From: merriman@metronet.com (David K. Merriman)
Date: Tue, 27 Sep 94 18:19:36 PDT
To: wfgodot@iquest.com (Michael Pierson)
Subject: Re: TIS, SKE, & CyberCash Inc.
Message-ID: <199409280118.AA08011@metronet.com>
MIME-Version: 1.0
Content-Type: text/plain


>Timothy C. May <tcmay@netcom.com> wrote:
>					    
>> A "voluntary" software key escrow system is of course OK (useful for
>> people afraid of forgetting their keys, for companies that don't want
>> the death of employees to cut them off from corporate secrets, etc.).
>> But any system in which the escrow key holders are *not* freely
>> selectable from a list one generates one's self (where the agents may
>> be the company lawyer, one's mother, one's priest, the bit bucket, the
>> machine down the hall, or nothing at all, etc.) is *not voluntary*.
>
>
>
>
>	"To amend the National Institute of Standards and Technology 
>	 Act to provide for the establishment and management of 
>	 voluntary encryption standards to protect the privacy and 
>	 security of electronic information, and for other purposes."
                                                     ~~~~~~~~~~~~~~

Government-ese for "here, bend over this barrel".

>
>	 
>Then in the Findings and Purposes section it starts to get at the
>crux of the real agenda:
>
>
>	"(2) The proliferation of communications and information
>	 technology has made it increasingly difficult for the 
>	 government to obtain and interpret, in a timely manner,
>	 electronic information that is necessary to provide for
>	 public safety and national security."
                           ~~~~~~~~~~~~~~~~~
Grab your vaseline,

>	 
>
>This primary agenda is restated in the Requirements subsection 
>under Federal Encryption Standards:
>
>
>	"(C) shall contribute to public safety and national security;
>	

big dude named "Bubba" and his frinds are gonna pay you a conjugal visit;

>	 (E) shall preserve the functional ability of the government
>	 to interpret, in a timely manner, electronic information 
>	 that has been obtained pursuant to an electronic surveillance
>	 permitted by law;
>	 

no condom.

>	 (F) may be implemented in software, firmware, hardware, or
>	 any combination thereof; and
>	     

Assume the position,

>	 (G) shall include a validation program to determine the 
>	 extent to which such standards have been implemented in
>	 conformance with the requirements set forth in this paragraph."
>	  

and *smile*.

>
>Later on, in the Definitions section, the term "electronic
>information" for the purposes of the legislation is defined in what
>I find to be an ominously expansive way:
>
>
>	"(8) The term 'electronic information' means the content,
>     source, or destination of any information in any electronic
>     form and in any medium which has not been specifically 
>     authorized by a Federal statute or an Executive Order to be
>     kept secret in the interest of national defense or foreign
>     policy and which is stored, processed, transmitted or 
>     otherwise communicated, domestically or internationally, in
>     an electronic communications system..."
>

Oh, yeah - you get charged barrel rent, too.

- - - - - - - - - - - - - - - - - - - - - - - - - - 
Finger merriman@metronet.com for PGP/RIPEM public keys and fingerprints.
Unencrypted Email may be ignored without notice to sender.  PGP preferred.
Remember: It is not enough to _obey_ Big Brother; you must also learn to
*love* Big Brother.