[2444] in cryptography@c2.net mail archive
Proposal to Resolve Key Escrow Debate
daemon@ATHENA.MIT.EDU (Robert Hettinga)
Fri Apr 3 12:43:56 1998
Date: Fri, 3 Apr 1998 07:24:42 -0500
To: cryptography@c2.net, dcsb@ai.mit.edu
From: Robert Hettinga <rah@shipwright.com>
Cc: dan.greenwood@state.ma.us
Below, Dan Greenwood tries to save key escrow. Dan's a real good egg (he's
spoken to DCSB, as some of us remember), though a statist. Literally. He's
lawyer for the Commonwealth of Massachusetts. :-).
Dan's done a bunch of work there (and on various ABA discussion groups like
DIGSIG, below), on digital signature law, and, in my opinion, has written
the most elegant hack on the problem "legalizing" digital signatures that
I've ever seen anywhere.
Dan's proposed Massachusetts digital signature law says that any document
which requires a signature cannot be refused because it has a digital
signature. That's it. The whole law is one sentence.
It certainly beats the hell out of laws of states like Utah, with their
complicated, if not baroque, and even grandiose, regulations on an industry
which doesn't really exist yet; enshrining things like hierarchical trust
models into law even after they were proven worthless.
Anyway, I reserve judgement on what he says below (well, actually, I don't,
but everyone knows what I'd say anyway :-)), and, frankly, it's not like
most of us haven't heard this "separation of powers" idea before, including
the key-splitting bit, which is an immediate and elementary cryptographic
result of trying to do things that way.
However, it's interesting to note how Dan ties the existence of key escrow
to the strength, if not the very survival, of the nation-state itself.
My sentiments exactly. ;-).
Cheers,
Bob Hettinga
--- begin forwarded text
MIME-Version: 1.0
Date: Wed, 25 Mar 1998 05:31:58 -0500
Reply-To: Digital Signature discussion <DIGSIG@LISTSERV.TEMPLE.EDU>
Sender: Digital Signature discussion <DIGSIG@LISTSERV.TEMPLE.EDU>
From: Daniel Greenwood <dan@CIVICS.COM>
Subject: Proposal to Resolve Key Escrow Debate
Comments: cc: "greenwood(work)" <dan.greenwood@state.ma.us>
To: DIGSIG@LISTSERV.TEMPLE.EDU
Status: U
Hello All,
I offer the following thoughts to test the waters - as it
were - to see how people currently view the key
escrow/recovery issues. Comments on this are most welcome -
please feel free to post to the entire list. Thanks,
Dan
-------------
Proposal for Meeting Law Enforcement/Intelligence Interests
and Privacy/Business Interests
in the Key Escrow/Recovery Debate
Author: Daniel Greenwood, dang@mit,edu
[Document available in nifty format at:
http://www.tiac.net/biz/danielg/prowin.htm]
This message proposes a resolution to the tension over key
escrow and key recovery. The ideas proposed below only deal
with government interests in key recovery and not voluntary
internal business recovery needs. This writing reflects my
current thoughts, but the memo (and the thoughts) are
subject to change without notice.
This e-mail is organized as follows:
* Summarized Statement of Positions
* Historical Lessons
* Outline of Proposed Approach to Balance Competing
Interests
* Assumptions
* Why Bother to Actively Resolve This Debate?
* Trust and Trustworthiness
* Document Information
----------------------
Summarized Statement of Positions
A. Law enforcement and intelligence folks:
1. Need: access to confidential communications and data to
combat the bad guys.
Example: crime, terror, national security, war - the usual.
2. Fear: that target of investigation or other operation
may discover observation and observer.
Sentiment: "Unless everyone hands over their keys, our
anti-crime and intelligence operations will be seriously
jeopardized because we won't be able to decrypt the data
without tipping our presence."
3. Want: to mandate availability of near instant access to
any communication by effectively seizing everybody's private
keys prior to showing cause.
Sentiment: "first give your key away on the terms that I
demand and then later we might have some reason - but you
will never know."
B. Business and civil liberty folks:
1. Need: confidential communications and stored data to
secure business and privacy.
Example: prevent unauthorized access, modification, forgery,
etc.
2. Fear: that loss of personal or local control over keys
will lead to unauthorized access/use/disclosure of
confidential data in an undetectable manner by unknowable
parties.
Sentiment: "If I let my key out of my back pocket then you
will let it get stolen or you will misuse it yourself and,
in any case, I won't know what really happened or be able to
hold you accountable."
