[...]
* The potential risks of the proposal have not been assessed and many questions about the implementation remain unanswered. The NIST notice states that the current proposal "does not include identification of key escrow agents who will hold the keys for the key escrow microcircuits or the procedures for access to the keys." The key escrow configuration may also create a dangerous vulnerability in a communications network. The risks of misuse of this feature should be weighed against any perceived benefit.
o Escrow agents will certainly be subject to attacks, especially by other foreign powers with national-level budgets (for example, Britain, France, Israel, Japan, Russia, etc., or multi-nationals), *and/or* by talented crackers, or cracker-consortia, such as might found be on the cypher-punks mailing list :) :) . At best, publishing the results of successful attacks (say, on alt.whistleblowers) might have the positive benefit of eventually dooming the system as a bad idea from the start, at the expense of those who chose to use the system (evolution in action, I guess), and the taxpayers (who pay for implentation & deployment). That's doing it the hard way, though. o Social/political-change organizations using the Clipper system for their internal communications would be especially vulnerable to COINTELPRO-style attacks. [...]
* The NIST proposal states that the escrow agents will provide the key components to a government agency that "properly demonstrates legal authorization to conduct electronic surveillance of communications which are encrypted." The crucial term "legal authorization" has not been defined. The vagueness of the term "legal authorization" leaves open the possibility that court- issued warrants may not be required in some circumstances. This issue must be squarely addressed and clarified.
o Typically, "legal authorizations" operate over a constrained period of time. Once that time period is over, the authorization is supposed to go away. However, there's no provision for the released key components to go away. In effect, once key components are released, the corresponding user hardware is *permanently* compromised. It's pretty likely that released key components would find their way to such private cop-agencies as Wackenhut, or LEIU (Law Enforcement Intelligence Unit), which has branches right in the police departments of most major cities. [typically, when "red squads" are ordered to "destroy" their accumulated files, the files generally get transferred to LEIU]. o What guarantees the "duopoly" of the 2 escrow agencies? It's almost certain that somebody will attempt to "mirror" them, whether "legitimately" (CIA, say) or illegitimately, overtly or covertly. Again, look for LEIU here.
* Adoption of the proposed key escrow standard may have an adverse impact upon the ability of U.S. manufacturers to market cryptographic products abroad. It is unlikely that non-U.S. users would purchase communication security products to which the U.S. government holds keys.
Maybe they can get the UN in on the deal: UNESCROW-A and UNESCROW-B! hee, hee --kurt@grogatch.seaslug.org (Kurt Cockrum)