Why CMR is bad civic hygene;the short version

[Bruce Schneier]

The FBI has publically stated that they want to ban unescrowed encryption.
A couple of years ago, people like Brock Meeks and EPIC predicted this;
they were universially regarded as alarmists.

The problem with corporate key escrow is that it puts an infrastructure in
place that can very easily, with a simple switch of public policy, turn
into GAK.

Diffie has said that the FBS's position is a strawman, and that some kind
of voluntary system will be put in place as a compromise.  Then, in a few
years, eliminating the voluntary nature will be seen as "closing a
loophole."

Technological infrastructure moves very slowly.  Political moods can move
very quickly.  If companies (like PGP) install a key escrow infrastructure,
it will take one well-timed disaster to convince Congress to pass a law
putting the whole thing under government control.

As Phil Zimmermann said many years ago (I have no idea where he stole it
from): "It's poor civic hygene to install technologies that may someday
facilitate a police state."

Data recovery is essential for stored corporate data.  This is a seperate
problem than corporate key escrow.  Communications keys (used for email)
are fundamentally different than storage keys (used for files).  Someone
sent me email recently and told me that those keys are treated the same in
PGP; I have trouble believing that this is true.

And if everyone is bashing PGP Inc badly over this, it's because people
expected more out of them.  A company like TIS, who gets significant (I
originally wrote "most of its," but I don't know if that's true anymore)
funding from the NSA anyway, is expected to roll over for the Feds.  PGP
Inc was not.

Bruce

**********************************************************************
Bruce Schneier, President, Counterpane Systems     Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis,MN  55419       Fax: 612-823-1590
                                            http://www.counterpane.com