(fwd) RISKS DIGEST 14.29

[Timothy C. May]

I found this in RISKS. Apparently, law enforcement types are
approaching software vendors and seeking backdoors and other
compromises.

Note that Lotus is a licensee of RSA, so the encryption algorithms
worrying the FBI are probably the main RSA algorithms.

Cypherpunk activities are becoming more important than ever.

-Tim May


From: risks at CSL.SRI.COM (RISKS Forum)
Subject: RISKS DIGEST 14.29
Date: 27 Jan 93 22:05:31 GMT

------------------------------

Date: Wed, 20 Jan 93 17:58:49 EST
From: joltes at husc.harvard.edu
Subject: The FBI and Lotus cc:Mail

An interesting tidbit came to light while I was attending a demonstration of
Lotus' cc:Mail and Notes products at the Boston NetWorld this month.  During
the Notes portion of the presentation someone asked how secure the information
in the various databases was, and how the encryption was done.

The presenter said that the data was considered very secure, so much so that
the FBI had approached Lotus to ask that a "back door" be left in the software
in order to give the Bureau a method for infiltrating suspects' filesystems.
She said they were specifically targeting "drug dealers and other bad people."

Given this backdoor, what was to stop the Bureau from inspecting confidential
materials on any system?  The risks seem obvious.  Additionally, it makes one
wonder how many other vendors of supposedly "secure" software have been 
similarly approached by various Federal organizations, and how many have 
agreed to create the back doors as requested.

Happily, the presenter said that Lotus refused to honor the FBI's request.
Bravo!

Dick Joltes, Manager, Networks and Hardware, Harvard University Science Center
joltes at husc.harvard.edu

------------------------------