At 12:08 -0800 2/28/98, Tim May wrote:
A constant danger with any of these "solutions" is that they make later imposition of controls so much easier. Consider the implications of widespread deployment of the HP-type system (which, BTW, I don't think will happen in the U.S., or elsewhere).
A simple change in the law and all new tokens (and they must be renewed yearly, so says HP) will implement the new law.
It's a sign of the times when Tim and I can agree on these things, or at least recognize the same problems. Note NONE of HP's press materials included that 1 year detail. --Declan ==== http://cgi.pathfinder.com/netly/afternoon/0,1012,1771,00.html One-Year Itch Even if you studiously ignore the arcana of encryption export rules, it's worth paying attention to a new product from Hewlett Packard. The government has OK'ed the overseas sale of HP's "VerSecure" boards and computer chips that have full-strength encryption built in -- but turned off by default. To engage the data-scrambling features, you'll need an "activation token." Catch is, however, that they last only one year, and the tokens also can open a "key recovery" electronic peephole for snooping government agents. This is the only way HP can hawk these things in France, a country with no shortage of such police. Now, the FBI wants to ban U.S. software without such peepholes. Doesn't crypto-crippleware make it much easier for the government to issue only key recovery tokens when everyone's existing ones expire? "Whatever the law is in the U.S., we will comply," says CEO Lewis Platt. --By Declan McCullagh/Washington