RSA Optimistic on User Benefits of Administration's Recent Key Recovery Initiative Announcement; Further policy change required for U.S. vendors to be competitive worldwide Source: Business Wire REDWOOD CITY, Calif.--(BUSINESS WIRE) via Individual Inc. -- RSA Data Security Inc., a wholly-owned subsidiary of Security Dynamics Technologies Inc. (NASDAQ:SDTI), issued the following comments on the administration's recent announcement of a Key Recovery Initiative: The administration's proposed Key Recovery Initiative is a positive step towards meeting the needs of individuals and organizations that buy and use products which utilize encryption. However, the proposal leaves significant competitive issues unresolved for suppliers who compete overseas. Modern encryption and authentication technologies are crucial to the growth of electronic commerce and the health of the future global electronic economy. The continued leadership of American computer and software firms in the world market depends on their ability to provide competitive solutions for consumers and businesses around the world. These consumers and businesses depend increasingly on encryption and authentication technologies -- such as those developed at RSA -- to provide solutions that protect the privacy of consumer purchases, personal medical information, sensitive corporate data, and electronic commerce and funds transfers as they travel over the global Internet. U.S. government agencies, however, have long insisted that they must have potential access to all encrypted information for law enforcement purposes, and have advanced several proposals toward those ends. To date, these proposals have met with little support from the user and vendor communities due to concerns about privacy and competitiveness. This new proposal from the administration, however, is a move in the right direction for users. One positive step is that the administration has indicated, for the first time in over six years of discussion, that it will lift all key size restrictions on the export of products which utilize cryptography, provided that manufacturers provide a viable means of key recovery for legitimate government access. In addition, under the administration's proposal, industry, not government, will develop and propose the actual key recovery mechanisms. This will result in more effective solutions to managing and recovering keys. Finally, the proposal addresses the concerns of users that any third party designated to hold user keys might improperly disclose those keys, thereby compromising a user's right to privacy. The administration has agreed that under certain circumstances, organizations would be allowed to "self-escrow" their own encryption keys. RSA is confident that industry can develop and gain approval for several excellent key recovery mechanisms that would be acceptable to government concerns. In fact, RSA has been a pioneer in this field with our RSA Emergency Access technology in its award-winning RSA SecurPC product. In the case of SecurPC, companies using the product can use Emergency Access keys with RSA's unique secret-splitting technology to gain access to critical information in the event of an emergency. The recently announced Key Recovery Alliance, of which RSA is a part, is chartered to provide a flexible, workable solution for users working within the government's proposed key recovery framework. Members of the group are working on technology which will allow users to maintain the privacy of their keys while allowing legitimate business or law enforcement authorities to recover keys when appropriate. It will also address challenges that arise when a user must comply with the differing encryption policies in countries around the world. The technology could allow products to provide the flexibility a user needs to take full advantage of the maximum privacy allowed in their locality, while maintaining interoperability and information exchange with other users regardless of location. It is not clear, however, to what extent the administration's proposal provides relief to U.S. software and hardware companies who must compete with foreign suppliers. These foreign suppliers, not subject to U.S. law, can provide strong, non-key-recovery encryption in their products. Today, most major computer and software solutions firms derive significant revenues from outside the United States. The government's proposal, while satisfying the U.S. government's needs, does little to enhance the competitiveness of American products overseas. Robust encryption products are already available from many overseas suppliers, and U.S. market share in encryption-enabled products is under siege. Under this proposal, it appears that U.S. companies will still be prohibited from selling non-key-recovery encryption solutions in overseas markets, creating a significant barrier to their competitiveness. RSA looks forward to additional announcements by the administration that specifically address this issue and provide competitive relief for the U.S. computer software and hardware industries. RSA Data Security Inc. RSA Data Security Inc., a wholly-owned subsidiary of Security Dynamics Technologies Inc. (NASDAQ:SDTI), is the world's brand name for cryptography, with more than 75 million copies of RSA encryption and authentication technologies installed and in use worldwide. RSA technologies are part of existing and proposed standards for the Internet and World Wide Web, ITU, ISO, ANSI, IEEE, and business, financial and electronic commerce networks around the globe. The company develops and markets platform-independent developer's kits and end-user products and provides comprehensive cryptographic consulting services. Founded in 1982 by the inventors of the RSA Public Key Cryptosystem, the company is headquartered in Redwood City. Note to Editors: RSA Emergency Access, RSA SecurPC, BSAFE and TIPEM are trademarks of RSA Data Security Inc. All other product and brand names are trademarks or registered trademarks of their respective companies. CONTACT: For RSA Data Security Inc. | Patrick Corman, 415/326-9648 | corman@cerfnet.com [10-04-96 at 08:17 EDT, Business Wire] Contact: Business Wire