[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I have FOIA'd the Clipper Key Escrow databases



Steve Bellovin writes:
> Good strategy.  I still wonder if the decrypted keys are (all) classified,
> while the encrypted ones aren't.  After all, the local cops' magic decoder
> boxes can strip off that layer of encryption (as, of course, anyone
> who steals one of those boxes or bribes a local cop).

I'm puzzled by the applicability of "classification" here.
The NSA can classify stuff, since they're part of the military,
and a few other government agencies can (State Dept., I think?),
but are NIST and Treasury able to do so?  (Assuming, of course,  that we
maintain the charade that the NIST and NSA are separate for crypto purposes.)
I don't think they can, and if they could, they wouldn't be able to give
any of the classified stuff to regular local cops.
If things become classified by the NSA handling them at key-setting time,
then they can't give them to the so-called escrow agencies,
or if they do, those agencies can't give them to uncleared people.

Perhaps the NSA's secret backdoor mechanisms in the key-setting process
are classified, since the nation would feel very insecure if they knew
about them, but that's a separate issue.

Keys for batches of chips the NSA burns for use by Defense Department users
are a different story, and probably have a different Family Key
than civilian-wiretapping keys, but they're probably handled under
entirely different rules anyway.

> Anyway, I hope the idea works, or at least drives them a bit crazy...


		Bill