Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home IT Management
    • IT Management

    Escrow: Bad for E-Biz

    By
    Dennis Fisher
    -
    October 1, 2001
    Share
    Facebook
    Twitter
    Linkedin

      As federal lawmakers try to line up support for a new key escrow system for encryption software, concern is growing within the cryptographic and security communities that such a measure would not only weaken the countrys defenses but hamstring its e-commerce and banking systems as well.

      The main proposal in the governments effort, drafted by Sen. Judd Gregg, R-N.H., seeks to essentially build a back door into all encryption software by requiring users to submit a copy of their private keys to the government or other so-called trusted third party. Such keys would be readily available to law enforcement and intelligence officials during investigations and would allow them to decrypt messages at will.

      Greggs proposal is part of a broader effort by the Bush administration to tighten physical and electronic security in the aftermath of the terror attacks on New York and Washington three weeks ago. U.S. Attorney General John Ashcroft is pushing a sweeping anti-terror bill that, among other things, proposes expanding law enforcements wiretapping abilities to allow for more digital surveillance of suspected terrorists.

      As for Greggs key escrow proposal, cryptographers and other security experts say it is a flawed idea. In addition to it being impossible to implement on a wide scale, the damage to the “trust” factor for online business-to-business commerce and e-commerce in general would be staggering.

      Critics are also quick to point out that no evidence has surfaced that the terrorists who perpetrated the recent attacks used encryption. And they contend there is little chance that terrorists willing to conduct brazen suicide attacks would abide by a law requiring them to provide authorities with a copy of their private keys.

      But the most oft-cited argument against new limitations on encryption software is the potential chilling effect it could have on the nations e-commerce system. “Encryption makes e-commerce work,” said William Whyte, director of cryptographic research at Ntru Cryptosystems Inc., in Burlington, Mass. “It makes the stock markets work. Youre restricting e-commerce [by restricting encryption]. E-commerce depends on people having trust in their systems, and they cant have that trust without encryption.”

      Nearly every online marketplace and trading site on the Internet relies on encryption to ensure the integrity of its financial data, as do online banking sites. Many in the financial services industry attacked Greggs plan as unworkable.

      “How will they handle the private keys of each individual [public-key infrastructure]? What happens at key recovery?” asked one security specialist for a large investment company who asked to remain anonymous. “I doubt it will happen. Youd have to send an updated private key each time. [Thats] massive amounts of data and storage.”

      There is also the question of how to secure the system holding the millions of private keys. If such a system were ever breached, the results could be disastrous.

      Greggs proposal, which has also drawn the ire of several of his colleagues in the Senate, has many in the cryptographic community recalling the governments past attempts at regulating the sale and manufacture of encryption software.

      “I thought we got beyond the government doing this,” said Bruce Schneier, chief technology officer of Counterpane Internet Security Inc., in Cupertino, Calif., and a noted cryptographer. “The problem isnt cryptography. If you think it is, youre not paying attention. This is dangerous. It could certainly affect the security of e-commerce and reduce the amount of people who do things like that online.”

      Aides say Gregg has discussed the proposal with several other senators and Ashcroft and believes that it has a solid base of support.

      “He hasnt even really discerned how it will work yet,” said Brian Hart, an aide to Gregg. “He wants a quasi-judicial entity appointed by the Supreme Court to oversee this and hold the keys. He doesnt want law enforcement to hold the keys. We dont need some sheriff giving the key to his buddy. It may be that we just go to each individual and borrow the key for 10 minutes when we need it.”

      Still, the possibility of governmental regulation of cryptography also has some vendors wondering where that would leave them and their products.

      Dennis Fisher
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×