From: jim bell <jimbell@pacifier.com>
Date: Wed, 17 Jul 1996 00:43:06 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: How I Would Ban Strong Crypto in the U.S.
Message-ID: <199607160158.SAA01591@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:53 AM 7/15/96 -0700, Bill Frantz wrote:

>
>I still think this whole GAK thing is going to fail on the, "Which
>government?" question.  I don't see either multi-nationals or their
>governments wanting to share their secrets with each other, and I don't see
>how to set up universal GAK to prevent that form of industrial espionage. 
>Also, the key which decodes the GAKed data is just too valuable and too
>easy to steal.


This most recent dispute between the American government and the EC 
community with respect to trading with Cuba (Helms-Burton act) is an 
excellent example that can be raised to challenge the concept of cooperation 
between countries that are ostensibly "allies."  The Helms law says, more or 
less, that American companies can sue foreign-based companies for using 
assets taken by Cuba in business.  The EC countries are outraged.  Were some 
sort of international-GAK system to already exist, you have to wonder how 
much luck the USG would have getting some escrowed key for the purposes of 
catching some Cuba-trader in the act:  Not a lot!  There's no point in 
setting up a system that practically invites disputes.

BTW, yet another problem with any sort of key-escrow system operated across 
government borders is this:  Let's suppose some foreign government illegally 
wiretapped somebody (say, a Senator or Representative?) in America using a 
Clipper-type telephone.  They tap the line and get the data.  They then 
claim that this conversation occurred between two Colombian drug smugglers.  
How is the American government going to know whether that's true?  Unless 
records are kept linking a particular Clipper chip set to the particular 
purchaser involved (all the way to the end-user customer), the keeper of the 
keys has no idea whether the evidence presented to justify the tap is 
actually associated with the data that is to be decrypted.

Yet another sneak:  If the system is REALLY a "key escrow" system, I should 
be able to get the decrypt key for my own telephone, right?  Well, suppose I 
buy a Clippper phone, call the escrow agency and ask for my key.  Then, I 
de-solder the Clipper chip from the board, do a black-bag job and swap the 
chip into another telephone that some bigshot owns.  He doesn't notice the 
swap, and nobody else will, either.  But at that point, I can decrypt 
anything I wiretap off of his line.

Jim Bell
jimbell@pacifier.com