Why commercial key escrow? [Re: My chat with Goeff Greiveldinger]

[Jim Gillogly]

> tcmay at got.net (Timothy C. May) writes:
> The question I have is this: Why is the Justice Department even involved at
> all if it is truly only about _commercial_ key escrow?

DoJ is involved because industry didn't buy into Clipper-type GAK, and the
FBI still wants to be able to read encrypted files, as well as encrypted
phone conversations if they ever turn up.  The White House is willing to
help, but not to the extent of making GAK mandatory.  However, they (WH
and FBI) are hopeful that forcing either GAK or weak encryption on the
export market will encourage companies to build single systems that they
can both export and sell domestically, which would make the domestic ones
weak or GAKed as well.  DoJ is involved with the commercial escrow because
they (or NIST or somebody) expect to be certifying the export escrow
companies, which they hope will be the same operations.  As a data point,
Dorothy Denning is increasingly pessimistic that this plan will in fact
result in the same weak or escrowed system being used domestically; if it
doesn't, that presumably triggers Louis Freeh to head back to the Hill for
more legislation.

I don't know what they intend to do about PGP-like systems, but I suspect
that's a second-order concern; the first-order concern must be avoiding
the situation where Microsoft builds unGAKed 3DES into Word.

	Jim Gillogly
	Trewesday, 25 Winterfilth S.R. 1995, 02:51