John Gilmore wrote an excellent description of GAK 3 (aka Clipper III, aka Enabling Privacy, Commerce, Security and Public Safety in the Global Information Infrastructure). Here are a couple of other points that even the proponents of this scheme should agree to: (1) GAK3 does not provide for the significant public purpose of protecting dissident groups under repressive regimes. Human rights groups in Bosina/Serbia have used PGP to protect their files. Since their computers have been frequently seized, the only protection for those people who have made human rights complaints has been that the local government has not had access to the keys. (2) The paper fails to differentiate between the needs of communication privacy and data storage privacy. No rational person would want to GAK their communication keys. Data lost because keys are lost can always be retransmitted. Since communications are easy to intercept, having a long term GAK key greatly increases the chances that the long term key will be stolen and the session keys intercepted. Communication session keys should be decided by techniques such as Diffie Hellman which ensure that the only entities with access to the key are the programs/hardware at each end of the link. A better case for escrowing long term data storage keys can be made. Physical security provides some protection for the cyphertext. Loss of a key can mean loss of the data. However, it is not clear why encrypting for data storage is any different from storing confidential data in a safe. If the government has a legitimate need to access the data, they can access it through the same legal processes they use to access data in safes. While long term data storage can use escrow agents, it does not need GAK for any legal public purpose. ------------------------------------------------------------------------ Bill Frantz | The CDA means | Periwinkle -- Computer Consulting (408)356-8506 | lost jobs and | 16345 Englewood Ave. frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA