[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(fwd) RSA on GAK



RSA Optimistic on User Benefits of Administration's Recent Key Recovery
Initiative Announcement; Further policy change required for U.S. vendors
to be competitive worldwide 

Source: Business Wire 

REDWOOD CITY, Calif.--(BUSINESS WIRE) via Individual Inc. -- RSA Data
Security Inc., a wholly-owned subsidiary of Security Dynamics
Technologies Inc. (NASDAQ:SDTI), issued the following comments on the
administration's recent announcement of a Key Recovery Initiative: 

The administration's proposed Key Recovery Initiative is a positive step
towards meeting the needs of individuals and organizations that buy and
use products which utilize encryption. However, the proposal leaves
significant competitive issues unresolved for suppliers who compete
overseas. 

Modern encryption and authentication technologies are crucial to the
growth of electronic commerce and the health of the future global
electronic economy. The continued leadership of American computer and
software firms in the world market depends on their ability to provide
competitive solutions for consumers and businesses around the world. 

These consumers and businesses depend increasingly on encryption and
authentication technologies -- such as those developed at RSA -- to
provide solutions that protect the privacy of consumer purchases,
personal medical information, sensitive corporate data, and electronic
commerce and funds transfers as they travel over the global Internet. 

U.S. government agencies, however, have long insisted that they must
have potential access to all encrypted information for law enforcement
purposes, and have advanced several proposals toward those ends. 

To date, these proposals have met with little support from the user and
vendor communities due to concerns about privacy and competitiveness.
This new proposal from the administration, however, is a move in the
right direction for users. 

One positive step is that the administration has indicated, for the
first time in over six years of discussion, that it will lift all key
size restrictions on the export of products which utilize cryptography,
provided that manufacturers provide a viable means of key recovery for
legitimate government access. 

In addition, under the administration's proposal, industry, not
government, will develop and propose the actual key recovery mechanisms.
This will result in more effective solutions to managing and recovering
keys. 

Finally, the proposal addresses the concerns of users that any third
party designated to hold user keys might improperly disclose those keys,
thereby compromising a user's right to privacy. The administration has
agreed that under certain circumstances, organizations would be allowed
to "self-escrow" their own encryption keys. 

RSA is confident that industry can develop and gain approval for several
excellent key recovery mechanisms that would be acceptable to government
concerns. In fact, RSA has been a pioneer in this field with our RSA
Emergency Access technology in its award-winning RSA SecurPC product. 

In the case of SecurPC, companies using the product can use Emergency
Access keys with RSA's unique secret-splitting technology to gain access
to critical information in the event of an emergency. 

The recently announced Key Recovery Alliance, of which RSA is a part, is
chartered to provide a flexible, workable solution for users working
within the government's proposed key recovery framework. Members of the
group are working on technology which will allow users to maintain the
privacy of their keys while allowing legitimate business or law
enforcement authorities to recover keys when appropriate. 

It will also address challenges that arise when a user must comply with
the differing encryption policies in countries around the world. The
technology could allow products to provide the flexibility a user needs
to take full advantage of the maximum privacy allowed in their locality,
while maintaining interoperability and information exchange with other
users regardless of location. 

It is not clear, however, to what extent the administration's proposal
provides relief to U.S. software and hardware companies who must compete
with foreign suppliers. These foreign suppliers, not subject to U.S.
law, can provide strong, non-key-recovery encryption in their products. 

Today, most major computer and software solutions firms derive
significant revenues from outside the United States. The government's
proposal, while satisfying the U.S. government's needs, does little to
enhance the competitiveness of American products overseas. Robust
encryption products are already available from many overseas suppliers,
and U.S. market share in encryption-enabled products is under siege. 

Under this proposal, it appears that U.S. companies will still be
prohibited from selling non-key-recovery encryption solutions in
overseas markets, creating a significant barrier to their
competitiveness. 

RSA looks forward to additional announcements by the administration that
specifically address this issue and provide competitive relief for the
U.S. computer software and hardware industries. 

RSA Data Security Inc. 

RSA Data Security Inc., a wholly-owned subsidiary of Security Dynamics
Technologies Inc. (NASDAQ:SDTI), is the world's brand name for
cryptography, with more than 75 million copies of RSA encryption and
authentication technologies installed and in use worldwide. 

RSA technologies are part of existing and proposed standards for the
Internet and World Wide Web, ITU, ISO, ANSI, IEEE, and business,
financial and electronic commerce networks around the globe. The company
develops and markets platform-independent developer's kits and end-user
products and provides comprehensive cryptographic consulting services. 

Founded in 1982 by the inventors of the RSA Public Key Cryptosystem, the
company is headquartered in Redwood City. 

Note to Editors: RSA Emergency Access, RSA SecurPC, BSAFE and TIPEM are
trademarks of RSA Data Security Inc. All other product and brand names
are trademarks or registered trademarks of their respective companies. 

CONTACT: For RSA Data Security Inc. | Patrick Corman, 415/326-9648 |
[email protected] 

[10-04-96 at 08:17 EDT, Business Wire] 

Contact: Business Wire