I spoke to the dangers of this kind of effort at our meeting on Saturday. After some excerpts, I'll explain just why I think this kind of "help" is so dangerous. At 12:59 PM -0700 9/15/97, Michael Wilson wrote:

Given that the U.S. and E.U. governments seem to be moving toward a policy of key escrow/recovery, 7Pillars Partners is starting a team effort to demonstrate the practical problems in implementing such a system. The plan is to have the team block out the probable design of the infrastructure, with as many of the options available outlined and discussed (e.g., 'escrow' itself--will a copy of the secret key need to be sent to the escrow agent, will it be created by the agent and assigned to the device, will the method be the use of two receiver keys (one packet to the intended party, one to the escrow agent), will the method be to implement a 'back door' into the cryptosystem itself), and then a thorough expansion on all possible methods of attack on the various elements of the infrastructure (denial, flooding, espionage, etc.).

First, it is very unlikely that finding theoretical weaknesses in a confabulated scenario will be at all convincing to the supporters of GAK. For several reasons. Theoretical "what if" scenarios tend not be be convincing to anyone, and are easily dismissed. Second, in contrast to the Clipper/Tessera thing, which was pretty exhaustively mapped out (with the LEAF stuff, the Mykotronx implementation, the plans for a mechanism to release keys, etc.), the latest GAK plan is vague and insubstantial. Essentially nothing has come out on how it might work. This makes speculation about weaknesses almost pointless. Third, the *danger* is that industry and consultants will work so hard to find flaws that they essentially _do some of the work_ in helping to build a semi-viable GAK system! One is reminded of the joke about the engineer being guillotined. The blade won't fall. So the engineer looks up, thinks a moment, and says "I think I see the problem...."

The intent of this project is two-fold: it will provide a practical guide that I hope will demonstrate that any key escrow/recovery system and infrastructure, no matter how secure/safe, will fall to attack; if such a system does end up being implemented and come into operation, the analysis will serve as a first-approximation guide for resistance.

You're assuming what you're trying to prove. This does not bode well for your "study" being taken seriously by GAK supporters. If I were Louis Freeh or Diane Feinstein, I'd merely point to these words. And GAK might actually work. This would still not be a reason to support it, just as a "ban on typewriters" actually most worked (in terms of State objectives) in the U.S.S.R., and just as a ban on Internet access in China is even now "working." The attack on GAK should mostly be on civil liberties grounds, and only secondarily on risks (to commerce, to privacy, to national security). And then only tertiarily on how efficient and workable it is.

We could use a solid outside cryptographer, as well as an attorney to work through the probable legal elements involved in the system.

Interest in being on the team should be indicated to: Michael Wilson, 5514706@mcimail.com or partners@7pillars.com

Well, a meta-issue is that the several communities already critiquing facets of this plan (such as Cypherpunks, Cyberia-l, Fight Censorship, CDT, Americans for a Secure Tomorrow, EPIC, Privacy International, the ACLU, etc.) are likelier to come up with far more attacks, criticisms, etc., than is a small effort like "7 Pillars" could possibly mount. Granted, the set of comments already rolling in, and expected over the next year, from these groups is "informal." But there is no "formal" GAK system in place. We don't have the foggiest if the GAK is to involve something so simple as requiring spare keys be escrowed, or some variant of the LEAF thing, or some multiparty key sharing strategy, or even aptical foddering of the keys. We just don't know. I'm not trying to undermine the efforts of "7 Pillars." I just don't see the point, and I see some serious dangers if such an effort helped the government to shape a more "efficient" approach! --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."