"Key Escrow" --- the very idea

Mike_Spreitzer.PARC at xerox.com Mike_Spreitzer.PARC at xerox.com
Fri Jul 22 08:29:06 PDT 1994


Eight pieces seems too few to me.  It's too easy for gov't agencies to "lean
on" eight individuals or organizations (someone else suggested "watchdog"
groups as fragment holding agencies, but that doesn't seem very good.  Groups
can change over time, respond to pressure.  Putting a lot of fragments in a few
hands seems fairly fundamentally flawed).  I'd rather see thousands.  That way,
if Richard Nixon II launched a secret intimidation campaign against a group of
enemies (e.g., the Democrats, or the Republicans, or the Libertarians, or the
ACLU, or Sierra Club, or people opposed to the Haitian operation, or ...) ---
well, it couldn't be secret, because a lot of people would have to know about
it.  This also requires that key fragment holders know what their fragments are
for (the current Capstone architecture associates keys with devices, not
people; whether that should be so is another discussion).  Of course, this also
diminishes the secrecy of the wiretap: if a wiretap is warranted on The
Godfather's office phone, what are the odds that someone the FBI doesn't know
is working (indirectly) for him will hold a fragment?  Maybe that's just a
price that has to be paid.

What incentive can be given to the fragment holders to get them to take strong
measures to protect the secrecy of those fragments?  Also, if a key is split
into N fragments, and there are k keys per capita (how many telephones do we
have today per capita?), each person needs to hold kN fragments (even more if
we restrict holders to, say, adult citizens).  Can we expect everybody to spend
what it takes to hold kN fragments securely?

I've also wondered about another way to protect against abuse.  There's been
some discussion on this list about cryptographically strong time locks: a way
to reveal something at a predetermined time in the future.  I didn't follow it
closely at the time, and don't know how feasible they are (in general, or for
this application).  But if they could be implemented, how about requiring the
fact of a wiretap to be published M months after it's started?  Again, I mean
in a cryptographically strong way: you couldn't get the key you need for the
wiretap without committing to revealing, M months hence, the fact that you've
done so.

I've also tried to pursue the analogy to current mechanisms with regard to
physical searches.  This analogy breaks down in a fairly important way:
physical searches generally reveal to the searchee the fact that they've taken
place; this means Nixon can't conduct a secret campaign against a group of
people --- they'd notice they're all subjects.  But a good feature of the
current system that *could* be carried over to cyberspace is that the physical
privacy of my house is under the jurisdiction of a local court --- and the
physical privacy of *your* house is under the jurisdiction of a *different*
court.  We don't have just a few "escrow agencies" that protect everybody; we
have lots of agencies, each of which protects a small fraction of us.  This
also works against being able to keep widespread abuse secret.






More information about the cypherpunks-legacy mailing list