[Top] [All Lists]

Re: Just say NO to key escrow or CMR/ARR revisited

1997-11-04 12:19:07
On Tue, 4 Nov 1997 mark(_at_)unicorn(_dot_)com wrote:

At the same time, it builds a 'feature' into every copy 
of PGP which could at some point in the future be used to provide
government access to messages by forcing users to encrypt to a government
key. This, to Adam and others (including me), is so great a risk that 
we'd much prefer key escrow or an alternate system. 

Building a key escrow system would do exactly the same thing. Putting in
place the infrastructure for automated enterprise wide key escrow to a
corporate key would mean building a technology infrastructure at exactly
the same risk. A government could just as easily say, "Thou shalt escrow
to the FBI key and send it to central storage" as they could corrupt CMR
to say "Thou shalt encrypt to the FBI key."

Corporations are going to want central, encrypted escrow if PGP, Inc. 
were to go that way.

It would take the same amount of government intervention to corrupt a
corporate key escrow system as CMR.

-Gene Hoffman
PGP, Inc.