Re Big Brother proposal. The "asset forfeiture" mention isn't quite so ominous as suggested: what it seems to say is that the Atty General will procure (i.e. buy) encryption devices for use by law enforcement in their own secure communications (i.e. police radio and computer links), and "the funding to effect this purchase" will come from the "superfund" of money derived from existing asset forfeitures. In other words, smoke a joint, lose your house, and Uncle Sam sells the house to get money to buy more crypto gear for cops. I don't see an implication that crypto gear makers will be facing forfeiture for failing to comply with the "request" to incorporate key escrow. It appears that this is directed at first to establish the use of key escrow in government-related communications: "federal communications systems that process sensitive but unclassified information." So for instance, Ollie North's memos would be recoverable, and so on. But the real risk is that it will spread out to encompass any facility receiving government funding or contracts, i.e. the universities; and from there, widen so as to restrict other types of crypto from being used at those sites. So far it doesn't seem to restrict crypto on private microcomputers, though a widely accepted standard could eventually be written into law. The proposal specifically says it will allow other manufacturers to develop other approaches to key escrow systems. I think what the long-term plan might be, is to win acceptance for the idea of key escrow, and then require it. This isn't exactly a backdoor into your hardware; what it would allow would be for instance NSA to get your key and then read your communications as they occur. So your local hardware isn't storing anything in a different way or being remotely accessed or triggered, but your key is available elsewhere, at some approved facility. Now I'm guessing here, but what I think the way the crypto part of this has to work, is with a "device-specific" key and a "session"-type of key; where the first is what is escrowed, and the second is user-variable. Both are required to decrypt messages, and recovery of the second key would be relatively straightforward. Now you buy a modem or whatever, and it has a crypto chip in it, with a device-specific key that is registered along with the serial number of the device. So your purchase record has that serial number on it, and that's used to track the device key, which of course has been escrowed by the manufacturer before shipping the modem out. This would suggest that device keys would be relatively hard to crack, and therefore that some improvement in privacy would be possible by simply swapping the key chip in the device; and this would be easy enough with a black market in key escrow chips. In the mean time, from our end of it, someone oughta start working on steganography FAST. Spread spectrum designs are feasible. Slow is okay; the goal being to do anything that will render key escrow obsolete by making it impossible to tell when ciphertext (or for that matter any kind of data) is being sent. -gg