Security software company Network Associates (NETA) is dropping out of an industry alliance that promotes encryption technology with key recovery, worrying that membership might send the wrong message to users.
Key recovery is a system built into some encryption products that allows a user's private code, or "key," to be stored and recovered by third parties if necessary. Many businesses like the idea for situations where employees forget their keys, move to another company, or even die and leave inaccessible information behind.
But key recovery is controversial in high-tech circles because the U.S. government mandates its use for any strong encryption product shipped overseas. Federal law enforcement officials cite the need to gain access to the files or email of suspected criminals. The FBI has proposed mandating key recovery for domestic encryption products as well.
The Key Recovery Alliance (KRA) formed last year to find ways to promote use of key recovery within government guidelines and to lobby to loosen those guidelines.
But Network Associates, at the prompting of new, high-profile employee Phil Zimmerman, decided to drop out because of perception problems.
"Our concern is that membership in the KRA at some point is seen as support for strong crypto export under regulations that only support key recovery," said Gene Hodges, director of product management for antivirus and security. "We don't want to be seen in that light."
Zimmerman is the founder of Pretty Good Privacy, an encryption software company recently acquired for $35 million by Network Associates. Network Associates was recently formed when McAfee Associates and Network General merged. The duo then turned to PGP to fill out its line of encryption products.
PGP's Zimmerman, who now holds the title of "fellow" at Network Associates, has in the past few years been one of the most outspoken opponents of federal encryption export laws, and his viewpoints apparently have rubbed off on his new company.
"[The perception of membership in the KRA] is something that PGP taught us about, and we believe they've had a reasonable policy," said Hodges.
The company took some heat from others in the industry last week, when the CEO of encryption software maker SynData Technologies sent out a release charging that Network Technologies was trading "our right to privacy for a shot at increased revenues overseas by supporting the key recovery program."
Network Associates is not lobbying other KRA members to follow its lead, nor does it plan to start its own organization or alliance in opposition to KRA, Hodges said.
KRA representatives were not immediately available for comment.