From: Carl Ellison <cme@tis.com>
Date: Sat, 21 Jan 95 10:34:47 PST
To: eric@remailer.net
Subject: Re: Key backup (was: How do I know . ..)
In-Reply-To: <199501202154.NAA09818@comsec.com>
Message-ID: <9501211806.AA20473@tis.com>
MIME-Version: 1.0
Content-Type: text/plain


>Date: Wed, 18 Jan 1995 19:38:54 -0800
>From: eric@remailer.net (Eric Hughes)
>
>   From: "Dr. D.C. Williams" <dcwill@ee.unr.edu>
>
>   Safe deposit boxes, by virtue of their accessibility to law enforcement,
>   are subject to search and seizure under court order and are sealed
>   in certain cases (probate). This makes them likely to be the first place
>   to look when the Feds decide that we can't have keys anymore. 
>
>I am not designing systems for the paranoid fantasy of an inspection
>of all safety deposit boxes by government agents in search of
>contraband.
>
>I am interested in designing systems which will fit into business as
>usual, that are inconspicuous by their prevalance, and which will be a
>part of ordinary and usual protection of data by cryptographic means.

On the less paranoid side of this, you might check out TIS's Data Recovery
Center plans.  ftp://ftp.tis.com/pub/crypto/drc/ and below.
That location will have some code for interfacing to the prototype DRC in a
week or two.  Send me e-mail if you want to be on the mailing list for
notification of code availability/updates.


On the more paranoid side of this, in spite of Steve Walker's relish over
the fact that TIS's CKE (Commercial Key Escrow -- his name for the DRC
work) keeps keys out of government hands, except in cases of actual search
warrant, it looks (according to one privacy-advocate lawyer I discussed
this with) as if access can be gained with a mere subpoena -- and,
according to Scott Charney (of Justice Dept., if I remember correctly) the
currnet view is that if you voluntarily give a copy of your key to your
employer, you've abandoned your presumption of privacy and that relieves
the gov't of getting a search warrant (and maybe even subpoenna).


 - Carl