(fwd) White House Public Encryption Management Fact Sheet

George A. Gleason gg at well.sf.ca.us
Fri Apr 16 19:11:44 PDT 1993



Re Big Brother proposal.

The "asset forfeiture" mention isn't quite so ominous as suggested: what it
seems to say is that the Atty General will procure (i.e. buy) encryption
devices for use by law enforcement in their own secure communications (i.e.
police radio and computer links), and "the funding to effect this purchase"
will come from the "superfund" of money derived from existing asset
forfeitures.   In other words, smoke a joint, lose your house, and Uncle Sam
sells the house to get money to buy more crypto gear for cops.  

I don't see an implication that crypto gear makers will be facing forfeiture
for failing to comply with the "request" to incorporate key escrow.  

It appears that this is directed at first to establish the use of key escrow
in government-related communications: "federal communications systems that
process sensitive but unclassified information."  So for instance, Ollie
North's memos would be recoverable, and so on.  But the real risk is that it
will spread out to encompass any facility receiving government funding or
contracts, i.e. the universities; and from there, widen so as to restrict
other types of crypto from being used at those sites.  

So far it doesn't seem to restrict crypto on private microcomputers, though
a widely accepted standard could eventually be written into law.  

The proposal specifically says it will allow other manufacturers to develop
other approaches to key escrow systems.  I think what the long-term plan
might be, is to win acceptance for the idea of key escrow, and then require
it.  This isn't exactly a backdoor into your hardware; what it would allow
would be for instance NSA to get your key and then read your communications
as they occur.  So your local hardware isn't storing anything in a different
way or being remotely accessed or triggered, but your key is available
elsewhere, at some approved facility.  

Now I'm guessing here, but what I think the way the crypto part of this has
to work, is with a "device-specific" key and a "session"-type of key; where
the first is what is escrowed, and the second is user-variable.  Both are
required to decrypt messages, and recovery of the second key would be
relatively straightforward.  Now you buy a modem or whatever, and it has a
crypto chip in it, with a device-specific key that is registered along with
the serial number of the device.  So your purchase record has that
serial number on it, and that's used to track the device key, which of
course has been escrowed by the manufacturer before shipping the modem out.
This would suggest that device keys would be relatively hard to crack, and
therefore that some improvement in privacy would be possible by simply
swapping the key chip in the device; and this would be easy enough with a
black market in key escrow chips.  

In the mean time, from our end of it, someone oughta start working on
steganography FAST.  Spread spectrum designs are feasible.  Slow is okay;
the goal being to do anything that will render key escrow obsolete by making
it impossible to tell when ciphertext (or for that matter any kind of data)
is being sent.  

-gg






More information about the cypherpunks-legacy mailing list