[2447] in cryptography@c2.net mail archive
RE: Proposal to Resolve Key Escrow Debate
daemon@ATHENA.MIT.EDU (Robert Hettinga)
Sat Apr 4 18:44:12 1998
Date: Sat, 4 Apr 1998 07:29:44 -0500
To: cryptography@c2.net, dcsb@ai.mit.edu
From: Robert Hettinga <rah@shipwright.com>
Cc: dan.greenwood@state.ma.us
--- begin forwarded text
From: "Greenwood, Dan" <Dan.Greenwood@state.ma.us>
To: "'Robert Hettinga'" <rah@shipwright.com>
Subject: RE: Proposal to Resolve Key Escrow Debate
Date: Fri, 3 Apr 1998 10:16:49 -0500
MIME-Version: 1.0
Bob - thanks for sending this idea along. Would you also please send
the follow up I posted in response to Juan (see below) and also indicate
that I have set up a page to honor the Rivest Winnowing and Chaffing
proposal to eliminate possibiliy if key escrow (see my web site for
link) and that I think that if due process costs are too high, then we
need to split a policy debate in favor of the people and not the
government. But, I think we should talk more specifically about whether
the due process approach has merit and whether key escrow is needed in
the first place. Perhaps I have just not been privy to the discussions
on these matters that have happened in the past. Thanks,
Dan
======
Subject:
Re: Proposal to Resolve Key Escrow Debate
Date:
Sat, 28 Mar 1998 17:10:50 -0500
From:
Daniel Greenwood <dan@civics.com>
To:
Digital Signature discussion <DIGSIG@LISTSERV.TEMPLE.EDU>
References:
1
Juan,
You posed the following questions (my replies are interspersed):
Question. With respect to your proposal, upon reading it the first time,
I kept
thinking of one problem: What happens once a key has been obtained and
used by the law enforcement bodies? Are they to be trusted to destroy
all copies of it?
Reply. My thought was to address that concern under the second part of
the proposal. That item, under the "Due Process Safeguards" column,
would require that "Limit permitted usage based on scope of grant by
judiciary" So, it a key was supposed to open message or communications
stream 1, then the technical implementation would have to assure that it
could not be used to open message B or communications stream B. under
the "Technology and Administration" column, the proposal put forward the
following suggestion: "Apportion confidential keys such that access is
limited to scope of grant. Build in call back technology that allows
Judiciary to monitor usage of key." The intent here was to not only
require a system design that would prevent unauthorized usage of the key
beyond the scope of the warrant or other judicial authorization, but
that certain auditable use features should also be built in to record
and relay key usage back to the authorizing judiciary to further assure
compliance with the scope of the grant of authority to breach otherwise
constitutionally protected privacy. The proposal noted that such a
feature would prevent the types of "forward security" breaches that you
are concerned about and also notes that this would not limit the lawful
access to data and communications that would be conducted pursuant to a
court order.
I am concerned here only with determination of the types of technical
functionality that would achieve the goal of limiting key usage to
authorized scope and not with the technical specifications that would
achieve the requirement. However, I have a few ideas about how this
could be done based on the usage of meta keys associated with particular
data streams or stored data chunks.
Q. Should the person be notified that they should get a new key?
R. The point of surreptitious surveillance is that the target is not
notified that they should get new data or communications security
devices. That would result in tipping the presence of the agents. The
fact that the target has no clue what is happening to her is largely why
additional safeguards are needed before a system can be considered
sufficient in a society operating under protections like those embodied
in the Bill of Rights. The other two elements of the proposal
(requiring judicial action in the first place and the recognition of a
Trusted Third Party with standing and authorization to act on behalf of
the clueless target of government inquiry) are designed to complete the
suite of protections that need to be in place for each threat posed to
fundamental liberties of innocent citizens. The due process approach to
this controversy is premised upon the notion that we want government to
be able to ferret out and fight crime and terror, but that they must act
at all times with the utmost respect for the rights of the citizenry. it
would be one thing if the key recovery plan were proposed as a method
for spying on convicted inmates - but we are talking here about schemes
that would apply to everyone.
In effect, key recovery involves the seizure of key copies (or access
rights to the key) without any cause being shown first. We do not
require this every time a citizen goes to the hardware store and buys a
lock with a key. Can you imagine the outcry if the Federal Government
proposed a plan whereby a government agent stood at the cash register
of every Good Value hardware store with his hand out for a copy of every
key you purchased when you bought a lock box for your personal papers
and letters? It would be quite another thing if the agent showed up at
your door with a warrant to get access to your lock box. By then, we
assume, he has shown good cause to a court, the warrant specifies the
scope within which he is permitted to search, you have the opportunity
to get a lawyer to advocate for you, and society has decided that we
want Government to get at your stuff at that point. Similarly, with key
recovery, we should be maximally sensitive to protecting the rights of
the hundreds of millions of Americans who will use these systems in the
future and who will never do anything to warrant a showing of probably
cause and we need systems that allow for a high degree of confidence
that due process and regard for citizen rights are observed when access
to a target is granted but no conviction has yet occurred. People are
presumed innocent until proven guilty in a court of law - unless we take
our eyes off the people who have the keys and operate without sufficient
oversight. Checks and balances are an excellent oversight mechanism.
