1995-09-11 - Re: GAK Advisory Board

Header Data

From: tcmay@got.net (Timothy C. May)
To: cypherpunks@toad.com
Message Hash: 869029659e4176d63763b46ec6e7b0a5864821ec2d1ed88a3ceb6c4f0dbe25e5
Message ID: <ac7917e105021004c095@[205.199.118.202]>
Reply To: N/A
UTC Datetime: 1995-09-11 05:57:31 UTC
Raw Date: Sun, 10 Sep 95 22:57:31 PDT

Raw message

From: tcmay@got.net (Timothy C. May)
Date: Sun, 10 Sep 95 22:57:31 PDT
To: cypherpunks@toad.com
Subject: Re: GAK Advisory Board
Message-ID: <ac7917e105021004c095@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


Thanks to "Anonymous" for sending this to us. I visited the site,
http://csrc.ncsl.nist.gov/csspab, and there seem to be some interesting
things there.

At 4:50 AM 9/11/95, Anonymous wrote:

>Status of Key Escrow Initiative
>
>Mr. Steve Walker, Trusted Information Systems (TIS),
>briefed the Board on the status of Commercial Key Escrow
>(CKE).  He said, with regard to application vendors, TIS
...
>Mr. Walker said the advantages of CKE for government
>interests is that if the TIS CKE system were to become
>widely used throughout the private sector and government
>communities, law enforcement, national security and
>private sector interests would be preserved.

If Data Recovery Centers are indeed completely choosable by the users, as
certain statements by TIS folks have asserted, then how would "law
enforcement" and "national security" interests be "preserved"?

(I can tell you that BlackNet won't be using any government-approved DRCs.
Nor will Kizer Sose be using any registered and licensed DRCs. If people
are free to pick DRCs--the only option a free society can support--the
results are obvious.)

Note also the emphasis on "throughout the private sector and government
communities" as leading to this protection of law enforcement and national
security interests...no mention of this being mainly for export
issues...the focus seems to be on domestic use of CKE, with the "law
enforcement" and "national security" needs "preserved." Sounds ominous to
me.

I've used "Tim's Really Flaky Commercial Key Escrow Service" as a
placeholder for the kind of truly voluntary DRCs many of us would insist
on. (Other examples: a computer on my LAN, the bit bucket, my neighbor, my
lawyer, my bank in Lichtenstein, etc. Some of these are actually what I
would want to use. I can imagine interesting situations wherein
attorney-client privilege blocks access to the keys.)

So, what's the story? Is Steve Walker of TIS supporting the kind of
completely voluntary CKE system that Carl Ellison has advocated? Or a
mandatory system?

(A third imaginable possibility is "a system which is so universally
popular that it becomes universally used"...unlikely in the extreme, as I
know of at least a few people who won't use it, and expect others to bypass
it when they learn what the Feds can do. But I expect that the advocates of
the mandatory option will cite this possibility, as a way of sugar-coating
the proposal. Then, if this option fails (to preserve the Government's
interests!), watch for registration of DRCs.)

I met Steve Walker once, at the CFP Conference, and he seemed genuinely
interested in selling to citizens a voluntary system. But his comments to
the Privacy Advisory Board seem to imply a CKE system that would not be
completely voluntary in the operation (licensing, registering. auditing) of
Data Recovery Centers.

If this is the case, then alternatives to the TIS system will likely gain
more adherents from folks like us.

>Mr. Walker said that TIS has filed for patent protection
>for its Software Key Escrow (Clipper equivalent) and CKE
>systems including the DRC and application software
>approaches.  TIS is prepared to license its CKE system
>and software applications technology to any software or
>hardware vendor under very favorable licensing terms.
>TIS is also prepared to license its DRC system and
>technology to qualified DRC operators and vendors under
>similarly favorable licensing terms.  (See Reference
>#13).

The TIS system may be patented, but it seems to me that the older ideas of
Shamir secret sharing are not. And even simpler schemes of sealing parts of
keys in several envelopes... (My point is that older ideas of using crypto
in conjunction with emergency recovery systems are still usable, and have
been talked about for many years, long before the TIS disclosures.)

I hope it doesn't come to this. I hope TIS releases or licenses on very
general terms, with no government control of the DRCs. If not, I predict
their system will be subject to derision, and worse.

--Tim May

---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
Corralitos, CA              | knowledge, reputations, information markets,
Higher Power: 2^756839      | black markets, collapse of governments.
"National borders are just speed bumps on the information superhighway."







Thread