From: jim bell <jimbell@pacifier.com>
To: frantz@netcom.com (Bill Frantz)
Message Hash: 18c964c5b7e62a28b84f2a5a7cce4e5705cf6e6afa36ba7717ba954a2d613836
Message ID: <199607160158.SAA01591@mail.pacifier.com>
Reply To: N/A
UTC Datetime: 1996-07-16 16:43:06 UTC
Raw Date: Wed, 17 Jul 1996 00:43:06 +0800
From: jim bell <jimbell@pacifier.com>
Date: Wed, 17 Jul 1996 00:43:06 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: How I Would Ban Strong Crypto in the U.S.
Message-ID: <199607160158.SAA01591@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain
At 11:53 AM 7/15/96 -0700, Bill Frantz wrote:
>
>I still think this whole GAK thing is going to fail on the, "Which
>government?" question. I don't see either multi-nationals or their
>governments wanting to share their secrets with each other, and I don't see
>how to set up universal GAK to prevent that form of industrial espionage.
>Also, the key which decodes the GAKed data is just too valuable and too
>easy to steal.
This most recent dispute between the American government and the EC
community with respect to trading with Cuba (Helms-Burton act) is an
excellent example that can be raised to challenge the concept of cooperation
between countries that are ostensibly "allies." The Helms law says, more or
less, that American companies can sue foreign-based companies for using
assets taken by Cuba in business. The EC countries are outraged. Were some
sort of international-GAK system to already exist, you have to wonder how
much luck the USG would have getting some escrowed key for the purposes of
catching some Cuba-trader in the act: Not a lot! There's no point in
setting up a system that practically invites disputes.
BTW, yet another problem with any sort of key-escrow system operated across
government borders is this: Let's suppose some foreign government illegally
wiretapped somebody (say, a Senator or Representative?) in America using a
Clipper-type telephone. They tap the line and get the data. They then
claim that this conversation occurred between two Colombian drug smugglers.
How is the American government going to know whether that's true? Unless
records are kept linking a particular Clipper chip set to the particular
purchaser involved (all the way to the end-user customer), the keeper of the
keys has no idea whether the evidence presented to justify the tap is
actually associated with the data that is to be decrypted.
Yet another sneak: If the system is REALLY a "key escrow" system, I should
be able to get the decrypt key for my own telephone, right? Well, suppose I
buy a Clippper phone, call the escrow agency and ask for my key. Then, I
de-solder the Clipper chip from the board, do a black-bag job and swap the
chip into another telephone that some bigshot owns. He doesn't notice the
swap, and nobody else will, either. But at that point, I can decrypt
anything I wiretap off of his line.
Jim Bell
jimbell@pacifier.com
Return to July 1996
Return to “jim bell <jimbell@pacifier.com>”
1996-07-16 (Wed, 17 Jul 1996 00:43:06 +0800) - Re: How I Would Ban Strong Crypto in the U.S. - jim bell <jimbell@pacifier.com>