[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NIST GAK meeting writeup, LONG part 3 of 3



At 08:48 PM 12/14/95 -0500, you wrote:
>jim bell writes:
>> It _is_ less voluntary, because it interferes with my right to escrow my key
>> with an organization that is willing to take the dispute to arbitrary levels
>> of uncooperativeness with the government.  I might insist, for example, that
>> the organization only store the key outside the country (beyond the reach of
>> US Courts) and require MY PERMISSION for them to release it to the
>> government.  I might also insist that they further encode the key so that
>> only an independent foreign organization (out of reach of US courts) could
>> provide the key to decrypt it.
>> 
>> If key escrow is REALLY REALLY REALLY "voluntary", then such arbitrary
>> restrictions should be do-able.
>
>Unless I've missed something large, you can have an _uncertified_ key escrow 
>agent store your keys in Fidel Castro's beard, and only release them with
>written permission from your goldfish. 
>
>Whether or not you use a certified key escrow agency would remain your 
>choice, AFAIK.
>
>I'm not expressing support for the certification standards that have been
>presented. But I don't consider it cause for great alarm that the USG wants
>to play in the escrow agent rating bureau business.

Here's the problem:  "Clipper" ALREADY isn't "voluntary," because the public
has already been forced to pay for its development via  stolen tax dollars.
At least hypothetically, the government could misuse its discretion even
further to push a Clipper-like solution, in order to skew the market against
the adoption of good encryption.  Follow me so far?  They could go as far as
to subsidize Clipper-installed telephones, making them cost &50 at your
local discount store, competitive with non-crypto phones. 

Okay, I presume that the  company that makes Clipper chips (VLSI Technology)
must ultimately sell them, UNPROGRAMMED, to manufacturers who are to build
those  telephones.  I see a business opportunity to act as a VOLUNTARY
escrow agent, but one that only agrees to keep the keys for the chips for
"30 feet or 30 seconds."  In other words, build (or modify) Clipper-type
telephones with chips that are ostensibly escrowed, but due to the agreement
with the end user the keys will be erased.  (Or, the keys will be kept
encrypted, unbreakably, with the "key to the key" given to the end user, who
will presumably burn it on receipt.)

What I _DON'T_ want to see happen is for the USG to be able to refuse
escrow-agent status to an organization which is actively hostile to the
concept of key escrow, an organization  which is willing to work with
end-users to thwart the USG's access  to products which (due to the fact
they were never exported) do not fall under any ITAR-type regulations.