22 May 1997 --------------------------------------------------------------------- To: cypherpunks@EINSTEIN.ssz.com Date: Thu, 22 May 1997 07:22:22 -0700 From: Kent Crispin Subject: News about Sun and Elvis --- White House Reviews Sun's Encryption Initiative --- By John Fontana, Communications Week Washington - The Clinton administration said it is reviewing the relationship between Sun Microsystems and a Russian company that produces a strong encryption product, which Sun is licensing for worldwide distribution. The White House issued a statement last night, saying, "We are reviewing our regulatory posture with Sun to ensure that their arrangement with the Russian encryption company is in compliance with U.S. export controls." The Department of Commerce, which is responsible for export regulations on strong encryption, stressed that the administration was reviewing the relationship and not conducting an investigation, a spokesman said. Last week, Sun, in Mountain View, Calif., told Communications Week that it had licensed an encryption product from Moscow, Russia-based Elvis+ Co., which offers 128-bit keys and would resell it worldwide under the name PC Sunscreen SKIP Elvis+. Sun has approximately a 10 percent equity stake in Elvis+, whose product is based on Sun's Simple Key Management for IP (SKIP) protocol. The specification was published nearly two years ago. Humphrey Polanen, general manager of Sun's security and electronic commerce group, was confident the government would find Sun "in full compliance with the letter of the law." He said a key factor was that Sun offered no technical assistance in the development of the software. U.S. law bars the export of encryption over 56 bits without government approval. Companies seeking to export 56-bit products must also have a system in place within two years for key recovery. Netscape Communications, also of Mountain View, has followed that path with its browser software, but Sun has neither government approval nor a method to recover keys. The administration wants access to keys in cases of criminal investigations. It is concerned that strong encryption products could fall into the hands of terrorists, even though similar products are available from nearly 30 foreign companies. The statement from the White House also said it had not evaluated the product and could not comment on it. If found in violation of export controls, Sun could face civil and/or criminal penalties. Criminal penalties, which would be handed out by the Justice Department, could mean Sun executive officers would spend time in a federal prison. At press time, Sun had not seen the announcement and would not comment. "The administration may have to go after Sun to protect the integrity of its policy," said Marc Rotenberg, the director of the Electronic Privacy Information Center. "You might see the Zimmermann effect,' which would be tremendous public sympathy." Rotenberg is referring to Phillip Zimmermann, who won a battle with the government over his Pretty Good Privacy encryption product, which was distributed free over the Internet. "The White House is at risk by going after a U.S. company for making a good product," Rotenberg said. "This is one more reason to think the administration's cryptography policy is not long for this world." Three bills attacking the administration's policy are being discussed on Capitol Hill, but only one, the Security and Freedom through Encryption Act, has made it out of committee. The bill, which was authored by Rep. Bob Goodlatte (R-Va), would prohibit mandatory key recovery. President Clinton is opposed to the bill in its current form. -----End of forwarded message----- -- Kent Crispin "No reason to get excited", kent@songbird.com the thief he kindly spoke... PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55 http://songbird.com/kent/pgp_key.html --------------------------------------------------------------------- [End]