Re: @VernonDozier: What the hell am I reading?
A blast from the past
Date: Thu, 29 May 1997 15:54:20 -0400
From: [email protected] (Matthew Gaylor)
Subject: Newsflash: PGP approved for export of strong crypto
[Just in case you haven't already heard...]
Around here, this is what we call "pretty good news." The other good news is that it's NOT April Fools Day (yes, this is for real.). Best of all: no key escrow! :)
Have a Pretty Good Day,
................................. cut here .................................
Director of Corporate Communication
Pretty Good Privacy, Inc.
PRETTY GOOD PRIVACY RECEIVES GOVERNMENT APPROVAL TO EXPORT STRONG ENCRYPTION
SAN MATEO, Calif., May 28, 1997 -- Pretty Good Privacy, Inc. (www.pgp.com), the world leader in digital privacy and security software, today announced that the U.S. Department of Commerce has approved the export of Pretty Good Privacy's encryption software to the overseas offices of the largest companies in the United States. This makes Pretty Good Privacy the only U.S. company currently authorized to export strong encryption technology not requiring key recovery to foreign subsidiaries and branches of the largest American companies (see list of companies below).
The approval allows Pretty Good Privacy to export strong, 128-bit encryption without a requirement that the exported products contain key recovery features or other back doors that enable government access to keys. More than one-half of the Fortune 100 already use PGP domestically to secure their corporate data and communications.
"Now we are able to export strong encryption technology to the overseas offices of more than 100 of the largest companies in America, without compromising the integrity of the product or the strength of the encryption," said Phil Dunkelberger, President of Pretty Good Privacy, Inc. "We worked closely with the State Department when they controlled the export of encryption, and are now working with the Commerce Department. And we have never had a license application denied."
The license allows export of strong encryption technology, without government access to keys, to the overseas subsidiaries and branch offices of more than 100 of the largest American companies, provided that the offices are not located in embargoed countries, namely Cuba, Iran, Iraq, Libya, North Korea, Sudan or Syria.
"As far as we know, Pretty Good Privacy, Inc. is now the only company that has U.S. government approval to sell strong encryption to the worldwide subsidiaries and branch offices of such a large number of U.S. corporations, without having to compromise on the strength of the encryption or add schemes designed to provide government access to keys," said Robert H. Kohn, vice president and general counsel of Pretty Good Privacy. "Pretty Good Privacy still opposes export controls on cryptographic software, but this license is a major step toward meeting the global security needs of American companies."
The U.S. government restricts the export of encryption using key lengths in excess of 40 bits. However, 40-bit cryptography is considered "weak," because it can be broken in just a few hours. Generally, the U.S. government will grant export licenses for up to 56-bit encryption if companies commit to develop methods for government access to keys. For anything over 56 bits, actual methods for government access must be in place.
Pretty Good Privacy's license permits the export of 128-bit or "strong" encryption, without any requirement of a key recovery mechanism that enables government access to the data. A message encrypted with 128-bit PGP software is 309,485,009,821,341,068,724,781,056 times more difficult to break than a message encrypted using 40-bit technology. In fact, according to estimates published by the U.S. government, it would take an estimated 12 million times the age of the universe, on average, to break a single 128-bit message encrypted with PGP.
"Pretty Good Privacy, Inc. has been working diligently to ensure compliance with the export control laws. Clearly, the Commerce Department recognizes the needs of reputable American companies to protect their intellectual property and other sensitive business information using strong cryptography," said Roszel C. Thomsen II, partner at the law firm of Thomsen and Burke LLP.
"User demand for strong cryptography is growing worldwide," said Marc Rotenberg, director of Electronic Privacy Information Center, and a leading privacy-rights advocate. "This is just one more example of the need to remove obstacles to the export of the best products the U.S. can provide."
Companies that are approved for the export of Pretty Good Privacy's strong encryption should contact Pretty Good Privacy's sales office at 415.572.0430 or visit the company's web site at www.pgp.com. Companies that are not currently on the list of licenses obtained by Pretty Good Privacy, but would like to gain approval to use strong encryption in their branch offices and subsidiaries around the world, should also contact Pretty Good Privacy at 415.572.0430 for information about how to be included in future government-approved export licenses for PGP.
About Pretty Good Privacy, Inc.
Pretty Good Privacy (www.pgp.com), founded in March 1996, is the leading provider of digital-privacy products for private communications and the secure storage of data for businesses and individuals. Pretty Good Privacy's original encryption software for email applications (PGP) was distributed as freeware in 1991 by Phil Zimmermann, Chief Technical Officer and Founder of Pretty Good Privacy, and allowed individuals, for the first time, to send information without risk of interception. With millions of users, it has since become the world leader in email encryption and the de facto standard for Internet mail encryption. Over one half of the Fortune 100 companies use PGP. In order to provide only the strongest encryption software, Pretty Good Privacy publishes all of its encryption source code and algorithms for extensive peer review and public scrutiny. The company can be reached at 415.572.0430; http://www.pgp.com.
Immediately followed by
Date: Thu, 29 May 1997 18:46:08 -0400
From: "Tom Betz" <[email protected]>
Subject: Re: Newsflash: PGP approved for export of strong crypto
On 29 May 97 at 15:54, Matthew Gaylor wrote:
> SAN MATEO, Calif., May 28, 1997 -- Pretty Good Privacy, Inc. (www.pgp.com), the world leader in digital privacy and security software, today announced that the U.S. Department of Commerce has approved the export of Pretty Good Privacy's encryption software to the overseas offices of the largest companies in the United States. This makes Pretty Good Privacy the only U.S. company currently authorized to export strong encryption technology not requiring key recovery to foreign subsidiaries and branches of the largest American companies (see list of companies below).
Hokay... does anyone know the exact date the NSA cracked PGP?