[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Info on Netscape's key escrow position

From:	IN%"[email protected]"  "Jeff Weinstein"  2-DEC-1995 02:26:13.63

  I had lunch with Jim Clark today, and explained the furor that was
currently going on in cypherpunks and elsewhere.  After lunch he sent
me the e-mail that I've attached below to pass along.  I think the gist
of it is that if governments require key escrow, we will have to do it
in order to sell our products with encryption into those countries.

> If we as a company were to take the position that in no case will we allow
> a government to get access to our encrypted messages, or refuse to allow
> key escrow with our products, the governments of the world will quickly put
> us out of business by outlawing the sale of our products in their countries.
> The fundamental issue is how do we accommodate the requirements of
> governments, while protecting our rights as citizens.
> None of this represents the position of Netscape with respect to what we
> will do. But if we do not come up with a solution to this problem that is
> acceptable to each government, we will not be able to export our products,
> except with a short key length (e.g. 40 bit keys), and that will not be
> acceptable to corporate customers in other countries. They will create their
> own solution, and we will not be able to sell to a larger world market. In
> fact, we could even be ordered by our own government to establish a key
> escrow system for its use inside the US.
	I believe that the central question at hand is whether Netscape will
incorporate mandatory GAK into any of its products if you have an economic
(governmental purchase) rather than physical (governmental threat of violence)
reason to do so. I would hope that the upcoming statement will clarify this
position, and in the proper direction.