[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: key escrow idea from David Satelin of MIT Lincoln Labs



At 08:19 PM 8/13/96 -0400, Matt Blaze wrote:
>My comments included below Rivest's message.
>------- Forwarded Message from Rivest
>Here is another MIT professor's (Dave Staelin's) suggestion for a
>national crypto policy.  I thought you might be interested in seeing
>it; given the difficulty of the debate, any variant, even if only
>slightly different from previous ones, should be considered.  Feel
>free to pass this note around, or to post it...
>
>Here is Staelin's idea:
>	(1) You can use any crypto you want, but you must keep a record
>	    of the crypto keys you used.
>	(2) The government can ask for the crypto keys later, if they have
>	    a court order, just as they can ask for any of your other papers
>	    or documents.  You must give the key(s) to them, just as you
>            must turn over your private papers in such a situation.
>            (There would have to be an appropriate penalty for losing the
>            key...)
>
>The attractive feature of this proposal is that it puts encrypted
>communications in the same category as private papers; the government
>is required to give notice to (at least one of) the affected
>individual(s) _before_ the search can be undertaken.  This cures what is
>in my mind a defect in the current wire-tapping laws.  

While I agree that there is a defect in current wire-tapping laws,  it's a 
lot more serious than this.   The defect, I think, is that wiretapping is 
thoroughly unconstitutional.  The reason I believe it's unconstitutional is 
that unlike any other kind of search warrant that preceeded it, a wiretap 
warrant authorizes a continuing violation of privacy. It also allows police 
to violate that privacy secretly.  Indeed, as I understand it current 
practice is to not inform the target of the tap even once the tap is 
removed.  It appears far more likely that the technical fact that wiretaps 
can be done without informing the target has allowed the cops to 
conveniently re-interpret the Constitution to assume that no notification is 
necessary.

 Regular search warrants simply allow police to visit a location, ONCE, and 
collect evidence.  The police must show up, identify themselves, and do 
their search, and LEAVE.  Once they're gone, privacy is restored.  And the 
target is informed of the police's interest, and so the police are motivated 
to not engage in "shotgun wiretaps" against people who aren't likely worthy 
of them.  I contend that there is no logical reason to believe that the 
current practice of wiretapping is anticipated by any other search warrant.  

The _reason_ wiretaps are done in a manner so hostile to privacy and the 
Constitution, I believe, is that when they were "legalized" in 1968, police 
had already had a long history of doing them illegally, but because they 
were illegal they couldn't be entered into evidence in court.  That 
legalization was ostensibly a compromise to  make them admissable, but also 
make the police obey the law.  The problem is that since the police were 
ALREADY violating the law, any "compromise" they were likely to agree to 
would have been strongly weighted against a Constitutional interpretation. 
(If you already have 3/4s of the loaf, why give it up?)  

In fact, the police gave up NOTHING:  If they were able to get illegal 
wiretaps before 1968, there is no reason to believe that they couldn't get 
them after 1968.

 If, on the other hand, the police had genuinely obeyed the law and 
Constitution before 1968, more effective protections against violations of 
privacy would have been obtainable in exchange for legalizing wiretaps.  For 
example, they might have been forced to agree to informing the target of 
every wiretap when it is removed, or maybe even informing them when the tap 
is placed!  This will appear quite odd to the police, who will claim that 
wiretaps won't do any good against informed targets, but then again they 
probably objected to being prohibited from using thumbscrews and beating 
confessions out of prisoners.  The fact is, not every police practice which 
is arguably useful is bound to be Constitutional.

Another problem is with item 2 above:  It amounts to an obvious violation of 
the 5th amendment to the Constitution, because it criminalizes the refusal 
to provide evidence  against yourself.  Even worse, it requires that you 
maintain, effectively, all conversations done by electronic/encrypted means. 
   It is somewhat as if you were required to carry a tape recorder around 
and keep a record of every conversation you ever have, to be released to the 
cops whenever they get a search warrant.

Rivest may be an excellent cryptographer, but a constitutional scholar he 
ain't.

>DISCUSSION
>In a variant of Staelin's proposal (my twist) you could append to each
>encrypted message an encrypted form of the message key.  The
>encryption could be with the public-key of a trusted third party who
>will not (and legally may not) reveal the message key without
>notifying you first (or ensuring that you have been appropriately
>served with the corresponding warrant).  For example, the ACLU might
>be such a TTP.  This protects the government's right to access and
>protects the individual from the penalties (or benefits) of losing the
>key.  This procedure is technically simple; what is more complex is
>ensuring that the TTP's are appropriately registered and protected
>from undue government influence.  The use of such a TTP would in any
>case be optional; the communicants need not use a TTP if they
>understand their obligation to keep the crypto keys around for some
>period of time afterwards.

What about an alternate system that takes  a poll, and requires a vote of 
90% or more to allow the government to get the escrowed key?  If the target 
is REALLY a "big bad criminal" then likely they'll get approval.  OTOH, if 
the government had just "done a Waco" and a substantial fraction of the 
population were seriously pissed, the government wouldn't have a prayer.
  
