At 04:22 PM 12/13/95 -0600, you wrote:

...

The term "voluntary" implies (!) that people don't have to do something, right? If that's really the case, then the escrow agent should have no obligation to do what is called "voluntary."

Voluntary GAK means the system is voluntary for the USERS, not for the ESCROW AGENTS. What is the point of certifying escrow agents if they can still thumb their noses at the LEAs?

I disagree. The issue is one that might be called "standing." Who, exactly, is responsible to whom in such an arrangement. Let's suppose key escrow (for keys for non-exported encryption devices) is REALLY VOLUNTARY. In that case, the escrow agent's only legal responsibility is to the owner of the encryption device. The government isn't a party to this voluntary arrangement, and thus hasn't a complaint if the escrow agent refuses to comply. I could, for example, enter into a voluntary arrangement with an escrow agent so that he would be obligated to erase the key no more nor less than 5 days after he received it. If he did so 1 day after, and I needed the key, he would have breached his obligation to ME, but not to the government. Likewise, if he failed to erase the key, he would likewise be breaching his agreement with me. Unfortunately, I think you've fallen into the too-common trap of assuming that the government can insist, unilaterally, on people's behavior even absent laws which specifically require or prohibit specific performance.

The proposal is talking about throwing CERTIFIED ESCROW AGENTS in jail for not complying with the authorities and has absolutely nothing to do with users like you.

But you haven't established that an "escrow agent" has any duty to the government.

I don't see how a system where you don't have to register your keys but the escrow agents can be imprisoned for not releasing a key in their possession is any less voluntary to you.

It _is_ less voluntary, because it interferes with my right to escrow my key with an organization that is willing to take the dispute to arbitrary levels of uncooperativeness with the government. I might insist, for example, that the organization only store the key outside the country (beyond the reach of US Courts) and require MY PERMISSION for them to release it to the government. I might also insist that they further encode the key so that only an independent foreign organization (out of reach of US courts) could provide the key to decrypt it. If key escrow is REALLY REALLY REALLY "voluntary", then such arbitrary restrictions should be do-able.

Certainly the whole escrow thing is a sham and it couldn't possibly work if it were really voluntary (witness the documents FOIA'ed from the FBI...).

Yes but...

We all know that but there isn't anything sinister in the escrow agent requirement for releasing keys under penalty of law

Yes, there is. I STILL refuse to accept the idea that a "key escrow agent" (if he's keeping a VOLUNTARILY escrowed key, one not for export) must automatically be considered to be subject to the whim of government orders.

Believe me, if we continue to have voluntary GAK with no escrow agent requirements or certification when (if?) Mandatory GAK comes down the escrow agent certification and penalties will most definitely be part of the deal. So I wouldn't worry about quibbling over the voluntaryness just because of the proposed escrow agent requirements.

Here's why you're wrong. The government wants us to accept an arrangement they've described as "voluntary." (Naturally, we will refuse.) It is better to be able to show that we're refusing BECAUSE THEY'RE LYING about the "voluntaryness" of the system, because that makes us appear reasonable (which we are) and them appear unreasonable (which they are.) Playing along with their their assertion that the system is "voluntary" would make it look like it is we who are being unreasonable. So the position I'll take is this: "You claim you are willing to accept that the system be 'voluntary.' Okay, the only thing I'll tolerate is one which has the maximum number of 'voluntary' aspects. Anything less and you're lying." I'd insist, for example, on the unfettered ability to turn off the key escrow "feature" on the telephone (with a switch on the side, labelled "Good encryption vs. Big Brother's listening". I'd insist on its ability to talk to other telephones which have to corresponsing key escrow. Etc, etc, etc. If they resist, we can then say, "Oh, you must have been LYING about this system being voluntary! SO what else are you lying about?!? I think you're being unreasonable, so I have no intention of complying with ANY of your requests, however reasonable they may appear to be on the surface, because I cannot trust you!" And _THAT_ would obviously be a reasonable position. The key, however, is that we must expose the lying, and to do that we must use whatever inconsistencies we can. This is not "quibbling": It is establishing the credibility (or lack of it) of THE ENEMY.