1996-01-22 - VTW: “Lotus blinks in industry/NSA crypt standoff”

Header Data

From: “Declan B. McCullagh” <declan+@CMU.EDU>
To: cypherpunks@toad.com
Message Hash: 1c09775386070313b9dc6dfd417d85117cd0adbf1fd56c0abb603d8c55428cc3
Message ID: <Ul0mYMu00YUr4SqrEG@andrew.cmu.edu>
Reply To: N/A
UTC Datetime: 1996-01-22 06:06:48 UTC
Raw Date: Sun, 21 Jan 96 22:06:48 PST

Raw message

From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 21 Jan 96 22:06:48 PST
To: cypherpunks@toad.com
Subject: VTW: "Lotus blinks in industry/NSA crypt standoff"
Message-ID: <Ul0mYMu00YUr4SqrEG@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


===========================================================================
                               VTW BillWatch #33

       VTW BillWatch: A weekly newsletter tracking US Federal legislation
     affecting civil liberties.  BillWatch is published at the end of every
        week as long as Congress is in session. (Congress is in session)

                   BillWatch is produced and published by the
                 Voters Telecommunications Watch (vtw@vtw.org)
                             (We're not the EFF :-)

                 Issue #33, Date: Mon Jan 22 00:42:06 EST 1996

     Do not remove this banner.  See distribution instructions at the end.
___________________________________________________________________________

TABLE OF CONTENTS
        Announcements

        Oregon ISPs stand up for your rights

        Recap of ECHO Virtual Culture Event 1/21/96

        Lotus blinks in industry/NSA crypt standoff

        Subscription Information (unchanged since 10/21/95)

___________________________________________________________________________
ANNOUNCEMENTS

Each week never fails to bring us some interesting development in the
world of telecommunications and civil liberties and this one is no different.

Keep an eye on http://www.vtw.org/.  We'll be posting
an alert on the New York State cyberporn bill later tonight.  Also, if
you haven't yet scheduled a meeting with your legislator and your local
ISP to talk about the Exon bill, you're wasting valuable time.  Do so now!

Shabbir J. Safdar
Advisory Board Member
Voters Telecommunications Watch

This issue can be found in HTML form at
URL:http://www.vtw.org/billwatch/issue.33.html

___________________________________________________________________________

[...]

LOTUS BLINKS IN INDUSTRY/NSA CRYPT STANDOFF

It's not clear why this hasn't made a larger impression on the net yet,
because we think its of crucial importance in the ongoing debate about
cryptography.

For years since the original introduction of the Clipper Chip, the
debate over cryptography has continued to gain momentum.  Recently,
the Administration, embarrassed by its defeat over the Clipper Chip
proposal, put forth it's Commercial Key Escrow proposal.  What is
all the fuss about?

It's about cryptography, and who has the right to encrypt information
and who has the right to keep the key.  Right now, you do, but that
could all change.

Think of cryptography as a really good front door on your house or
apartment.  The door key is yours to hold, isn't it?  It's your right
to give a copy to someone you trust, or if you choose, nobody at all.

The Administration contends that this is not so.  With their "commercial
key escrow" scheme, they contend that you shouldn't be able to build a
door they cannot break down, but they also contend that they should be
able to order you to give a copy of the key to a government-approved
individual, so that they can come enter your house (with a warrant, of
course) when they wish.

Industry, of course, panned this plan when it proposed late 1995, and
continues to object to it.  All the while, a standoff continues:
the Administration refuses to allow cryptographic software with keys
longer than 40 bits to be exported, and industry refuses to build Big
Brother into their products.

And this is where the standoff stayed until last Wednesday, when
Lotus blinked.

On Wed, Jan. 17th, 1996, Lotus announced that it had increased the key
length of its International version of the Lotus Notes product to 64
bits.  They did this by building in a back door for the Administration to
use to decrypt any international traffic that it might desire to read.

Although there are a lot of reasons why we think this is a terrible idea,
the first one that springs to mind is the fact that the one public key that
Lotus has embedded in all their software is a single point of failure
for every International Lotus user throughout the world.  Sure, this key
is held with a high security clearance by the government, but then
Aldritch Ames also had some of the most sensitive information available
to him, and he proved untrustworthy.

After all, if $1.5 million can buy a CIA counter-intelligence agent, I
wonder how much a Lotus Notes key escrow holder goes for these days?

You can find a copy of the Lotus press releases at
http://www.lotus.com

[...]






Thread