If we had key escrow, Scarfo wouldn't be a problem

Rick Smith at Secure Computing rick_smith at securecomputing.com
Wed Aug 15 17:31:42 EDT 2001 

Declan McCullagh quoted the Post article:

>http://washingtonpost.com/wp-dyn/articles/A55606-2001Aug9.html
>"...Although agreeing that surveillance should be done under strict 
>guidelines, Baker said that "to a degree, the privacy groups got us into 
>this by arguing that there should be no limits on encryption, and the 
>police have to deal with it."

I suppose it's true that "privacy groups," or perhaps our culturally and 
legally acknowledged right to privacy, drove the police to use keystroke 
monitoring by eliminating key escrow. But it seems obvious to me, a 
non-lawyer, that keystroke monitoring is very similar in behavior and 
result to planting a tape recorder, and I assume that requires a wiretap 
order, too. Besides, I don't think we would have eliminated a court case by 
using key escrow: at best, we'd exchange one case for a different one.

While people only mentioned it occasionally, this alternative to key escrow 
always seemed blindingly obvious. When documents like the NRC's CRISIS 
report recommended that police and intel organizations rely on something 
other than key escrow or weak crypto, the only other way to go was to 
compromise the privacy of the endpoints. As they say: "First, look for the 
plaintext." And that's where the plaintext shows up.

I hope Baker wasn't thinking that this troublesome (for some folks) court 
battle could have been avoided by using key escrow. It's likely that the 
first use of evidence collected through a key escrow activated wiretap 
would have also led to some sort of courtroom test.

Personally, I think things are moving in the right direction for two 
reasons. First, the technical reason: despite flashy demos and partial 
deployments, I seriously doubt that elaborate systems like the Escrowed 
Encryption Standard are viable. The engineering is costly and tricky, and 
it's piggy-backed atop technology that we barely understand anyway. (For 
those of you who think cryptographic protocols are a solved problem in 
practice, check out the current discussions on the IPSEC mailing list about 
replacing IKE, or check out well-known attacks on DVDs, GSM, PPTP, etc.). 
So we've saved ourselves a world of engineering hurt by dodging the key 
escrow bullet. We have enough trouble making the simpler things work well.

The second reason this is a good direction is because it's best for society 
at large to have strong crypto. <preaching to the choir mode enabled> Yes, 
it increases the risks and costs of legally accepted data interception by 
driving it to the endpoints. It makes police work harder, the same way the 
Miranda warnings and various other civil liberties actions have done so. On 
the other hand, it makes the information superhighway safer overall, by 
reducing the opportunities for sniffing and fraud, which will lower costs 
and free up resources for other things. Maybe it's just a philosophical 
quirk of mine, but I generally think it's better for everyone when things 
cost less.

Rick.
smith at securecomputing.com
Pre-order "Authentication" at Amazon, see http://www.visi.com/crypto/




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list