Re: "Key Escrow" --- the very idea

[Peter Murphy <pkm@maths.uq.oz.au>]

Carl Ellison wrote:
> 
> if you really want to propose an escrow system we can live with,
> I would demand that it include:
> 
> 1.	unambiguous ID of the person being tapped in the LEAF-equivalent
> 2.	multiple escrow agencies, at least one of which is the NSA HQ
> 	(for its superior physical security)
> 3.	watchdogs as escrow agents (e.g., ACLU, Rep & Dem parties, CPSR,
> 	EFF, NYTimes, ...) with authorization to look for abuses of
> 	authority and to refuse to release keys in such cases and to
> 	publicize such cases as well as bringing them to the attention
> 	of law enforcement for prosecution.
> 4.	user-generated escrow keys, to reduce the chance of anyone having a
> 	backdoor way to get the whole escrow key database.
> 

I think you missed one important condition:

  5.    Make it optional, with no strings attached. Furthermore, make the
        system designed so that the "default" option is no key escrow. In
        other words, the government would have to get permission for key
        escrow.

Condition 5 would of course not apply to government employees. Nor would it
apply to the office communication equipment inside the more "paranoid" business
associations. Of course, it would be the company, not government, who would
hold the keys, and of course the company should have the choice in deciding
whether key escrow is really necessary.

Of course, with this extra condition, key escrow seems fairly pointless. :-)
But I don't mind. It's not as if I'm exactly looking forward to it Down
Under.

Peter Murphy.