At 08:48 PM 12/14/95 -0500, you wrote:
jim bell writes:
It _is_ less voluntary, because it interferes with my right to escrow my key with an organization that is willing to take the dispute to arbitrary levels of uncooperativeness with the government. I might insist, for example, that the organization only store the key outside the country (beyond the reach of US Courts) and require MY PERMISSION for them to release it to the government. I might also insist that they further encode the key so that only an independent foreign organization (out of reach of US courts) could provide the key to decrypt it.
If key escrow is REALLY REALLY REALLY "voluntary", then such arbitrary restrictions should be do-able.
Unless I've missed something large, you can have an _uncertified_ key escrow agent store your keys in Fidel Castro's beard, and only release them with written permission from your goldfish.
Whether or not you use a certified key escrow agency would remain your choice, AFAIK.
I'm not expressing support for the certification standards that have been presented. But I don't consider it cause for great alarm that the USG wants to play in the escrow agent rating bureau business.
Here's the problem: "Clipper" ALREADY isn't "voluntary," because the public has already been forced to pay for its development via stolen tax dollars. At least hypothetically, the government could misuse its discretion even further to push a Clipper-like solution, in order to skew the market against the adoption of good encryption. Follow me so far? They could go as far as to subsidize Clipper-installed telephones, making them cost &50 at your local discount store, competitive with non-crypto phones. Okay, I presume that the company that makes Clipper chips (VLSI Technology) must ultimately sell them, UNPROGRAMMED, to manufacturers who are to build those telephones. I see a business opportunity to act as a VOLUNTARY escrow agent, but one that only agrees to keep the keys for the chips for "30 feet or 30 seconds." In other words, build (or modify) Clipper-type telephones with chips that are ostensibly escrowed, but due to the agreement with the end user the keys will be erased. (Or, the keys will be kept encrypted, unbreakably, with the "key to the key" given to the end user, who will presumably burn it on receipt.) What I _DON'T_ want to see happen is for the USG to be able to refuse escrow-agent status to an organization which is actively hostile to the concept of key escrow, an organization which is willing to work with end-users to thwart the USG's access to products which (due to the fact they were never exported) do not fall under any ITAR-type regulations.