FW: U.S. Official Cites Key Escrow Flaws

["Trei, Peter" <ptrei@securitydynamics.com>]

Found this in sci.crypt. I'm suprised it didn't hit the lists yet.

Peter Trei
trei@ziplink.net


> -----Original Message-----
> From:	epic-news@epic.org [SMTP:epic-news@epic.org]
> Sent:	Wednesday, March 25, 1998 11:37 PM
> Subject:	U.S. Official Cites Key Escrow Flaws
> 
> 
> ==================================================================
> 
>        U.S. OFFICIAL CONCEDES THAT "KEY RECOVERY" ENCRYPTION
>           IS INFERIOR TO ALTERNATIVE PRIVACY TECHNIQUES
> 
> 
> FOR IMMEDIATE RELEASE                     CONTACT:
> Wednesday, March 25, 1998                 David Sobel/Dave Banisar
>                                           (202) 544-9240
> 
> WASHINGTON, DC -- A top U.S. official acknowledged more than a
> year ago that the Internet privacy technique championed by the
> Clinton Administration is "more costly and less efficient" than
> alternative methods that the government seeks to suppress.  The
> concession is contained in a newly-released high-level document on
> encryption policy obtained by the Electronic Privacy Information
> Center (EPIC).
> 
> In a November 1996 memorandum to other government officials,
> William A. Reinsch, the Commerce Department's Under Secretary for
> Export Administration, discussed the Administration's efforts to
> promote "escrowed" or "recoverable" encryption techniques in
> overseas markets.  Such techniques enable government agents to
> unscramble encrypted information and they form the cornerstone of
> current U.S. encryption policy.
> 
> After noting that government regulations permit the export of non-
> escrowed encryption products only to "safe end-users" such as
> foreign police and security agencies, Reinsch recognized the
> inferiority of the Administration's favored technology:
> 
>      Police forces are reluctant to use "escrowed" encryption
>      products (such as radios in patrol cars). They are more
>      costly and less efficient than non-escrowed products.
>      There can be long gaps in reception due to the escrow
>      features -- sometimes as long as a ten second pause. Our
>      own police do not use recoverable encryption products;
>      they buy the same non-escrowable products used by their
>      counterparts in Europe and Japan.
> 
> Ironically, Reinsch's concession is contained in a memorandum that
> discusses the Administration's strategy to "help the market
> transition from non-recoverable products to recoverable products."
> According to EPIC Legal Counsel David Sobel, the newly released
> document "suggests that the Clinton Administration is trying to
> sell key recovery technology while quietly recognizing its
> inferiority.  This approach will ultimately weaken the global
> position of the American computer industry and hold back the
> development of the privacy protections so badly needed on the
> Internet."
> 
> EPIC and other critics of current U.S. encryption policy have long
> maintained that "key escrow" and "key recovery" approaches
> compromise the security of private information by providing
> "backdoor" access to encrypted data.
> 
> The Reinsch memo was released in response to a Freedom of
> Information Act request EPIC submitted to the Department of State
> concerning the international activities of former U.S. "crypto
> czar" David Aaron.  That request is the subject of a pending
> federal lawsuit initiated by EPIC last year.
> 
> The memorandum is available at the EPIC website at:
> 
>      http://www.epic.org/crypto/key_escrow/reinsch_memo.html
> 
> 
>                              - end -
> 
> .