http://www.hotwired.com/muckraker/ Muckraker By Brock Meeks More DC Lock and Key The Clinton administration will unveil new encryption legislation, dubbed the Key Recovery Initiative, as early as 9 September, Muckraker has learned. The bill's title is an exercise in Orwellian redirection - nothing more than an attempt to make the threadbare "key escrow" encryption concept, which was spawned via the infamous Clipper Chip, more vanilla-sounding. The Key Recovery Initiative is political hardball, calculated to split an industry currently reluctant to bow to pressure from the FBI and the National Security Agency to voluntarily adopt the key escrow encryption scheme. In making its pitch, the White House is "offering some sweetheart deals to a number of companies," says an industry source familiar with the administration proposal. Those "sweetheart deals" involve relaxing export controls on encryption software only for certain industries - finance, insurance, and health care, industry sources say. Such a move essentially leaves companies such as Netscape isolated. It's a classic divide-and-conquer strategy. In return for relaxing the export controls, the White House will ask companies in the targeted industries to provide concrete assurances that they will endorse a government-devised system of "key recovery encryption" in which the decoding keys to any scrambled data are turned over to a "trusted third party." Those third parties, of course, must first be verified and approved by the government via as yet undefined criteria. The decoding keys made available under this plan would be accessible to any law enforcement agency that could prove to a judge that it needed them to carry out an investigation. If that ambiguous level of "proof" can be provided, your keys are handed over without debate or recourse on your part. The administration's legislation will propose a "framework" based on "a global key management infrastructure," according to a little-publicized statement released by the White House on 12 July. A spokesperson from the vice president's office confirmed that the legislation will be drawn from this outline. The bill is an attempt to forge alliances with US trading partners so that data can be accessed and decoded across international borders. The legislation's blueprint includes: - Liberalizing export controls for encryption products dealing with financial, insurance, and health-care data. - A standards-setting procedure for "key recovery systems and products" that will be "eligible for general export licenses," and standards for products that the government will buy. - Transfer of export control oversight from the State Department, which currently maintains that encryption technology is a "munition," to the Commerce Department. [...]