[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Why Key Escrow (GAK) is So Bad



At 1:25 AM 9/4/95, Brian Davis wrote:
>On Fri, 1 Sep 1995, Timothy C. May wrote:

>> I absolutely agree with this, though this doesn't mean I'll stop worrying
>> about the government's plans for key escrow (GAK), about limits on key
>> lengths, or about other efforts to thwart strong security.
>
>I, of course, know of the "dislike" of GAK here.  I am curious to know,
>however, if the "dislike" is because government would have access under
>any circumstances or if the primary worry is that government will cheat
>and get access when most would agree that they shouldn't (either by the
>judge "cheating" or a TLA stealing it).
>
>In other words ... if it took agreement by a review board composed of
>non-LEA members of this list, would the escrow be acceptable??


[I'm addressing the basic issue of key escrow, or what Carl Ellison calls
"GAK" (Government Access to Keys), not the current debate in D.C. about
using some form of key escrow for exportable crypto. The debate on key
escrow is really about the crypto citizens will use, not what will be
allowed to be exported.]

Speaking for myself--though I think this captures the feelings of many--my
objection to GAK is on *principle*:

* No government can tell me what language I must communicate in and what
language I must _not_ communicate in.

David Sternlight has characterized this position as "childish," as the
whinings of spoiled children who don't want to be told what to do. If so,
then Thomas Jefferson was surely the biggest child of all, as he and his
compatriots developed and used secret codes for communications. No doubt
King George would have found GAK quite useful.

No, the point is really about whether people may speak and write in the
languages they wish, or be ordered to speak and write in ways the
government can monitor, with or without the "speed bump" of  key escrow and
court orders to release the escrowed keys.

(Ironically, I just heard about a case in Texas where a judge ordered a
mother to stop speaking in Spanish to her child at home, calling it "child
abuse." The implications of this are self-evident.)

"Escrow" of communications keys, when commanded by the government, is no
different than requiring that all locks have duplicate keys "escrowed" with
the police, or that all curtains and window shades have a special
"invisibility mode" that "law enforcement" can enable under certain
circumstances.

"Key escrow," or GAK, is to most of us equivalent to universal wiretapping.
Why not tape-record all calls and "escrow" the result?. Why not mount
surveillance cameras in homes and "escrow" the result? All are essentially
equivalent.

The pernicious nature of the "escrow" idea, which I have to admit is a new
twist on the surveillance state that was not anticipated by Orwell,
Brunner, or any of the other writers on this topic, is that it says that
surveillance is not so bad after all, because the results of the escrow
will not be looked at except when "justified." By whom? And by what
conceivable right can the government tell me I may not use the
communication system and language of my choice?

I have no doubt that such key escrow, or recording of all calls, or
surveillance cameras, with escrowed results, would "stop" some crimes.
Maybe even some serious crimes, even horrific crimes.

So what? In a free society, we don't tell people what language they may
speak in, and with whom, nor did we place microphones and cameras in their
presence, even if we "escrow" the results and promise not to look unless a
judge or a review panel says it's OK. There are undoubtedly crimes that
would be stopped if surveillance cameras were placed in many places,
private and public, with "video escrow."

Friends of mine are developing micropower, tiny, ultrawideband radio
"localizers," that could be used by parents to keep track of children,
pets, luggage, etc. I have long joked with them about "position escrow,"
where the government will mandate that all citizen-units wear these devices
(or have them implanted) so that their positions can be monitored. Would an
"escrow" system make it any less unacceptable? The arguments for "position
escrow," once the technology becomes available (surely by 1998-9) are very
similar to those being made for communications escrow. Lots of crimes would
be solved, and even OJ might be convicted, if a court could order the
"position escrow" files opened. So what? That's now what a free society is
about.

The basic principle is the issue.

There are other problems with key escrow, involving such things as how
persistent the access keys will be (will a court order reveal past
communications not covered by the order?), who will have access, etc. These
are the things the government _wants_ us to focus on, as these can probably
be fixed by sufficiently elaborate protocols...sort of.

But the core issue is not being addressed, the core issue of surveillance
and the government's plan to order us to speak only in certain approved
modes.

--Tim May

---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
[email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
Corralitos, CA              | knowledge, reputations, information markets,
Higher Power: 2^756839      | black markets, collapse of governments.
"National borders are just speed bumps on the information superhighway."