[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TIS, SKE, & CyberCash Inc.

Timothy C. May <[email protected]> wrote:
> A "voluntary" software key escrow system is of course OK (useful for
> people afraid of forgetting their keys, for companies that don't want
> the death of employees to cut them off from corporate secrets, etc.).
> But any system in which the escrow key holders are *not* freely
> selectable from a list one generates one's self (where the agents may
> be the company lawyer, one's mother, one's priest, the bit bucket, the
> machine down the hall, or nothing at all, etc.) is *not voluntary*.

Of course the State's current interest has little to do with these 
legitimate issues. All the government rhetoric about "voluntary" 
encryption standards is a smokescreen. I believe those who don't want
to eventually see government *dictated* key escrow, and the outlawing 
of alternatives should not let themselves be lulled by it.  

A case in point is Tony Clark's draft legislation proposal for the
"Encryption Standards and Procedures Act" from the House Committee
on Science, Space, and Technology.  In the preamble we have the sole
reassuring mention of "voluntary":

	"To amend the National Institute of Standards and Technology 
	 Act to provide for the establishment and management of 
	 voluntary encryption standards to protect the privacy and 
	 security of electronic information, and for other purposes."

Then in the Findings and Purposes section it starts to get at the
crux of the real agenda:

	"(2) The proliferation of communications and information
	 technology has made it increasingly difficult for the 
	 government to obtain and interpret, in a timely manner,
	 electronic information that is necessary to provide for
	 public safety and national security."

This primary agenda is restated in the Requirements subsection 
under Federal Encryption Standards:

	"(C) shall contribute to public safety and national security;
	 (E) shall preserve the functional ability of the government
	 to interpret, in a timely manner, electronic information 
	 that has been obtained pursuant to an electronic surveillance
	 permitted by law;
	 (F) may be implemented in software, firmware, hardware, or
	 any combination thereof; and
	 (G) shall include a validation program to determine the 
	 extent to which such standards have been implemented in
	 conformance with the requirements set forth in this paragraph."

Later on, in the Definitions section, the term "electronic
information" for the purposes of the legislation is defined in what
I find to be an ominously expansive way:

	"(8) The term 'electronic information' means the content,
     source, or destination of any information in any electronic
     form and in any medium which has not been specifically 
     authorized by a Federal statute or an Executive Order to be
     kept secret in the interest of national defense or foreign
     policy and which is stored, processed, transmitted or 
     otherwise communicated, domestically or internationally, in
     an electronic communications system..."

What does "voluntary" really mean in the context of the repeatedly
stated need to provide for "public safety and national security"?
Does it mean that those who are the putative threats to said "public 
safety and national security" may volunteer to participate??  I can
see them lining up right now.  But then, I sure as hell don't plan
to volunteer either.  Uh oh, I guess that makes me suspect.  The
more I think about it, the more ludicrous and derisible this
pretense of "voluntary" becomes. 

How can someone not _want_ to volunteer to "contribute to public
safety and national security?" If you can succeed in imposing this
framework on the issue, then dealing with the heretics is so much

> I get the feeling that wheels are turning, that deals are being cut.

I certainly concur with that feeling.  The wheels are definitely
turning.  They are racing to get the fundamentals in place in
advance of social and technical developments that might make their
job more difficult in the future. I wouldn't be surprized to see 
some cyberspatial version of the Reichstag fire come along as a goad 
to stampede the body politic into rash action on this issue. Perhaps
a series of such incidents involving a spectrum of the usual bogeymen 
in a way so as to push the hot buttons of the widest possible 

As time goes by the constituency that could oppose their actions
grows. Concurrent developments in software and DSP technology are 
opening the window of opportunity for affordable consumer products 
that could provide secure, real-time public-key encryption of voice
and data communications. Once people have the knowledge and the tools
in their hands, they are much less inclined to accept ignorance as 
strength.  Which is why it is urgent that we do what we can to spread
the knowledge and forge the tools while the time is ripe.

> Wiretap bills, Software Key Escrow, Government Access to Keys,
> information superhighways, Data Cops...it's all getting pretty
> worrisome.

It sure ain't my idea of the millennium...