PGP Inc. introduces new key recovery features (NYT)
October 3, 1997
PGP Offers New Encryption Software for Corporations
By PETER WAYNER
O n Thursday the Pretty Good Privacy software company announced a
new version of its popular encryption software with features that
make it easier for companies to deploy encryption throughout their
organization. The new software provides a way for the manager of a
company's electronic infrastructure to catalogue and distribute
keys so that employees can scramble their electronic mail as easily
as they might include an image or change the font of the message.
The new version, called PGP for Business Security 5.5, also
includes some of the most advanced mechanisms for "key recovery," a
technology for surveillance that has been the focus of a major
debate between the Federal Bureau of Investigation and many
software companies and Internet users. The PGP software allows the
corporation's management to enforce policies that may be as
stringent as banning all e-mail that the management can't read.
In the past several years, the use of encryption algorithms to
scramble data has been a major point of controversy and it has been
the lightening rod attracting debate about the level of privacy
that people can expect in cyberspace. The FBI has proposed banning
secret codes that they can't break because such could interfere
with law enforcement officials' ability to gather evidence. This
approach, however, has received widespread opposition from people
who feel it is needlessly complex, unlikely to work, very expensive
and unconstitutional.
The new PGP software sidesteps these arguments because it makes
these features available voluntarily. Many corporations may want
the power to read an employee's files for the same reason that they
might want copies of the keys to filing cabinets.
Steve Schoenfeld, the director of product management, said in an
interview on Wednesday that many corporations asked PGP to provide
this access in case an employee is sick, injured or fired.
The new version also includes some of the most sophisticated
techniques for enforcing this policy through the corporation. The
most novel may be a new version of software controlling a company's
SMTP server, the machine that acts as the central mailroom for a
corporation. PGP provides a software agent that will read all of
the mail to make sure that it complies with the corporate policy.
This may include requiring all messages to be signed with digital
signatures or include a backdoor that the management can use to
read the message. If the software agent discovers a message
violates the policy, it can either return it to sender or simply
log a copy.
PGP implements the backdoor with a central key. Each message is
encrypted with both the public key of the recipient and the public
key of the management. The message can only be read by someone
holding the corresponding private keys, in this case the recipient
and the management. The software allows the management to use
different master keys for different departments by customizing the
software.
The master key removes the need for a central database to hold a
copy of all of the keys used, but it does not remove the danger of
someone compromising this master key. All key-recovery schemes
share this weakness and many computer security experts feel that
the weakness could leave corporate networks in a more vulnerable
position because it would give an industrial spy a single point to
focus an attack.
If the corporation discovers that its key has been compromised,
then it must rapidly try to upgrade the key throughout the system.
Schoenfeld said that a future version will make it easier for the
corporation to recover from a loss. The current version introduced
this week must be recompiled to include a new version.
This forced recompilation is another feature that a company's
management can use to enforce a uniform policy. When a company
installs PGP 5.5, it will choose which features it wants to give
employees. The rest will be stripped out so an employee couldn't
use them . The PGP literature, for instance, suggests that a
company may want to prohibit "conventional encryption" with two
private keys or perhaps encryption without a backdoor in place.
The PGP management is clearly trying to accommodate the wishes of
the branches of the United States government responsible for
intelligence gathering and law enforcement. Both the FBI and the
National Security Agency exert a great deal of influence on the
products shipped by software companies by regulating the export of
the software. Currently, products that include key recovery systems
are easier to export, presumably because they make it easier for
law enforcement officials to eavesdrop.
It is unclear how the marketplace will react to the new product.
Earlier attempts by the Clinton administration to push a less
sophisticated key management system, known by the nickname Clipper,
failed to attract much interest in the private sector. Key recovery
systems that leave control in the hands of a corporation's
management, however, are more likely to be adopted because they
could be quite useful if an employee is sick or out of the office.
Still, the new technology for enforcing policy may be much stronger
than necessary to deal with accidents. While many people understand
a company's need to recover files, courts have occasionally
recognized a person's desk as a private place protected from
unconstitutional searches. Similarily, surrepticious monitoring of
phone calls is considered controversial enough that companies
usually notify callers if recording equiptment is in use. It is
difficult to predict which policies corporations will choose, but
PGP gives them a wide spectrum of options.
Bruce Schneier, an encryption expert and author of the popular book
Applied Cryptography, said that the new announcement "sounds like
everything the FBI ever dreamed of." He also predicted that
criminals will find ways to circumvent the restrictions while
honest people may be more vulnerable to illicit use of the master
key.
Schoenfeld said he disagrees because corporations will be able to
voluntarily choose how much key recovery to implement and may
choose none. "There's a tremendous difference", he said, "between
forcing everyone to do something and giving corporations the tools
to manage their security."
Peter Wayner at pwayner@nytimes.com welcomes your comments and
suggestions.
Copyright 1997 The New York Times Company