Has Anyone heard about this????? sorrin privsoft@ix.netcom.com Clinton administration has new encryption proposal Network World via Individual Inc. : Washington, D.C. For months the Clinton administration has lobbied for its version of key escrow that largely focused on encryption export. Now in its first formal legislative document, the White House is asking that its policy also apply to data encrypted within U.S. borders and that law enforcement be given access to that data based on a simple request from a law enforcement or government security agency. The U.S. Attorney General will set up the specific rules for written authorization. Civil liberties groups highly critical of the White House plan pointed out that under the basic guidelines it will be easier for law enforcement to get encryption keys than to tap phones, which requires a warrant or court order. The administration does not just face domestic opposition to its proposed policy. The international community, represented by the 29-nation Organization for Economic Cooperation and Development (OECD), also has not rallied behind the Clinton cause. After a year of study and intense lobbying by the U.S. Justice Department, the OECD, based in Brussels, Belgium, last week released the ``Cryptography Policy Guidelines,'' an eight-point document that recognizes nations may want to have access to cryptographic keys or un-scrambled plaintext. But the OECD guidelines fall far short of recommending key recovery as the preferred international approach. Some participants in the OECD crypto-policy effort were pleased with its outcome, including Marc Rotenberg, director of the Electronic Privacy Information Center here. ``There's a strong emphasis here on privacy and voluntary market guidelines,'' Rotenberg said. The OECD guidelines state that users should have a choice in cryptography, that cryptography should be driven by business requirements, and that the privacy of personal data and the secrecy of communications should be respected. Congressional cold shoulder So far, no legislators on Capitol Hill have embraced the ideas in the administration-drafted legislation, the Electronic Data Security Act of 1997, which also calls for nationally certified key-recovery centers for storing copies of encryption keys. ``From our point of view, it's a breathtaking expansion of law enforcement's surveillance au-thority,'' said Alan Davidson, staff counsel at the Washington, D.C.-based Center for Democracy and Technology (CDT) about the draft bill. The CDT has posted the bill on its Web site, www.cdt.org. Commerce Department Un-der Secretary William Reinsch, whose office took the lead in drafting the bill, last week had no comment. The draft bill emphasizes that the key-recovery regulation is voluntary in the U.S., but opponents argue otherwise. The White House draft defines as the federal standard only digital certificates that work with key-recovery encryption products. And under the drafted bill, employees working in a government-certified key-recovery center would be spared any civil or criminal liabilities for disclosing decrypted information to a government agency. Through the economic in-centives and regulatory impact of the Clinton administration bill, ``they plan to severely limit [the products] you can choose from,'' according to Jim Bidzos, president of RSA Data Security, Inc., whose public-key technology is widely deployed in encryption products. ``The intent is to discourage the use of strong, unescrowed encryption in the U. S.'' [Copyright 1997, Network World]