FW: No SKE in Daytona and other goodies
From: Timothy C. May "If Microsoft has never met with NIST/NSA or Denning or TIS on this matter, and was only pursuing SKE research on its own initiative, without any incentives or threats from the government, then I will withdraw my speculations and cheer Microsoft on." ................................................... And then you can say: Blanc was right all along; I really had nothing to worry about. Signed: Tim C May "We need to see a public debate on software key escrow, regardless of Microsoft's involvement one way or another. And we shouldn't wait until the press conference is held to announce the program!" ....................................................... I would like to see more explanations on key escrow, myself. To me, the issue is control: who gets it, who excercises it, who will try to prevent an individual from their right to exert it. How does the mere existence of a system of key escrow necessitate that no one will ever again have the means to secure their privacy? I do understand the difference in the situation of an individual in a corporate environment using a given software environment, vs the individual at home with their own pc trying to access the internet & send email. But you all write code: you have ideas on how to deal with this, right? Do you think that having created a means to an end, that it will be impossible to retain ownership and control of it? In the present political atmosphere, there are many ownership issues being threated. The government's position is to take away the means to an end, thereby preventing the whole problem of having to think about who has the right to use it or not. Do you think that preventing companies from implementing their own key escrow schemes, this will eliminate the problem of having to fight with the government over the keys? Blanc
Blanc Weber wrote:
From: Timothy C. May
"If Microsoft has never met with NIST/NSA or Denning or TIS on this matter, and was only pursuing SKE research on its own initiative, without any incentives or threats from the government, then I will withdraw my speculations and cheer Microsoft on." ...................................................
And then you can say: Blanc was right all along; I really had nothing to worry about. Signed: Tim C May
No, I obviously won't sign that ;-}. First, Blanc has said many things, even expressing her own concerns about the implications of SKE, so this statement is overly broad. Second, "I really had nothing to worry about" is under no circumstances true. But my main point here will be to comment on the *infrastructure* that SKE implies, and whey even a "voluntary" system is worrisome.
I would like to see more explanations on key escrow, myself. To me, the issue is control: who gets it, who excercises it, who will try to prevent an individual from their right to exert it.
Yes, more debate is needed. I've seen essentially no mention of it in the press, though I understand some articles will soon be coming. For an idea with such ramifications, with a conference of international scope, and with folks withing software companies already briefed on this new idea, I'd say it's high time to get the public debate started.
How does the mere existence of a system of key escrow necessitate that no one will ever again have the means to secure their privacy? I do understand the difference in the situation of an individual in a corporate environment using a given software environment, vs the individual at home with their own pc trying to access the internet & send email.
"Key escrow" does not automatically imply loss of privacy. For example, I have a diskette containing my keys which I store off-site, to protect myself from loss of my computer. Likewise, I could deposit copies of keys, or cryptosplit files, with a lawyer, a key escrow service, etc. Ditto inside corporations. But what is the reason of the involvement of "law enforcement" and the "intelligence community" in this matter? I refer you all to the upcoming conference agenda, the involvement of NIST/NSA, TIS, Denning, and FBI Director Louis Freeh. Look at the papers being presented at the conference. Any questions?
Do you think that having created a means to an end, that it will be impossible to retain ownership and control of it? In the present political atmosphere, there are many ownership issues being threated. The government's position is to take away the means to an end, thereby preventing the whole problem of having to think about who has the right to use it or not.
That's a good point. The government apparently wants to limit the free and personal use of crypto, to create a SKE system where Clipper failed. I am certainly not alone in drawing this conclusion. Vague statements about it all being voluntary are hardly consistent with the involvement of law enforcement, other intelligence agencies, the export control folks, and the police and intelligence agencies of other nations. (Some Cyperpunks get very indignant when the issues of gun control and crypto are linked, but this is an obvious case of strong parallels. Those that know about gun registration, limits on ammunition sales, licensing, etc., will already know about the parallels. Those that don't are probably not gun rights advocates, so they won't be persuaded.)
Do you think that preventing companies from implementing their own key escrow schemes, this will eliminate the problem of having to fight with the government over the keys?
I don't proprose to "prevent" any company from exploring key escrow. I just don't see why law enforcement, intelligence agencies, etc. have anything to do with this, and I am very worried by the arguments I hear about "legitimate needs of law enforcement" and "export laws." If Microsoft or Novell or Apple wishes to offer products that support easy use of software key escrow, fine. It's a dangerous temptation to government to take their voluntary systems and make them mandatory (as I suspect is the goal, soon enough), but I would not try to use the law to stop them. I might try to use public pressure, but I'd have to wait and see what their scheme looked like. Any hint that the systems used were developed with government backing, with "incentivization," or with protocols especially suited for eventual mandatory use, would of course change everything....then I would favor doing more. We're in a new kind of situation. Technologies are no longer just "free market" issues, they often get developed with government inputs, with collusion with other companies (where the government sanctions and even encourages this collusion), and where the infrastructure of a police state is possibly being deployed. So let's be vigilant. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."
participants (2)
-
Blanc Weber -
tcmay@netcom.com