ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Key Escrow Issues

1997-10-09 20:42:06
from [Jeffrey Gold] [Permanent Link] 
-----BEGIN PGP SIGNED MESSAGE-----

The release of PGP v5.5 has again make Key Escrow a hot topic.
For those who do not already know Key Escrow allows anyone with 
a "Master" key to decrypt any message you may encrypt.  A few 
general comments about Key Escrow issues - IMHO

1. It is essential for many businesses to maintain trade secrets.
   Encryption is a valid way for them to do so.

2. It is critical for those same businesses to be independent of
   the loss of any one employee - if he is the ONLY ONE who knows
   the password for a critical file.  Key Escrow is a valid
   solution to guard against this circumstance.  PGP version 5.5
   which has this feature is likely to be a "hot seller".

3. PGP 5.5 appears to allow a single individual with a "Master"
   key access to ALL encrypted files.  IMHO, this gives that
   employee too much power.  It also leaves the business vulnerable
   to improper behavior by that employee.  Say, jumping ship with
   all the secrets.

4. Packages other then PGP (I forget the name) require 3-5 select
   employees COOPERATE in order to activate the Key Escrow feature.
   Sort of like the self-destruct sequence in the original Star Trek.

5. Employees should retain the RIGHT to encrypt PERSONAL information
   with a Non-Escrow system like PGP 5.0, but may expect to be
   REQUIRED to use the Key Escrow system to encrypt sensitive
   business related information.

6. There is an outstanding legal question of wether a business may
   prohibit an employee from ANY PERSONAL use of his computer at 
   work, since this computer is the property of the business. 
   This question may prove to be AS IMPORTANT as Key Escrow.

7. It is unwise to allow the government to have these powers.
   This is for the simple reason that, all statements to the
   contrary, it is IMPOSSIBLE to prevent widespread ABUSE.

8. The similarities to government opening your snail mail are very
   close. There are strong laws against this practice. Unfortunately,
   the law has not yet caught up with the technology of the Internet.

9. However, the practice of the government opening foreign mail and
   tapping overseas phone calls still exists.  So, there is a legal
   precedent, regardless of its morality, to support government Key
   Escrow when applied to foreign/overseas traffic.  The problem
   here is how to protect domestic correspondence vs. international
   correspondence.  I do not have that answer.

10. The Clinton Administration is moving VERY AGGRESSIVELY to put
    some form of Key Escrow in place.  They have not and will not
    stop - despite many setbacks.  It is unlikely that even a 
    change to a Republican administrations in 2000 would affect 
    this effort.

11. Regardless of where you stand on these issues, if you wish to
    be heard, contact your elected representatives.  Support the
    political action groups with which you agree.

The above is my personal opinion.  Feel free to disagree 
or otherwise comment either on-list or off-list.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBND2YVP76BDyEwnEpAQEe2Qf/TwpP2PsE6/gUVm/2qoV8O/8le59IoQE0
IpRzi14OzVANhAC9JBkVOyHyW+Czby8aCpidG6m+DkyAIP45F/bKEC/DS+EiUjny
Bze0HZmiUUKWYJuuzH+a+gMODqYFctGeLaqg84SQ1ygOpQRBquTpL5Cc83HRIAaz
dS0OR61f2PpWHTsS0m8zbwGLfg0XCPB6I+zhQw7lDfiWMZ9WT88LwOyRcaGms/TB
JrHeVy7HBuJ/rcrXvyQR6zNDNROgzq81T/SPgpN9pOQZpSJi1ZlmvKOs2coKEL+M
zFlER6FAylbz4+hoaO95cWRW7wqEbwvAXjLcVGaVXmaHobxOdcFTIQ==
=cIhK
-----END PGP SIGNATURE-----
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Announce: Mapil v0.0 PGP mail utility, John W. Noerenberg
Next by Date:  Re: Key Escrow Issues, Lutz Donnerhacke
Previous by Thread:  Announce: Mapil v0.0 PGP mail utility, Ben Escoto
Next by Thread:  Re: Key Escrow Issues, Lutz Donnerhacke
Indexes:  [Date] [Thread] [Top] [All Lists]