From: “Tom Albertson (LCA)” <tomalb@microsoft.com>
To: “‘cypherpunks@toad.com>
Message Hash: 94a43105c1ca57aad2546e1a6e5c9596b8e5b98635649efe37ab6c9e2fa099cf
Message ID: <c=US%a=%p=msft%l=RED-81-MSG-961205024640Z-2637@INET-04-IMC.itg.microsoft.com>
Reply To: _N/A
UTC Datetime: 1996-12-05 02:47:09 UTC
Raw Date: Wed, 4 Dec 1996 18:47:09 -0800 (PST)
From: "Tom Albertson (LCA)" <tomalb@microsoft.com>
Date: Wed, 4 Dec 1996 18:47:09 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: Microsoft & Key Escrow
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961205024640Z-2637@INET-04-IMC.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain
These issues are also addressed at somewhat greater length than in the
FAQ in "Microsoft Policy on Export Controls on Encryption" at
http://www.microsoft.com/intdev/security/export/expcont1.htm (updated
since the recent Administration announcements).
rgds
tom
>-----Original Message-----
>From: Blake Coverett [SMTP:blake@bcdev.com]
>Sent: Wednesday, December 04, 1996 6:12 PM
>To: 'cypherpunks@toad.com'
>Subject: Microsoft & Key Escrow
>
>Following are some of the relevent snippets from
>http://www.microsoft.com/intdev/security/export/exporfaq-f.htm.
>The comments in square brackets are mine.
>
>---cut here---
>What is Microsoft's position on supporting key escrow?
>
>Key escrow encryption is not a market-driven solution and it raises serious
>privacy concerns for many customers. It is also new, undeveloped, untested,
>and uncosted, and it will take a long time to be worked out. Additionally,
>customers have expressed hesitation about mandatory key escrow, especially if
>they have to give the keys to the government or a government-selected third
>party. Therefore, we are not actively adding support for key escrow in our
>products and technologies.
>
>[About as good as we can ask for. I would, however, like that last sentence
> better if the word 'actively' was missing.]
>
>Shouldn't the U.S. government be able to access information that could
>prevent terrorist acts and crime?
>
>Strong non-key escrow encryption is already available from retail outlets,
>foreign companies, and off the Internet. Thus the U.S. government is already
>having--and will continue to have--a harder time in the future accessing
>plain text regardless of U.S. export restrictions.
>
>[I suppose it would be too much to expect a third sentence
> reading. 'This is a good thing.']
>
>What is key recovery? How does it relate to key escrow?
>
>Market-driven data recovery refers to a product feature that allows users to
>maintain a spare private encryption key in a safe place. Generally, a data
>recovery system escrows a copy of the session key with the message or file
>and the user (or perhaps his employer) controls the decision whether to
>utilize this feature. With key escrow the U.S. government holds or has access
>to a user's private encryption key.
>
>It is not yet clear whether such systems are exportable. In the October 1
>announcement, the U.S. government referred to "key recovery" without defining
>it; in all likelihood, however, they still have in mind government key
>escrow, and not market-driven data recovery.
>
>[Hmm... it's just possible that Microsoft's spin doctors are
> better than those of the US government. Perhaps they can
> sell the world on their definition of 'key recovery' instead of
> the one we know the TLAs intended.]
>---cut here---
>
>regards,
>-Blake
>
Return to December 1996
Return to ““Tom Albertson (LCA)” <tomalb@microsoft.com>”
1996-12-05 (Wed, 4 Dec 1996 18:47:09 -0800 (PST)) - RE: Microsoft & Key Escrow - “Tom Albertson (LCA)” <tomalb@microsoft.com>