[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
DC lock and key, from HotWired
http://www.hotwired.com/muckraker/
Muckraker
By Brock Meeks
More DC Lock and Key
The Clinton administration will unveil new encryption
legislation, dubbed the Key Recovery Initiative, as early
as 9 September, Muckraker has learned.
The bill's title is an exercise in Orwellian redirection
- nothing more than an attempt to make the threadbare
"key escrow" encryption concept, which was spawned via
the infamous Clipper Chip, more vanilla-sounding.
The Key Recovery Initiative is political hardball,
calculated to split an industry currently reluctant to
bow to pressure from the FBI and the National Security
Agency to voluntarily adopt the key escrow encryption
scheme. In making its pitch, the White House is "offering
some sweetheart deals to a number of companies," says an
industry source familiar with the administration
proposal.
Those "sweetheart deals" involve relaxing export controls
on encryption software only for certain industries -
finance, insurance, and health care, industry sources
say. Such a move essentially leaves companies such as
Netscape isolated. It's a classic divide-and-conquer
strategy.
In return for relaxing the export controls, the White
House will ask companies in the targeted industries to
provide concrete assurances that they will endorse a
government-devised system of "key recovery encryption" in
which the decoding keys to any scrambled data are turned
over to a "trusted third party." Those third parties, of
course, must first be verified and approved by the
government via as yet undefined criteria. The decoding
keys made available under this plan would be accessible
to any law enforcement agency that could prove to a judge
that it needed them to carry out an investigation. If
that ambiguous level of "proof" can be provided, your
keys are handed over without debate or recourse on your
part.
The administration's legislation will propose a
"framework" based on "a global key management
infrastructure," according to a little-publicized
statement released by the White House on 12 July. A
spokesperson from the vice president's office confirmed
that the legislation will be drawn from this outline.
The bill is an attempt to forge alliances with US trading
partners so that data can be accessed and decoded across
international borders.
The legislation's blueprint includes:
- Liberalizing export controls for encryption products
dealing with financial, insurance, and health-care data.
- A standards-setting procedure for "key recovery systems
and products" that will be "eligible for general export
licenses," and standards for products that the government
will buy.
- Transfer of export control oversight from the State
Department, which currently maintains that encryption
technology is a "munition," to the Commerce Department.
[...]