Timothy C. May <tcmay@netcom.com> wrote:
A "voluntary" software key escrow system is of course OK (useful for people afraid of forgetting their keys, for companies that don't want the death of employees to cut them off from corporate secrets, etc.). But any system in which the escrow key holders are *not* freely selectable from a list one generates one's self (where the agents may be the company lawyer, one's mother, one's priest, the bit bucket, the machine down the hall, or nothing at all, etc.) is *not voluntary*.
"To amend the National Institute of Standards and Technology Act to provide for the establishment and management of voluntary encryption standards to protect the privacy and security of electronic information, and for other purposes." ~~~~~~~~~~~~~~
Government-ese for "here, bend over this barrel".
Then in the Findings and Purposes section it starts to get at the crux of the real agenda:
"(2) The proliferation of communications and information technology has made it increasingly difficult for the government to obtain and interpret, in a timely manner, electronic information that is necessary to provide for public safety and national security."
~~~~~~~~~~~~~~~~~ Grab your vaseline,
This primary agenda is restated in the Requirements subsection under Federal Encryption Standards:
"(C) shall contribute to public safety and national security;
big dude named "Bubba" and his frinds are gonna pay you a conjugal visit;
(E) shall preserve the functional ability of the government to interpret, in a timely manner, electronic information that has been obtained pursuant to an electronic surveillance permitted by law;
no condom.
(F) may be implemented in software, firmware, hardware, or any combination thereof; and
Assume the position,
(G) shall include a validation program to determine the extent to which such standards have been implemented in conformance with the requirements set forth in this paragraph."
and *smile*.
Later on, in the Definitions section, the term "electronic information" for the purposes of the legislation is defined in what I find to be an ominously expansive way:
"(8) The term 'electronic information' means the content, source, or destination of any information in any electronic form and in any medium which has not been specifically authorized by a Federal statute or an Executive Order to be kept secret in the interest of national defense or foreign policy and which is stored, processed, transmitted or otherwise communicated, domestically or internationally, in an electronic communications system..."
Oh, yeah - you get charged barrel rent, too. - - - - - - - - - - - - - - - - - - - - - - - - - - Finger merriman@metronet.com for PGP/RIPEM public keys and fingerprints. Unencrypted Email may be ignored without notice to sender. PGP preferred. Remember: It is not enough to _obey_ Big Brother; you must also learn to *love* Big Brother.