From: tcmay@netcom.com (Timothy C. May) Subject: Government-Controlled Trust Hierarchies Date: Wed, 27 Jul 1994 11:44:13 -0700 (PDT)
(* A note of confusion. I don't see how the schemes described by Matt Blaze, Carl Ellison, and others here, in which groups of communicants agree on a mutual escrow agent can work. For example, suppose a bunch ^^^^ of say, "OK, we'll play your silly game. We'll use your software, but our "escrow agents" will be "cypherpunks.nil" and "bitbucket.void," both of which consign all incoming keys to oblivion. Whutja gonna do now?" This makes the escrow agents a charade, unless of course there are laws regulating escrow agents!)
What means "work" ? If by this you mean "work to provide surveillance agents with citizens' keys" then of course it doesn't. Should that surprise you (that I would talk about a system which doesn't give the TLAs any access)? If I have 3 escrow agents -- Alice, Bob and Carol -- and they're friends of mine in different parts of the country, don't know each other, ..., then when I forget a password for some encrypted file, I can take the ID# of that file (in its LEAF-equivalent) and send a request to each of my friends for key pieces for that ID #. I've achieved backup of my own encryption keys against failure of my memory. If there's data my survivors should have, I list the escrow agents for that data in my will. If there's data which should die with me, I don't escrow its key(s). (I had used Curve Encrypt the other month and forgotten the password -- went a whole month before I remembered it. This isn't academic to me.) To me, this works. But don't let me dampen the inspection of SKE. Just having the machinery in place (as someone pointed out a day or two ago) makes it easier for the gov't to come along and demand to be the escrow agents:: "Why burden your friends with that duty? Why concern yourself with how to get to your keys. We'll keep them for you. We'll be on-line 24 hours a day, seven days a week. We'll be true *escrow* sites -- keeping keys which you can get to yourself. Of course, we'll also be law-abiding citizens (officers of the court?) and respond to any court orders. So should your friends, by the way, if you use them as escrow agents...." :-( The only real answer is (to me): 1. demand free export of public-domain crypto (anything published: RSA, DES, IDEA, FEAL, transposition, substitution, Hill, Vernam, etc., and any combination of those) 2. write good code (aimed at the naive user, with good Windows or Mac GUI) including strong crypto without gov't access to keys and sell it, share it or give it away. 3. make sure that the Congress acknowledges that private citizens have invented, distributed and used strong crypto (as strong as the military of the time) for 4000 years (cf., Kahn) and hasn't given keys to the gov't -- and shouldn't ever do so. 4. drive home the point (also cf. Kahn) that criminals have invented and used strong crypto in the past (hiring their own cryptographers) so that this is not a new danger and therefore doesn't need new drastic action. - Carl