An article in today's (Fri, Oct 3) New York Times (CyberTimes) <http://www.nytimes.com/library/cyber/week/100397pgp.html> describes the new release of "PGP for Business Security 5.5," which contains mechanisms that incorporate key recovery mechanism that can either be volontary or be enforced by using PGP's software for controlling a company's SMTP server -- the server can verify that all encrypted messages include the corporate public key (or conform to other corporate policies): "The new version also includes some of the most sophisticated techniques for enforcing this policy through the corporation. The most novel may be a new version of software controlling a company's SMTP server, the machine that acts as the central mailroom for a corporation. PGP provides a software agent that will read all of the mail to make sure that it complies with the corporate policy. This may include requiring all messages to be signed with digital signatures or include a backdoor that the management can use to read the message. If the software agent discovers a message violates the policy, it can either return it to sender or simply log a copy. "PGP implements the backdoor with a central key. Each message is encrypted with both the public key of the recipient and the public key of the management. The message can only be read by someone holding the corresponding private keys, in this case the recipient and the management. The software allows the management to use different master keys for different departments by customizing the software. ... "Bruce Schneier, an encryption expert and author of the popular book Applied Cryptography, said that the new announcement "sounds like everything the FBI ever dreamed of." He also predicts that criminals will find ways to circumvent the restrictions while honest people may be more vulnerable to illicit use of the master key." --- Coincidently, the same issue of the New York Times has an editorial <http://www.nytimes.com/yr/mo/day/editorial/03fri4.html> attacking FBI director Louis Freeh's request that Congress "outlaw the manufacture and distribution of encryption programs the Government cannot instantly crack. Martin Minow minow@apple.com