[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Crippled Notes export encryption
Alan Pugh wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> - -- [ From: Alan Pugh * EMC.Ver #2.3 ] --
>
> Since this is definitely on-list, and I haven't seen
> anything on it here yet, I'm posting the whole thing.
> Apologies for duplication.
>
> Date: Wednesday, 17-Jan-96 04:23 PM
>
> Subject: infoMCI FLASH - Lotus-Security - Lotus Announces C
>
> [infoMCI FLASH]
> i n f o M C I F L A S H
>
> infoMCI (sm)
> Lotus-Security - Lotus Announces Compromise for Export of Strong
> Encryption
>
> By ELIZABETH WEISE
> AP Cyberspace Writer
>
> SAN FRANCISCO (AP) _ Lotus Development Corp. announced a
> compromise with the federal government Wednesday that will allow it
> to put better security features into the international version of
> its Notes program.
>
> While the arrangement assures the government it can access data
> under extreme circumstances, it represents an advance in the
> strength of security allowed in software exported from the United
> States.
>
> Federal law prohibits the export of certain high-level
> encryption programs, which are defined as a munition under a Cold
> War-era arms control act.
>
> Encryption programs take ordinary data and put it in secret form
> that cannot be accessed without the proper data ``key.'' The
> government's arbitrary standard for cracking encryption programs
> when needed is at a technical level described as ``40-bit.''
>
> Some software programs sold in the United States, including
> Lotus Notes, now use stronger 64-bit encryption. Lotus has been
> under pressure to bring such security to Notes users overseas.
>
> Although 40-bit encryption is quite strong, highly-sophisticated
> attacks using several computers have been able to break it
> recently.
>
> ``Our customers have basically lost confidence in 40-bit
> cryptography,'' said Ray Ozzie, president of Iris Associates, the
> unit of Lotus that developed Notes.
>
> ``That left us in a bind. We are the vendor that's supposedly
> selling a secure system to them and they are saying it's no good,''
> Ozzie told a standing room audience at the RSA Data Security
> conference.
>
> Changes in the general export laws seemed unlikely so Lotus
> negotiated an interim solution.
>
> The export version of Lotus Notes 4.0, which went on sale last
> week, includes 64-bit encryption but the company has given the U.S.
> government a special code that unlocks the final 24 bits.
>
> For companies that use the international version of Notes, it's
> as if Lotus put two strong locks on a door and gave a key for one
> to the U.S. government. Thieves have to get break through two
> locks, the government only one.
>
> ``This protects corporate information from malicious crackers
> but permits the government to retain their current access,'' Ozzie
> said. He acknowledged the solution was only a compromise and said
> Lotus wants to see better data security methods developed
> worldwide.
>
> However, many participants at the conference saw the move as a
> cosmetic answer to the tension between corporate desires for the
> best security and government's interest to access data when
> necessary.
>
> ``It's a useful stopgap measure that has no value in the long
> run,'' said Donn Parker, a senior security consultant with SRI
> International, a computer research company in Menlo Park, Calif.
>
> Simson Garfinkel, author and computer security expert, said he's
> not sure international buyers of Notes will like the solution.
>
> ``Foreign companies don't want the U.S. government to spy on
> their data any more than the U.S. government wants foreign
> companies to be able to spy on theirs,'' Garfinkel said.
>
> International Business Machines Corp. bought Lotus in July,
> citing the success of Notes, a sophisticated communications and
> database program.
>
> AP-DS-01-17-96 1619EST
>
> (66413)
>
> *** End of story ***
>
> - ---
> [This message has been signed by an auto-signing service. A valid signature
> means only that it has been received at the address corresponding to the
> signature and forwarded.]
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> Comment: Gratis auto-signing service
>
> iQBFAwUBMP2KdioZzwIn1bdtAQGdegF9GVCEfL50vWd7e5XX/mKEnzGy5YGvW0iD
> rNPCmz3Xxf3h9wOVJMLrCeDGwe4/m84g
> =6jpa
> -----END PGP SIGNATURE-----
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
|Vincent S. Gunville
|Robbins-Gioia
|209 Madison St Email [email protected]
|Alexandria, Va 22309
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-