Internet

Encryption infighting emerges

Network Associates, which pulled out of the Key Recovery Alliance after acquiring Pretty Good Privacy, says it now plans to rejoin the group.

Network Associates (NETA), which pulled out of the Key Recovery Alliance in December after acquiring Pretty Good Privacy, says it probably will rejoin the group after buying Trusted Information Systems (TISX).

Network Associates' apparent reversal underscores the volatility of the encryption debate. The Key Recovery Alliance is a private group of about 60 technology firms and users that promotes methods for companies to recover the cryptographic keys used to make information private.

Federal officials say the moves by Network Associates indicate a deep rift within the high-tech community over the issue. The government is pushing for mandatory key escrow schemes to give law enforcement access to encrypted data say the high-tech community is split over the issue. With limited exceptions, U.S. firms cannot export strong encryption software or hardware without key recovery.

After its deal to acquire PGP was announced, Network Associates said it would pull out of the Key Recovery Alliance. PGP founder and privacy pioneer Phil Zimmermann has been an outspoken opponent of government key escrow schemes, and Network Associates' withdrawal was viewed as a sign of his influence.

"Our concern is that membership in the KRA at some point is seen as support for strong crypto export under regulations that only support key escrow," Network Associates' executive Gene Hodges said in December. "We don't want to be seen in that light."

But TIS chief executive Steve Walker is a driving force behind the Key Recovery Alliance, and his company makes RecoverKey, a software system for companies to store private keys of their employees.

"It's highly likely that Network Associates will be a member," Network Associates chief executive Bill Larson said today. "The Key Recovery Alliance is a very important organization...Philosophically, we are bridging two discrete worlds--the PGP-Internet world and the TIS intelligence world." TIS has major consulting contracts with U.S. government agencies.

"Our belief is that you let customers choose," Larson added. "Customers have been asking PGP to put in key recovery. RecoverKey is a much better system for that."

SynData Technologies chief executive David Romanoff, whose company markets encryption software that competes with PGP's, sees Larson's comments a sign that Zimmermann has a diminished role inside Network Associates.

"This news is really consistent with the direction of Network Associates and its position on key recovery," Romanoff said. "I regret that it was not consistent with the old Phil Zimmermann and the old PGP."

Zimmermann hotly denied Romanoff's claim that PGP version 5.5, the business version of its latest encryption software, can give government access to a company's private keys.

"I did not change my beliefs, and we put that feature in 5.5 long before we started talking to Network Associates," Zimmermann said.

"We just bought a large company, and the company we bought founded or was a charter member of Key Recovery Alliance," Zimmermann said. "There's a lot of complexity in these acquisitions, and it's hard to predict what all the effects might be at the outset of a process."