Cypherpunks, I agree with Arthur Abraham that we ought to first make our arguments in public and not preach to the converted here on this list. Unless the ideas presented are Cypherpunks-related. In this spirit, here's something I wrote about the consequences of key escrow. Newsgroups: sci.crypt,alt.security,comp.org.eff.talk,comp.security.misc,comp.org.acm,comp.org.ieee From: tcmay@netcom.com (Timothy C. May) Subject: Re: Once tapped, your code is no good any more. Date: Sat, 17 Apr 1993 04:53:55 GMT Brad Templeton (brad@clarinet.com) wrote: : It occurs to me that if they get a wiretap order on you, and the escrow : houses release your code to the cops, your code is now no longer secure. : : It's in the hands of cops, and while I am sure most of the time they are : good, their security will not be as good as the escrow houses. : : : What this effectively means is that if they perform a wiretap on you, : at the end of the wiretap, they should be obligated to inform you that : a tap was performed, and replace (for free) the clipper chip in your : cellular phone so that it is once again a code known only to the : escrow houses. Getting the court order to reveal the key *also* makes decipherable all *past* conversations (which may be on tape, or disk, or whatver), as I understand the proposal. I could be wrong, but I've seen no mention of "session keys" being the escrowed entities. As the EFF noted, this raises further issues about the fruits of one bust leading to incrimination in other areas. But is it any worse than the current unsecure system? It becomes much worse, of course, if the government then uses this "Clinton Clipper" to argue for restrictions on unapproved encryption. (This is the main concern of most of us, I think. The camel's nose in the tent, etc.) And it may also become much worse if the ostensible security is increased, thus allowing greater access to "central office" records by the government (the conversations being encrypted, who will object to letting the government have access to them, perhaps even automatically archiving large fractions...). This was one of the main objections to the S.266 proposal, that it would force telecom suppliers to provide easy access for the government. One the government has had access to months or years of your encrypted conversations, now all it takes is one misstep, one violation that gets them the paperwork needed to decrypt *all* of them! Do we want anyone to have this kind of power? -Tim May, whose sig block may get him busted in the New Regime -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available.