Disclaimer: This information comes from sources that cannot be verified. As such, make no assumptions about its completeness or accuracy. We endeavor to keep this information up to date as much as possible. Feel free to send comments/ updates to the Security News Editor.

They've Got Wine, Cheese and Now, Encryption

January 26, 1998, Section:
TechWeb News

They've Got Wine, Cheese and Now, Encryption
By Oliver Rist

Sometimes all you can do is shake your head. Maybe it's a giant conspiracy involving world power shifts that I'm just too small to see, but from where I'm ducking my head here in the Review Bunker, the encryption brouhaha just seems so pointless. I received an E-mail from a fellow techno-watcher last week detailing a story The Daily Telegraph ran in its Dec. 16 issue called "Spies Like U.S." It basically detailed a European Commission report warning the rest of the European community of an extensive spy network the United States has or is building that eavesdrops on every telephone, E-mail message, fax or telex in the world.

Now, it's not that I would put it past the National Security Agency to want to set up something like that; it's just that with its attitude toward private sector security, I just don't think they can. I mean, these are the same guys who decided that if they pass laws against using strong encryption, all those fanatical bombers would instantly comply and start sending their travel itineraries that way. They actually had the gall to try and force that view on other countries, too. These are obviously people living in their own little bureaucratic universes, but even they should be able to see this battle is over.

Encryption vendors have figured it out. Just build your product outside the United States. From there, you can build it as strong as you want and anyone can use it. Keeping our export laws in place now is only keeping American companies from competing in this market. Last I checked, that's not supposed to be a major focus for U.S. law enforcement.

Just last week I had a great demo from a New Zealand-based company called RPK Ltd. marketing an E-mail client add-on called RPK InvisiMail. You can read a full review of this product here in the next week or two, but let me just preview it. This is a handy little software add-on that fits in seamlessly with most POP3/ SMTP E-mail solutions and lets clients send secure public-key encrypted messages using high-strength encryption developed outside the United States-a fact the company is actually using in its advertising! The fact that building a product outside the States is now an advertising gimmick should be reason alone to drop this law.

But far from it. As RSA Data Security CEO Jim Bidzos pointed out during his company's annual security conference in San Francisco, cybercrime is as rampant now as ever, with the government itself being a favorite target. Yet, even though vendors have obviously figured out how to get around these laws, the pro-encryption Security and Freedom Through Encryption Act (SAFE) is still in serious jeopardy of not passing this spring.

I just can't figure it. Even France is moving on this issue, announcing that it will loosen its encryption laws to ease adoption by French businesses and perhaps even build a licensing structure for trusted third-party organizations to help with key encryption schemes. That's France, ladies and gentlemen. Many Americans like to make fun of France, but they're going to have the last laugh when their 8-year-old whiz kids are breaking our E-mail codes with nothing but a smile and a GameBoy.

Oliver Rist is senior technical editor at InternetWeek. He can be reached at orist@cmp.com.

Copyright (c) 1998 CMP Media Inc.



[ Back | Home | Products | Security News | Security Links | Download | Resources | Press | Employment | Contact | About ]

CryptoSoft GmbH

Feedback: webmaster@cryptosoft.com
 Copyright ©1995-1998 Cryptosoft GmbH
All Rights Reserved