If we had key escrow, Scarfo wouldn't be a problem
Rick Smith at Secure Computing
rick_smith at securecomputing.com
Wed Aug 15 17:31:42 EDT 2001
Declan McCullagh quoted the Post article:
>http://washingtonpost.com/wp-dyn/articles/A55606-2001Aug9.html
>"...Although agreeing that surveillance should be done under strict
>guidelines, Baker said that "to a degree, the privacy groups got us into
>this by arguing that there should be no limits on encryption, and the
>police have to deal with it."
I suppose it's true that "privacy groups," or perhaps our culturally and
legally acknowledged right to privacy, drove the police to use keystroke
monitoring by eliminating key escrow. But it seems obvious to me, a
non-lawyer, that keystroke monitoring is very similar in behavior and
result to planting a tape recorder, and I assume that requires a wiretap
order, too. Besides, I don't think we would have eliminated a court case by
using key escrow: at best, we'd exchange one case for a different one.
While people only mentioned it occasionally, this alternative to key escrow
always seemed blindingly obvious. When documents like the NRC's CRISIS
report recommended that police and intel organizations rely on something
other than key escrow or weak crypto, the only other way to go was to
compromise the privacy of the endpoints. As they say: "First, look for the
plaintext." And that's where the plaintext shows up.
I hope Baker wasn't thinking that this troublesome (for some folks) court
battle could have been avoided by using key escrow. It's likely that the
first use of evidence collected through a key escrow activated wiretap
would have also led to some sort of courtroom test.
Personally, I think things are moving in the right direction for two
reasons. First, the technical reason: despite flashy demos and partial
deployments, I seriously doubt that elaborate systems like the Escrowed
Encryption Standard are viable. The engineering is costly and tricky, and
it's piggy-backed atop technology that we barely understand anyway. (For
those of you who think cryptographic protocols are a solved problem in
practice, check out the current discussions on the IPSEC mailing list about
replacing IKE, or check out well-known attacks on DVDs, GSM, PPTP, etc.).
So we've saved ourselves a world of engineering hurt by dodging the key
escrow bullet. We have enough trouble making the simpler things work well.
The second reason this is a good direction is because it's best for society
at large to have strong crypto. <preaching to the choir mode enabled> Yes,
it increases the risks and costs of legally accepted data interception by
driving it to the endpoints. It makes police work harder, the same way the
Miranda warnings and various other civil liberties actions have done so. On
the other hand, it makes the information superhighway safer overall, by
reducing the opportunities for sniffing and fraud, which will lower costs
and free up resources for other things. Maybe it's just a philosophical
quirk of mine, but I generally think it's better for everyone when things
cost less.
Rick.
smith at securecomputing.com
Pre-order "Authentication" at Amazon, see http://www.visi.com/crypto/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list