Tim,
From: tcmay@netcom.com (Timothy C. May) Date: Mon, 8 Aug 1994 17:04:09 -0700 (PDT)
Thanks for the quotes.
* This compromise will likely put software key escrow (SKE, or Carl Ellison's "GAK"..."Government Access to Keys") into the software for audio and video teleconferencing, communication, and possibly into the OS itself (as this would be needed to ensure wide coverage of installed machines).
Let me push even harder for use of the term "GAK". Your use of SKE here is not appropriate. "Escrow" is (or at least was) a neutral or positive term -- it's something on the side of the user. GAK is opposed to the user (unless the user is the Gov't, I suppose). The Administration, by using the words "Key Escrow" for GAK, no doubt attempted to sugar coat what they were doing. Thanks to the effort of many people (including us), that bit of sugar coating was washed off for the public to taste what was underneath. However, that combined effort has done damage to the English language. The word "escrow" is no longer neutral or positive. It evokes images of GAK and becomes negative. I agree that SKE (gov't use of "escrow") is potentially more threatening than Clipper/Capstone because it removes the distaste for hardware. But, even though that is something currently on your mind, I wish you would not try to limit my phrase GAK to SKE. By GAK I'm talking about any form of government access to citizens' keys -- hardware, software, rubber hoses, .... That was the son-of-an-English-major speaking. Meanwhile, there are positive uses for salting a master key away. For example, I encrypted a file on my Mac with Curve Encrypt earlier this year and then forgot the password. It took a month to remember it. If I hadn't remembered it, I would have to have written a program to guess passwords (knowing the forms I use). (Fortunately, I remembered it.) It would have been nice to have a key someplace (e.g., split in 3 pieces among 3 friends of mine who don't know each other) which I know I can always get in an emergency. [There's a danger here that those people might not be protected by the 5th Amendment, if the gov't were to learn who they were. ..any lawyers out there?] Several people are working on features like this, not for the gov't. The problem comes that a natural term to use to describe this feature would be "key escrow". However, the gov't has soiled that term. Now, I need a new term, hopefully true to the language to describe a feature like this without calling up images of GAK. --------------------------------------------------
In closing, I reject the point made by Walker, that Americans will accept a "government imposed key escrow if it was established by law."
I do too. However, he might be right, if you take this as a prediction. If the gov't had not tried to pull the Clipper/Capstone crap in the manner it did (half spook, half Madison Avenue), but instead had initiated legislation to get this access, we cypherpunks would have been upset but we might not have gotten 80% of the public on our side. I don't know if the gov't has shot itself in the foot permanently, from the public's point of view. What I hope is immaterial. Walker might be right. The gov't might try it and we might lose. We can't relax in our efforts but we can't get anywhere just talking to recipients of cypherpunks. We have to keep getting the word out. [begin soap box] I also think we need to start writing the code that's needed -- not new ciphers or UNIX hacks to demonstrate feasibilities -- but polished end-user code for the computer-phobic users of Macs or Windows. [end soap box] - Carl