------- Forwarded Message Date: Thu, 4 Dec 1997 15:02:44 -0500 From: bxs29@cas.org (Barry Skaggs-D26) To: cas@majordomo.pobox.com, ignition-point@majordomo.pobox.com Subject: IP: (OT) Cloud Over Future of PGP Seems like the days of peer-reviewed encryption software may be numbered. Just trust Us. Regards, Barry Skaggs Cloud Over Future of Pretty Good Privacy The Price of Key Recovery Following Monday's US$35 million cash acquisition of PGP by Network Associates, the man who once testified before the Senate that key recovery could "strengthen the hand of a police state" now works for a company that actively promotes it. Reaction from e-privacy activists was swift and harsh. "The users of PGP can no longer rely on the credibility of Phil Zimmermann to ensure that the product is everything that they've been promised it's been previously," said Dave Banisar, attorney for the Electronic Privacy Information Center and co-author of The Electronic Privacy Papers Network Associates, formerly known as the Key Recovery Alliance, an organization that lobbies Congress for key recovery that would grant law enforcement agencies back-door access to private encrypted communications. Network Associates and other companies support key recovery because it would allow them to export strong crypto software without bothering to make a separate nonrecoverable version for the domestic market. The Commerce Department forbids export of the strongest available encryption without elaborate promises from manufacturers to develop key recovery features. Thus many companies are forced to develop both export and domestic versions of their software, each with differing crypto strengths. But Zimmermann, a pioneer of strong encryption, has spent years crusading against key recovery, calling it an invasion of privacy. And the most recent release of PGP's encryption software allows users to disable key recovery. "People should give their consent to use [recovery]," Zimmermann said. When asked whether future versions of the package will retain that option, Zimmermann replied, "Certainly, as long as I have anything to say about it." Zimmermann's new title at Network Associates is "fellow," but he declined to comment on exactly what authority and responsibility that confers. Meanwhile, Phil Dunkelberger, PGP's former president and CEO, was named general manager of Network Associates' Total Network Security Division. "It's going to take some time to figure things out," said Zimmermann. EPIC's Banisar was less diplomatic and postulated that Zimmermann's new title reflected a clash of values between him and Network Associates on key recovery. "We have a number of fellows here, and they are usually unpaid volunteers," Banisar said. "It will require a fundamental examination by human rights groups and others about whether any newer versions of PGP are truly trustworthy," said Banisar. Network Associates could not be reached for comment. Wired, Dec. 3, 1997 ********************************************** To subscribe or unsubscribe, email: majordomo@majordomo.pobox.com with the message: subscribe ignition-point email@address or unsubscribe ignition-point email@address ********************************************** http://www.telepath.com/believer ********************************************** ------- End of Forwarded Message
This article has lost a few very critical lines, making it look far worse than it really is. Network Associates was _not_ formerly known as the Key Recovery Alliance. They were formerly known as McAfee Associates. McAfee had been a member of the KRA, but has since withdrawn. Go see PGP's home page. And Phil's comments about user consent don't mean that users _should_ be forced to consent -- viewed in context, they mean that users shouldn't have their keys or messages escrowed without their consent, and the escrow features should require consent. Furthermore, peer-reviewed encryption isn't dead - the OpenPGP encryption standard is being developed, bringing PGP to an open standards process. At 08:25 PM 12/07/1997 -0800, Vladimir Z. Nuri wrote:
------- Forwarded Message
Date: Thu, 4 Dec 1997 15:02:44 -0500 From: bxs29@cas.org (Barry Skaggs-D26) To: cas@majordomo.pobox.com, ignition-point@majordomo.pobox.com Subject: IP: (OT) Cloud Over Future of PGP
Seems like the days of peer-reviewed encryption software may be numbered. Just trust Us.
Regards,
Barry Skaggs
Cloud Over Future of Pretty Good Privacy The Price of Key Recovery
Following Monday's US$35 million cash acquisition of PGP by Network Associates, the man who once testified before the Senate that key recovery could "strengthen the hand of a police state" now works for a company that actively promotes it.
Reaction from e-privacy activists was swift and harsh. "The users of PGP can no longer rely on the credibility of Phil Zimmermann to ensure that the product is everything that they've been promised it's been previously," said Dave Banisar, attorney for the Electronic Privacy Information Center and co-author of The Electronic Privacy Papers
Network Associates, formerly known as the Key Recovery Alliance, an organization that lobbies Congress for key recovery that would grant law enforcement agencies back-door access to private encrypted communications.
Network Associates and other companies support key recovery because it would allow them to export strong crypto software without bothering to make a separate nonrecoverable version for the domestic market. The Commerce Department forbids export of the strongest available encryption without elaborate promises from manufacturers to develop key recovery features. Thus many companies are forced to develop both export and domestic versions of their software, each with differing crypto strengths.
But Zimmermann, a pioneer of strong encryption, has spent years crusading against key recovery, calling it an invasion of privacy. And the most recent release of PGP's encryption software allows users to disable key recovery.
"People should give their consent to use [recovery]," Zimmermann said. When asked whether future versions of the package will retain that option, Zimmermann replied, "Certainly, as long as I have anything to say about it."
Zimmermann's new title at Network Associates is "fellow," but he declined to comment on exactly what authority and responsibility that confers. Meanwhile, Phil Dunkelberger, PGP's former president and CEO, was named general manager of Network Associates' Total Network Security Division.
"It's going to take some time to figure things out," said Zimmermann.
EPIC's Banisar was less diplomatic and postulated that Zimmermann's new title reflected a clash of values between him and Network Associates on key recovery.
"We have a number of fellows here, and they are usually unpaid volunteers," Banisar said.
"It will require a fundamental examination by human rights groups and others about whether any newer versions of PGP are truly trustworthy," said Banisar.
Network Associates could not be reached for comment.
Wired, Dec. 3, 1997
********************************************** To subscribe or unsubscribe, email: majordomo@majordomo.pobox.com with the message: subscribe ignition-point email@address or unsubscribe ignition-point email@address ********************************************** http://www.telepath.com/believer **********************************************
------- End of Forwarded Message
Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
participants (2)
-
Bill Stewart -
Vladimir Z. Nuri