------- Forwarded Message Date: Thu, 4 Dec 1997 15:02:44 -0500 From: bxs29@cas.org (Barry Skaggs-D26) To: cas@majordomo.pobox.com, ignition-point@majordomo.pobox.com Subject: IP: (OT) Cloud Over Future of PGP Seems like the days of peer-reviewed encryption software may be numbered. Just trust Us. Regards, Barry Skaggs Cloud Over Future of Pretty Good Privacy The Price of Key Recovery Following Monday's US$35 million cash acquisition of PGP by Network Associates, the man who once testified before the Senate that key recovery could "strengthen the hand of a police state" now works for a company that actively promotes it. Reaction from e-privacy activists was swift and harsh. "The users of PGP can no longer rely on the credibility of Phil Zimmermann to ensure that the product is everything that they've been promised it's been previously," said Dave Banisar, attorney for the Electronic Privacy Information Center and co-author of The Electronic Privacy Papers Network Associates, formerly known as the Key Recovery Alliance, an organization that lobbies Congress for key recovery that would grant law enforcement agencies back-door access to private encrypted communications. Network Associates and other companies support key recovery because it would allow them to export strong crypto software without bothering to make a separate nonrecoverable version for the domestic market. The Commerce Department forbids export of the strongest available encryption without elaborate promises from manufacturers to develop key recovery features. Thus many companies are forced to develop both export and domestic versions of their software, each with differing crypto strengths. But Zimmermann, a pioneer of strong encryption, has spent years crusading against key recovery, calling it an invasion of privacy. And the most recent release of PGP's encryption software allows users to disable key recovery. "People should give their consent to use [recovery]," Zimmermann said. When asked whether future versions of the package will retain that option, Zimmermann replied, "Certainly, as long as I have anything to say about it." Zimmermann's new title at Network Associates is "fellow," but he declined to comment on exactly what authority and responsibility that confers. Meanwhile, Phil Dunkelberger, PGP's former president and CEO, was named general manager of Network Associates' Total Network Security Division. "It's going to take some time to figure things out," said Zimmermann. EPIC's Banisar was less diplomatic and postulated that Zimmermann's new title reflected a clash of values between him and Network Associates on key recovery. "We have a number of fellows here, and they are usually unpaid volunteers," Banisar said. "It will require a fundamental examination by human rights groups and others about whether any newer versions of PGP are truly trustworthy," said Banisar. Network Associates could not be reached for comment. Wired, Dec. 3, 1997 ********************************************** To subscribe or unsubscribe, email: majordomo@majordomo.pobox.com with the message: subscribe ignition-point email@address or unsubscribe ignition-point email@address ********************************************** http://www.telepath.com/believer ********************************************** ------- End of Forwarded Message