Carl Ellison, who should know better (:-), writes:

if you really want to propose an escrow system we can live with, I would demand that it include:

Arrrgh! I'll try not to flame much here, but this is *wrong*! Please don't buy in to the government's claims of legitimacy for this nonsense merely because they've backed down on the less practical implementations of their abusinve proposal! First of all, _escrow_ systems are something that two contracting parties use when they want a trusted third party to perform a service for them. Holding deposits in real estate transactions is a classic example. Built-in wiretaps are *not* escrow, unless the government is a party to your contract. As somebody on the list once said, just because the Mafia call themselves "businessmen" doesn't make them legitimate; calling extorted wiretaps "escrow" doesn't make them a service. The government has no business making me get their permission to talk to anybody about anything in any language I choose, and they have no business insisting I buy "communication protection service" from some of their friends to do it, any more than the aforenamed "businessmen" have any business insisting I buy "fire insurance" from *them*. If you want to talk about escrow systems, the proper contexts are things like contract fulfillment between anonymous parties... Meanwhile, back to conditions for built-in phone wiretap systems:

1. unambiguous ID of the person being tapped in the LEAF-equivalent

No! I agree that having the government prove your phone was used for a given conversation that you weren't part of is bad, but the only way to have unambiguous ID for wiretappees is to have unambiguous ID for everybody - I certainly don't want to have to insert my National Real American ID Card into a phone to make a call, or into my computer to send email, and in case people start noticing that they can't make phone calls after their wallets are stolen, I don't want to have to wave my arm-tattoo over the scanner either. (Ok, I said I'd *try* not to flame :-)

2. multiple escrow agencies, at least one of which is the NSA HQ (for its superior physical security)

They're the *last* people I want involved with routine communications between ordinary people. They're an agency that should probably be abolished, but at most they should stick to providing secure communications for the military; I don't want military police agencies or even Federal civilian police agencies getting involved in civil commerce, (especially when they're doing it to find new businesses now that we don't have Commies to kick around any more.) I shouldn't need *anybody's* permission to have a private conversation with anybody, but least of all a secret organization that classifies their activities rather than working out in the open.

3. watchdogs as escrow agents (e.g., ACLU, Rep & Dem parties, CPSR, EFF, NYTimes, ...) with authorization to look for abuses of authority and to refuse to release keys in such cases and to publicize such cases as well as bringing them to the attention of law enforcement for prosecution.

Realistically, if the government starts allowing non-government agencies as keymasters, it'll probably be banks or phone companies, since they're large cooperative subpoenable organizations that are involved in the communications the government most cares about wiretapping, and they're hard to avoid since they're providing your services. In particular, it'll help set precedents. Bad ones. I'd also worry about the effects on a watchdog group of taking government money for helping the government wiretap people. Wiretap keymastering is likely to be an expensive activity, if done competently, and involves major questions of liabilty. What happens when the government says to your group that they'll cut your funding by $1Million if you don't keep this one quiet? Even if you're honest enough for that not to work, what about the moral effects of being on the government's side in a court case (as keymaster) when you used to be the group that defended the Steve Jacksons and Craig Neidorfs?

4. user-generated escrow keys, to reduce the chance of anyone having a backdoor way to get the whole escrow key database.

That's a minor technical detail :-) It's also quite possible, and the all-software wiretap version that Dorothy Denning and friends are talking about supports it just fine. A more important detail would be to use genuinely separate master keys instead of one master key split into multiple parts for the keymasters by the trusted NSA, as in the current Clipper system. Bill # Bill Stewart AT&T Global Information Solutions, aka NCR Corp # 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399 # email bill.stewart@pleasantonca.ncr.com billstewart@attmail.com # ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465