Microsoft & Key Escrow
Following are some of the relevent snippets from http://www.microsoft.com/intdev/security/export/exporfaq-f.htm. The comments in square brackets are mine. ---cut here--- What is Microsoft's position on supporting key escrow? Key escrow encryption is not a market-driven solution and it raises serious privacy concerns for many customers. It is also new, undeveloped, untested, and uncosted, and it will take a long time to be worked out. Additionally, customers have expressed hesitation about mandatory key escrow, especially if they have to give the keys to the government or a government-selected third party. Therefore, we are not actively adding support for key escrow in our products and technologies. [About as good as we can ask for. I would, however, like that last sentence better if the word 'actively' was missing.] Shouldn't the U.S. government be able to access information that could prevent terrorist acts and crime? Strong non-key escrow encryption is already available from retail outlets, foreign companies, and off the Internet. Thus the U.S. government is already having--and will continue to have--a harder time in the future accessing plain text regardless of U.S. export restrictions. [I suppose it would be too much to expect a third sentence reading. 'This is a good thing.'] What is key recovery? How does it relate to key escrow? Market-driven data recovery refers to a product feature that allows users to maintain a spare private encryption key in a safe place. Generally, a data recovery system escrows a copy of the session key with the message or file and the user (or perhaps his employer) controls the decision whether to utilize this feature. With key escrow the U.S. government holds or has access to a user's private encryption key. It is not yet clear whether such systems are exportable. In the October 1 announcement, the U.S. government referred to "key recovery" without defining it; in all likelihood, however, they still have in mind government key escrow, and not market-driven data recovery. [Hmm... it's just possible that Microsoft's spin doctors are better than those of the US government. Perhaps they can sell the world on their definition of 'key recovery' instead of the one we know the TLAs intended.] ---cut here--- regards, -Blake
this is unfortunate -- key escrow is a very good thing as long as it is not mandated by law. any reasonable employer concerned about secrecy and recoverability of his data should use key escrow solutions for their employees' encryption. igor Blake Coverett wrote:
Following are some of the relevent snippets from http://www.microsoft.com/intdev/security/export/exporfaq-f.htm. The comments in square brackets are mine.
---cut here--- What is Microsoft's position on supporting key escrow?
Key escrow encryption is not a market-driven solution and it raises = serious privacy concerns for many customers. It is also new, = undeveloped, untested, and uncosted, and it will take a long time to be = worked out. Additionally, customers have expressed hesitation about = mandatory key escrow, especially if they have to give the keys to the = government or a government-selected third party. Therefore, we are not = actively adding support for key escrow in our products and technologies. =
[About as good as we can ask for. I would, however, like that last = sentence better if the word 'actively' was missing.]
Shouldn't the U.S. government be able to access information that could = prevent terrorist acts and crime?
Strong non-key escrow encryption is already available from retail = outlets, foreign companies, and off the Internet. Thus the U.S. = government is already having--and will continue to have--a harder time = in the future accessing plain text regardless of U.S. export = restrictions.=20
[I suppose it would be too much to expect a third sentence reading. 'This is a good thing.']
What is key recovery? How does it relate to key escrow?
Market-driven data recovery refers to a product feature that allows = users to maintain a spare private encryption key in a safe place. = Generally, a data recovery system escrows a copy of the session key with = the message or file and the user (or perhaps his employer) controls the = decision whether to utilize this feature. With key escrow the U.S. = government holds or has access to a user's private encryption key.=20
It is not yet clear whether such systems are exportable. In the October = 1 announcement, the U.S. government referred to "key recovery" without = defining it; in all likelihood, however, they still have in mind = government key escrow, and not market-driven data recovery.=20
[Hmm... it's just possible that Microsoft's spin doctors are better than those of the US government. Perhaps they can sell the world on their definition of 'key recovery' instead of the one we know the TLAs intended.] ---cut here---
regards, -Blake
- Igor.
At 9:49 PM -0600 12/4/96, Igor Chudov @ home wrote:
this is unfortunate -- key escrow is a very good thing as long as it is not mandated by law.
Agreed, except that I would call voluntary, corporate plans "key recovery," not "key escrow." (The government now calls their non-voluntary system "key recovery" as well, so the term is still overloaded.) The concern many of us have had for several years (*) is that such schemes are very dangerous, acting as a kind of "sword of Damocles" over our heads. A widely-used, government-encouraged key recovery program, once deployed, could too easily be made mandatory. Hence our interest in sabotaging or subverting such schemes, to preserve additional degrees of freedom should a ban be attempted. And clearly even corporate key recovery schemes are not really designed to be robust against willful attempts to subvert the recovery of plaintext. The intention is to deal with forgetful employees, departed employees, etc., not those who attempt to, for example, superencrypt their communications. Furthermore--and this has been noted many, many times--there are essentially no plausible situations in which either _corporations_ or _individuals_ would need or want key recovery for *communications*. After all, individuals or employees within corporations have (possibly) encrypted files on their disks, including outgoing and incoming e-mail. They use communications cryptography--PGP, whatever--to guard against _interception_ by other corporations, other individuals, or governments (including their own). For example, they encrypt using the public key of their recipient. So, why would someone practicing such communications security care about key recovery, for the communications? Only one word suffices here: "Duh." On other hand, _governments_ are thwarted by such communications security, and this is the real motivation for key recovery. Louis Freeh, Jim Kallstrom, Dorothy Denning, and others have said as much.
any reasonable employer concerned about secrecy and recoverability of his data should use key escrow solutions for their employees' encryption.
But certainly not for *communications security*. Corporations such as Microsoft would do well, I think, to explicitly point this out and to make clear that corporate key recovery products will be oriented toward key recovery for files stored on corporate computers--which would presumably include the originally-generated plaintext messages sent to other sites or users--and not oriented toward mandating the forms the _communications_ must take. Sadly, most journalists who write about crypto have failed to pick up on this important point....I guess writing articles about the "death of the Cypherpunks list" is more important (and keeps Vulis feeling good about himself). Oh well. (* Just as the Cypherpunks list was being formed, circa October 1993, I posted an article to sci.crypt about "A Trial Balloon to Ban Encryption?" This was based on some views expressed by Prof. Dorothy Denning, who even then, six months before Clipper, was making arguments for government access to keys. I anticipated a government move to limit public key encryption, using some form of key escrow. Sure enough....) --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
participants (3)
-
Blake Coverett -
ichudov@algebra.com -
Timothy C. May