At 12:18 AM 7/15/96, Dave Banisar wrote:
Its now up at http://www.epic.org/crypto/key_escrow/wh_cke_796.html
Thanks. I took an initial look, and it looks like the same old stuff. The report speaks of an "emerging consensus" (for key escrow). I see just the opposite, unless the report is speaking only of the U.S. intelligence and law enforcement community and its foreign counterparts. Business has made it clear (cf. the several recent reports) that it is opposed to the Administration's plan, and that if a market for some form of key escrow exists (as it certainly does, in specific contexts), that the market can supply the solution. And certainly the civil liberties groups and groups such as ourselves are not part of this "emerging consensus." Ditto for the "average man in the street," as evidenced by opinion polls (I recall 80% opposition reported by one of the newsweeklies, but don't quote me), by anecdotal reports (e.g., Zimmermann's tale of his discussions), and by opposition to Clipper I, Clipper II, and now Clipper III. A bunch of Congressmen, including the axis supporting the Burns bill, obviously are not part of this emerging consensus. The National Research Council report made it clear that a distinguished panel of cryptographers, computer scientists, and policy professionals did not think key escrow is desirable. And the hundreds of folks in attendance at recent SAFE and NRC travelling roadshows were obviously not in support of key escrow. Business, civil liberties groups, professional organizations, and most Net people are opposed to the Administration's key ecrow proposals (such as they are understood to be, in Clipper I/II/III). So, who is in this "emerging consensus"? Moving on to the wisdom of imposing a government solution to what either is or is not a market need, there is great danger in deploying even a nominally (at this time) "voluntary standard." This is a danger many of us have felt for years to be the main danger of nominally (and ostensibly) "voluntary" systems. Imagine a voluntary system supported and funded by the government, using its power to limit exports and to "jawbone" foreign governments. (No time here to examine the obvious issues--cf. the archives for many explications over the past several years.) Once widely deployed, and perhaps mandatory in countries like France, Singapore, Iraq, and the like, it would take very little more to simply pass a law restricting the non-escrowed alternative in the U.S. (Sure, such a law might be unconstitutional, for the reasons we so often discuss. Sure, there are many circumventions possible. Sure. The point is not to rehash these points again but to indicate why Cypherpunks and civil libertarians should NOT support any plan, even a "voluntary" plan, that puts such power to set standards in the hands of the government. Even a "signed promise" is not enough, given the dangers of "flipping a switch.") Is this a plausible scenario, though? Well, were I in the LEA/TLA community, this is what my fallback plan would probably be. Realizing that a full-frontal ban on strong crypto, or crypto without backdoors, would not fly at this time (unless Oklahoma II happens, in which case all bets are off), and realizing that the plans for Clippers I, II, and III have been fizzling, I would push for a relatively harmless-sounding "voluntary key escrow" plan. I would push hard on Netscape, Microsoft, Novell, Sun, Apple, and the other companies (but mainly on Netscape and MS, for obvious reasons) to bundle in "trusted third parties" and all that GAK stuff. Bundle it in, make it easy to use, make it easy to export, make it easy to spread in crypto-hostile countries, and hope like hell that it undermines the push for PGP and S/MIME. I would work closely with Mossad, GCHQ, SDECE, Chobetsu, Savak, and all the other secret policemen of the world to make sure that while America might remain an "island of strong crypto" for a while at least, that the same could not be said of other countries. That is, I would work to help them limit crypto use in their own countries to GAK-only forms. (Those pesky survivalists, militia members, and ACLU folks in America could keep using their Bass-o-matic and PGP tools, but most of the rest of the world would be mostly limited to GAK and New World Order software.) Then, in about 2002 or so, depending on how many more serious terrorist incidents have occurred, I would drop the hammer on strong crypto. Maybe an Executive Order, maybe a state of national emergency, maybe a liberal interpretation of the commerce clause, maybe an Act of Congress.... Once a New World Order-approved GAK system is widely deployed, outlawing of "rogue cryptography" in the U.S. is more manageable. That's what I would do. (But not being on that side of the ideological fence, I will instead fight GAK as I always have. And I will not be fooled by talk of how "Americans will always be free any form of cryptography." Not when those same reports from the Administration, and the testimony of Louis Freeh, etc., is in the same breath taling about the need to stop pornographers from encrypting their files, and so forth. Do they think we're stupid?) Don't be fooled. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."