Carl Ellison wrote:
if you really want to propose an escrow system we can live with, I would demand that it include:
1. unambiguous ID of the person being tapped in the LEAF-equivalent 2. multiple escrow agencies, at least one of which is the NSA HQ (for its superior physical security) 3. watchdogs as escrow agents (e.g., ACLU, Rep & Dem parties, CPSR, EFF, NYTimes, ...) with authorization to look for abuses of authority and to refuse to release keys in such cases and to publicize such cases as well as bringing them to the attention of law enforcement for prosecution. 4. user-generated escrow keys, to reduce the chance of anyone having a backdoor way to get the whole escrow key database.
I think you missed one important condition: 5. Make it optional, with no strings attached. Furthermore, make the system designed so that the "default" option is no key escrow. In other words, the government would have to get permission for key escrow. Condition 5 would of course not apply to government employees. Nor would it apply to the office communication equipment inside the more "paranoid" business associations. Of course, it would be the company, not government, who would hold the keys, and of course the company should have the choice in deciding whether key escrow is really necessary. Of course, with this extra condition, key escrow seems fairly pointless. :-) But I don't mind. It's not as if I'm exactly looking forward to it Down Under. Peter Murphy.