On 08/18/2015 07:12 AM, Eliot Lear wrote:
Hi,
On 8/17/15 10:30 PM, Brian E Carpenter wrote:
On 18/08/2015 03:44, Eric Burger wrote:
I could be cynical and offer that this is the argument FOR a key escrow
scheme. It will be great for business for secure communications companies
to sell enterprises (“Hey - do you want your competition to listen in to
your communications? No? You need our stuff!”).
As it happens, enterprises are huge users today of key escrow schemes
for storage. And nobody in this discussion would be arguing to mandate
escrow. In fact I'm not even advising escrow. Quite the contrary,
really. All I'm saying is that it is not reasonable to argue extremes,
and one extreme is that we need to assume in this case that the law
enforcement goal is perfect access to everything.
Alternatively, would this mean that only the smart, hardened criminals and
IETF folks will have privacy? Interesting bedfellows...
That is, and has always been, my point. The people society most has to fear
are smart enough to avoid escrow, very possibly by paying for the expertise.
To look at it slightly differently, from the bad actor's viewpoint, strong
crypto with key escrow is equivalent to weak crypto, because the authorities
can read the traffic (assuming that metadata surveillance has made the
traffic
seem interesting).
Please do not assume that the really bad actors are unaware of this. They're
not stupid and they have a lot of money.
And please do not assume that most bad actors have a frigging clue. The
effectiveness existing law enforcement is a proof point against that
assumption. That does not mean that this organization should advocate
for escrow. I just want us not to look like fools when making our point.
I have noted that the heat of this discussion increased sharply when
Apple and Google started device encryption by default - that is, people
who did not care (before meeting law enforcement) would get their data
encrypted. This obviously also means that bad actors who did not care
would get their data encrypted - which means that they did not *need* a
clue in order to be protected.
I think this illustrates the natural tendency of technology adoption:
Things that required significant smarts 10 years ago is now just "what
everyone does"; things that requires significant smarts now will be
"what everyone does" in 10 years - unless steps are taken to stop it.
RFC 1984 was not about describing the state of the world in 1996. It was
about influencing the state of the world in 2006 (and 2016!) - helping
along the things we thought would make the world better by then
(deployment of encryption) and defeating the proposals we thought would
make the world a worse place (among other things, mandatory key escrow
and all the limitations on technology that such a mandate would have to
impose in order to be effective).
That's the perspective we need to have.