November 5, 1997 5:05 PM PST
Clinton task force calls for key recovery
- Related Stories
Lott lambasts FBI crypto policyOctober 24, 1997
Taking aim at cyberterrorismOctober 22, 1997
EC report counterpoint to Clinton cryptoOctober 8, 1997
Cooks in Clinton crypto kitchenSeptember 11, 1997
CNET Special Report: Four Horsemen of Net ApocalypseOctober 31, 1996
The President's Commission on Critical Infrastructure Protection recommendations hardly break new ground. The Clinton administration already is on record supporting a Senate bill that would make life difficult for those who didn't participate in a so-called key recovery system.
The presidential commission--which convened technical and policy experts to study how to secure computer networks, power grids, and phone systems--is only the latest governmental body to recommend the implementation of "key management infrastructures" without providing any specific suggestions.
Civil libertarians and critics in the high-tech industry have complained bitterly that key recovery systems make encrypted communications vulnerable to a host of threats. A study released in May by 11 cryptographers and computer scientists outlined a number of specific concerns, including bugs that would expose users' keys and abuse by law enforcement insiders.
At least one Internet civil liberties group criticized the commission today for failing to heed the report.
"When you create a separate copy of your key, you're running the risk that it will fall into the wrong hands," said James Dempsey, senior staff counsel with the Center for Democracy and Technology in Washington, D.C. "By urging the adoption of key recovery, this report is basically re-creating a whole new set of vulnerabilities in the name of solving existing vulnerabilities."
The recommendations come as no surprise, since at least 11 of the 18 commissioners work for the Clinton administration.