mailing list archives
IP: PGP Key Escrow and Congress
From: Dave Farber <farber () cis upenn edu>
Date: Thu, 16 Oct 1997 05:38:39 -0400
Date: Tue, 14 Oct 1997 10:15:07 -0500
From: Bruce Schneier <schneier () counterpane com>
The attached is from Barbara Simons of the U.S. ACM. =A0Note item 4, where
Congressional staffers point to PGP as an example of key escrow software
being possible. =A0To those of us fighing the government control of
cryptography, this is not helpful.
Date: =A0=A0=A0=A0=A0=A0=A0=A0Mon, 13 Oct 1997 13:27:03 PDT
Reply-To: "Barbara Simons" <simons () VNET IBM COM>
Sender: ACM US Public Policy Committee <USACM () ACM ORG>
From: "Barbara Simons" <simons () VNET IBM COM>
Subject: =A0=A0=A0=A0=A0Hill ... Blues
To: USACM () ACM ORG
On Thursday and Friday of last week I met with Hill staffers of the
following Congresspeople: Sen. Feinstein, Sen. Boxer, Rep. Eshoo,
Rep. Campbell, and Sen. Kerrey. =A0As you may have noticed, there was a Ca.
theme to the group, with the exception of Nebraska's Kerrey, of S909 fame.
Both Feinstein's and Boxer's staffer suggested that I speak with Kerrey's
staff, which is how I ended up meeting with Christopher McLean, Kerrey's
Legislative Counsel, and Lorenzo Goco, who is Special Assistant to the
Vice Chairman of the Senate Select Committee on Intelligence.
My discussion with them was very interesting and somewhat lively. =A0I don't
know whether or not they had noticed our letter in opposition to S909,
but they at least appeared to be surprised when I said that we had written
such a letter, a copy of which was given to each at the meeting.
I had the strong impression that McLean and Goco had had a hand in the
writing of S909. =A0They certainly were well versed in the arguments.
Here is some of what they said:
1. =A0S909 impacts only the government, NOT universities that receive
=A0=A0=A0government funding for networks. =A0This is not our interpretation=
=A0=A0=A0the bill, and I'd be interested in hearing from some of the lawyers
=A0=A0=A0who are on USACM as to whether or not they agree with McLean and=
2. =A0If we are concerned about the well being of the computer industry in
=A0=A0=A0the U.S., we should be supporting S909, since the alternatives are
=A0=A0=A0either a more draconian bill or no bill at all, with the=
=A0=A0=A0of the status quo export restrictions. =A0They claim that Clinton=
=A0=A0=A0veto any bill that does not contain provisions that address some of
=A0=A0=A0law enforcement's concerns.
3. =A0If we are concerned about inappropriate behavior vis-a-vis key escrow
=A0=A0=A0or recovery, we should be supporting S909, since it includes strong
=A0=A0=A0penalties for unlawfully revealing or obtaining others' keys.
4. =A0The NSA states that key recovery is doable and will not jeopardize
=A0=A0=A0national security. =A0And there is an existence proof for key=
=A0=A0=A0software in the new PGP release.
5. =A0Yes, they would like to see widespread use of key recovery, but their
=A0=A0=A0idea is to encourage the development of encryption with key=
=A0=A0=A0by using the buying power of the government to cause widespread and
=A0=A0=A0inexpensive key recovery encryption to come into being.
6. =A0They are simply doing what the NRC report recommended, namely=
=A0=A0=A0key recovery on the government without imposing it on the=
7. =A0Key recovery or key escrow are simply attempts at maintaining the
=A0=A0=A0status quo for law enforcement, who are now able to wiretap at=
Some of these are old arguments that we've been hearing for a while,
but some are newer. =A0In particular, points 4 and 6 are difficult to
refute without getting into some technical details. =A0Both points also
undercut the argument that a key recovery infrastructure potentially
weakens security. =A0After all, the NSA thinks it's secure enough that it
can be used by the government.
"Photons have neither morals nor visas" -- Dave Farber 1994
- IP: PGP Key Escrow and Congress Dave Farber (Oct 16)