[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: So, what crypto legislation (if any) is necessary?
At 02:19 PM 3/30/96 -0500, Black Unicorn wrote:
>On Sat, 30 Mar 1996 [email protected] wrote:
>
>> The concept of encrypting a key before escrowing it is excellent. It
>> prevents the escrow agent from misusing the key, and protects the principal
>> from government snooping. If the escrow agent is served a subpoena, he can
>> say, "Here is the key you want. Go ahead and take it. In fact, here is my
>> entire key database. All keys are encrypted by the principals before I get
>> them, so I can't guarantee that you will be able to use them, but here they
>> are anyway." At this point, the LEO's can take whatever they want, but the
>> principals are still safe. The escrow agent doesn't have to send any
>> encrypted "rosebud" message to anyone, and he can bend over backwards to make
>> the LEO's happy, so his butt is covered, too. At this point, the LEO's can
>> either (a) send the keys to the NSA for decryption, and thereby admit that
>> the gov't can break IDEA (or whatever cryptosystem was used to encrypt the
>> keys before the escrow agent got them), (b) rubber hose the unencrypted
>> key(s) from the principal, or (c) go home and pout.
>
>(d) [which may be a subset of (b)] impose contempt sanctions on the
>principal until he releases the key to the key.
...which would be a clear violation of the 5th amendment, and would (by
informing the person targeted) defeat the entire purpose of getting the key
in the first place. Of course, you've also assumed that the escrowed data
actually represents some sort of key, which it may not. (The data-holder is
never told that the data he's asked to hold is REALLY a key!)
Insisting that the target of an investigation provide something that may
not even exist is a sure way to fire up the populace. Remember Madame
Defarge (sp?)
Jim Bell
[email protected]