Time: Thu Dec 04 13:10:57 1997
From: Paul Andrew Mitchell [address in tool bar]
Subject: SLS: Cloud Over Future of PGP (fwd)
Bcc: sls

>Seems like the days of peer-reviewed encryption
>software may be numbered.  Just trust Us.
>Barry Skaggs
>Cloud Over Future of Pretty Good Privacy
>     The Price of Key Recovery
>Following Monday's US$35 million cash
>acquisition of PGP by Network Associates,
>the man who once testified before the
>Senate that key recovery could "strengthen
>the hand of a police state" now works for a
>company that actively promotes it. 
>Reaction from e-privacy activists was swift
>and harsh. 
>"The users of PGP can no longer rely on the
>credibility of Phil Zimmermann to ensure that
>the product is everything that they've been
>promised it's been previously," said Dave
>Banisar, attorney for the Electronic Privacy
>Information Center and co-author of The
>Electronic Privacy Papers 
>Network Associates, formerly known as
>the Key Recovery Alliance, an organization
>that lobbies Congress for key recovery that
>would grant law enforcement agencies
>back-door access to private encrypted
>Network Associates and other companies
>support key recovery because it would allow
>them to export strong crypto software
>without bothering to make a separate
>nonrecoverable version for the domestic
>market. The Commerce Department forbids
>export of the strongest available encryption
>without elaborate promises from
>manufacturers to develop key recovery
>features. Thus many companies are forced
>to develop both export and domestic
>versions of their software, each with
>differing crypto strengths. 
>But Zimmermann, a pioneer of strong
>encryption, has spent years crusading
>against key recovery, calling it an invasion
>of privacy. And the most recent release of
>PGP's encryption software allows users to
>disable key recovery. 
>"People should give their consent to use
>[recovery]," Zimmermann said. When asked
>whether future versions of the package will
>retain that option, Zimmermann replied,
>"Certainly, as long as I have anything to say
>about it." 
>Zimmermann's new title at Network
>Associates is "fellow," but he declined to
>comment on exactly what authority and
>responsibility that confers. Meanwhile, Phil
>Dunkelberger, PGP's former president and
>CEO, was named general manager of
>Network Associates' Total Network
>Security Division. 
>"It's going to take some time to figure things
>out," said Zimmermann. 
>EPIC's Banisar was less diplomatic and
>postulated that Zimmermann's new title
>reflected a clash of values between him and
>Network Associates on key recovery. 
>"We have a number of fellows here, and
>they are usually unpaid volunteers," Banisar
>"It will require a fundamental examination by
>human rights groups and others about
>whether any newer versions of PGP are
>truly trustworthy," said Banisar. 
>Network Associates could not be reached
>for comment. 
>Wired, Dec. 3, 1997 

Return to Table of Contents for

Supreme Law School:   E-mail