[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NIST GAK meeting writeup, LONG part 3 of 3



At 04:22 PM 12/13/95 -0600, you wrote:
>>  The term "voluntary" implies (!) that people don't have to do
>>  something, right?  If that's really the case, then the escrow agent
>>  should have no obligation to do what is called "voluntary."
>
>Voluntary GAK means the system is voluntary for the USERS, not for the ESCROW  
>AGENTS.  What is the point of certifying escrow agents if they can still  
>thumb their noses at the LEAs?

I disagree.  The issue is one that might be called "standing."  Who,
exactly, is responsible to whom in such an arrangement.  Let's suppose key
escrow (for keys for non-exported encryption devices) is REALLY VOLUNTARY.
In that case, the escrow agent's only legal  responsibility is to the owner
of the encryption device.  The government isn't a party to this voluntary
arrangement, and thus hasn't a complaint if the escrow agent refuses to comply.

I could, for example, enter into a voluntary arrangement with an escrow
agent so that he would be obligated to erase the key no more nor less than 5
days after he received it.  If he  did so 1 day after, and I needed the key,
he would have breached his obligation to ME, but not to the government.
Likewise, if he failed to erase the key, he would likewise be breaching his
agreement with me.

Unfortunately, I think you've fallen into the too-common trap of assuming
that the government can insist, unilaterally, on people's behavior even
absent laws which specifically require or prohibit specific performance.  

> The proposal is talking about throwing  
>CERTIFIED ESCROW AGENTS in jail for not complying with the authorities and  
>has absolutely nothing to do with users like you.

But you haven't established that an "escrow agent" has any duty to the
government.

>  I don't see how a system  
>where you don't have to register your keys but the escrow agents can be  
>imprisoned for not releasing a key in their possession is any less voluntary  
>to you.

It _is_ less voluntary, because it interferes with my right to escrow my key
with an organization that is willing to take the dispute to arbitrary levels
of uncooperativeness with the government.  I might insist, for example, that
the organization only store the key outside the country (beyond the reach of
US Courts) and require MY PERMISSION for them to release it to the
government.  I might also insist that they further encode the key so that
only an independent foreign organization (out of reach of US courts) could
provide the key to decrypt it.

If key escrow is REALLY REALLY REALLY "voluntary", then such arbitrary
restrictions should be do-able.


>Certainly the whole escrow thing is a sham and it couldn't possibly work if  
>it were really voluntary (witness the documents FOIA'ed from the FBI...). 

Yes but...

> We  
>all know that but there isn't anything sinister in the escrow agent  
>requirement for releasing keys under penalty of law 

Yes, there is.  I STILL refuse to accept the idea that a "key escrow agent"
(if he's keeping a VOLUNTARILY escrowed key, one not for export) must
automatically be considered to be subject to the  whim of government orders.  

>  Believe me, if we continue to have  
>voluntary GAK with no escrow agent requirements or certification when (if?)  
>Mandatory GAK comes down the escrow agent certification and penalties will  
>most definitely be part of the deal.  So I wouldn't worry about quibbling  
>over the voluntaryness just because of the proposed escrow agent  
>requirements.


Here's why you're wrong.  The government wants us to accept an arrangement
they've described as "voluntary."  (Naturally, we will refuse.)  It is
better to be able to show that we're refusing BECAUSE THEY'RE LYING about
the "voluntaryness" of the system, because that makes us appear reasonable
(which we are) and them appear unreasonable (which they are.)    Playing
along with their their assertion that the system is "voluntary" would make
it look like it is we who are being unreasonable.

So the position I'll take is this:

"You claim you are willing to accept that the system be 'voluntary.'  Okay,
the only thing I'll tolerate is one which has the maximum number of
'voluntary' aspects.  Anything less and you're lying." 

I'd insist, for example, on the unfettered ability to turn off the key
escrow "feature" on the telephone (with a switch on the side, labelled "Good
encryption vs. Big Brother's listening".   I'd insist on its ability to talk
to other telephones which have to corresponsing key escrow.

Etc, etc, etc.

If they resist, we can then say, "Oh, you must have been LYING about this
system being voluntary!  SO what else are you lying about?!?  I think you're
being unreasonable, so I have no intention of complying with ANY of your
requests, however reasonable they may appear to be on the surface, because I
cannot trust you!"

And _THAT_ would obviously be a reasonable position.  The key, however, is
that  we must expose the lying, and to do that we must use whatever
inconsistencies we can.  This is  not "quibbling":  It is establishing the
credibility (or lack of it) of THE ENEMY.