(not that I'd find even this system "acceptable," but at least it would be 
better...  The problem is, none of these proposals reflect any recognition 
that there may come a time where it would be far better for society to NOT 
give the government the evidence it wants.  This "government is always 
right" patina is wearing mighty thin.)

>In Staelin's proposal government gains access to the communications,
>but does not gain "real-time access" as desired by the FBI.  This loss
>may be tolerable, given the benefit obtained (forcing access to be
>made in accordance with the Constitutional requirements for
>notification before search).

It sounds like you're saying that the government must inform the target of 
the wiretap BEFORE doing it.  ("notification before search")  Right?  That 
would at least be better than the status quo.


>  The use of wiretapping encrypted
>communications as a preventive measure might be severely limited, but
>its use as a means of gathering evidence to force a conviction would
>be preserved.
>
>For international communications, each communicant might be required to
>use a TTP that is bound to honor the laws of his country (which TTP to be
>used should be the choice of the communicant).  
>
>It may be seem a bit strange to force individuals to keep around
>information (keys) that they no longer really need.  However, this is
>more-or-less the case for financial records right now.

However, people aren't obligated to keep financial records around, or keep 
them in a form the cops can read.


>CONCLUSION
>
>The fundamental idea is to give the government a right to access
>encrypted communication in return for a guarantee that access may not
>be obtained until there is BOTH proper legal authorization AND proper
>prior notice to (at least one of) the communicants.

Two giant steps backward!  I genuinely don't see that I, as an ordinary 
citizen, am EVER likely to be a victim of a crime which could be prevented 
or solved by the system as Rivest describes it.  OTOH, I believe that it is 
almost certain that my rights will continue to be abused by a government 
which will be able to use this system to protect itself from being removed, 
either by vote or by gunfire.  I conclude that proposals like this will 
rarely be used to protect ordinary citizens, and are almost entirely 
intended to buttress the government.


>Is this workable??

NO!

>------- End of Forwarded Message
>
>[Matt's comments follow]
[much deleted]
>While Ron's twist decreases some of the burden on the user it
>eliminates the main benefit of the Staelin proposal - that one
>cannot obtain cleartext without the knowledge of at least one party.
>The TTP could be compelled (as the phone company is now for regular
>wiretaps) to keep the request secret, under court order. 

Which, of course, is yet another problem with the current wiretap system.  
Given the 1st amendment, I see NOTHING which should allow the government to 
prohibit a third party (the phoneco) from telling me of the police's 
interest.  I realize that this is "assumed without question" by the various 
suck-ups who populate government and probably most lawyers, but it seems to 
me that one of the disadvantages of the government going outself itself to 
obtain evidence SHOULD BE that in doing so, it reveals its interests to 
those third parties.

As far as I'm aware, if the police serve an ordinary search warrant at a 
particular address, they  can't prohibit the targets of that warrant from 
telling anyone else of this.  It seems to me that the main reason police 
have gotten used to the idea of doing search warrants secretly is that the 
local phonecos have been monopolies so long, and they're so used to 
cooperating with government and the cops (as evidenced by the fact that 
police regularly got illegal wiretaps before 1968), that this has soaked in 
as being expected.  Indeed, the pre-'68 illegal wiretaps prove beyond a 
shadow of a doubt that government and the telephone company never have had 
any sort of arm's-length relationship, and strongly suggest that the 
Constitutionality of wiretapping (vis a vis the constitutionality of 
phoneco's claimed responsibility to keep the whole thing secret) has never 
been legitimately tested.

Remember, since the phoneco has had no competition, they've never been at 
risk from being shunned by customers who object to this secret cooperation.  
A more "realistic" position, I think, would be to conclude that if there was 
true competition, customers would be able to negotiate varying levels of 
non-cooperation in order to win customers.  I suspect that post-Ruby 
Ridge/post-Waco, there would be a substantial fraction of the public who 
would conclude that it cannot trust its own government.

I can think of at least one suck-up lawyer who will pooh-pooh this, claiming 
that wiretaps are now legal, but when looked at from a pre-1968 standpoint, 
wiretaps were illegal, so it seems logical that customers should have been 
entitled to insist that telephone companies obey the law.  It's hard to 
avoid the conclusion that the reason this kind of illegal behavior was done 
by the cops as well as the phonecos is the fact that no phoneco ever had to 
fear loss of any kind of profit as a consequence of illegal cooperation.  

Indeed, I doubt that any telephone company EVER _publicly_ refused an 
illegal wiretap request by police. (By this, I mean the phoneco informed the 
public of an illegal request on its own initiative.)  The total or 
near-total absence of such practices would make it clear that nothing that 
occurred before 1968 could possibly be considered  the norm for 
constitutionality, casting further doubt on the 1968 "compromise."

It doesn't seem likely (from a constitutional standpoint, anyway) that the 
"normal" level of cooperation that police can get from a monopolized, 
regulated industry should, retroactively, become considered to be the 
"constitutional" amount of cooperation that the cops can legally expect to 
get from everyone else.


Jim Bell
[email protected]