->
->http://www.hotwired.com/cgi-bin/interact/view_stitch?msg.21981
->
->T H R E A D : Brain Tennis
->T O P I C : The Right to Absolute Privacy?
->P O S T : 21 of 51
->
-> Key Escrow - Extrapolating the concept
-> Philip Jepsen (jepsenq) on Wed, 31 Jul 96 19:32 PDT
->
-> As disturbing as key escrow is by itself, there is
-> another question on this subject which is even
-> more disturbing:
->
-> If key escrow were to be implemented and
-> required by law, how would the FBI/Government
-> enforce and monitor adherence to such a law?
->
-> Any semi-intelligent computer user can find strong
-> encryption software on the Internet. This will
-> reportedly not change with key escrow - the whole
-> idea here is that strong encryption software will
-> be available to anyone, but that you have to
-> escrow your key.
->
-> Given strong encryption software and key escrow,
-> all you need to do to keep your data secure is to
-> double encrypt - first with your private
-> (non-escrowed) key, and then with your
-> semi-private (escrowed) key.
->
-> This would give your files/communications the
-> appearance of adhering to the key escrow system.
->
-> The only way of finding out that you are using
-> double encryption (with a non-escrowed key) would
-> be by decrypting your file/communication with your
-> escrowed key and observing that the decrypted data
-> is still unreadable (encrypted with a non-escrowed
-> key).
->
-> The FBI/Government would have to access your
-> escrowed key and violate your privacy just to
-> verify that you are playing by the rules, and have
-> not double-encrypted your data?
->
-> So how exactly is a key-escrow system going to be
-> enforced?
->
-> And how does a key escrow system help, when any
-> semi-intelligent computer user can set up a double
-> encryption system?
->
-> Any intelligent computer user (including
-> unfortunately criminals and terrorists) could
-> double-encrypt their private files. They could
-> also maintain two sets of public/private keys for
-> their communications. One set would be escrowed,
-> and would be used for routine traffic, and as an
-> outer shell for really private/secret
-> communications. The other set would not be
-> escrowed. The non-escrowed public key could be
-> communicated in a message encrypted with the
-> escrowed key pair. The only way the FBI could
-> detect this would be by using your escrowed key.
->
-> Obviously, getting a warrant and finding out at
-> that point that the target of investigation has
-> double-encrypted his data would be worthless
-> to the FBI.
->
-> In this situation, the person has failed to escrow
-> his key (and quite likely cannot remember the key
-> while under the pressure and tension of FBI
-> investigation).
->
-> Is the penalty for this going to be more severe
-> than the penalty for criminal acts or acts of
-> terrorism? Will you automatically be considered
-> a criminal or a terrorist if you failed to escrow
-> your key and then cannot remember it or refuse to
-> give it to the FBI?
->
-> Worse yet, the FBI will at some point realize that
-> it needs to ensure suspected terrorists are not
-> double-encrypting their data. To do this, the FBI
-> needs to "spot-check" communications to and from
-> the suspected terrorist, by getting the person's
-> escrowed key and verifying that his communications
-> are readable once decrypted with the escrowed key.
->
-> If the suspected terrorist's communications are
-> not readable after decryption with the escrowed
-> key, the FBI now informs him that he is in
-> violation of the law, and instructs him to only
-> send communications with his escrowed key (which
-> the FBI now obviously has a copy of).
->
-> The suspected terrorist (even if he is really
-> stupid) realizes that he is being watched by the
-> FBI and that the FBI is reading all communication
-> he is encrypting with only an escrowed key.
->
-> It is clear that key escrow by itself will not
-> solve anything, and will at most be an annoyance
-> to criminals/terrorists, while it will weaken
-> security for all law-abiding citizens and
-> companies. This is as true for key escrow as it
-> was for the Clipper chip.
->
-> Clearly the NSA and FBI and the Clinton
-> administration already know this. So what is the
-> planned next step after key escrow?
-> How will they ensure you cannot double-encrypt?
->
-> We are not being told the whole story, and I'm
-> willing to bet this is because we would not like
-> it if it were told.
->
-> P O S T S - F I R S T - P R E V I O U S - N E X T - I N D E X - T O P=
I
-> C S
->
->
->
-> [Image]
->
-> [wired]
->
-> [SEARCH]
-> [HOME]
-> [HELP]
->
-> Copyright =A9 1996 Wired Ventures, Inc.
-> Compilation copyright =A9 1996 HotWired, Inc. All rights reserved.
->
---=3D -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-= =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Being a smartass beats being a dumb ass... you should try it sometime. -=3D-=3D-=3D-=3D-=3D-=3D-=3D -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- tbyars@earthlink.net