Here is a copy of an email I sent to the senior senator from California this morning. Senator Feinstein: I am extremely disturbed to read your comments in favor of mandatory "key recovery". Besides being a disaster for American software companies, and a clear violation of the constitution's protections of freedom of speech, these systems are harmful to the security of the United States. All cryptographic systems are extremely difficult to get right. The SSL protocol developed by Netscape Inc., which doesn't provide for "key recovery", went through three versions before the major problems were removed. "Key recovery" systems are, as Professor Dorothy Denning testified, much more complex than similar systems which do not include that feature. In fact, the key recovery system built into Clipper, with the advice of the National Security Agency, had flaws as documented by Matt Blaze of AT&T Bell Laboratories. If the best cryptographic group in the world can't get it right, how can we expect these systems to be secure. What do we risk with insecure systems? We risk compromising the legitimate secrets of non-classified government agencies, including IRS records; United States companies, including delicate international negotiations; and individual Americans, including their medical records. Even worse, if some group should decide to launch an information war attack on the United States, these flaws may allow them to access sensitive systems in the finance, transportation, and energy sectors. One simple way this attack could occur is if the access codes are distributed using a flawed encryption system. I hope you will reconsider your stand on this issue. William S. Frantz 16345 Englewood Ave. Los Gatos, Ca 95032 Capability Security Architect - Electric Communities Bill Frantz Electric Communities Capability Security Guru 10101 De Anza Blvd. frantz@communities.com Cupertino, CA 95014 408/342-9576 http://www.communities.com