[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The New GAK-Clipper Thing will Fail



At 11:11 AM 10/3/96 -0800, Timothy C. May wrote:
>
>Comparing the latest GAK/Clipper III (or is it Clipper IV?) thing to the
>original Clipper announcement in April 1993, I sense a lot more confusion,
>a lot more thorny issues, and a lot more vagueness. They just seem more
>disorganized and less committed than the last time around. Each iteration
>of Clipper gets less focussed and seems to last a shorter time before the
>next version is being talked about. A good thing, of course.

Sort of like a "political" version of Zeno's paradox?    B^)

>
>Some random points:

>--the large pool of _existing_ crypto products means people will be using
>these products for years to come (possibly within GAK wrappers, as just
>noted)...unless the New World Order (tm) somehow locates, seizes, or
>otherwise makes criminals out of those who use a once-legal product, how
>could this be stopped?

And I suspect that there will be large numbers of people using non-GAK 
simply as a protest.  Trying to convict even one of them will be difficult; 
the government has to admit that they're not doing anything illegal, etc.  
Yet, if the gov't FAILS to prosecute them, that'll destroy an law requiring 
GAK.

[snip]

>(On the "costs" issue, running these Key Authorities, staffing them,
>complying with subpoenas (and who will _fight_ the subpoenas?),

I think it would be appropriate to contact each of the companies which have 
publicly signed on to this most recent propsal (Clipper 3.XX?  Clipper IV?) 
and point out that (if they still won't revoke their approval) they should 
publicly and irrevocably commit to challenge each and every key subpoena 
with a full legal challenge (to the SC if necessary), INCLUDING informing 
and participation of the key owner/user, with all of his attorney fees paid 
for by an insurance policy issued specifically for the purpose.  This 
process would probably take at least months, if not years.

(This is important, because I believe that wiretaps have set a false 
precedent:  AT+T (before breakup) and local telcos afterwards, being 
monopolies, had no motivation to challenge wiretap orders, and the practice 
was to not inform those tapped, perhaps not even after the tap was removed.  
There is no reason to assume, however, that key-escrow systems should follow 
that precedent, because the relationship between AT+T and government was not 
an "arm's length" one.  Presumably, key-escrow companies should be entitled, 
no REQUIRED to verify the legitimacy of any key-release.  "It's only fair!"  )

The resulting legal atmosphere would become so distasteful to the Dept. of 
Injustice that it would make key escrow useless as a practical tool, even 
though it would exist as a technicality.  If the DOI objected, companies 
need merely say the magic words "Richard Jewell" and all ordinary citizens 
would recognize the problem.

The point, of course, is NOT to encourage these companies to support Clipper 
IV.  Rather, goal is to suggest to them a "poison pill" which would make 
their cooperation meaningless in the end, while at the same time giving them 
a 2-year free 56-bit export.  Think of it as a monkey-wrench they can throw 
into the works.

We can use such a proposal as a sort-of "loyalty to freedom and their fellow 
citizens oath" because any company which refused such a REASONABLE 
protection to ordinary citizens would be, in effect, giving their middle 
finger to the public.





Jim Bell
[email protected]