Re: "Key Escrow" --- the very idea
if you really want to propose an escrow system we can live with, I would demand that it include: 1. unambiguous ID of the person being tapped in the LEAF-equivalent 2. multiple escrow agencies, at least one of which is the NSA HQ (for its superior physical security) 3. watchdogs as escrow agents (e.g., ACLU, Rep & Dem parties, CPSR, EFF, NYTimes, ...) with authorization to look for abuses of authority and to refuse to release keys in such cases and to publicize such cases as well as bringing them to the attention of law enforcement for prosecution. 4. user-generated escrow keys, to reduce the chance of anyone having a backdoor way to get the whole escrow key database.
Carl Ellison wrote:
if you really want to propose an escrow system we can live with, I would demand that it include:
1. unambiguous ID of the person being tapped in the LEAF-equivalent 2. multiple escrow agencies, at least one of which is the NSA HQ (for its superior physical security) 3. watchdogs as escrow agents (e.g., ACLU, Rep & Dem parties, CPSR, EFF, NYTimes, ...) with authorization to look for abuses of authority and to refuse to release keys in such cases and to publicize such cases as well as bringing them to the attention of law enforcement for prosecution. 4. user-generated escrow keys, to reduce the chance of anyone having a backdoor way to get the whole escrow key database.
I think you missed one important condition: 5. Make it optional, with no strings attached. Furthermore, make the system designed so that the "default" option is no key escrow. In other words, the government would have to get permission for key escrow. Condition 5 would of course not apply to government employees. Nor would it apply to the office communication equipment inside the more "paranoid" business associations. Of course, it would be the company, not government, who would hold the keys, and of course the company should have the choice in deciding whether key escrow is really necessary. Of course, with this extra condition, key escrow seems fairly pointless. :-) But I don't mind. It's not as if I'm exactly looking forward to it Down Under. Peter Murphy.
On Fri, 22 Jul 1994, Carl Ellison wrote:
if you really want to propose an escrow system we can live with, I would demand that it include:
1. unambiguous ID of the person being tapped in the LEAF-equivalent 2. multiple escrow agencies, at least one of which is the NSA HQ (for its superior physical security) 3. watchdogs as escrow agents (e.g., ACLU, Rep & Dem parties, CPSR, EFF, NYTimes, ...) with authorization to look for abuses of authority and to refuse to release keys in such cases and to publicize such cases as well as bringing them to the attention of law enforcement for prosecution.
In theory this would be nice, but it just takes a gun to someone's head to say hand it over... Would you risk your life for other people... And once they kill you, it's a matter of searching through the records for it. It's not that safe. I rather my private key not be in escrow at all...
4. user-generated escrow keys, to reduce the chance of anyone having a backdoor way to get the whole escrow key database.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- -=- YABBS - telnet phred.pc.cc.cmu.edu 8888 -=- -=- -=- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
On Fri, 22 Jul 1994, Carl Ellison wrote:
if you really want to propose an escrow system we can live with, I would demand that it include:
[four "features" deleted]
And just who is going to pay for this system? And why should they? And why should anybody else use it when there're so many other alternatives? Heck, for that matter, how are you going to get all users of Norton Encrypt to escrow their DES keys? After all, they might have the disarm codes for their homebuilt nuke encrypted with that. Just say NO to key escrow. b& -- Ben.Goren@asu.edu, Arizona State University School of Music net.proselytizing (write for info): We won! Clipper is dead! But be sure to oppose escrowed keys. Stamp out spamming. Finger ben@tux.music.asu.edu for PGP 2.3a public key.
Carl Ellison says:
if you really want to propose an escrow system we can live with, I would demand that it include:
I cannot conceive of an escrow system I could live with. I respect some of the people broaching the concept, but I object to the very idea. I will no more escrow my communications than I will agree to speak only next to the microphones. Perry
Carl Ellison says:
if you really want to propose an escrow system we can live with, I would demand that it include:
I cannot conceive of an escrow system I could live with. I respect some of the people broaching the concept, but I object to the very idea. I will no more escrow my communications than I will agree to speak only next to the microphones.
