On Aug 15, 2015, at 7:05 PM, Brian E Carpenter
<brian(_dot_)e(_dot_)carpenter(_at_)gmail(_dot_)com> wrote:
I really believe this discussion completely misses the point.
RFC 1984 says:
Even if escrowed encryption schemes are used, there is nothing to
prevent someone from using another encryption scheme first.
Certainly, any serious malefactors would do this; the outer
encryption layer, which would use an escrowed scheme, would be used
to divert suspicion.
In other words: even the most Byzantine escrow system is useless in the
face of a bad actor who chooses to implement and use a non-escrowed
system, concealing its existence using a government-approved escrowed
system on top. Escrow is only useful against law-abiding people who
trust the government(s) in the first place.
Brian -
I have no view either way on the merits moving RFC1984 to BCP status,
but would note that (at least in my limited experience) law enforcement
activities (LEA) often seek supporting or corroborating information that is
not the direct communications of the alleged perpetrators. Even presuming
knowledgable criminals using encryption that is over/above for dialogue with
their accomplices, that does not preclude the potential usefulness (from
LEA’s perspective) from being able to obtain more mundane, but related
communications (e.g. with suppliers, future victims, etc.)
It’s quite possible that the appropriate tradeoff for society continues to be
that as documented in RFC1984, but it should be recognized as an actual
tradeoff and not an an approach without any impact to lawful enforcement
activities (as might be implied from your comments above.)
/John
Disclaimer: my views alone; no LEA personnel were harmed in the
production of this email.