At 6:37 AM 7/15/96, Bill Frantz wrote:

At 2:05 PM 7/13/96 +0000, Deranged Mutant wrote:

...

Or what if some terrorist was using keys escrowed in a country that sponsered terrorist acts?

Deranged Mutant is absolutely right. There are about 150 (or so) governments in the world. When people talk about making keys available to government (or law enforcement), always ask, "Which governments can access these keys?" If I were a non-French corporation, I would feel distinctly nervous if the answer included France. (There are a number of other countries where the security services have also been suspected of engaging in industrial espionage.)

There are some interesting "public relations" stunts we can use to undermine support for the concept of GAK: * Announce in corporate press releases (for some Cypherpunkish company?) that "As per the laws of the Libyan Arab Jamahiriya, we have provided Col. Qaddaffi's Office of People's Security with our encryption keys for all communications passing into, out of, or over Libyan soil." (This would likely horrify the U.S. security establishment, were it to be actually true. But it is of course essentially symmetrical with the fear those in Germany, India, Iraq, etc. would have if told to deposit copies of their keys with the U.S. National Security Agency or any other "trusted third party" mandated.) (I can't resist another aside. Sorry. In addition to the abuse of the English language with using "escrow" in this warped sense, we now have "trusted third party" used in a warped sense. "We're not saying _you_ trust them, we're saying the NSA trusts them.") * "The U.S. has designated J. P. Morgan and Company as a Designated Trusted Authority for the deposit of encryption keys for Jewish persons wishing to communicate in primarily Islamic countries." (Making the point that any international key escrow scheme which complies with various nation's laws must collide with American values about such things. In many Arab countries, Jews are restricted in various ways. Do we want the government of the U.S. participating in such restrictions? And what about the Arab boycott? It may be in decline now, but not with all countries.) * "The United States Office of Communications Security has turned over to the government of Singapore a list of all persons suspected of circumventing Singaporan law regarding encryption." (ObNazi Reference: One can imagine how a GAK program would've worked during the Third Reich. Not only would communications have been read, regardless of the supposed legal protections, but GAK would have been used to compile contact lists of people to be rounded up. Sort of the way the U.S. government violated the laws about the U.S. Census to illegally use census records to locate "Japs" for assignment to concentration camps.) And so forth, concentrating on the essentially intractable problem of how to "escrow" keys with foreign governments imimical to Western values. (The crypto literature, esp. the Proceedings of the Crypto Conference, circa the mid-80s, refers to this as the "rogue government" problem, esp. with regard to the issuance of false "is-a-person" credentials. That is, suppose a Global Identification Infrastructure (GII) is implemented, consistent with Global Government Access to Keys (GGAK). What about some countries, whether they be the Free Republic of Libertaria or the Libyan Arab Jamahiriya, who either refuse to play along or who subvert the system with false information? What if the United States itself issues false identities to its secret agents, its informants, and its 60,000+ people in the so-called Witness Security program?) There are other aspects of GAK which also collide with basic values. For example, consider several classes of communications we consider "privileged": -- attorney-client discussions, in person or over phone lines. -- doctor-patient discussions -- psychiatrist--patient discussions -- priest--penitent confessions Are the computer communications (likely in the future to increase, even if not common now) of these groups to be GAKked? Even with "safeguards," the priest--penitent relationship will be forever compromised, with neither side knowing whether some secret policemen is listening. These are not new issues; we talked about them several years ago. But now that GAK is being discussed again.... --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."