[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Dep. AG Gorelick on CSPAN2 advocating escrow
At 12:20 PM -0700 7/14/96, Timothy C. May wrote:
>At 1:34 PM 7/13/96, Deranged Mutant wrote:
>>Saw Jamie(?) Gorelick, Dep. Attny Gen. on CSPAN2 talking about needs
>>for key escrow. Emphasized the what if people lose their keys, or
>>someone dies, or if an employee steals company secrets & encrypts
>>them... rather than the usual what if terrorists use crypto line
>>(though she did mention that too).
>>
>>Guess they're taking a new tack to sell it to the public. A lot of
>>bunkum... (project left to the reader how these can be handled in a
>>non-GAK manner).
>
>And as we all know, having discussed this many times, even if one buys
>these arguments for the advantages of key escrow, THEY DO NOT APPLY TO
>COMMUNICATIONS!
>
>That is, imagine Alice and Bob communicating over some channel. Alice has
>files on her computer. Putatively, if she dies, leave her company,
>whatever, it is desired to reconstruct these files. Fine. A potential use
>for key escrow. (If voluntary, of course.)
>
>But what does this have to do with a channel between Alice and Bob? Why
>should the keys for this channel ever need to be escrowed for the reasons
>Gorelick cites? After all, Alice has the files she sent stored locally, and
>Bob presumably has the same files he received.
>
>There is essentially no rationale for escrowing the keys of a transient
>communication.
>
>The Administration and even cryptologists apologizing for GAK (who ought to
>know better) are curiously silent on this rebuttal to their claims.
It's not that powerful a rebuttal, since it would require files of e-mail
(or their session keys) to be encrypted twice--once with the escrowed
storage key and again with the transmission (recipient's) key. And if the
message were public key, it would require a re-encryption at the receiving
end with the recipient's escrowed storage key to make the recipient's files
available to HIS management. Further, it would require everyone to keep two
keys since I infer from your position you wouldn't want your public key to
be the escrowed one (for transmission security).
As you know I do not support mandatory key escrow in the US, but arguments
against it need to be robust. Your argument, while not without merit, is
weaker than one would like (in that it is susceptible to the mental
rebuttal by policymakers that I've outlined above). In my view it isn't the
kind of decisive argument that would justify your use of "curiously" silent.
David
PGP signature