1994-08-09 - Re: Gore Letter and Software Key Escrow

Header Data

From: Carl Ellison <cme@tis.com>
To: tcmay@netcom.com
Message Hash: 589413ba3c679feca255aa57e70282f8185a35905773bbb1b4fea35b4eb140aa
Message ID: <9408091421.AA16080@tis.com>
Reply To: <199408090004.RAA25895@netcom11.netcom.com>
UTC Datetime: 1994-08-09 14:22:18 UTC
Raw Date: Tue, 9 Aug 94 07:22:18 PDT

Raw message

From: Carl Ellison <cme@tis.com>
Date: Tue, 9 Aug 94 07:22:18 PDT
To: tcmay@netcom.com
Subject: Re: Gore Letter and Software Key Escrow
In-Reply-To: <199408090004.RAA25895@netcom11.netcom.com>
Message-ID: <9408091421.AA16080@tis.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim,

>From: tcmay@netcom.com (Timothy C. May)
>Date: Mon, 8 Aug 1994 17:04:09 -0700 (PDT)

Thanks for the quotes.

>* This compromise will likely put software key escrow (SKE, or Carl
>Ellison's "GAK"..."Government Access to Keys") into the software for
>audio and video teleconferencing, communication, and possibly into the
>OS itself (as this would be needed to ensure wide coverage of
>installed machines).

Let me push even harder for use of the term "GAK".  Your use of SKE here is
not appropriate.  "Escrow" is (or at least was) a neutral or positive term
-- it's something on the side of the user.  GAK is opposed to the user
(unless the user is the Gov't, I suppose).  The Administration, by using
the words "Key Escrow" for GAK, no doubt attempted to sugar coat what they
were doing.  Thanks to the effort of many people (including us), that bit
of sugar coating was washed off for the public to taste what was
underneath.  However, that combined effort has done damage to the English
language.  The word "escrow" is no longer neutral or positive.  It evokes
images of GAK and becomes negative.

I agree that SKE (gov't use of "escrow") is potentially more threatening
than Clipper/Capstone because it removes the distaste for hardware.  But,
even though that is something currently on your mind, I wish you would not
try to limit my phrase GAK to SKE.  By GAK I'm talking about any form of
government access to citizens' keys -- hardware, software, rubber hoses,
....

That was the son-of-an-English-major speaking.

Meanwhile, there are positive uses for salting a master key away.  For
example, I encrypted a file on my Mac with Curve Encrypt earlier this year
and then forgot the password.  It took a month to remember it.  If I hadn't
remembered it, I would have to have written a program to guess passwords
(knowing the forms I use).  (Fortunately, I remembered it.)  It would have
been nice to have a key someplace (e.g., split in 3 pieces among 3 friends
of mine who don't know each other) which I know I can always get in an
emergency.  [There's a danger here that those people might not be protected
by the 5th Amendment, if the gov't were to learn who they were.  ..any
lawyers out there?]

Several people are working on features like this, not for the gov't.

The problem comes that a natural term to use to describe this feature would
be "key escrow".  However, the gov't has soiled that term.  Now, I need a
new term, hopefully true to the language to describe a feature like this
without calling up images of GAK.

--------------------------------------------------


>In closing, I reject the point made by Walker, that Americans will
>accept a "government imposed key escrow if it was established by law."

I do too.  However, he might be right, if you take this as a prediction.
If the gov't had not tried to pull the Clipper/Capstone crap in the manner
it did (half spook, half Madison Avenue), but instead had initiated
legislation to get this access, we cypherpunks would have been upset but we
might not have gotten 80% of the public on our side.

I don't know if the gov't has shot itself in the foot permanently, from
the public's point of view.  What I hope is immaterial.  Walker might
be right.  The gov't might try it and we might lose.  We can't relax
in our efforts but we can't get anywhere just talking to recipients of
cypherpunks.  We have to keep getting the word out.

[begin soap box] I also think we need to start writing the code that's
needed -- not new ciphers or UNIX hacks to demonstrate feasibilities -- but
polished end-user code for the computer-phobic users of Macs or Windows.
[end soap box]

 - Carl






Thread