[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
US Domestic GAK
Has Anyone heard about this?????
sorrin
[email protected]
Clinton administration has new encryption proposal
Network World via Individual Inc. : Washington, D.C.
For months the Clinton administration has lobbied for its version
of key escrow that largely focused on encryption export.
Now in its first formal legislative document, the White House is
asking that its policy also apply to data encrypted within U.S.
borders and that law enforcement be given access to that data
based on a simple request from a law enforcement or government
security agency.
The U.S. Attorney General will set up the specific rules for
written
authorization. Civil liberties groups highly critical of the White
House plan pointed out that under the basic guidelines it will be
easier for law enforcement to get encryption keys than to tap
phones, which requires a warrant or court order.
The administration does not just face domestic opposition to its
proposed policy. The international community, represented by the
29-nation Organization for Economic Cooperation and
Development (OECD), also has not rallied behind the Clinton
cause.
After a year of study and intense lobbying by the U.S. Justice
Department, the OECD, based in Brussels, Belgium, last week
released the ``Cryptography Policy Guidelines,'' an eight-point
document that recognizes nations may want to have access to
cryptographic keys or un-scrambled plaintext. But the OECD
guidelines fall far short of recommending key recovery as the
preferred international approach.
Some participants in the OECD crypto-policy effort were pleased
with its outcome, including Marc Rotenberg, director of the
Electronic Privacy Information Center here.
``There's a strong emphasis here on privacy and voluntary market
guidelines,'' Rotenberg said. The OECD guidelines state that users
should have a choice in cryptography, that cryptography should
be driven by business requirements, and that the privacy of
personal data and the secrecy of communications should be
respected.
Congressional cold shoulder So far, no legislators on Capitol Hill
have embraced the ideas in the administration-drafted legislation,
the Electronic Data Security Act of 1997, which also calls for
nationally certified key-recovery centers for storing copies of
encryption keys.
``From our point of view, it's a breathtaking expansion of law
enforcement's surveillance au-thority,'' said Alan Davidson, staff
counsel at the Washington, D.C.-based Center for Democracy and
Technology (CDT) about the draft bill. The CDT has posted the
bill on its Web site, www.cdt.org.
Commerce Department Un-der Secretary William Reinsch, whose
office took the lead in drafting the bill, last week had no
comment.
The draft bill emphasizes that the key-recovery regulation is
voluntary in the U.S., but opponents argue otherwise.
The White House draft defines as the federal standard only digital
certificates that work with key-recovery encryption products.
And under the drafted bill, employees working in a
government-certified key-recovery center would be spared any
civil or criminal liabilities for disclosing decrypted information
to
a
government agency.
Through the economic in-centives and regulatory impact of the
Clinton administration bill, ``they plan to severely limit [the
products] you can choose from,'' according to Jim Bidzos,
president of RSA Data Security, Inc., whose public-key
technology is widely deployed in encryption products. ``The
intent is to discourage the use of strong, unescrowed encryption
in the U. S.''
[Copyright 1997, Network World]