At 11:53 AM 7/15/96 -0700, Bill Frantz wrote:

I still think this whole GAK thing is going to fail on the, "Which government?" question. I don't see either multi-nationals or their governments wanting to share their secrets with each other, and I don't see how to set up universal GAK to prevent that form of industrial espionage. Also, the key which decodes the GAKed data is just too valuable and too easy to steal.

This most recent dispute between the American government and the EC community with respect to trading with Cuba (Helms-Burton act) is an excellent example that can be raised to challenge the concept of cooperation between countries that are ostensibly "allies." The Helms law says, more or less, that American companies can sue foreign-based companies for using assets taken by Cuba in business. The EC countries are outraged. Were some sort of international-GAK system to already exist, you have to wonder how much luck the USG would have getting some escrowed key for the purposes of catching some Cuba-trader in the act: Not a lot! There's no point in setting up a system that practically invites disputes. BTW, yet another problem with any sort of key-escrow system operated across government borders is this: Let's suppose some foreign government illegally wiretapped somebody (say, a Senator or Representative?) in America using a Clipper-type telephone. They tap the line and get the data. They then claim that this conversation occurred between two Colombian drug smugglers. How is the American government going to know whether that's true? Unless records are kept linking a particular Clipper chip set to the particular purchaser involved (all the way to the end-user customer), the keeper of the keys has no idea whether the evidence presented to justify the tap is actually associated with the data that is to be decrypted. Yet another sneak: If the system is REALLY a "key escrow" system, I should be able to get the decrypt key for my own telephone, right? Well, suppose I buy a Clippper phone, call the escrow agency and ask for my key. Then, I de-solder the Clipper chip from the board, do a black-bag job and swap the chip into another telephone that some bigshot owns. He doesn't notice the swap, and nobody else will, either. But at that point, I can decrypt anything I wiretap off of his line. Jim Bell jimbell@pacifier.com