched
by a router, and then unencrypt them when they reach a destination
router, which makes the solution viable only for corporate users on
a network, not individual users using routers of an outside ISP. |
| |
| Encryption
Wars |
| by Gode Davis, Web Server Online Magazine (09/1998) |
| |
| This article describes the two distinctly
different encryption wars which are being fought. The first one, illustrated
here with the exemple of the Junger's case, is about the rights of
individuals to post encryption algorithms on the Internet or to more
readily access software capable of generating strong encryption for
their personal needs. The other is a fundamental conflict between
business and government over just how "encrypted" the Internet
should be. Such business associations as the Software Publishers Association
(SPA) and the Computer Systems Policy Project (CSPP) argue that strong
encryption technology is already widely available in other countries
and that the limits imposed by encryption export controls are crippling
security software development in the United States. They also underlines
the risks of the key-escrow system which has been part of the Clinton
Administration's encryption policy mix since January 1997. |
| |
| U.S.
Encryption Policy far from 'Home Run', Alliance Says |
| by Franck Wolfe, Philips Publishing International
(28/10/1998) |
| |
| Action of leading software developers
in favour of further loosening of export restrictions on encryption
products, after the announcement of a new encryption policy by the
Clinton Administration. Indeed, globalization of the encryption trade
makes it more and more difficult for these companies to compete efficiently,
yet the new policy does not completely lift
the limits on mass-market encryption technologies. |
| |
| Why
U.S. Encryption Policy Harms Businesses and the Economy |
| by Justin Matlick, in Action Alert
No. 15, Center for Freedom and Technology (01/03/1999) |
| |
| This article
shows why the White House insistance on regulating encryption technology
is an ineffective policy and harms the Internet, U.S. encryption makers,
and the domestic economy. According to the author, who is the director
of the Center for Freedom and Technology at the Pacific Research Institute
in San Francisco, legislators must consider a better and proven approach
as they debate reforms in the area of encryption. The ideal policy
would eliminate encryption controls and embrace the free market.
|
| |
| Microsoft
Stonewalls NSA_Key Questions |
| by Duncan Campbell, Senior Research
Fellow, Electronic Privacy Information Center(27/04/2000) |
| |
| This document is a correspondence
between Duncan Campbell, Richard Purcell (Microsoft’s Director
of Corporate Privacy) and Scott Culp (Microsoft Security Response
Centre) about the controversy of the "NSA_key"
in Windows Operating System. Additionnally, Andrew D. Fernandes of
Cryptonym Corporation (who discovered the NSA_KEY) explains why the
explanation given by Microsoft (the NSA_KEY would in fact be there
for backup purposes) is not satisfying. |
| |
| Crypto
Headache |
| by Will Rodger, Interactive Week (12/02/2001) |
| |
| Description of the problems faced
by companies in the approval process of data-scrambling
hardware and software. Although Clinton Adminstration has relaxed
the export rules, commercial software is still subject to close scrutiny,
and companies often have to go through a costly, burdensome process
in order to clear the regulatory burden. |
| |
| Keeping
Secrets |
| by Fred Hapgood, CIO Magazine (15/07/2001) |
| |
| This article explains the lack of
enthusiasm of the industry regarding the development of encryption
products in the early 90s, while a popular
technical culture, based in campuses and the online hacker communities,
developed itself and initiated the development of open standards.
But starting from the mid-90s, encryption started to focus the attention
of the corporate side as well, with products that allow encryption
to be delivered by the network instead of the user, that secure Virtual
Private Networks used by companies to aloow secure data exchange,
and ease centralized data management processes. |
| |
| Elusive
Security |
| by Paul Coe Clark III, The Net Economy
(20/09/2001) |
| |
| This document is an interview with
Christopher King, the security-practice director
for Greenwich Technology Partners. Asked whether companies will change
the way they implement security, and about proposed bills to strengthen
federal wiretap laws and encryption controls
after the Sept. 11 attacks on the World Trade Center, King explains
why government backdoors in all encryption products is not something
that is going to happen, in spite of the public climate to pass the
law. |
| |
| Techies
Urge Senator To Drop Encryption Key Plan |
| by Brian Krebs, Newsbytes (27/09/2001)
|
| |
| Article describing the protest of
eight executives affiliated with the Association for Competitive Technology
(ACT), a group heavily funded by Microsoft, against a proposal by
US Senators to that would require encryption makers to register backdoor
keys with the government. The proposal, which
came out as part of the discussion about anti-terrorism legislation,
would be to create a "quasi-judicial entity" appointed by
the Supreme Court that would control access to the key repository. |
| |