3. Want: to prevent the direct or surreptitious disclosure
of confidential communications or data under any
circumstances
Sentiment: "You can't order us to jump when you say jump!
These are my keys and this is my life. You will have to pry
my keys from my cold dead fist!"
=======================
Historical Lessons
It seems to me that the founders of the country were wise
enough to figure all this stuff out way before key escrow
came down the Pike and we should use the formula they gave
us. Namely, trust - but verify. The primary purpose of
limited and separated government is to preserve liberty by
preventing the consolidation of too much power in one place.
In today's context, until good cause has been shown,
requiring that all America's keys be put into a big pot
(whether it is based on an escrow scheme, recovery system,
or otherwise) shifts too much power from the rightful key
holders to the people who can get at the key. However, at
some point it makes sense to say: enough is enough - under
"X" circumstances we will all agree to trust the law
enforcement and intelligence communities with surreptitious
access to our private and confidential stored data and
communications. However, given the known vulnerabilities
[FN 1] of such access systems from criminals and rogue
law/intelligence actors alike - the "X" scenario will have
to truly inspire trust. It is not good enough to command
that the world build a trap door that can be tripped by a
single knock by a purported officer or agent. So, I propose
separating that power of access between the branches of
government and providing for authorized citizen watchdogs
and advocates who monitor the process "behind the cloak of
secrecy" on behalf of the ultimate authorities in our system
of government - the people themselves. The proposal would go
something like this:
===============
Outline of Proposed Approach to Balance Competing Interests
This section is much easier to understand in the tabular
form it is presented in on the web site
[http://www.tiac.net/biz/danielg/prowin.htm].
The proposed solutions here under assume that there are two
fundamental policy goals to be achieved:
Policy Goal #1
Protect business and privacy by precluding unauthorized
access to communications and stored data by law enforcement,
intelligence and anyone else
Policy Goal #2
Provide law enforcement and intelligence with necessary and
lawful access to communications and stored data
Proposed Due Process Safeguards:
1. Require grant by the appropriate judicial authority prior
to access of key
(a) Technology and Administration
Require key splitting of the code necessary to open the
confidential communications or stored data. Part of the key
is with the Judiciary and only granted when good cause is
shown.
(b) Relationship to Policy Goal #1 [PG1]
Precludes rogue government usage and other unauthorized
usage. One would have to believe that the judiciary and the
executive are in a conspiracy in order for this not to be
acceptable.
(c) Relationship to Policy Goal #2 [PG2]
In no way limits lawful and approved access.
2. Limit permitted usage based on scope of grant by
judiciary
(a) Technology and Administration
Apportion confidential keys such that access is limited to
scope of grant. Build in call back technology that allows
Judiciary to monitor usage of key.
(b) Relationship to Policy Goal #1 [PG1]
Prevents the forward security breach issue and creates
continuing controls over usage.
(c) Relationship to Policy Goal #2 [PG2]
In no way limits lawful and approved access.
3. Notify or require approval by a trusted third party as
part of grant process
(a) Technology and Administration
Require notice to or approval by TTP chosen by the rightful
key holder as part of grant process by Judiciary. This final
check on unauthorized usage can be accomplished by retaining
a necessary key fragment under the supervision of the TTP.
Presumably, a warrant or subpoena would need to be served
upon the TTP. In some cases of extreme emergency, the TTP
may only be able to observe that a fragment has been
accessed by an override routine in the hands of a court.
Upon such observation the TTP would have an opportunity to
discover more details and pursue advocacy if necessary.
(b) Relationship to Policy Goal #1 [PG1]
Person can pick the TTP (the ACLU, CDC or others could get
into the business. They would not have access to the keys -
only the ability to watchdog and advocate).
The legislature could serve as an additional watchdog layer
through direct oversight and other mechanisms.
Since our system of government purports to honor the
citizenry as sovereign and holds the government accountable
and responsive to them, it is reasonable to assume there
exists the small number of citizens necessary and acceptable
to carry out the role of a TTP.
(c) Relationship to Policy Goal #2 [PG2]
The government can exercise control over the pool of TTPs by
having a veto and setting other reliability and trust
assurance requirements, such as security clearances or
judicial deputizations process for non-legislative TTPs.
This safeguard can, however, slow the process down when
approval is needed prior to access. Accommodation can be
made under appropriate circumstances to forego TTP approval
in favor of mere notice as part of the judicial process.
Providing such notice would create no logical limit on the
speed with which access is achieved.
