Interesting People mailing list archives
IP: Info on Netscape's key escrow position
From: Dave Farber <farber () central cis upenn edu>
Date: Sat, 2 Dec 1995 15:05:34 -0500
From: Jeff Weinstein <jsw () netscape com> (by way of loki () obscura com (Lance Cottrell)) Subject: Info on Netscape's key escrow position I had lunch with Jim Clark today, and explained the furor that was currently going on in cypherpunks and elsewhere. After lunch he sent me the e-mail that I've attached below to pass along. I think the gist of it is that if governments require key escrow, we will have to do it in order to sell our products with encryption into those countries. We've actively lobbied against the government's proposal through our participation and support of industry efforts by the ITAA, BSA, SPA and others. Next week we will be sending two representatives to the NIST key escrow conference in DC. In preparation for that meeting we have been formulating an official company position on key escrow and export restrictions. Phil, myself, and other folks with cypherpunk leanings are involved in writing the policy statement. We are planning on taking a firm position against the government's key escrow proposals. Some time next week we will be posting our statement publicly, and will welcome your comments on it then. After the NIST meeting we will also be talking to folks in congress and the white house about our position, looking for help in getting the current export limitations removed. We will also be looking for help in getting the government's position on export controlled FTP sites clarified so that we can make the US version of the Navigator with 128-bit crypto available for download by those people who are legally allowed to use it. We don't have any plans to stop doing separate US and export versions of our software. As long as our customers want strong crypto and the government lets us sell it, I think we will keep doing it. --Jeff Jim Clark wrote:
I made some pragmatic comments. I said that if we are to use this encryption technology in business, we must have a better solution than to limit keylength or put keys in escrow. All governments of the world have a valid concern about terrorism and other activities of concern to the security of their nations. All of them will continue to restrict our ability to provide products to their markets unless we build in some mechanism that allows them to legally access information that is in the interest of their national security. (We obviously cannot be involved in determining what is legal by the laws of that country.) This is not just a US government problem. Until recently, France did not even allow us to sell products with 40-bit keys, much less 128-bit keys. A lot of ordinary citizens are rightly concerned about their own privacy. I am one of them. I do not want the government to snoop on me, but in fact the government, through the FBI, can now tap my phone without my knowing it by simply getting sufficient evidence that I am conducting illegal activities, then presenting this evidence to a court to get permission. I have no say in the matter. If we as a company were to take the position that in no case will we allow a government to get access to our encrypted messages, or refuse to allow key escrow with our products, the governments of the world will quickly put us out of business by outlawing the sale of our products in their countries. The fundamental issue is how do we accommodate the requirements of governments, while protecting our rights as citizens. None of this represents the position of Netscape with respect to what we will do. But if we do not come up with a solution to this problem that is acceptable to each government, we will not be able to export our products, except with a short key length (e.g. 40 bit keys), and that will not be acceptable to corporate customers in other countries. They will create their own solution, and we will not be able to sell to a larger world market. In fact, we could even be ordered by our own government to establish a key escrow system for its use inside the US. Ironically, anyone in the US may import unbreakable encryption technology from another country -- we just cannot sell it back to them. No one ever accused the government of being rational. I chair an industry group called the "Global Internet Project", with members from almost twenty companies, including companies from Asia and Europe. This was the central issue we all agreed upon this morning, and we are putting together a policy statement whose purpose is to educate lawmakers on the importance of quick resolution of this matter. Thanks for your concern. Let me know what you like and don't like.
Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw () netscape com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. ----- End Included Message -----
Current thread:
- IP: Info on Netscape's key escrow position Dave Farber (Dec 02)