Why Netscape employees should not leave

Adam Shostack adam at homeport.org
Wed Dec 6 08:28:21 PST 1995


	I think that this logic (below) is off.  GAK is evil.  Pure
and simple.  If the market wants CKE/optional escrow for business
thats one thing.  The recent NIST meeting has shown that any system
promulgated by the government will force on us a system with excessive
kowtowing to the 'interests of law enforcement.'

	If people want CKE, and I think they do, then the government
will get 90% of what it gets with GAK, with none of the fight.  Most
companies will happily turn over keys at the flash of a badge, never
mind a warrant.  (Was it Doug Barnes who pointed out that spying is
more exciting than banking?)  If it was easy, I'd probably have backup
escrowed copies of my secret keyring.  In Lichtenstien.

	This leaves us to ask, why GAK is such a big deal at NIST, if
CKE will get them most of what they want?  First, they haven't
realized that CKE is most of what they want.  Second, they're worried
about the extra 10%.  Drug dealers and terrorists not using it.  (This
points towords an eventual mandate for GAK, even if it starts out
voluntary.  Many have noted this.)  Third, they've invested so much
energy in the fight for GAK that they're emotionally tied to the idea,
and they can't say 'well this would be almost as good.'


Adam

| The last sentence seems backwards to me - mandatory GAK is the real evil, not
| non-mandatory GAK. (non-mandatory GAK is just a special case of voluntary
| key escrow, where some of us might choose to escrow to /dev/null, some to
| their attorney, some to a friend, and some to freeh at fbi.gov.) Non-mandatory
| GAK makes me nervous, because it seems susceptible to back-door coercion
| ("Dear Citizen: We notice that you've turned off GAK. Don't you trust us?
| Please write back and tell us why you're no longer letting us have access
| to your net traffic. Do you have something to hide?") but mandatory GAK
| is the worst-case scenario being implemented immediately.
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






More information about the cypherpunks-legacy mailing list