Security Web Digest: Encryption Patent Battle Developing Between PKWare and WinZIP Computing

Companies have developed incompatible .ZIP encryption implementations CERT and ArcSight forming "Cyber Security Information Sharing Project" Peer-to-Peer regulation envisioned in new U.S. House bill Librarie


Questions about the splintering of the popular .zip file compressionformat may soon be resolved by the U.S. Patent Office. Two months into astandards battle between WinZip Computing and PKWare over the way .zipsoftware does strong encryption, PKWare, the company that has openlypublished the .zip specification since it was invented by company founderPhil Katz in 1986, has applied for a patent that it claims will govern thestandards in dispute. "What weve filed a patent for is the whole methodof combining .zip and strong encryption to create a secure .zip file,"said Steve Crawford, the chief marketing officer at PKWare. In May of thisyear, WinZip developed its own method of strong encryption, which wasincompatible with the PKWare product. Since then, WinZip and PKWare usershave been unable to read each others encrypted files.


The federally funded CERT Coordination Center and security eventmanagement application maker ArcSight Inc. this week said they are goingto team with three universities in an attempt to jump-start aproject that will create real-time data sharing and security analysisacross organizations. If successful, both ArcSight and CERT hope thejoint venture, dubbed the Cyber Security Information Sharing Project, willprovide a model for other data-sharing initiatives in both the public andprivate sectors. The three universities that will be part of the projecthave yet to be selected, CERT director Rich Pethia said.

Intellectual Property

A bill introduced last week in Congress would require file-swapping companies to get parental permission before allowing minors to use their services.The bill, called the Protecting Children from Peer-to-Peer Pornography(P4) Act and sponsored by Reps. Joe Pitts, R-Pa., and Chris John, D-La.,would require the Federal Trade Commission to regulate peer-to-peer networks and take steps to ensure that children arent accidentally coming across porn. The bill calls on the FTC to require peer-to-peer companiesto get parental permission before minors use their services. It also would require peer-to-peer companies to honor the wishes of parents who have put a "do not install" beacon in their computers, indicating that they dont want file-swapping software on their childrens machines. However, such technology has yet to be developed, and its unclear how such a beacon would work.


Under a deadline set Thursday, libraries have anextra year to comply with a law that says if they accept federal funds, they must install Internet filtering software. The Federal Communications Commission, which is responsible for enforcing the law, set the deadline of July 1, 2004, in a 49-page ruling released Thursday. Because the law, called the Childrens Internet Protection Act (CIPA), had been challenged in court, the FCC decided it was reasonable to give libraries time to comply. On June 23, the U.S. Supreme Court reversed the ruling of a three-judge panel in Philadelphia and decided that CIPA did not violate the First Amendment.

Network Solutions has lost its legal protection in a high-stakes fight over the domain A federal appeals court Friday found that Network Solutions, now owned by VeriSign, could be sued for failing to prevent rights to the Web address from being stolen in 1995. The 9th U.S. Circuit Court of Appeals in San Francisco, rejecting VeriSigns dire warnings about exposing it to liability in feuds over domain names, concluded that there is nothing wrong with holding registrars accountable for protecting property rights in cyberspace. As a result, VeriSign could find itself on the hook for all or part of a record $65 million judgment already in place in a 5-year-old legal tussle over the rights to the address.