Perry
I echo Perry's concern. I hope that the "community" will not get caught up in a game of "help us make key escrow better" and thus get co-opted (as we used to call it) into the system. I'm sure Carl and others are just exploring the intellectual ideas involved, especially as we exchanged personal mail over this topic a few minutes ago, but there is still the danger that all the various ideas will result in this co-opting. In my opinion, the worse danger comes from having the Washington crypto-lobbyists co-opted into a system they can "live with" (as in "we can live with this"). The Administration has probably concluded that they failed to get "buy-ins" from the various influential lobbying groups prior to dropping Clipper on us like a bombshell on that fateful April day in 1993. I'd hate to see EFF, CPSR, and EPIC all "brought into the tent" on this one, having seen how Kapor and others got so enthralled by the Digital Superduperhighway that a bad idea got pushed along more than a little bit by them. But it may be inevitable. We "rejectionists," who reject crypto legislation of nearly any sort, are very poor negotiating partners, as we have nothing to deliver, nothing to make deals with. But like I said in a recent message, we have a stronger hand to play: the widespread deployment of many crypto systems, making regulation of crypto effectively impossible. We may already be at this point, given the "cryptodiversity" (after "biodiversity") of multiple programs, multiple platforms, and many communications paths. And in 2-3 more years, we'll surely be there. If we can stall and sabotage until then, we should be home free. --Tim May (Sorry for using so many buzz phrases, like "buy ins" and "inside the tent"; these are used as shorthand for the bureaucratic mind-set, which has a whole glossary of these phrases.) -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."
I'd hate to see EFF, CPSR, and EPIC all "brought into the tent" on this one, having seen how Kapor and others got so enthralled by the Digital Superduperhighway that a bad idea got pushed along more than a little bit by them.
I cant speak for the other organizations mentioned but I can guarantee that EPIC is not in the least bit interested in supporting key escrow systems. For a privacy advocate to determine to best way to do key escrow is like a death penalty opponent choosing between gas or electricity. I'd keep my eyes out for of the other players tho....
if you really want to propose an escrow system we can live with, I would demand that it include: [...]
Sorry, but there is NO escrow system I can live with -- I don't care if John Gilmore is selected to head the escrow agency. Alan Westrope <awestrop@nyx.cs.du.edu> __________/|-, <adwestro@ouray.denver.colorado.edu> (_) \|-' finger for pgp 2.6 public key PGP fingerprint: D6 89 74 03 77 C8 2D 43 7C CA 6D 57 29 25 69 23
On Fri, 22 Jul 1994, Carl Ellison wrote:
if you really want to propose an escrow system we can live with, I would demand that it include: 1. unambiguous ID of the person being tapped in the LEAF-equivalent WHAT!
Why in the hell would you want to do that. Just identify the piece of equipment that is sending it. Let the wiretap guys sort throught it like they do now. Berzerk.
Date: Fri, 22 Jul 1994 10:27:30 -0600 (MDT) From: Berzerk <berzerk@xmission.xmission.com> Subject: Re: "Key Escrow" --- the very idea
On Fri, 22 Jul 1994, Carl Ellison wrote:
if you really want to propose an escrow system we can live with, I would demand that it include: 1. unambiguous ID of the person being tapped in the LEAF-equivalent WHAT!
Why in the hell would you want to do that. Just identify the piece of equipment that is sending it. Let the wiretap guys sort throught it like they do now.
1. I'm not a fan of key registration 2. If it were forced down my throat, I want to make sure that the escrow agents can form a list of people being tapped so that they can detect abuses and possibly notify those tapped that they've been compromised. They can't do that without either an ID of the equipment owner or some communciations/routing path which can map from equipment ID to my addr/phone/e-mail (to notify me). In other words, I want to see this hypothetical escrow agent (or one of the many) as someone protecting my rights against the interests of a tapping agency. - Carl
On Fri, 22 Jul 1994, Carl Ellison wrote:
1. I'm not a fan of key registration Good, but DONT make comprimises that screw the other guy.
2. If it were forced down my throat, I want to make sure that the escrow agents can form a list of people being tapped so that Ok, so what you are saying is you don't want your phone taped just because your coworker is under investigation. This is a reasonable objcetive, but...
they can detect abuses and possibly notify those tapped that they've been compromised. They can't do that without either an Wait a second, they would notify those that have been victimized? Are you serious? Do you have one case in the history of the united states where they have done this? I think it is better to keep it out of their hands totally, and it would be beter to identify the person doing the taping, not the person being taped.
ID of the equipment owner or some communciations/routing path which can map from equipment ID to my addr/phone/e-mail (to notify me). Ok, so you would, if you had to register your key, also demand that all communication devices be registered also? I don't like this idea, I have a right to communicate and I don't need the governments permision to use the phone. I think you are selling away everything with this proposal.
In other words, I want to see this hypothetical escrow agent (or one of the many) as someone protecting my rights against the interests of a tapping agency. I fail to see how you identifying yourself every time you have to use a pay-phone could possibly lead to a protection of your rights.
Berzerk.
participants (9)
-
adwestro@ouray.Denver.Colorado.EDU -
Aron Freed -
Ben Goren -
Berzerk -
Carl Ellison -
Dave Banisar -
Perry E. Metzger -
Peter Murphy -
tcmay@netcom.com