from ppoole@fcref.org CfCL Weekly Update 10/30/98

***** Companies Create New Crypto Back Door Hewlett-Packard and Wave Systems announced Tuesday that they have developed a new programmable chip that can be adjusted to match prevailing encryption policies. This system will only allow a computer to encrypt data to the maximum level that local regulations allow. The new program, called EMBASSY, must be registered with a "designated local authority", who will activate the cryptography application. The companies behind EMBASSY are hoping that the program will meet the new Department of Commerce encryption export standards, which currently place a 56-bit limit on exported software applications. While 90 percent of countries have no domestic-use policies, the program allows law enforcement agencies that mandate key recovery features, such as France, to be able to obtain access to a user's encrypted files under certain circumstances. Several countries, including the UK, Germany, France, Denmark, Japan and Australia have already approved the technology. The US will not issue export license until they are certain that the recovery elements have been tested. Privacy advocates were critical of EMBASSY. Jim Gilmore, co-founder of the Electronic Frontier Foundation, expressed concern that the cooperation of Hewlett-Packard and Wave Systems with the government may lead to more surreptitious features being included into the program. "What other black boxes have they put in this chip? Keystroke monitoring? Recording traffic across the bus?" asked Gilmore. "If they're giving you a black box, who's to say what other capabilities are actually in that chip?" Read this related WIRED News article: http://www.wired.com/news/news/technology/story/15848.html