From: Hal Abelson <hal@martigny.ai.mit.edu> Date: Thu, 12 Dec 1996 15:29:25 -0500 To: cypherpunks@toad.com Subject: Whom can you trust with your keys -- government version Reply-to: hal@MIT.EDU

-----BEGIN PGP SIGNED MESSAGE-----

The Commerce Department draft crypto export regulations (see http://www.steptoe.com/commerce.htm) include the following stipulation on Key Recovery Agents:

Evidence of an individual's suitability and trustworthiness [to act as a key recovery agent] shall include:

(i) Information indicating that the individual(s):

(A) Has no criminal convictions of any kind or pending criminal charges of any kind;

(B) Has not breached fiduciary responsibilities (e.g., has not violated any surety or performance bonds); and

(C) Has favorable results of a credit check; or,

(ii) Information that the individual(s) has an active U.S. government security clearance of Secret or higher issued or updated within the last five years.

It's nice to know that we can trust ex-cons, frauds, and deadbeats to hold our keys, provided that they have obtained a Secret clearance.

Sorry, but you're mistaken. There is an implied AND between (i) and (ii), not an OR. Curiously, it looks like I may be eligible to run an GAK service. Peter Trei trei@process.com