=============
Assumptions
Given the blessings of American civilization, I take it as
axiomatic that we should strive to preserve and improve the
nation. We are (relatively) free people operating in
(relatively) free markets who instituted a representative,
participatory self-government. That is all on the "plus
side" of the column. On the "minus side" is a deep distrust
between the citizenry and the government which is reflected
in and exacerbated by the key escrow/recovery debate.
Unfortunately, IMO, it is not feasible to continue the
American experiment if the government does not trust and
respect the people and if the people do not trust and
respect their government. Quizzically, there are two
further axioms: sometimes citizens can't be trusted and
sometimes our government can't be trusted (an alternate
formulation of these axioms is "some people can't be
trusted" but since we can not tell in advance who will
betray trust, one must hope for the best but plan for the
worst - namely, that sometimes people in general can't be
trusted).
================
Why Bother to Actively Resolve This Debate?
Electronic commerce, online government, distance learning,
home banking, telemedicine, and countless other
manifestations of the coming digital age are already
evident. Confidentiality of data - stored or communicated -
will be as important in for the new age as the reliability
of our physical transportation, building and manufacturing
systems have been in the past. Confidentiality of data must
be permitted to be as reliable as is appropriate for the
purpose for which the data was generated, stored or
communicated. The current and sought export restrictions,
key escrow or recovery and other domestic use controls
weaken an otherwise sound information security decision
making process. The existence of a firm foundation in
policy, practice and law is important for the growth and
soundness of the information society that is already upon
us. The nation has transformed itself from an agrarian
society to an industrial society and is now in the midst of
an equally fundamental evolution. No guarantee exists that
the nation will make the transition successfully.
=================
Trust and Trustworthiness
It seems to me that the issue is not "who should win the
debate: the government or the people" but rather: "where
shall we strike the balance between competing societal
interests." In the end, some resolution to this controversy
must occur. Merely continuing the stalemate would be a loss
for all sides and could seriously stunt the nation's
transition to the digital economy. I posit that we can call
the final arrangement a success if it adequately protects
privacy and business from unauthorized access AND provides
for appropriate lawful access to confidential
data/communications. Assuming such an outcome would reflect
the balanced sensibility of a vast majority of people in the
middle and would answer the legitimate needs and fears of
each side, then it could form the basis of a lasting
accommodation. Ultimately, people would have to trust that
the agreed upon process is being honored and government
would have to trust the judiciary and the people's more
direct representatives in the form of TTPs. The essence of
agreeing to be governed is trust in the process of
government or commitment to forging processes that are
suitable to the self governed. However, trust should derive
from current, demonstrable trustworthiness and not from
loyalty to institutions or other forms of blind faith.
Trust - but within a verificable and enforceable system of
checks and balances.
As is often cited in information security circles - there is
no such thing as "100 percent safe systems." Similarly,
there are no known systems of law enforcement, intelligence
or any other human endeavor that are totally immune from
exploitation or misuse. That does not mean we should cease
all economic and social activity. Similarly,
confidentiality systems should not be seen as bad if
government access exists and good if there is no access
possible. Rather, it means we need to institute appropriate
safeguards that are adequately stringent to accommodate the
needs of due process but that are workable enough to let
cops and agents do their jobs on our behalf.
As the National Research Council [FN 2] pointed out,
widespread use of cryptography assists us all to protect the
security of our business processes, civil liberties and
national integrity. So, I say interested parties should
start talking now in concrete terms about plans that will
adequately (though perhaps not perfectly) satisfy our
competing policy, legal and business interests. If you don't
like the suggestions I put in the boxes above, then I
challenge you to fill in alternative suggestions that also
achieve a genuine balance of interests. I hope to see
responsible parties agree to end membership in the polar
debate club; work out a plan with sufficiently broad public
support and understanding; agree on it, and get it into
history so we can all get on with the more important stuff.
===================
Footnotes:
FN 1. Paper: The Risks of Key Recovery, Key Escrow, and
Trusted Third Party Encryption
http://www.crypto.com/key_study/report.shtml
FN 2. See: Cryptography's Role in Securing the Information
Society
http://www.tiac.net/biz/bcslegal/nrc1.htm
==================
Document Information:
Author: Daniel Greenwood
Date: 3/25/98
Status: Informal Memo
Permissions: Granted for Republication With Attribution
Including This URL
[http://www.tiac.net/biz/danielg/prowin.htm] Provided I am
Notified by E-Mail sent to: dang@mit.edu
*** END ***
--- end forwarded text
-----------------
Robert Hettinga (rah@shipwright.com), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The e$ Home Page: http://www.shipwright.com/
