[business key management plans/infrastructures]

However, making the government a _required_ part of such plans implies a motive that is not at all the same as what companies wish (mostly, disaster recovery).

the distinction lies in the terminology. what does it mean, "required part of the plan". if it essentially amounts to nothing more than the government saying, "you must give us keys when we present you with a subpoena/warrant", then that's no different than the system we have today. again, granted, laws specifically aimed at crypto can tend to take up a life off their own. but my main point was that the gloom-and-doom peddled by you and lucky green over clipper just doesn't mesh with the actual events. the government has visibly had to *backpeddle* *numerous* times in all of its clipper proposals. I see no evidence that the latest proposals are going to be any different. what annoys me is people who are crying wolf all the time, and even when it seems there are no wolves around, or they have temporarily receded, they say, "I told you so". "the wolves really are going to devour you, just you wait and see" And, as has been noted so many times by so many of us, whatever

the motivations for corporate key escrow systems for disaster planning are, there are no motivations for key escrow for _communications_. If the sender dies, or leaves, or whatever, the company can reconstruct his communications from _his_ key. Or the receiving side can reconstruct the recipients messages from _his_ side.

this doesn't parse to me. the simple situation that may occur: employee [x] creates a key on behalf of company [y]. employee [x] forgets or misplaces the key. company [y] needs to retrieve key, and cannot go to other company to get it (imagine situations such as encrypted internal files, for example, although it holds equally well for communications-- it would be very embarrassing to ask another company for the key to decode something you sent them because you misplaced it). I think cpunks tend to blur and obfuscate this use of crypto-- i.e. nonpersonal use within companies. what you seem to be saying is that companies should not have to escrow keys involving communications. i.e. the communications should be readable only between the communicators. but this makes no sense to me either. companies wish to have permanent record of all official correspondence. they don't send messages and then don't keep them around, like guerilla cypherpunks spend all day doing. ("YIKES!!! that msg has been on my hard drive 5 minutes!! better delete it FAST")

The only party interested in having access to "in transit" communications are the wiretappers and SIGINT folks. Think about it. No company I can think of is interested in reconstructing messages from the _actual communications_, only from the keys of employees.

bzzzt. "actual communications" == records of transactions between companies. we are talking about everything that companies send back and forth: bills, contracts, agreements, etc.-- virtually everything that companies send each other, they keep on permanent record. The NSA and FBI, however,

are _keenly_ interested in reconstructing messages from intercepts, of course, and hence are pushing for escrow of _communications_ keys!

hmmmm, this distinction you are now promoting of communication keys, vs. whatever other kind their are (backups?) is something I've not noticed you or others emphasize before, I would have to think about it. frankly I don't see a whole lot of difference between what you are calling "communication" keys and whatever else crypto is used for. look, consider this: the government got its tentacles into every business key database in existence, in the sense they can easily open them when they get wiretaps/warrants. yet individuals were still free to send crypto everywhere. how would this be much different than today's system, other than that the government has more efficient access once the order is granted?

Furthermore, the main worry (for me, at least) is that the government hopes to get its Clipper IV scheme accepted (by means of export laws) at some large fraction of important corporate accounts, not the least of which will be Netscape, Microsoft, IBM, Oracle, Qualcomm, and suchlike major players in the "infrastructure" business. Once most of these have "bought off" on GAK, pressure will be intense to universalize the process, to make it a felony _not_ to use a "Key Authority."

that's a big, big leap, the kind that cpunks always love to make to sell you on the dystopian orwellian nightmare they are always ranting about. the things that companies use keys for can be pretty different from what individuals would use them for. the government can already get any info it wants through a subpoena or warrant from a company, and they will comply. how is this different than what you are referring to? you are making a leap that if companies have internal key infrastructures to protect their information, that the restrictions on them will automatically carry over to private communications between individuals such as in e.g. a telephone like scenario. look, we already today accept that employee's liberties do not necessarily hold within a company. the concepts of "freedom of speech," "privacy" etc. do not necessary hold within companies.

(BTW, I predict that the tainted term "key escrow" is now gone from the official lexicon. I haven't seen the Clipper IV proposal, but I surmise that the baggage the term "key escrow" carries means that some more benign-sounding term will be used in the final proposal. Something like "Key Recovery System." You heard it here.)

I hate the misuse and abuse of the english language in Orwellian fashion (The Great Plan to Protect the Integrity of Data Communications) as much as you do, but there are some very significant distinctions that are being glossed over. the new proposals are radically more diffused than the original clipper plan imho. the government is clearly in the process of backpeddaling. it's got all the signs of desperation imho. if they didn't succeed with the original clipper, what makes you think the more recent proposals are all that sinister and likely of succeeding? you evade my basic point: perhaps in all the key escrow language in the bills, it would all boil down in practice to, if we have a subpoena or a warrant, you have to give us the keys. how is that different than what we have now? cpunks -- I am not an apologist for clipper. but I want everyone to realize that to promote crypto, you have to intrinsically support some things like a robust key infrastructure. who is going to provide it? do you think that whoever does will be *exempt* from warrants and subpoenas? that is not a system that we have now, nor is it likely we ever will. moreover, few but only the most ardent extremists would argue such a system would be incompatible with "freedom" as we understand it in this country. "government == evil" is a very simplistic outlook in life that can come back to bite you bigtime, imho. there are some people in government that share cpunk views and could do some good if they weren't lumped in with the evil spooks who really are trying to enslave humanity (hee, hee)

On Tue, 17 Sep 1996, Timothy C. May wrote:

However, making the government a _required_ part of such plans implies a motive that is not at all the same as what companies wish (mostly, disaster recovery).

The required part will come later. Meanwhile, many big players in the industry are volunteering to include GAK for you. When I asked the fellow from HP that proposed the CommerceNet position paper how the "voluntary key recovery" he was proposing on his slides could possibly aid law enforcement against criminals who obviously wouldn't "escrow" their keys, he said, and I am not kidding: "There are many possible interpretations of the words voluntary and mandatory." I was the *only* person in a room full of people working in the industry that seemed bothered by this.

Furthermore, the main worry (for me, at least) is that the government hopes to get its Clipper IV scheme accepted (by means of export laws) at some large fraction of important corporate accounts, not the least of which will be Netscape, Microsoft, IBM, Oracle, Qualcomm, and suchlike major players in the "infrastructure" business. Once most of these have "bought off" on GAK, pressure will be intense to universalize the process, to make it a felony _not_ to use a "Key Authority."

That's exactly how it will be.

(BTW, I predict that the tainted term "key escrow" is now gone from the official lexicon. I haven't seen the Clipper IV proposal, but I surmise that the baggage the term "key escrow" carries means that some more benign-sounding term will be used in the final proposal. Something like "Key Recovery System." You heard it here.)

Correct. As I explained in my post from the CommerceNet meeting in D.C., "key recovery" is the new politically correct term for GAK. --Lucky