O. Should people who want security be changing their keys frequently?
R. Yes (and they should do a lot more as well).
Juan, I think that you are asking the right types of questions. I
propose that a framework be settled upon which would be adequate to meet
the interests of law enforcement/intelligence and also business/civil
liberties. In my mind, if this can not be done, then under the U.S.
constitution and based on our unique historical value on the the notion
of free-born people, then the difference must be split in favor of the
citizenry and not the government. If there is a contrary point of view
that would assume the people exist for the convenience government and
not vice versa, I would very much like to see it explained and
defended. It may be found that the expense of building a system that
encompasses adequate protections is so high that it is not feasible to
create. That would tell me that the government is making unreasonable
demands and needs to scale back expectations about how far citizens and
business can be pushed. However, my sense of the matter is that there
is enough room to minimally satisfy the legitimate concerns of the
government without contravening the basic reasons we set up the
government in the first place.
Off this list the question was posed, how can a key recovery system work
unless everyone must use it (not just honest law abiding people)?
Frankly, I do not see how it is possible for a non-mandatory key
recovery system to work. However, there are plenty of smart people who
seem to think there would be some advantage in it. Perhaps they are
merely going for half the loaf today and they will hope to capture the
rest in the future when, perhaps after some bombing or other security
breach, people are sufficiently impassioned to give away the remainder
of their liberty in this regard. In any case, it seems to me that the
basic question of whether law enforcement/intelligence really needs key
recovery in the first place has not been adequately addressed. What
would happen if they did not get it? Would society be prepared to trade
the alleged increase in crime, terror and warfare for some system of
government access? To determine that, we would need much better
information on the frequency, severity, nature, etc. of the purported
harms. Perhaps we are hearing the cry of "chicken little" who claimed
the sky was falling but who was mistaken about the coming apocalypse.
I don't really know enough facts to judge the merits of government
demands for key recovery. However, since it appears that the issue is
still open, I think it needs to be talked about in a frank, open way.
If we were to have a government backed key recovery system that allowed
surreptitious government access to our stuff, then what would that
system need to look like in order to be acceptable. If it is determined
that no possible system would ever be acceptable, then there is really
not much point in continuing the controversy. Since this matter
directly effects the civil liberties of the people, I believe that
public debate and consensus are necessary before a final national policy
is set. Many people will favor law enforcement and national security
claims rather automatically and without critical analysis. However, the
creation of more forums where broader education and discussion of the
alternatives can be held across the country would be welcome at this
time (the State Houses would be a nice place to start). In the report:
"Cryptography's Role in Securing the Information Society" the National
Research Council concluded that there can be meaningful public debate on
this topic without the disclosure of any classified information. Shall
we put that conclusion to the test? Is the government ready to engage
in a public, open dialogue?
- Dan Greenwood
Juan Andres Avellan wrote:
>
> Dan,
>
> I agree with not sitting back and letting the issue remain unresolved,
> which (as I see it) is not what has been occurring. Key
escrow/recovery
> etc. has been a hot issue for some time now with its peaks and
troughs. The
> fact that the US government may remain quiet for a while and that the
the
> civil liberties folks are not stirred up at the moment does not mean
that
> the debate is being left unresolved. It seems to me though (I'm not a
> specialist in cryptography) that some of the issues had been resolved
by
> using systems that separated the signature keys from the encryption
keys
> (although I believe to have heard that a tech-savvy person would be
able to
> use signature keys for encryption purposes). In any case, I think that
the
> US position (by law enforcement bodies, civil liberties groups,
working
> groups, etc.) on key escrow/recovery needs to consider what is going
on
> elsewhere because of the borderlessness of communications and use of
> encryption products in other jurisdictions. For example, a recent
press
> release stated the following with respect to the UK policy (David
Hendon is
> one of the main people (known to the public) in charge of the
encryption
> policy in the UK):
>
> "But another official, David Hendon of the U.K.'s Department of Trade
and
> Industry, said it would be wrong to surmise that the United Kingdom is
> about to pursue a mandatory key escrow policy. "Of course to be 100
percent
> sure of getting keys, you would need to have mandatory escrow. But we
don't
> think this is realistic or in any way attainable and so it would be
wrong
> to make a connection that the U.K. is about to announce such a
thing-which,
> to be clear, we are not," said Hendon."
>
> In other jurisdictions, such as Brazil (as Prof. Ed Gerck would be
happy to
> remind us), there are no restrictions to the use of cryptography. How
would
> any policy hold up in such cases, when the 'honest' people might be
giving
> up their keys while the 'bad guys' will be using encryption products
and/or
> services perfectly legal in other jurisdictions?
>
> With respect to your proposal, upon reading it the first time, I kept
> thinking of one problem: What happens once a key has been obtained and
used
> by the law enforcement bodies? Are they to be trusted to destroy all
copies
> of it? Should the person be notified that they should get a new key?
Should
> people who want security be changing their keys frequently? I would
have to
> look at the proposal in more detail before agreeing or disagreeing
with
> other aspects of it, but I think this is one of the central issues
with
> respect to trust of the law enforcement agencies which has not been
resolved.
>
> Regards,
>
> Juan
>
> Juan Andres Avellan
> PhD Candidate - IT Law Unit
> Centre for Commercial Law Studies
> Queen Mary and Westfield College
> University of London
> Email: javellan@ccls.edu
> PGP Key Fingerprint:1908 C61E 1406 1ADB 06FA 1AD5 7D8D F388 A0DC 4180
<my original message snipped to save bandwidth>
--- end forwarded text
-----------------
Robert Hettinga (rah@shipwright.com), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The e$ Home Page: http://www.shipwright.com/
