[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Wired coverage of 'new' admin rules



Quite a different spin on it in this article...

----


   Banks' Crypto Permit Not as Free as It Looks
   by Kristi Coale
   
   6:12pm  8.May.97.PDT When the Commerce Department on Thursday gave its
   blessing to the export of the strongest available encryption products
   for electronic banking and finance, the Clinton administration wasn't
   really giving any ground on its stance on key recovery.
   
   That's because the likely customers for these products - banks and
   financial institutions - are already subject to tough rules when it
   comes to tracking transactions and accounts to individuals. And these
   institutions are legally bound to share this information with the
   authorities.
   
   Given the scope of current regulation, the Commerce Department's key
   recovery requirement would only be duplicative, a department
   spokesperson said.
   
   That's why banks have been allowed to export government-approved Data
   Encryption Standard technology since the early 1980s. And that's why
   they'll now be able to use stronger encryption to secure transactions,
   including account and credit card numbers. The government standard has
   a fixed-key length of 56 bits; encryption being readied for electronic
   commerce such as Secure Electronic Transaction can have keys of 1,024
   bits and longer. It is assumed that it would take years and enormous
   computing power to crack the longer keys.
   
   In remarks Thursday before a Washington gathering of the American
   Bankers Association, Undersecretary William Reinsch outlined the plan
   which gives banks the ability to export direct-home-banking products
   with encryption keys of unlimited length. However, if a commercial
   software company - and not the bank - develops the banking product,
   the program must meet the administration's requirement for a
   key-recovery plan.
   
   Key recovery provides a "back door" that allows third parties to open
   and read electronic transmissions such as email. Under the
   administration's plan, these keys would be stored with
   government-sanctioned escrow agents such as Trusted Information
   Systems, a computer security firm, or Bankers Trust, a bank holding
   company. With these keys, police, prosecutors, and spy agencies with
   court orders can get access to any message or document.
   
   But privacy advocates distrust this system. To organizations like the
   Electronic Privacy Information Center, key recovery is no different
   from the administration's plans for government access under the failed
   Clipper initiatives.
   
   And given the current level of regulation, exempting the financial
   institutions from the key-recovery requirements represents a mere "fig
   leaf of a concession" on administration policy, said Dave Banisar,
   EPIC staff counsel.
   
   Developers have their own concerns about the Commerce Department
   announcement - namely, that by telling companies seeking to sell
   electronic commerce software to banks that they must include key
   escrow in their products, the administration is playing to prominent a
   role in the process.
   
   Companies such as Hewlett-Packard which support key escrow prefer to
   implement it in products where it makes business sense for them to do
   so, said Fred Mailman, the company's regulatory manager. Mailman is
   worried that the door may now be open for the government to tell
   companies what product families will have key recovery instead of the
   companies choosing themselves.
   
   While companies sort this out, the pressure on the industry to
   capitulate to the administration's key recovery plan increases,
   Mailman said.
   
   
   
   Related Wired Links:
   Netscape's Key Recovery: That's Business
   by Michael Stutz
   
   Law and Order and a Crypto Bill
   by Rebecca Vesely
   
   Andreessen: Market, Not Policy, Pushes Crypto
   by Michael Stutz
   
   arrow
   
   [INLINE]
   Find Read a story in the Wired News archive.
   Feedback Let us know how we're doing.
   Tips Have a story or tip for Wired News? Send it.

   
   
        Copyright ) 1993-97 Wired Ventures, Inc. and affiliated companies.
        All rights reserved.