Re: The GAK Momentum is Building...

[Lucky Green <shamrock@netcom.com>]

On Tue, 17 Sep 1996, Timothy C. May wrote:
> However, making the government a _required_ part of such plans implies a
> motive that is not at all the same as what companies wish (mostly, disaster
> recovery).

The required part will come later. Meanwhile, many big players in the 
industry are volunteering to include GAK for you.

When I asked the fellow from HP that proposed the CommerceNet position
paper how the "voluntary key recovery" he was proposing on his slides
could possibly aid law enforcement against criminals who obviously 
wouldn't "escrow" their keys, he said, and I am not kidding:

"There are many possible interpretations of the words voluntary and 
mandatory." I was the *only* person in a room full of people working in the 
industry that seemed bothered by this.

> Furthermore, the main worry (for me, at least) is that the government hopes
> to get its Clipper IV scheme accepted (by means of export laws) at some
> large fraction of important corporate accounts, not the least of which will
> be Netscape, Microsoft, IBM, Oracle, Qualcomm, and suchlike major players
> in the "infrastructure" business. Once most of these have "bought off" on
> GAK, pressure will be intense to universalize the process, to make it a
> felony _not_ to use a "Key Authority."

That's exactly how it will be.

> (BTW, I predict that the tainted term "key escrow" is now gone from the
> official lexicon. I haven't seen the Clipper IV proposal, but I surmise
> that the baggage the term "key escrow" carries means that some more
> benign-sounding term will be used in the final proposal. Something like
> "Key Recovery System." You heard it here.)

Correct. As I explained in my post from the CommerceNet meeting in D.C., 
"key recovery" is the new politically correct term for GAK.

--Lucky