[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Why escrow? (was Re: How would Leahy bill affect crypto
At 04:15 PM 3/13/96 +0000, Deranged Mutant wrote:
>Since when is the government intentionally going to let any bill or
>policy go through that isn't friendly to themselves??? (You don't
>have to be an anarchist to figure that out!)
Well, it's not surprising, of course, but it DOES seem to be making these
assumptions. I wonder what they're gonna do when they start
discovering that "all" voluntary escrow system in place have protections far
beyond what they've anticipated? That's why I'm more than a little
disturbed about the one really bad portion of the Leahy bill: The one that
makes using encryption to thwart an investigation a crime. As Mr. Junger
observed, and as should be obvious to most of the rest of us, such a section
of the bill could turn a key-escrow holder into a criminal if he fails to
disclose an encryption system that protects a key, or (worse!) even if he
structures his business in such a way as to avoid having the decrypt key for
the escrowed key at all. Previously, legally, he could probably have
claimed innocence because he had no decrypt-key to disclose, but Leahy's
bill would make him guilty even if there was nothing he could do to give
them a key.
>Nothing is safe from abuse, by the goverment or non-government fols
>alike. There's always more loopholes to clean up. (Not that this
>means we shouldn't clean them up... obviously bad policies should be
>fixed...). Just as no crypto is 100% foolproof, no legal system is
>100% abuse-proof.
If I were trying to detect government investigation in such a situation, I
would buy a crypto phone, open an "escrow account" on a totally voluntary
basis, give them a phony key, and then (as part of the (presumably?)
enforceable escrow agreement) insist that they inform me if anybody asks for
the key. There is nothing in Leahy's bill which appears to prohibit the
escrow agent from informing the key holder of a request/demand for the key;
(I would greatly prefer if that was an actual legal requirement that they do
inform the key user.) The question is, is this merely an oversight on their
part, or are they planning something, or are they assuming an existing law
would cover his? The answer doesn't look good.
Jim Bell
jim [email protected]