DC lock and key, from HotWired

[declan@well.com (Declan McCullagh)]

http://www.hotwired.com/muckraker/

Muckraker
By Brock Meeks

More DC Lock and Key


                The Clinton administration will unveil new encryption
                legislation, dubbed the Key Recovery Initiative, as early
                as 9 September, Muckraker has learned.

                The bill's title is an exercise in Orwellian redirection
                - nothing more than an attempt to make the threadbare
                "key escrow" encryption concept, which was spawned via
                the infamous Clipper Chip, more vanilla-sounding.

                The Key Recovery Initiative is political hardball,
                calculated to split an industry currently reluctant to
                bow to pressure from the FBI and the National Security
                Agency to voluntarily adopt the key escrow encryption
                scheme. In making its pitch, the White House is "offering
                some sweetheart deals to a number of companies," says an
                industry source familiar with the administration
                proposal.

                Those "sweetheart deals" involve relaxing export controls
                on encryption software only for certain industries -
                finance, insurance, and health care, industry sources
                say. Such a move essentially leaves companies such as
                Netscape isolated. It's a classic divide-and-conquer
                strategy.

                In return for relaxing the export controls, the White
                House will ask companies in the targeted industries to
                provide concrete assurances that they will endorse a
                government-devised system of "key recovery encryption" in
                which the decoding keys to any scrambled data are turned
                over to a "trusted third party." Those third parties, of
                course, must first be verified and approved by the
                government via as yet undefined criteria. The decoding
                keys made available under this plan would be accessible
                to any law enforcement agency that could prove to a judge
                that it needed them to carry out an investigation. If
                that ambiguous level of "proof" can be provided, your
                keys are handed over without debate or recourse on your
                part.

                The administration's legislation will propose a
                "framework" based on "a global key management
                infrastructure," according to a little-publicized
                statement released by the White House on 12 July. A
                spokesperson from the vice president's office confirmed
                that the legislation will be drawn from this outline.

                The bill is an attempt to forge alliances with US trading
                partners so that data can be accessed and decoded across
                international borders.

                The legislation's blueprint includes:

                - Liberalizing export controls for encryption products
                dealing with financial, insurance, and health-care data.

                - A standards-setting procedure for "key recovery systems
                and products" that will be "eligible for general export
                licenses," and standards for products that the government
                will buy.

                - Transfer of export control oversight from the State
                Department, which currently maintains that encryption
                technology is a "munition," to the Commerce Department.


[...]