[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gack vs. key escrow vs. key recovery



At 05:33 PM 10/3/96 -0700, Vladimir Z. Nuri wrote:
>cpunks, a note about recent developments in "key recovery" initiative.
>
>I think cpunks as a group should reconsider very seriously their
>own positions on cryptography and come up with something more
>sophisticated than "any government bill or plan associated with
>crypto is evil" which is the functional equivalent of the ideology
>behind many recent posts.

We don't think they're all NECESSARILY evil...they just turn out that way.

Whose fault is this?


>what is the precise difference between gack, key escrow, and
>key recovery? 

Phase of moon?  Season?  Maybe it has something to do with the 11-year 
sunspot cycle?  Bi-millenialism?

>TCM has argued that the administration is muddying
>the issue by manipulating the terminology. perhaps so, but I feel
>that cpunks are equally guilty, by branding anything that emanates
>out of the government as inherently orwellian. do you always have
>to have an enemy? is the government always going to be your 
>enemy, no matter what they do?

The government seems to be BEHAVING as if it is always going to be our 
enemy.    Whose fault is that?


>I have posted here before that many companies find the concept
>of "key recovery" highly acceptable and even desirable. the 
>basic question is, what does this mean to wiretapping and 
>search warrants and subpoenas?
>it is clear we are coming to a fork in the road at this moment.

And it is our goal to not "get forked."


>there are going to be two types of cpunk opinions based on recent
>developments.
>
>1. those who feel that wiretapping was illegitimate from the
>start and are working to make wiretapping impossible. confronted
>with a legal search warrant/subpoena etc. for personal data, 
>they would not hand over keys. they would "superencrypt" in
>systems that do etc.

That's me...


>2. those who feel that there is such a thing as a legal warrant
>or subpoena for information protected by cryptography keys, and
>would agree that this logically means that governments will be
>getting access to "key recovery" infrastructures.

On the contrary:  The existence of a "legal warrant" doesn't mean that the 
government ought to (or even can) get access to data via a "key recovery" 
system.  It's been mentioned numerous times that there are plenty of things 
that could be done (multiple encryption; encryption of GAK'd key; foreign 
key escrow with no request cooperation, etc) to prevent this.


>personally I am leaning toward 2, because I feel that we already
>live in such a society,

We also live in a violent, oppressive society.  Does this mean that we 
shouldn't try to fix its problems?

> and that it is not orwellian.

Pollyanna, meet Eric Blair.

> companies are going to lean toward (2).


No, they're going to lean towards yet another system, (3), whatever suits them.

> I do agree
>that the gov't has the potential to twist this process to evil
>ends,

If it had not had the desire to "twist this process to evil ends" government 
wouldn't have interfered with the natural development of key-keeping systems 
which serve only the key owner, not anyone else.

> but that has always been true of everything about democratic
>government, and the recipe for 200+ years has always been
>and remains "eternal vigilance". in other words, I am in favor
>of some kind of mechanism by which the government can obtain
>keys via subpoenas/warrants.

And I am in favor of some kind of mechanism by which the government can be 
destroyed by ordinary citizens.


>cpunks, I think we should try to clarify our terms and come to
>some conclusions. 
>
>those who continue to pursue (1) are going to be perceived as
>more and more radical and extremist, because arguably it is not
>even a system we have today or one that was ever devised.

I'd disagree with that.  I've devised a system...


>remember, the constution guarantees
>freedom from *unreasonable* search and seizure, but never
>prohibited search and seizure in the first place!! apparently
>at least our found fathers believed that "reasonable" search
>and seizure was a wholly legitimate function of government,
>based on this wording.

I guess that means that anything they call "reasonable," you'll agree with?

Hint:  Between about 1932 and 1968, wiretaps in the US were ILLEGAL.  
Nevertheless, they were done anyway, by the telephone company on request by 
the cops. (they were not admissible in court, however.)   Question:  Should 
we define the standard of 'reasonable' on the opinion of a group of people 
(cops, officials, politicians) who have a proven habit of using illegal 
techniques to get information?

Apparently, cops are unwilling to let illegality get in their way.  I'd say, 
on the whole, cops must have a rather enormous motivation to get wiretaps, 
and only a fool would think that this would fail to motivate them to adjust 
their standard of "reasonableness."

>regarding (2): the government may actually help bring crypto
>to the masses via the post office and other routes. are
>cpunks going to continue to hold the simplistic, reactionary,
>knee-jerk, black-and-white opinion that "anything with the
>word 'government' in it is evil"? "if the government is doing
>something, then we must sabotage it"?

So far, such an opinion would fit the facts far better than anything you've 
said so far.


Jim Bell
[email protected]