CDR: Re: Zero Knowledge changes business model to Split Key Escrow(NSA-Key (press release)

Tim May tcmay at got.net
Tue Oct 31 09:56:23 PST 2000 

At 12:27 PM -0500 10/31/00, Adam Shostack wrote:
>On Tue, Oct 31, 2000 at 04:07:18PM +0100, cyphrpnk wrote:
>| > >Privacy is good business. Companies in every industry are
>| > >realizing they must institute the proper privacy policies,
>| > >practices and infrastructures in order to succeed in
>| > >today's digital economy. Zero-Knowledge Managed Privacy
>| > >Services provides the tools and strategies that enable
>| > >business to establish private customer relationships and
>| > >earn consumer trust while ensuring legislative compliance
>| > >and mitigating risk.
>|                                       legistlative Compliance...
>| Guess Lew Giles or the CSE came to visit
>
>By legislative compliance, we mean compliance with laws.  There are no
>key escrow laws in Canada.  There is a privacy law, bill C-6, and we
>will help companies comply with that.

Let's look at the key splitting aspect.

Alice has some secrets she wishes to protect with your product. Or 
Alice is communicating with Bob and wishes the contents kept secret. 
Standard stuff.

Of course, she could just use conventional PKS tools. Or even 
Freedom, should she wish the fact of the communication itself to be 
protected. Standard stuff.

But let us say she, for whatever reason, uses key splitting. Charles 
and Debby are the holders of the split keys.

(If either Alice or Bob is the holder of one of the split keys, this 
is as if the key is not split at all, of course. Modulo some slight 
work factor issues.)

"Ensuring legislative compliance" now talks on a meaning which is 
completely separate from whether key escrow laws have been passed. 
Charles and Debby can be suboenaed (not sure what the Canadian, or 
Iranian, or Baloneystan equivalents are). This subpoena may be in 
secret, unknown to Alice. Or Alice and Bob.

And this process may not happen with just subpoenas. It will likely 
happen with national security agencies. Without Alice knowing.

This is what happens when Alice or any other customer of your product 
uses "trusted third parties." GAK beats crack any day.

This is the danger of building a "trusted third parties" system. And 
is precisely the reason  the United Kingdom was campaigning for this 
kind of system.

By building precisely the tools they and other governments would need 
to implement such a system, you are making such a system more likely 
to happen.

--Tim May


--Tim May

-- 
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
"Cyphernomicon"             | black markets, collapse of governments.

More information about the cypherpunks-legacy mailing list