1997-10-22 - Re: puff pieces vs tough crypto issues (Re: Singapore TOILET ALERT)

Header Data

From: Jonah Seiger <jseiger@cdt.org>
To: Declan McCullagh <aba@dcs.ex.ac.uk>
Message Hash: 10e2799a2cdac26b24143e8b7c923912c25d337fcebd5df2d2c0054a05f35039
Message ID: <v0310280db073ee3bc480@[207.226.3.4]>
Reply To: <199710221356.OAA02611@server.test.net>
UTC Datetime: 1997-10-22 18:24:11 UTC
Raw Date: Thu, 23 Oct 1997 02:24:11 +0800

Raw message

From: Jonah Seiger <jseiger@cdt.org>
Date: Thu, 23 Oct 1997 02:24:11 +0800
To: Declan McCullagh <aba@dcs.ex.ac.uk>
Subject: Re: puff pieces vs tough crypto issues (Re: Singapore TOILET ALERT)
In-Reply-To: <199710221356.OAA02611@server.test.net>
Message-ID: <v0310280db073ee3bc480@[207.226.3.4]>
MIME-Version: 1.0
Content-Type: text/plain



At 12:17 PM -0400 10/22/97, Declan McCullagh wrote:

>>From my perch in Washington, I see PGP 5.5/CMR as an existence proof that
>key recovery can be done. So far the crypto-advocates have been able to
>wave around the Blaze et al white paper that says we don't know how to do
>it. Even Dorothy Denning agreed. But now when a mandatory GAK bill goes to
>the House floor, all Rep. Solomon etc. have to do is wave around a
>shrinkwrapped copy of PGP and say: "I bought this for $19 at the Egghead
>shop at 21st and L." Details will be lost in the fearmongering.

While I suspect that new key recovery or CMR products may create some new
traction for supporters of mandatory GAK, PGP 5.5 is not the first example
of such a product (TIS has been marketing key recovery products for a
while).

More importantly though, the Blaze et al study
(http://www.crypto.com/key_study) did not say that key recovery/key escrow
systems can't be built.  It said that such systems designed to meet law
enforcement specifications (24/7 real time access, the infrastructure for
key exchanges, and security considerations necessary for such a system to
function) are beyond the scope of the field and would create significant
vulnerabilities in the network.

This is an important distinction.

So far, Soloman, the FBI, nor other mandatory GAK supporters have said that
PGP 5.5 or other key recovery products on the market today solve their
so-called 'problems'.  I don't really expect them to. They seem to want
much much more.

Jonah



* Value Your Privacy? The Government Doesn't.  Say 'No' to Key Escrow! *
            Adopt Your Legislator -  http://www.crypto.com/adopt

--
Jonah Seiger, Communications Director              (v) +1.202.637.9800
Center for Democracy and Technology              pager +1.202.859.2151
<jseiger@cdt.org>
                                                    PGP Key via finger
http://www.cdt.org
http://www.cdt.org/homes/jseiger











Thread