Fun_People Archive
30 Jan
Lotus blinks, ships escrowed encryption


Date: Tue, 30 Jan 96 21:50:15 -0800
From: Peter Langston <psl>
To: Fun_People
Subject: Lotus blinks, ships escrowed encryption

Forwarded-by: bostic@bsdi.com (Keith Bostic)
Forwarded-by: harry@starbase.sj.unisys.com
Forwarded-by: Voters Telecommunications Watch <shabbir@VTW.ORG>

===========================================================================
                               VTW BillWatch #33

       VTW BillWatch: A weekly newsletter tracking US Federal legislation
     affecting civil liberties.  BillWatch is published at the end of every
        week as long as Congress is in session. (Congress is in session)

                   BillWatch is produced and published by the
                 Voters Telecommunications Watch (vtw@vtw.org)
                             (We're not the EFF :-)

                 Issue #33, Date: Mon Jan 22 00:42:06 EST 1996

     Do not remove this banner.  See distribution instructions at the end.
___________________________________________________________________________

...

LOTUS BLINKS IN INDUSTRY/NSA CRYPT STANDOFF

It's not clear why this hasn't made a larger impression on the net yet,
because we think its of crucial importance in the ongoing debate about
cryptography.

For years since the original introduction of the Clipper Chip, the
debate over cryptography has continued to gain momentum.  Recently,
the Administration, embarrassed by its defeat over the Clipper Chip
proposal, put forth it's Commercial Key Escrow proposal.  What is
all the fuss about?

It's about cryptography, and who has the right to encrypt information
and who has the right to keep the key.  Right now, you do, but that
could all change.

Think of cryptography as a really good front door on your house or
apartment.  The door key is yours to hold, isn't it?  It's your right
to give a copy to someone you trust, or if you choose, nobody at all.

The Administration contends that this is not so.  With their "commercial
key escrow" scheme, they contend that you shouldn't be able to build a
door they cannot break down, but they also contend that they should be
able to order you to give a copy of the key to a government-approved
individual, so that they can come enter your house (with a warrant, of
course) when they wish.

Industry, of course, panned this plan when it proposed late 1995, and
continues to object to it.  All the while, a standoff continues:
the Administration refuses to allow cryptographic software with keys
longer than 40 bits to be exported, and industry refuses to build Big
Brother into their products.

And this is where the standoff stayed until last Wednesday, when
Lotus blinked.

On Wed, Jan. 17th, 1996, Lotus announced that it had increased the key
length of its International version of the Lotus Notes product to 64
bits.  They did this by building in a back door for the Administration to
use to decrypt any international traffic that it might desire to read.

Although there are a lot of reasons why we think this is a terrible idea,
the first one that springs to mind is the fact that the one public key that
Lotus has embedded in all their software is a single point of failure
for every International Lotus user throughout the world.  Sure, this key
is held with a high security clearance by the government, but then
Aldritch Ames also had some of the most sensitive information available
to him, and he proved untrustworthy.

After all, if $1.5 million can buy a CIA counter-intelligence agent, I
wonder how much a Lotus Notes key escrow holder goes for these days?

You can find a copy of the Lotus press releases at
http://www.lotus.com

___________________________________________________________________________
SUBSCRIPTION INFORMATION

You can receive BillWatch via email, Internet fax, gopher or WWW:

To subscribe via email, send mail to majordomo@vtw.org with
"subscribe vtw-announce emailaddress" in the body of the message.  To
unsubscribe from BillWatch send mail to majordomo@vtw.org with
"unsubscribe vtw-announce" in the body of the message.  Send mail to
files@vtw.org to learn how to receive back issues of BillWatch.

To subscribe via fax, leave a message at +1 718 596 2851 with your
voice number and your fax number.

BillWatch can be found on the World Wide Web at
http://www.vtw.org/billwatch/

and in Gopherspace at:
gopher -p1/vtw/billwatch/ gopher.panix.com

Permission to reproduce BillWatch non-commercially is granted provided the
banner and copyright remain intact.  Please send a copy of your non-commercial
publication to vtw@vtw.org for our scrapbook.  For permission to commercially
reproduce BillWatch, please contact vtw@vtw.org.
___________________________________________________________________________

                Copyright 1995 Steven Cherry & Shabbir J. Safdar


prev [=] prev © 1996 Peter Langston []