1997-10-23 - Re: puff pieces vs tough crypto issues (Re: Singapore TOILET ALERT)

Header Data

From: Kent Crispin <kent@bywater.songbird.com>
To: cypherpunks@ssz.com
Message Hash: a68e1ad9b42213a6443c3c2b3af2cfb33a0b34844ead2f62a53fa3cb85bc0c4c
Message ID: <19971022174848.58494@bywater.songbird.com>
Reply To: <v03007808b073c711fcb1@[204.254.22.221]>
UTC Datetime: 1997-10-23 01:00:09 UTC
Raw Date: Thu, 23 Oct 1997 09:00:09 +0800

Raw message

From: Kent Crispin <kent@bywater.songbird.com>
Date: Thu, 23 Oct 1997 09:00:09 +0800
To: cypherpunks@ssz.com
Subject: Re: puff pieces vs tough crypto issues (Re: Singapore TOILET ALERT)
In-Reply-To: <v03007808b073c711fcb1@[204.254.22.221]>
Message-ID: <19971022174848.58494@bywater.songbird.com>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, Oct 22, 1997 at 02:23:29PM -0400, Declan McCullagh wrote:
> At 14:06 -0400 10/22/97, Jonah Seiger wrote:
> >While I suspect that new key recovery or CMR products may create some new
> >traction for supporters of mandatory GAK, PGP 5.5 is not the first example
> >of such a product (TIS has been marketing key recovery products for a
> >while).
> 
> Of course TIS has been doing this forever. But TIS, a shop staffed by
> former NSA spooks, is not the PGP that Phil Zimmermann founded. For PGP to
> release such a product changes the political dynamic in important ways.
> 
> >More importantly though, the Blaze et al study
> >(http://www.crypto.com/key_study) did not say that key recovery/key escrow
> >systems can't be built.
> 
> In fact it said: "Building the secure infrastructure of the breathtaking
> scale and complexity that would be required for such a scheme is beyond the
> experience and current competency of the field." Sounds like "can't be
> built" to me.

In that case, it is completely inaccurate to call PGP5.5 an existence 
proof.  In any case, the Blaze et al paper explicitely acknowledges 
that there is a "business case" for corporate level key recovery, and 
clearly distinguishes the LEA infrastructure model from more limited 
cases. 

> I agree that PGP 5.5 doesn't meet the FBI's demand for realtime access. But
> it can be used as a waving-around-on-the-House-floor prop to pass a law
> that requires mandatory key escrow.

They could wave around TIS's products (designed by noted cypherpunk
Carl Ellison, I believe), or NorTel's Entrust, just as well.  Hell, in
a few months they may be able to wave around Adam Backs CDR product,
which also facilitates GAK -- access to communications is worse than
access to data, by some measure, but the LEA's will certainly be
grateful to Adam for his legitimization of Key Escrow... 

-- 
Kent Crispin				"No reason to get excited",
kent@songbird.com			the thief he kindly spoke...
PGP fingerprint:   B1 8B 72 ED 55 21 5E 44  61 F4 58 0F 72 10 65 55
http://songbird.com/kent/pgp_key.html






Thread