Time: Thu Dec 04 13:10:57 1997 To: From: Paul Andrew Mitchell [address in tool bar] Subject: SLS: Cloud Over Future of PGP (fwd) Cc: Bcc: sls References: <snip> > >Seems like the days of peer-reviewed encryption >software may be numbered. Just trust Us. > >Regards, > >Barry Skaggs > > > >Cloud Over Future of Pretty Good Privacy > The Price of Key Recovery > >Following Monday's US$35 million cash >acquisition of PGP by Network Associates, >the man who once testified before the >Senate that key recovery could "strengthen >the hand of a police state" now works for a >company that actively promotes it. > >Reaction from e-privacy activists was swift >and harsh. >"The users of PGP can no longer rely on the >credibility of Phil Zimmermann to ensure that >the product is everything that they've been >promised it's been previously," said Dave >Banisar, attorney for the Electronic Privacy >Information Center and co-author of The >Electronic Privacy Papers > >Network Associates, formerly known as >the Key Recovery Alliance, an organization >that lobbies Congress for key recovery that >would grant law enforcement agencies >back-door access to private encrypted >communications. > >Network Associates and other companies >support key recovery because it would allow >them to export strong crypto software >without bothering to make a separate >nonrecoverable version for the domestic >market. The Commerce Department forbids >export of the strongest available encryption >without elaborate promises from >manufacturers to develop key recovery >features. Thus many companies are forced >to develop both export and domestic >versions of their software, each with >differing crypto strengths. > >But Zimmermann, a pioneer of strong >encryption, has spent years crusading >against key recovery, calling it an invasion >of privacy. And the most recent release of >PGP's encryption software allows users to >disable key recovery. > >"People should give their consent to use >[recovery]," Zimmermann said. When asked >whether future versions of the package will >retain that option, Zimmermann replied, >"Certainly, as long as I have anything to say >about it." > >Zimmermann's new title at Network >Associates is "fellow," but he declined to >comment on exactly what authority and >responsibility that confers. Meanwhile, Phil >Dunkelberger, PGP's former president and >CEO, was named general manager of >Network Associates' Total Network >Security Division. > >"It's going to take some time to figure things >out," said Zimmermann. > >EPIC's Banisar was less diplomatic and >postulated that Zimmermann's new title >reflected a clash of values between him and >Network Associates on key recovery. > >"We have a number of fellows here, and >they are usually unpaid volunteers," Banisar >said. > >"It will require a fundamental examination by >human rights groups and others about >whether any newer versions of PGP are >truly trustworthy," said Banisar. > >Network Associates could not be reached >for comment. > >Wired, Dec. 3, 1997 > <snip>
Return to Table of Contents for
Supreme Law School: E-mail