[738] in cryptography@c2.net mail archive
Re: Full Strength Stronghold 2.0 Released Worldwide
daemon@ATHENA.MIT.EDU (Hal Finney)
Wed May 7 20:15:06 1997
Date: Wed, 7 May 1997 16:42:51 -0700
From: Hal Finney <hal@rain.org>
To: cryptography@c2.net
Many companies feel that they are exposed to risks if employees can
encrypt data in such a way that the company can't read it. There are
stories of employees who have attempted to blackmail their employers
by doing this. The desire by the business to keep control over the
proprietary work products of its employees often leads to a perceived
need for key escrow/recovery.
It may be possible to argue that the same effect can be achieved
by providing employees with restricted encryption clients which
always encrypts to a company key in addition to any other encryption.
This can be done for file system encryption as well. From the business
perspective, it may not be obvious that this solution is as good.
Naive business owners like the idea that they have all the secret keys
their employees have. It makes it obvious that the employees can't
hide anything. The "extra company key" solution is more complicated
and not as obvious to the naive customer.
(Actually what they really want is a combination of the two solutions.
They want access to their employee's private keys, and they want the
employee encryption clients always to encrypt to a company key. This
belt-and-suspenders approach gives the maximum access to all data.)
But from the political perspective, restricted clients like this are
themselves just a step away from software key escrow. How much of a
blow has been struck for freedom if a software infrastructure exists
which uses third party keys for access rather than shared private keys?
Both can easily be adapted to GAK. It is a fine line to draw.
Fundamentally, it is hard to get around the fact that the kinds of access
desired by many businesses with regard to their employee's information
are closely analogous to the access desired by governments with regard
to citizen information. A solution to the first can almost inevitably
be adapted into a solution to the second.
Hal
