[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RSA's Official Permission
---------- Forwarded message ----------
RSA Optimistic on User Benefits of Administration's Recent Key
Recovery Initiative Announcement Further policy change required for US
vendors to be competitive worldwide
REDWOOD CITY, Calif.---Oct. 2nd, 1996--RSA Data Security, Inc., a
wholly-owned subsidiary of Security Dynamics Technologies, Inc.
(NASDAQ: SDTI), issued the following comments on the administration's
recent announcement of a Key Recovery Initiative:
The administration's proposed Key Recovery Initiative is a positive
step towards meeting the needs of individuals and organizations that
buy and use products which utilize encryption. However, the proposal
leaves significant competitive issues unresolved for suppliers who
compete overseas.
Modern encryption and authentication technologies are crucial to the
growth of electronic commerce and the health of the future global
electronic economy. The continued leadership of American computer and
software firms in the world market depends on their ability to provide
competitive solutions for consumers and business around the world.
These consumers and businesses depend increasingly on encryption and
authentication technologies -- such as those developed at RSA -- to
provide solutions that protect the privacy of consumer purchases,
personal medical information, sensitive corporate data, and electronic
commerce and funds transfers as they travel over the global Internet.
US government agencies, however, have long insisted that they must
have potential access to all encrypted information for law enforcement
purposes, and have advanced several proposals towards those ends.
To date, these proposals have met with little support from the user
and vendor communities due to concerns about privacy and
competitiveness. This new proposal from the administration, however,
is a move in the right direction for users.
One positive step is that the administration has indicated, for the
first time in over six years of discussion, that it will lift all key
size restrictions on the export of products which utilize
cryptography, provided that manufacturers provide a viable means of
key recovery for legitimate government access.
In addition, under the administrations proposal, industry, not
government, will develop and propose the actual key recovery
mechanisms. This will to result in more effective solutions to
managing and recovering keys.
Finally, the proposal addresses the concerns of users that any third
party designated to hold user keys might improperly disclose those
keys, thereby compromising a user's right to privacy. The
administration has agreed that under certain circumstances,
organizations would be allowed to "self-escrow" their own encryption
keys.
RSA is confident that industry can develop and gain approval for
several excellent key recovery mechanisms that would be acceptable to
government concerns. In fact, RSA has been a pioneer in this field
with our RSA Emergency Access� technology in its award-winning RSA
SecurPC� product. In the case of SecurPC, companies using the product
can use Emergency Access keys with RSA's unique secret-splitting
technology to gain access to critical information in the event of an
emergency.
The recently announced Key Recovery Alliance, of which RSA is a part,
is chartered to provide a flexible, workable solution for users
working within the government's proposed key recovery framework.
Members of the group are working on technology which will allow users
to maintain the privacy of their keys while allowing legitimate
business or law enforcement authorities to recover keys when
appropriate. It will also address challenges that arise when a user
must comply with the differing encryption policies in countries around
the world. The technology could allow products to provide the
flexibility a user needs to take full advantage of the maximum privacy
allowed in their locality, while maintaining interoperability and
information exchange with other users regardless of location.
It is not clear, however, to what extent the administration's proposal
provides relief to US software and hardware companies who must compete
with foreign suppliers. These foreign suppliers, not subject to US
law, can provide strong, non-key-recovery encryption in their
products.
Today, most major computer and software solutions firms derive
significant revenues from outside the United States. The government's
proposal, while satisfying the US government's needs, does little to
enhance the competitiveness of American products overseas. Robust
encryption products are already available from many overseas
suppliers, and U.S. market share in encryption-enabled products is
under siege. Under this proposal, it appears that U.S. companies will
still be prohibited from selling non-key-recovery encryption solutions
in overseas markets, creating a significant barrier to their
competitiveness.
RSA looks forward to additional announcements by the administration
that specifically address this issue and provide competitive relief
for the US computer software and hardware industries.
RSA Data Security, Inc.
RSA Data Security, Inc., a wholly-owned subsidiary of Security
Dynamics Technologies, Inc. (NASDAQ: SDTI), is the world's brand name
for cryptography, with more than 75 million copies of RSA encryption
and authentication technologies installed and in use worldwide. RSA
technologies are part of existing and proposed standards for the
Internet and World Wide Web, ITU, ISO, ANSI, IEEE, and business,
financial and electronic commerce networks around the globe. The
company develops and markets platform-independent developer's kits and
end-user products and provides comprehensive cryptographic consulting
services.
Founded in 1982 by the inventors of the RSA Public Key Cryptosystem,
the company is headquartered in Redwood City, Calif.
-0-
Note to Editors: BSAFE and TIPEM are trademarks of RSA Data Security,
Inc. All other product and brand names are trademarks or registered
trademarks of their respective companies.
| [1]Al Gore's Statement | [2]Jim's Testimony | [3]IBM's Alliance |
CONTACT:
Corman/Croel
Marketing & Communications (for RSA)
Patrick Corman, 415/326-9648
[4][email protected]
---------- End Forwarded message ----------
This is definatly bad...
If you want to look it up yourselves, its at
http://www.rsa.com/PRESSBOX/releases/keyrecov.htm
--Deviant
They seem to have learned the habit of cowering before authority even when
not actually threatened. How very nice for authority. I decided not to
learn this particular lesson.
-- Richard Stallman