[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

gack vs. key escrow vs. key recovery



cpunks, a note about recent developments in "key recovery" initiative.

I think cpunks as a group should reconsider very seriously their
own positions on cryptography and come up with something more
sophisticated than "any government bill or plan associated with
crypto is evil" which is the functional equivalent of the ideology
behind many recent posts.

what is the precise difference between gack, key escrow, and
key recovery? TCM has argued that the administration is muddying
the issue by manipulating the terminology. perhaps so, but I feel
that cpunks are equally guilty, by branding anything that emanates
out of the government as inherently orwellian. do you always have
to have an enemy? is the government always going to be your 
enemy, no matter what they do?

I have posted here before that many companies find the concept
of "key recovery" highly acceptable and even desirable. the 
basic question is, what does this mean to wiretapping and 
search warrants and subpoenas?

it is clear we are coming to a fork in the road at this moment.
there are going to be two types of cpunk opinions based on recent
developments.

1. those who feel that wiretapping was illegitimate from the
start and are working to make wiretapping impossible. confronted
with a legal search warrant/subpoena etc. for personal data, 
they would not hand over keys. they would "superencrypt" in
systems that do etc.

2. those who feel that there is such a thing as a legal warrant
or subpoena for information protected by cryptography keys, and
would agree that this logically means that governments will be
getting access to "key recovery" infrastructures.

personally I am leaning toward 2, because I feel that we already
live in such a society, and that it is not orwellian. companies are
going to lean toward (2). I do agree
that the gov't has the potential to twist this process to evil
ends, but that has always been true of everything about democratic
government, and the recipe for 200+ years has always been
and remains "eternal vigilance". in other words, I am in favor
of some kind of mechanism by which the government can obtain
keys via subpoenas/warrants.
 
cpunks, I think we should try to clarify our terms and come to
some conclusions. 

those who continue to pursue (1) are going to be perceived as
more and more radical and extremist, because arguably it is not
even a system we have today or one that was ever devised.
remember, the constution guarantees
freedom from *unreasonable* search and seizure, but never
prohibited search and seizure in the first place!! apparently
at least our found fathers believed that "reasonable" search
and seizure was a wholly legitimate function of government,
based on this wording.

regarding (2): the government may actually help bring crypto
to the masses via the post office and other routes. are
cpunks going to continue to hold the simplistic, reactionary,
knee-jerk, black-and-white opinion that "anything with the
word 'government' in it is evil"? "if the government is doing
something, then we must sabotage it"?

I'll be watching the debate closely, as the true extremists
incapable of compromise (and thereby living in a fantasy world)
show their colors....