From: tcmay@netcom.com (Timothy C. May)
Date: Fri, 16 Apr 93 23:10:57 PDT
To: cypherpunks@toad.com
Subject: (fwd) Re: Once tapped, your code is no good any more.
Message-ID: <9304170611.AA29961@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Cypherpunks, 

I agree with Arthur Abraham that we ought to first make our arguments
in public and not preach to the converted here on this list. Unless
the ideas presented are Cypherpunks-related.

In this spirit, here's something I wrote about the consequences of key
escrow.


Newsgroups: sci.crypt,alt.security,comp.org.eff.talk,comp.security.misc,comp.org.acm,comp.org.ieee
From: tcmay@netcom.com (Timothy C. May)
Subject: Re: Once tapped, your code is no good any more.
Date: Sat, 17 Apr 1993 04:53:55 GMT

Brad Templeton (brad@clarinet.com) wrote:
: It occurs to me that if they get a wiretap order on you, and the escrow
: houses release your code to the cops, your code is now no longer secure.
: 
: It's in the hands of cops, and while I am sure most of the time they are
: good, their security will not be as good as the escrow houses.
: 
: 
: What this effectively means is that if they perform a wiretap on you,
: at the end of the wiretap, they should be obligated to inform you that
: a tap was performed, and replace (for free) the clipper chip in your
: cellular phone so that it is once again a code known only to the
: escrow houses.

Getting the court order to reveal the key *also* makes decipherable
all *past* conversations (which may be on tape, or disk, or whatver),
as I understand the proposal. I could be wrong, but I've seen no
mention of "session keys" being the escrowed entities.

As the EFF noted, this raises further issues about the fruits of one
bust leading to incrimination in other areas.

But is it any worse than the current unsecure system? It becomes much
worse, of course, if the government then uses this "Clinton Clipper"
to argue for restrictions on unapproved encryption. (This is the main
concern of most of us, I think. The camel's nose in the tent, etc.)

And it may also become much worse if the ostensible security is
increased, thus allowing greater access to "central office" records by
the government (the conversations being encrypted, who will object to
letting the government have access to them, perhaps even automatically
archiving large fractions...). This was one of the main objections to
the S.266 proposal, that it would force telecom suppliers to provide
easy access for the government.

One the government has had access to months or years of your encrypted
conversations, now all it takes is one misstep, one violation that
gets them the paperwork needed to decrypt *all* of them!

Do we want anyone to have this kind of power?

-Tim May, whose sig block may get him busted in the New Regime

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay@netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^756839 | Public Key: PGP and MailSafe available.