[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: key escrow idea from David Satelin of MIT Lincoln Labs



> 
> You may say, of course, "that's not how they currently interpet it," but my 
> response is simple:  Any talk of tolerating any sort of key-escrow (GAK) 
> system must presume that the people running it are no more honest than they 
> are today.  If the cops (and the government in general) so generously 
> misinterprets the government's "rights" with regard to wiretapping, there is 
> simply no reason to believe that any restrictions they claim to be willing 
> to respect now will actually be followed once such a plan is approved.  
> Don't try to get out of this:  You can't ignore past abuses.  And if they 
> were willing to do illegal taps before 1968, this tells you how inclined 
> they are to obey the law.

Slightly off topic:

I haven't seen this horror of GAK discussed here, but this is (IMHO) as
important as possible abuse by LEA's.

Let's factor the LEA's out for a bit.

The US government gets their mandatory key access, and keeps their keys in
three databases in various locations.

Most foreign powers would pay someone a handsome sum to hand over these
keys.  I would bet that France or Iran would offer a billion dollars to
someone who would turn over the part of the database they preside over.

I bet that France/Iran/etc. would be able to pool together 3 billion
dollars and a nice getaway for the stooges who can grab a tape with the
escrowed keys on it.  Heck, Ames turned traitor for less.  (I am assuming
the keys as small, 1K bytes each... an 8mm Exabyte mammoth tape would be
able to carry 30 million keys.)  Even an "el cheapo" Travan TR3 tape would
be able to snarf 1.6 million keys... and that's a lot of people
compromised!

Soon, you have the US's whole security structure totally compromised.
Any business transactions, any communications are now subject to tapping
by foreign agents, and all US crypto would be absolutely powerless.  And
you thought ITAR put companies at a disadvantage. US companies would
be stomped on by competition which seems to have the same product just
slightly earlier or slightly more refined, or they would move out of the
US, so they can use strong crypto.

Even if one assumes that the LEA's are incorruptable, there are always
people who are willing to watch their country go down in flames for money.