From: The Deviant <deviant@pooh-corner.com>
Date: Sat, 5 Oct 1996 01:25:50 +0800
To: cypherpunks@toad.com
Subject: RSA's Official Permission
Message-ID: <Pine.LNX.3.94.961004013154.572A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


---------- Forwarded message ----------

   RSA Optimistic on User Benefits of Administration's Recent Key
   Recovery Initiative Announcement Further policy change required for US
   vendors to be competitive worldwide
   
   
   
   REDWOOD CITY, Calif.---Oct. 2nd, 1996--RSA Data Security, Inc., a
   wholly-owned subsidiary of Security Dynamics Technologies, Inc.
   (NASDAQ: SDTI), issued the following comments on the administration's
   recent announcement of a Key Recovery Initiative:
   
   
   The administration's proposed Key Recovery Initiative is a positive
   step towards meeting the needs of individuals and organizations that
   buy and use products which utilize encryption. However, the proposal
   leaves significant competitive issues unresolved for suppliers who
   compete overseas.
   
   
   Modern encryption and authentication technologies are crucial to the
   growth of electronic commerce and the health of the future global
   electronic economy. The continued leadership of American computer and
   software firms in the world market depends on their ability to provide
   competitive solutions for consumers and business around the world.
   These consumers and businesses depend increasingly on encryption and
   authentication technologies -- such as those developed at RSA -- to
   provide solutions that protect the privacy of consumer purchases,
   personal medical information, sensitive corporate data, and electronic
   commerce and funds transfers as they travel over the global Internet.
   
   
   US government agencies, however, have long insisted that they must
   have potential access to all encrypted information for law enforcement
   purposes, and have advanced several proposals towards those ends.
   
   
   To date, these proposals have met with little support from the user
   and vendor communities due to concerns about privacy and
   competitiveness. This new proposal from the administration, however,
   is a move in the right direction for users.
   
   
   One positive step is that the administration has indicated, for the
   first time in over six years of discussion, that it will lift all key
   size restrictions on the export of products which utilize
   cryptography, provided that manufacturers provide a viable means of
   key recovery for legitimate government access.
   
   In addition, under the administrations proposal, industry, not
   government, will develop and propose the actual key recovery
   mechanisms. This will to result in more effective solutions to
   managing and recovering keys.
   
   
   Finally, the proposal addresses the concerns of users that any third
   party designated to hold user keys might improperly disclose those
   keys, thereby compromising a user's right to privacy. The
   administration has agreed that under certain circumstances,
   organizations would be allowed to "self-escrow" their own encryption
   keys.
   
   
   RSA is confident that industry can develop and gain approval for
   several excellent key recovery mechanisms that would be acceptable to
   government concerns. In fact, RSA has been a pioneer in this field
   with our RSA Emergency Access(tm) technology in its award-winning RSA
   SecurPC(tm) product. In the case of SecurPC, companies using the product
   can use Emergency Access keys with RSA's unique secret-splitting
   technology to gain access to critical information in the event of an
   emergency.
   
   
   The recently announced Key Recovery Alliance, of which RSA is a part,
   is chartered to provide a flexible, workable solution for users
   working within the government's proposed key recovery framework.
   Members of the group are working on technology which will allow users
   to maintain the privacy of their keys while allowing legitimate
   business or law enforcement authorities to recover keys when
   appropriate. It will also address challenges that arise when a user
   must comply with the differing encryption policies in countries around
   the world. The technology could allow products to provide the
   flexibility a user needs to take full advantage of the maximum privacy
   allowed in their locality, while maintaining interoperability and
   information exchange with other users regardless of location.
   
   
   It is not clear, however, to what extent the administration's proposal
   provides relief to US software and hardware companies who must compete
   with foreign suppliers. These foreign suppliers, not subject to US
   law, can provide strong, non-key-recovery encryption in their
   products.
   
   
   Today, most major computer and software solutions firms derive
   significant revenues from outside the United States. The government's
   proposal, while satisfying the US government's needs, does little to
   enhance the competitiveness of American products overseas. Robust
   encryption products are already available from many overseas
   suppliers, and U.S. market share in encryption-enabled products is
   under siege. Under this proposal, it appears that U.S. companies will
   still be prohibited from selling non-key-recovery encryption solutions
   in overseas markets, creating a significant barrier to their
   competitiveness.
   
   
   RSA looks forward to additional announcements by the administration
   that specifically address this issue and provide competitive relief
   for the US computer software and hardware industries.
   
   
   
   RSA Data Security, Inc.
   
   
   RSA Data Security, Inc., a wholly-owned subsidiary of Security
   Dynamics Technologies, Inc. (NASDAQ: SDTI), is the world's brand name
   for cryptography, with more than 75 million copies of RSA encryption
   and authentication technologies installed and in use worldwide. RSA
   technologies are part of existing and proposed standards for the
   Internet and World Wide Web, ITU, ISO, ANSI, IEEE, and business,
   financial and electronic commerce networks around the globe. The
   company develops and markets platform-independent developer's kits and
   end-user products and provides comprehensive cryptographic consulting
   services.
   
   
   Founded in 1982 by the inventors of the RSA Public Key Cryptosystem,
   the company is headquartered in Redwood City, Calif.
   
   
   -0-
   
   
   Note to Editors: BSAFE and TIPEM are trademarks of RSA Data Security,
   Inc. All other product and brand names are trademarks or registered
   trademarks of their respective companies.
   
   
   
   | [1]Al Gore's Statement | [2]Jim's Testimony | [3]IBM's Alliance |
   
   
   CONTACT:
   
   
   Corman/Croel
   
   Marketing & Communications (for RSA)
   
   Patrick Corman, 415/326-9648
   
   [4]corman@cerfnet.com


---------- End Forwarded message ----------

This is definatly bad... 

If you want to look it up yourselves, its at

http://www.rsa.com/PRESSBOX/releases/keyrecov.htm


 --Deviant
They seem to have learned the habit of cowering before authority even when
not actually threatened.  How very nice for authority.  I decided not to
learn this particular lesson.
                -- Richard Stallman