[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TIS, SKE, & CyberCash Inc.
Timothy C. May <[email protected]> wrote:
> A "voluntary" software key escrow system is of course OK (useful for
> people afraid of forgetting their keys, for companies that don't want
> the death of employees to cut them off from corporate secrets, etc.).
> But any system in which the escrow key holders are *not* freely
> selectable from a list one generates one's self (where the agents may
> be the company lawyer, one's mother, one's priest, the bit bucket, the
> machine down the hall, or nothing at all, etc.) is *not voluntary*.
Of course the State's current interest has little to do with these
legitimate issues. All the government rhetoric about "voluntary"
encryption standards is a smokescreen. I believe those who don't want
to eventually see government *dictated* key escrow, and the outlawing
of alternatives should not let themselves be lulled by it.
A case in point is Tony Clark's draft legislation proposal for the
"Encryption Standards and Procedures Act" from the House Committee
on Science, Space, and Technology. In the preamble we have the sole
reassuring mention of "voluntary":
"To amend the National Institute of Standards and Technology
Act to provide for the establishment and management of
voluntary encryption standards to protect the privacy and
security of electronic information, and for other purposes."
Then in the Findings and Purposes section it starts to get at the
crux of the real agenda:
"(2) The proliferation of communications and information
technology has made it increasingly difficult for the
government to obtain and interpret, in a timely manner,
electronic information that is necessary to provide for
public safety and national security."
This primary agenda is restated in the Requirements subsection
under Federal Encryption Standards:
"(C) shall contribute to public safety and national security;
(E) shall preserve the functional ability of the government
to interpret, in a timely manner, electronic information
that has been obtained pursuant to an electronic surveillance
permitted by law;
(F) may be implemented in software, firmware, hardware, or
any combination thereof; and
(G) shall include a validation program to determine the
extent to which such standards have been implemented in
conformance with the requirements set forth in this paragraph."
Later on, in the Definitions section, the term "electronic
information" for the purposes of the legislation is defined in what
I find to be an ominously expansive way:
"(8) The term 'electronic information' means the content,
source, or destination of any information in any electronic
form and in any medium which has not been specifically
authorized by a Federal statute or an Executive Order to be
kept secret in the interest of national defense or foreign
policy and which is stored, processed, transmitted or
otherwise communicated, domestically or internationally, in
an electronic communications system..."
What does "voluntary" really mean in the context of the repeatedly
stated need to provide for "public safety and national security"?
Does it mean that those who are the putative threats to said "public
safety and national security" may volunteer to participate?? I can
see them lining up right now. But then, I sure as hell don't plan
to volunteer either. Uh oh, I guess that makes me suspect. The
more I think about it, the more ludicrous and derisible this
pretense of "voluntary" becomes.
How can someone not _want_ to volunteer to "contribute to public
safety and national security?" If you can succeed in imposing this
framework on the issue, then dealing with the heretics is so much
> I get the feeling that wheels are turning, that deals are being cut.
I certainly concur with that feeling. The wheels are definitely
turning. They are racing to get the fundamentals in place in
advance of social and technical developments that might make their
job more difficult in the future. I wouldn't be surprized to see
some cyberspatial version of the Reichstag fire come along as a goad
to stampede the body politic into rash action on this issue. Perhaps
a series of such incidents involving a spectrum of the usual bogeymen
in a way so as to push the hot buttons of the widest possible
As time goes by the constituency that could oppose their actions
grows. Concurrent developments in software and DSP technology are
opening the window of opportunity for affordable consumer products
that could provide secure, real-time public-key encryption of voice
and data communications. Once people have the knowledge and the tools
in their hands, they are much less inclined to accept ignorance as
strength. Which is why it is urgent that we do what we can to spread
the knowledge and forge the tools while the time is ripe.
> Wiretap bills, Software Key Escrow, Government Access to Keys,
> information superhighways, Data Cops...it's all getting pretty
It sure ain't my idea of the millennium...