FWD: Sweden learns of US trap door in Lotus Notes

Rohit Khare (rohit@bordeaux.ICS.uci.edu)
Wed, 14 Jan 1998 21:29:55 -0800

------- Forwarded Message
Date: Fri, 2 Jan 1998 12:13:37 -0500 (EST)
From: "Donald E. Eastlake 3rd" <dee@cybercash.com>
To: dee-interest@cybercash.com
Subject: FWD: Sweden learns of US trap door in Lotus Notes

[Some details below are misleading. As I understand it, each message sent
internationally contains within it most of the key used to encrypt the
message proper and this key information is encrypted under a private key
provided to Lotus by the US Government. Thus, no key is "escrowed" with or
given to anyone. It is just that if the US Government want to break the
security on a Lotus Notes message, it can look into the message and using the
key corresponding to the one it provided Lotus, it can reduce the work factor
it needs to perform down to only 40 bits of brute forcing. --dee3]

Date: Wed, 31 Dec 1997 14:35:57 -0500
From: Perry E. Metzger <perry@piermont.com>
Subject: RISKS 19.52: The Key Escrow Shoe Drops in Sweden...

Forwarded from Risks digest, by way of Nev Dull:

Date: Tue, 23 Dec 1997 22:15:31 -0500
From: Win Treese <treese@OpenMarket.com>
Subject: The Swedes discover Lotus Notes has key escrow!

My colleague Bill Nilson brought this to my attention. Below is his
translation of a story from a Swedish newspaper. [Original Swedish
truncated, but is available on request. PGN]

The article describes the reaction when various people in the Swedish
government learned that the Lotus Notes system they were using includes key
escrow. They were apparently unaware of this until Notes was in use by
thousands of people in government and industry.

Besides being an interesting reaction to key escrow systems, this incident
reminds us that one should understand the real security of a system....

Secret Swedish E-Mail Can Be Read by the U.S.A.
Fredrik Laurin, Calle Froste, *Svenska Dagbladet*, 18 Nov 1997

One of the world's most widely used e-mail programs, the American Lotus
Notes, is not so secure as most of its 400,000 to 500,000 Swedish users
believe. To be sure, it includes advanced cryptography in its e-mail
function, but the codes that protect the encryption have been surrendered to
American authorities. With them, the U.S. government can decode encrypted
information. Among Swedish users are 349 parliament members, 15,000 tax
agency employees, as well as employees in large businesses and the defense
department. ``I didn't know that our Notes keys were deposited (with the
U.S.). It was interesting to learn this,'' says Data Security Chief Jan
Karlsson at the [Swedish] defense department. Gunnar Grenfors, Parliament
director and daily e-mail user, says, ``I didn't know about this--here we
handle sensitive information concerning Sweden's interests, and we should
not leave the keys to this information to the U.S. government or anyone
else. This must be a basic requirement.''

Sending information over the Internet is like sending a postcard--it's that
simple to read these communications. When e-mail is encrypted, it becomes
unintelligible for anyone who captures it during transport. Only those who
have the right codes or raw computer power to break the encryption can read
it. For crime prevention and national security reasons, the United States
has tough regulations concerning the level of crytography that may be
exported. Both large companies and intelligence agencies can already--in a
fractions of a second--break the simpler cryptographic protections. For the
world-leading American computer industry, cryptographic export controls are
therefore an ever greater obstacle. This slows down utilization of the
Internet by businesses because companies outside the U.S.A. do not dare to
send important information over the Internet. On the other hand, the
encryption that may be used freely within the U.S.A. is substantially more

Lotus, a subsidiary of the American computer giant IBM, has negotiated a
special solution to the problem. Lotus gets to export strong cryptography
with the requirement that vital parts of the secret keys are deposited with
the U.S. government. ``The difference between the American Notes version
and the export version lies in degrees of encryption. We deliver 64 bit
keys to all customers, but 24 bits of those in the version that we deliver
outside of the United States are deposited with the American government.
That's how it works today,'' says Eileen Rudden, vice president at Lotus.

Those 24 bits are critical for security in the system. 40-bit encryption is
broken by a fast computer in several seconds, while 64 bits is much more
time-consuming to break if one does not have the 24 bits [table omitted].
Lotus cannot answer as to which authorities have received the keys and what
rules apply for giving them out. The company has confidence that the
American authorities responsible for this have full control over the keys
and can ensure that they will not be misused.

On the other hand, this (assurance) does not matter to Swedish companies.
On the contrary, there is a growing understanding that it would be an
unacceptable security risk to place the corporation's own ``master key'' in
the hands of foreign authorities. Secret information can leak or be spread
through, for example, court decisions in other countries. These concerns
are demonstrated clearly in a survey by the SAF Trade and Industry security
delegation. Some 60 companies answered the survey. They absolutely do not
want keys deposited in the U.S.A. It is business secrets they are
protecting. These corporations fear that anyone can get a hold of this
information, states Claes Blomqvist at SAF.

Swedish businesses are also afraid of leaks within the American authorities.
The security chief at SKF, Lars Lungren, states: ``If one has a lawful
purpose for having control over encryption, it isn't a problem. But the
precept is flawed: They ought to monitor (internally), but the Americans now
act as if there are no crooks working within their authorities.''

In some countries, intelligence agencies clearly have taken a position on
their country's trade and industry. Such is the case in France. One
example, which French authorities chose to publicize, was in 1995 when five
CIA agents were deported after having spied on a French telecommunications

Win Treese <treese@openmarket.com>

[The Lotus Notes crypto scheme is one that I have familiarly been
calling ``64 40 or fight!'' (in a reference to a slogan for an early
U.S. election campaign border-dispute issue many years ago. PGN]

------- End of Forwarded Message