Thanks to "Anonymous" for sending this to us. I visited the site, http://csrc.ncsl.nist.gov/csspab, and there seem to be some interesting things there. At 4:50 AM 9/11/95, Anonymous wrote:

Status of Key Escrow Initiative

Mr. Steve Walker, Trusted Information Systems (TIS), briefed the Board on the status of Commercial Key Escrow (CKE). He said, with regard to application vendors, TIS ... Mr. Walker said the advantages of CKE for government interests is that if the TIS CKE system were to become widely used throughout the private sector and government communities, law enforcement, national security and private sector interests would be preserved.

If Data Recovery Centers are indeed completely choosable by the users, as certain statements by TIS folks have asserted, then how would "law enforcement" and "national security" interests be "preserved"? (I can tell you that BlackNet won't be using any government-approved DRCs. Nor will Kizer Sose be using any registered and licensed DRCs. If people are free to pick DRCs--the only option a free society can support--the results are obvious.) Note also the emphasis on "throughout the private sector and government communities" as leading to this protection of law enforcement and national security interests...no mention of this being mainly for export issues...the focus seems to be on domestic use of CKE, with the "law enforcement" and "national security" needs "preserved." Sounds ominous to me. I've used "Tim's Really Flaky Commercial Key Escrow Service" as a placeholder for the kind of truly voluntary DRCs many of us would insist on. (Other examples: a computer on my LAN, the bit bucket, my neighbor, my lawyer, my bank in Lichtenstein, etc. Some of these are actually what I would want to use. I can imagine interesting situations wherein attorney-client privilege blocks access to the keys.) So, what's the story? Is Steve Walker of TIS supporting the kind of completely voluntary CKE system that Carl Ellison has advocated? Or a mandatory system? (A third imaginable possibility is "a system which is so universally popular that it becomes universally used"...unlikely in the extreme, as I know of at least a few people who won't use it, and expect others to bypass it when they learn what the Feds can do. But I expect that the advocates of the mandatory option will cite this possibility, as a way of sugar-coating the proposal. Then, if this option fails (to preserve the Government's interests!), watch for registration of DRCs.) I met Steve Walker once, at the CFP Conference, and he seemed genuinely interested in selling to citizens a voluntary system. But his comments to the Privacy Advisory Board seem to imply a CKE system that would not be completely voluntary in the operation (licensing, registering. auditing) of Data Recovery Centers. If this is the case, then alternatives to the TIS system will likely gain more adherents from folks like us.

Mr. Walker said that TIS has filed for patent protection for its Software Key Escrow (Clipper equivalent) and CKE systems including the DRC and application software approaches. TIS is prepared to license its CKE system and software applications technology to any software or hardware vendor under very favorable licensing terms. TIS is also prepared to license its DRC system and technology to qualified DRC operators and vendors under similarly favorable licensing terms. (See Reference #13).

The TIS system may be patented, but it seems to me that the older ideas of Shamir secret sharing are not. And even simpler schemes of sealing parts of keys in several envelopes... (My point is that older ideas of using crypto in conjunction with emergency recovery systems are still usable, and have been talked about for many years, long before the TIS disclosures.) I hope it doesn't come to this. I hope TIS releases or licenses on very general terms, with no government control of the DRCs. If not, I predict their system will be subject to derision, and worse. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway."