From: tcmay@netcom.com (Timothy C. May)
Date: Sun, 31 Jul 94 21:58:38 PDT
To: blancw@microsoft.com (Blanc Weber)
Subject: Re: Big Brother's Escrow Systems
In-Reply-To: <9408010329.AA20402@netmail2.microsoft.com>
Message-ID: <199408010458.VAA18103@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> From: Timothy C. May
> 
> If Microsoft or any other companies have already colluded with the
> national security establishments of the U.S. or other countries to
> limit strong crypto except where software key escrow is used, then
> attacks on these companies are justified.
> ..........................................................................
> 
> My turn:   oh, ppulllleeeeeze!   :>)
> (this is a rather popular expression, lately).
> 
> This is why I don't think that scenario is possible:

I think the likely scenario is shaping to be: strong crypto can be
exported if software key escrow is included. The comments about
meeting export requirements, the Karlsruhe workshop on international
key escrow, and the agenda for the upcoming conference on
international aspects ("global challenges"), with a heavy focus on key
escrow, all point to this.

Going along with this "ground truth" (no SKE = no export) does not
require a malicious person bent on using software to subvert and
dominate the world (not a direct reference to Bill Gates).

...
> isn't profiting by it.  I myself would not be willing to tolerate the 
> kinds of controls that software & other companies have to suffer in 
> order to bring their products to these markets.  But I can grant that 
> it does the customers a benefit for these to have been made available 
> to them, even if I know that I myself am revolted to consider the 
> regulatory tests which must be passed in order to do this (something 
> akin to airport drug check examinations).  Maybe he's trying to save 
> the world, I don't know.

I can't speak to any one person's intentions. But what Blanc says here
reads to me like this: if they say put SKE in, he'll put it in. But
this is idle speculation on our part.

The key is to make sure that any "voluntary" system be truly
voluntary, with arbitrary key escrow agents (and no special
requirement, fees, or approvals needed!), an easy and transparent way
to turn off escrow completely, and "observational invisibility" of the
escrow process (transmitted files give no evidence to eavesdroppers o
being escrowed, or who the escrow agents are, etc.).

> Would they have been on the list of those opposing Clipper and the 
> export of crypto?  I can't see where the company would contribute to 
> the opposition on the one hand and then turn around and collaborate to 
> put limits on strong crypto except as allowed by the government.  It's 
> a contradiction; I can't imagine that MS would go in that direction of 
> accepting such an unsavory idea.

"Collaboration" may be a misleading word. Perhaps Microsoft, Cantwell,
etc., backed off from their opposition to a debilitating plan (no
export of strong crypto) because they saw the proposed TIS system as
being acceptable. (_I_ don't find it acceptable, because I
axiomatically reject the concept of mandatory key escrow, but I have
to say that many people will find it to be an acceptable compromise.
Whether Maria Cantwell, Bill Gates, etc., have been thusly involved is
still speculative.)

> It's absurd to think that MS would wish to offer its software and 
> services to people all over the world, making it easier for them to get 
> their work done and contribute to opportunities for developers therein 
> to make an income, thus "empowering" them - freeing them to some 
> extent, while on the other hand helping to put them under unwanted & 
> unmanageable surveillance, thus putting them back into another 
> miserable situation outside their control.

In the upcomign debate on this, I think you'll find that many people
will consider software key escrow to be a "reasonable compromise,"
with all the right buzzwords: court order, search warrant, legitimate
needs of law enforcement, preserves the wiretap capabilities we now
have, etc.

I present it as a tool for a surveillance state, but others will see
it as a reasonable compromise. Especially if it means the same box
marked "Peoria" can now be shipped freely around the world. I have a
feeling that J. Random Tycoon will consider the compromise reasonable.

> The culture here is so unlike that concept, so unreserved, that this is 
> why I find it difficult to accept that the interests of the 
> individual's desire for control over their privacy would be set up for 
> compromise - be made difficult to maintain  -  by secret agreements 
> between the company's leadership & the MotherShip.

Then what is "the agreement" that has been spoken of? What key escrow
schemes are being developed by the folks attending the conference?


> I will belive it when I see it.   And I'll sign it:
> 	How could I have doubted;
> 	Timothy C. May was right all along.
> 	I should have known better.

We may know one way or another what's cooking in the next half year or
so. The upcoming conference will raise visibility, and SKE will need
to be reasonably widely deployed by mid-96 or so, or I suspect it'll
be too late. 

I hope I'm proven wrong by events. I can't see any rationale for SKE
only in exports (e.g., why should U.S. _export_ law care about escrow
being used within Russia, for example?), so I expect either no SKE or
SKE in nearly all major OSes.

Given that the overall "EES" is definitely not dead, but that the
specific hardware of "Clipper" appears to be dead (any minor market
the Surety phones had, has evaporated), then what is the position on
escrow?

Cantwell didn't win...crypto export is still controlled. Key escrow
isn't dead, only the "hardware chip" seems to be dead. And given the
accelerating conversion to phones and video via computers--the whole
multimedia/video/conferencing thing--the key escrow guys in Washington
and in Europe _have_ to be thinking about software key escrow, because
all those installed 486 and Pentium boxes are already communicating,
and those folks aren't going to be buying "Capstone Modems" with EES
chips inside. (And something like 50% of all Pentium boxes are being
sold into private homes, amazingly.)

How to deal with public opposition to Clipper, corporate reluctance to
buy new Clipper phones and new Capstone modems, and to this change to
a world of computers talking to other computers?

Fortunately for them, the software key escrow system of Walker and
Belenson, with inputs from Schmid, Denning, and others, looks to
ideally solve this problem. It runs with existing hardware, requires
no new purchases of chips, and avoids the patents of other systems.
(The TIS system apparently avoids the Micali patent, or at least
Schmid and Denning were reportedly very happy at Karlsruhe to hear of
prior art, by a European, which apparently predated Micali's patent
filing by some years....Whit Diffie reported this.)

Now all you've got to do is get it installed widely. 


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay@netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."