GAK4 is technically inaccurate but very good metaphor by which to consider this proposal. I believe this is a minor skirmish in the war between civil libertarians and Big Brother with industry playing the role of arms merchant. It is not Government Access to Keys, it is Government Access to Encrypted Data, which for everyones purposes is the same thing. In answer to the question: "Should Cisco and friends be allowed to export this technology?", of course they should. People should be allowed to export whatever they want. Even if you're Big Brother, this proposal enables all the same capabilities as GAK, so there is no reason to oppose it. In answer to the question: "Is this a 'compromise' that addresses the issues of civil libertarians?", not a bit. The devil is in the details, of course, in issues of whether the government can ask the encryption points for copies of the data in real time, in an unaudited fashion, and/or with what kind of "trusted third party" intermediaries. But these questions are exactly akin to the details to be worked out with GAK and self-escrow. In answer to the question: "Is there anything at all different between this proposal and GAK?", the answer is some, and the differences might be relevant to some. This proposal is a little better than GAK for law enforcement because it would be easier to use and they tend to be technically unsophisticated. It is a little worse than GAK for the NSA because the extra data flows mean that it is harder to conduct surveillance in a totally undetectable way. It favors some vendors over others because it favors those who want to encrypt at firewalls over those who want to encrypt end-to-end. It might slow overall progress in network security because end-to-end encryption is technically superior (though harder to deploy) and universal firewall to firewall encryption might reduce the demand for it. In answer to the question: "Would approval of this proposal be a good or a bad thing?", the answer is ambiguous for the civil libertarian side. Any time a new thing is allowed to be exported, it increases the flexibility of vendors in crafting solutions and is likely to increase overall security. On the other hand, anything which makes continuation of export controls less in-your-face-painful will decrease pressure to repeal them and therefore may in the long run decrease overall security. And anything which makes it easier to make systems secure against all attackers other than Big Brother brings closer the disasterous day when non-GAK crypto can be outlawed. If you're Big Brother, approval seems to be uniformly a good thing. It garners political points among the unsophisticated as being willing to make "technical compromises". It costs nothing in terms of access. And it may bring closer the glorious day when non-GAK crypto can be outlawed. --Charlie Kaufman