On Tue, 26 Jul 1994, Timothy C. May wrote:
Here's the rub:
* Suppose the various software vendors are "incentivized" to include this in upcoming releases. For example, in 30 million copies of Microsoft's "Chicago" (Windows 4.0) that will hit the streets early in '95 (betas are being used today by many).
* This solves the "infrastructure" or "fax effect" problem--key escrow gets widely deployed, in a way that Clipper was apparently never going to be (did any of you know _anybody_ planning to buy a "Surety" phone?).
(Why would _anyone_ ever use a voluntary key escrow system? Lots of reasons, which is why I don't condemn key escrow automatically. Partners in a business may want access under the right circumstances to files. Corporations may want corporate encryption accessible under emergencyy circumstances (e.g., Accounting and Legal are escrow agencies). And individuals who forget their keys--which happens all the time--may want the emergency option of asking their friends who agreed to hold the key escrow stuff to help them. Lots of other reasons. And lots of chances for abuse, independent of mandatory key escrow.)
But there are extreme dangers in having the infrastructure of a software key escrow system widely deployed.
I can't see how a widely-deployed (e.g., all copies of Chicago, etc.) "voluntary key escrow" system would remain voluntary for long. It looks to me that the strategy is to get the infrastructure widely deployed with no mention of a government role, and then to bring the government in as a key holder.
I was the one who posted the Dorothy Denning "trial balloon" stuff to sci.crypt, in October of 1992, six months before it all became real with the announcement of Clipper. This generated more than a thousand postings, not all of them useful (:-}), and helped prepare us for the shock of the Clipper proposal the following April.
I see this software-based key escrow the same way. Time to start
I was just reading through my mail when it hit me. If the NSA and the FBI want to put their software based key-escrow systems into software like Chicago, why don't we create pamphlets to send out to businesses and the people of the United States. In the pamphlet, there is a little glossary for some of the terms and acronyms used and explanation of the Govt. would like to do with Clipper Chip and YOUR phones and computers. Or we could try another route. Most radio stations and TV stations give groups free air time for public service anouncements. We could create videos about what we are talking about to make the public aware.... Aaron