-----BEGIN PGP SIGNED MESSAGE-----
Building a key escrow system would do exactly the same thing. Putting in
place the infrastructure for automated enterprise wide key escrow to a
corporate key would mean building a technology infrastructure at exactly
the same risk. A government could just as easily say, "Thou shalt escrow
to the FBI key and send it to central storage" as they could corrupt CMR
to say "Thou shalt encrypt to the FBI key."
I'm not sure what you mean by 'central storage'. If you mean a backup
server within an organisation, this means the FBI still has to gain
physical access to the encrypted data. With CMR, the data is likely to
be sent across an insecure network so the FBI could access it easily.
This is the crux of the argument. CMR could enable widespread fishing by
surveillance agencies; they already have access to the ciphertext (which
would also be encrypted to their key). A properly designed escrow system
would require the keys to be physically handed over by the organisation
to the NSA. Regardless of how easy this step may be, it would hinder
fishing and leave some kind of audit trail - unlike CMR.
Ian.
-----BEGIN PGP SIGNATURE-----
Version: Cryptix 2.2.2
iQCVAgUBNF+Na5pi0bQULdFRAQHWqgP/SK4v+/oAUxWEzdIgXDP7T52qyMjqROUQ
Lmfl6qf8dEfkmeGQl6mCuBYvDIOWYftj0IvehrHMOWg3erPuGCq+rASB1iKKfYvJ
0K/G4k04EhfnRCd+96Fqh64U3NWnxaV1LGK21+MLL8iRt6OF5fbkarrfA9sx0eCZ
/9DHGBM+tSw=
=XRln
-----END PGP SIGNATURE-----