At 12:20 PM -0700 7/14/96, Timothy C. May wrote:
At 1:34 PM 7/13/96, Deranged Mutant wrote:
Saw Jamie(?) Gorelick, Dep. Attny Gen. on CSPAN2 talking about needs for key escrow. Emphasized the what if people lose their keys, or someone dies, or if an employee steals company secrets & encrypts them... rather than the usual what if terrorists use crypto line (though she did mention that too).
Guess they're taking a new tack to sell it to the public. A lot of bunkum... (project left to the reader how these can be handled in a non-GAK manner).
And as we all know, having discussed this many times, even if one buys these arguments for the advantages of key escrow, THEY DO NOT APPLY TO COMMUNICATIONS!
That is, imagine Alice and Bob communicating over some channel. Alice has files on her computer. Putatively, if she dies, leave her company, whatever, it is desired to reconstruct these files. Fine. A potential use for key escrow. (If voluntary, of course.)
But what does this have to do with a channel between Alice and Bob? Why should the keys for this channel ever need to be escrowed for the reasons Gorelick cites? After all, Alice has the files she sent stored locally, and Bob presumably has the same files he received.
There is essentially no rationale for escrowing the keys of a transient communication.
The Administration and even cryptologists apologizing for GAK (who ought to know better) are curiously silent on this rebuttal to their claims.
It's not that powerful a rebuttal, since it would require files of e-mail (or their session keys) to be encrypted twice--once with the escrowed storage key and again with the transmission (recipient's) key. And if the message were public key, it would require a re-encryption at the receiving end with the recipient's escrowed storage key to make the recipient's files available to HIS management. Further, it would require everyone to keep two keys since I infer from your position you wouldn't want your public key to be the escrowed one (for transmission security). As you know I do not support mandatory key escrow in the US, but arguments against it need to be robust. Your argument, while not without merit, is weaker than one would like (in that it is susceptible to the mental rebuttal by policymakers that I've outlined above). In my view it isn't the kind of decisive argument that would justify your use of "curiously" silent. David