From: Aron Freed <s009amf@discover.wright.edu>
Date: Tue, 2 Aug 94 06:24:43 PDT
To: "Timothy C. May" <tcmay@netcom.com>
Subject: Re: New Threat on the Horizon: Software Key Escrow
In-Reply-To: <199407261933.MAA17765@netcom8.netcom.com>
Message-ID: <Pine.3.89.9408020932.B27250-0100000@discover>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 26 Jul 1994, Timothy C. May wrote:

> Here's the rub:
> 
> * Suppose the various software vendors are "incentivized" to include
> this in upcoming releases. For example, in 30 million copies of
> Microsoft's "Chicago" (Windows 4.0) that will hit the streets early in
> '95 (betas are being used today by many).
> 
> * This solves the "infrastructure" or "fax effect" problem--key escrow
> gets widely deployed, in a way that Clipper was apparently never going
> to be (did any of you know _anybody_ planning to buy a "Surety"
> phone?).
> 
> (Why would _anyone_ ever use a voluntary key escrow system? Lots of
> reasons, which is why I don't condemn key escrow automatically.
> Partners in a business may want access under the right circumstances
> to files. Corporations may want corporate encryption accessible under
> emergencyy circumstances (e.g., Accounting and Legal are escrow
> agencies). And individuals who forget their keys--which happens all
> the time--may want the emergency option of asking their friends who
> agreed to hold the key escrow stuff to help them. Lots of other
> reasons. And lots of chances for abuse, independent of mandatory key escrow.)
> 
> But there are extreme dangers in having the infrastructure of a
> software key escrow system widely deployed.
> 
> I can't see how a widely-deployed (e.g., all copies of Chicago, etc.)
> "voluntary key escrow" system would remain voluntary for long. It
> looks to me that the strategy is to get the infrastructure widely
> deployed with no mention of a government role, and then to bring the
> government in as a key holder.
> 
> 
> I was the one who posted the Dorothy Denning "trial balloon" stuff to
> sci.crypt, in October of 1992, six months before it all became real
> with the announcement of Clipper. This generated more than a thousand
> postings, not all of them useful (:-}), and helped prepare us for the
> shock of the Clipper proposal the following April.
> 
> I see this software-based key escrow the same way. Time to start
> 

I was just reading through my mail when it hit me. If the NSA and the FBI 
want to put their software based key-escrow systems into software like 
Chicago, why don't we create pamphlets to send out to businesses and the 
people of the United States. In the pamphlet, there is a little glossary 
for some of the terms and acronyms used and explanation of the Govt. 
would like to do with Clipper Chip and YOUR phones and computers. Or we 
could try another route. Most radio stations and TV stations give groups 
free air time for public service anouncements. We could create videos 
about what we are talking about to make the public aware....
 
Aaron