[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FW: No SKE in Daytona and other goodies



Blanc Weber wrote:

> From: Timothy C. May
> 
> "If Microsoft has never met with NIST/NSA or Denning or TIS on this matter,
> and was only pursuing SKE research on its own initiative, without any
> incentives or threats from the government, then I will withdraw my
> speculations and cheer Microsoft on."
> ...................................................
> 
> And then you can say:	Blanc was right all along;
> 			I really had nothing to worry about.
> 			Signed:  Tim C May

No, I obviously won't sign that ;-}. First, Blanc has said many
things, even expressing her own concerns about the implications of
SKE, so this statement is overly broad. Second, "I really had nothing
to worry about" is under no circumstances true.

But my main point here will be to comment on the *infrastructure* that
SKE implies, and whey even a "voluntary" system is worrisome.

> I would like to see more explanations on key escrow, myself.   To me, 
> the issue is control:  who gets it, who excercises it, who will try to 
> prevent an individual from their right to exert it.

Yes, more debate is needed. I've seen essentially no mention of it in
the press, though I understand some articles will soon be coming.

For an idea with such ramifications, with a conference of
international scope, and with folks withing software companies already
briefed on this new idea, I'd say it's high time to get the public
debate started.

> How does the mere existence of a system of key escrow necessitate that 
> no one will ever again have the means to secure their privacy?   I do 
> understand the difference in the situation of an individual in a 
> corporate environment using a given software environment, vs the 
> individual at home with their own pc trying to access the internet & 
> send email.

"Key escrow" does not automatically imply loss of privacy. For
example, I have a diskette containing my keys which I store off-site,
to protect myself from loss of my computer. Likewise, I could deposit
copies of keys, or cryptosplit files, with a lawyer, a key escrow
service, etc. Ditto inside corporations.

But what is the reason of the involvement of "law enforcement" and the
"intelligence community" in this matter? I refer you all to the
upcoming conference agenda, the involvement of NIST/NSA, TIS, Denning,
and FBI Director Louis Freeh. Look at the papers being presented at
the conference.

Any questions?

> Do you think that having created a means to an end, that it will be 
> impossible to retain ownership and control of it?  In the present 
> political atmosphere, there are many ownership issues being threated.  
> The government's position is to take away the means to an end, thereby 
> preventing the whole problem of having to think about who has the right 
> to use it or not.

That's a good point. The government apparently wants to limit the free
and personal use of crypto, to create a SKE system where Clipper
failed. I am certainly not alone in drawing this conclusion.

Vague statements about it all being voluntary are hardly consistent
with the involvement of law enforcement, other intelligence agencies,
the export control folks, and the police and intelligence agencies of
other nations.

(Some Cyperpunks get very indignant when the issues of gun control and
crypto are linked, but this is an obvious case of strong parallels.
Those that know about gun registration, limits on ammunition sales,
licensing, etc., will already know about the parallels. Those that
don't are probably not gun rights advocates, so they won't be
persuaded.)

> Do you think that preventing companies from implementing their own key 
> escrow schemes, this will eliminate the problem of having to fight with 
> the government over the keys?

I don't proprose to "prevent" any company from exploring key escrow. I
just don't see why law enforcement, intelligence agencies, etc. have
anything to do with this, and I am very worried by the arguments I
hear about "legitimate needs of law enforcement" and "export laws."

If Microsoft or Novell or Apple wishes to offer products that support
easy use of software key escrow, fine. It's a dangerous temptation to
government to take their voluntary systems and make them mandatory (as
I suspect is the goal, soon enough), but I would not try to use the
law to stop them. I might try to use public pressure, but I'd have to
wait and see what their scheme looked like.

Any hint that the systems used were developed with government backing,
with "incentivization," or with protocols especially suited for
eventual mandatory use, would of course change everything....then I
would favor doing more.

We're in a new kind of situation. Technologies are no longer just
"free market" issues, they often get developed with government inputs,
with collusion with other companies (where the government sanctions
and even encourages this collusion), and where the infrastructure of a
police state is possibly being deployed.

So let's be vigilant.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
[email protected]       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."