At 10:11 AM -0700 6/28/97, Kent Crispin wrote:
So how is that different than the current situation without cryptography? If people couldn't live with key escrow, how can they live with the current situation? Answer: they live with the current situation because the government abuses you describe are kept below the revolution threshold. The same would be the case with key escrow.
Not intending to squelch the thread by invocation of Godwin's Law, but how does Nazi Germany fit into this model? In case this isn't clear, the concern is that a GAK system is very dangerous should a Nazi-like regime develop (or even should a J. Edgar Hoover and/or Craig Livingstone regime develop). While regimes of the past few decades _may_ not be abusive in this way (apologies to Reagan, Bush, and Clinton haters out there), the deployment of GAK would be a tempting target for future despots and satraps. Thanks, but I'll keep my own records, my own crypto keys, and my own money. ...
But so what? Right now the government has intimate knowledge of your finances through tax records and other sources, and has the power to put liens on your property and your cash for all kinds of reasons.
This overstates the knowledge the government has of our finances. Much as I oppose the IRS in so many ways, they are basically clueless about a whole raft of transactions. The tax laws stipulate that incomes be reported, but not what money is spent for, not to whom monies are paid (unless one is an employer or a few other described situations), etc. As to the future, I agree that there will be more consolidation and cross-linking of data bases--including some the IRS has no _statutory_ access to (e.g., credit reporting , databases, absent a court order, though apparently the CRAs are malleable). By combining tax records, bank records, local property tax records, credit card records, travel records (airlines, etc.), and so on, a much more complete "citizen-unit tracking" data base can be built. This is something most of us are fighting, in various ways, not something we should accept as par for the course when contemplating GAK. My view on GAK is quite simple: let those who wish to escrow their keys do so. Let those who don't wish to keep their own keys and use crypto algorithms of any strength they desire.
Assuming certain models of key escrow, yes. Under other models, no. But imagine the worst case -- GAK creates a huge unwieldy expensive computerized infrastructure and associated bureacracy. What happens? Businesses find other ways to protect their data and transactions, huge economic inefficiencies develop, and the whole thing collapses and goes away.
It's amazing how little faith libertarians have in the market system, isn't it? :-)
A cheap shot, even taking into account Kent Crispin's shilling for GAK. If a key escrow system is in fact purely voluntary, who cares? I, for one, don't. (Though I often look at "voluntary" systems with an eye toward what I call the "flag day scenario," where a legislative or executive-level "switch" is thrown and what was once voluntary becomes mandatory. I oppose government involvement in infrastructures which could too easily become mandatory.) As various business groups have been reporting (check the archives for many such mentions), there may be various needs for forms of "key deposit" and "key recovery," and corporations often already have them. Typically they involve data warehousing, keys deposited with company lawyers, etc. Many of us keep written descriptions of our cryptographic keys/passphrases in safe deposit boxes, or in sealed envelopes left in the care of friends or family. This is partly to protect against the "I forgot my passphrase" scenario, partly to allow reconstruction of files under various dire circumstances, etc. But these business groups have said clearly they don't want Big Brother holding a master key to their communications and files! And, as nearly all of us (_nearly_ all of us!) have pointed out, repeatedly, whatever the putative need for key recovery is within corporations, there is essentially no need for such a thing for *communications*! The only viable customer for a communications key is someone who has intercepted the communication! Neither the sender, who has the files on his local disk, possibly cryptographically protected under a key that the corporation wants a key recovery program for, nor the receiver, who has the plaintext, or who stores the received file in the same way, are customers for a GAK system that involves the communications channel. So, will government please drop all consideration of "key recovery" for _communications_? (I rather doubt this.)
Governments have devalued currencies many many times in the past without the need of key escrow...key escrow is an independent issue.
Sure, but one of the potential advantages of strong crypto is the oft-discussed "denationalization of money." Leading bankers are beginning to see the light on this. (See, for example, the cover story in "Wired" several months ago, where the blurb was about Walter Wriston "sounding like a cypherpunk.") --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."