1996-03-15 - Re: Why escrow? (was Re: How would Leahy bill affect crypto

Header Data

From: jim bell <jimbell@pacifier.com>
To: “Deranged Mutant” <WlkngOwl@UNiX.asb.com>
Message Hash: 079b7ac10d040d39a083dbe2d4b68de566d06bceb045074dd2f499314af53c39
Message ID: <m0twzwP-0008zgC@pacifier.com>
Reply To: N/A
UTC Datetime: 1996-03-15 05:56:25 UTC
Raw Date: Fri, 15 Mar 1996 13:56:25 +0800

Raw message

From: jim bell <jimbell@pacifier.com>
Date: Fri, 15 Mar 1996 13:56:25 +0800
To: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Subject: Re: Why escrow? (was Re: How would Leahy bill affect crypto
Message-ID: <m0twzwP-0008zgC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:15 PM 3/13/96 +0000, Deranged Mutant wrote:

>Since when is the government intentionally going to let any bill or 
>policy go through that isn't friendly to themselves??? (You don't 
>have to be an anarchist to figure that out!)

Well, it's not surprising, of course, but it DOES seem to be making these 
assumptions.  I wonder what they're gonna do when they start 
discovering that "all" voluntary escrow system in place have protections far 
beyond what they've anticipated?  That's why I'm more than a little 
disturbed about the one really bad portion of the Leahy bill:  The one that 
makes using encryption to thwart an investigation a crime.  As Mr. Junger 
observed, and as should be obvious to most of the rest of us, such a section 
of the bill could turn a key-escrow holder into a criminal if he fails to 
disclose an encryption system that protects a key, or (worse!) even if he 
structures his business in such a way as to avoid having the decrypt key for 
the escrowed key at all.  Previously, legally, he could probably have 
claimed innocence because he had no decrypt-key to disclose, but Leahy's 
bill would make him guilty even if there was nothing he could do to give 
them a key.  

>Nothing is safe from abuse, by the goverment or non-government fols 
>alike.  There's always more loopholes to clean up.   (Not that this 
>means we shouldn't clean them up... obviously bad policies should be 
>fixed...). Just as no crypto is 100% foolproof, no legal system is 
>100% abuse-proof.

If I were trying to detect government investigation in such a situation, I 
would buy a crypto phone, open an "escrow account" on a totally voluntary 
basis, give them a phony key, and then (as part of the (presumably?) 
enforceable escrow agreement) insist that they inform me if anybody asks for 
the key.  There is nothing in Leahy's bill which appears to prohibit the 
escrow agent from informing the key holder of a request/demand for the key; 
(I would greatly prefer if that was an actual legal requirement that they do 
inform the key user.)  The question is, is this merely an oversight on their 
part, or are they planning something, or are they assuming an existing law 
would cover his?  The answer doesn't look good.

Jim Bell
jim bell@pacifier.com






Thread