THE GOVERNMENT DOESN'T WANT KEY ESCROW
[Page last modified: October 5, 1995]
_________________________________________________________________
In spite of having published a policy which actively encourages it,
the US Government does not want citizens to use key escrow
cryptography.
What the Government wants is access to cryptographic keys (access to
cleartext of encrypted communications and files). I term this
``Government Access Cryptography'' (GAC). Clipper provides GAC.
Clipper happens to use key escrow in order to provide GAC. However,
key escrow is a technique which is neither necessary nor sufficient to
give the US Government what it wants.
Not sufficient
Someone could put together a true key escrow system, just like
Clipper, with key escrow agents and escrow grantees (the persons to
whom keys are released by escrow agents). However, if the key escrow
agents were to be chosen by Fidel Castro and the escrow grantee were
to be the Cali drug cartel, the US Government would not be getting
access and I have been assured by Administration officials that the
Government would not approve the system.
Not necessary
I could take the application code most hated by the NSA -- namely PGP
-- and implement Government Access Cryptography. If the NSA and FBI
were to generate PGP key pairs, they could send me the public keys. I
could build those keys into a copy of PGP so that every encryption
included both the NSA and the FBI as crypto-recipients (as opposed to
mail-recipients). This application provides Government Access
Cryptography but does not use key escrow to achieve it.
_________________________________________________________________
Immediate, Voluntary GAC
Mike Nelson, in the August 17, 1995 meeting on key escrow, repeated
the refrain: "voluntary, voluntary, voluntary". He was emphasizing
that the Clinton Administration would never institute controls on
domestic cryptography. However, he is also clear that the
Administration wants to have US citizens use Government Access
Cryptography (GAC).
I can implement voluntary GAC within hours, with a little cooperation
of the FBI and NSA. If they would generate PGP public keys for
themselves and send them to me, I would sign those keys and post them
to the worldwide PGP key servers. Since my key is signed by Derek
Atkins and his key is signed by Phil Zimmerman, this would provide a
certification chain from Phil to both the NSA and the FBI. I would
then post a signed message on all relevant newsgroups announcing the
new keys and testifying to their validity. Citizens using PGP would
then be free to download those keys and add them to their public key
rings. Those users could then voluntarily include either the NSA or
the FBI or both as crypto-recipients. This implements Government
Access Cryptography (or, in government-speak, Software Key Escrow)
with almost no cost and almost no delay, within hours of the
generation of those keys.
It is my claim that the voluntary GAC described above is the most the
Government will be able to expect. So -- let's implement it now and
end this discussion.
_________________________________________________________________
Etymology
There are a number of words used by various people as if they were
interchangeable:
* Key Escrow -- a technique which puts cryptographic keys in escrow.
The term is borrowed from financial transactions where something
of value is transferred from the object's owner to the escrow
grantee, subject to some condition. However, the owner doesn't
necessarily trust the grantee. Therefore, the object is given to a
trusted third party -- the escrow agent -- who holds the object
until the grantee satisfies the condition at which time the object
transfer is completed. [Presumably, if the condition is not met
and there is a deadline, the object is then transferred back to
the owner.]
The term ``Key Escrow'' as used in the Clipper/Capstone program
refers to a system in which the object is a citizen's
cryptographic master key, the grantee is a US Government
surveillance agency, the escrow agent is a pair of US Government
agencies and the condition is that the surveillance agency submits
paperwork stating that it has a right to the key in question. In
this case, there is no condition under which the grantee fails to
the extent that the key is returned to its owner.
The use of the phrase ``Key Escrow'' in Clipper/Capstone might be
an attempt to deflect attention away from the central fact of the
mechanism (that the Government gets access on demand). It might
even be clever -- since the term ``escrow'' is known by the
citizenry to be a legal term and to be related to home ownership
(therefore related to the American Dream).
However, key escrow is a technique which does not necessarily
involve Government access (see my example at the head of this
page). It can even be benign, in which the escrow agent is a
corporation, the grantee is an employee's manager and the
condition is that the employee is unavailable. Therefore, we need
to distinguish between the neutral technique and what the US
Government really wants.
* GAK (Government Access to Keys) was my first attempt to describe
the Government's desire. It fits, although it isn't as general as
it could be.
* GACK (Government Access to Citizens' Keys) is a variant on GAK
(coined by a cypherpunk) which emphasizes the (inappropriate)
target of the access desire.
* GAC (Government Access Cryptography) is the most general form I
know -- allowing for other methods of getting Government access
(weak keys, subverted random number generation, cryptographic
algorithms with back doors, Government key escrow, direct transfer
of keys to the Government (ala my PGP example), key exchange
methods with back doors, etc.).
_________________________________________________________________
Carl Ellison --- cme@acm.org
