From: tcmay@netcom.com (Timothy C. May) Subject: Gore Letter and Software Key Escrow Date: 8 Aug 1994 20:06:51 -0400 Some interesting comments from a recent issue of "EE Times": "While some critics declared Clipper dead, Gore made it clear that any encryption system used for voice communications must retain that the key-escrow framework that is the central feature of the Clipper chip. The only difference will be whether private-sector escrow agents will be added." ["Gore letter clouds U.S. Clipper policy," George Leopold, "EE Times," 1994-07-25, p. 4] [the article mentioned Gore's "We welcome the opportunity to work with industry to develop a more versatile, less expensive system. Such a key-escrow system would be implemented in software, firmware, hardware or any combination thereof, would not rely on upon a classified algorithm, would be voluntary and would be exportable."] In an earlier article: "Sen. Patty Murray, D-Wash., cosponsor of the Senate bill, said the Clipper-chip proposal "has had a chilling effect on software manufacturers in my state," particularly Microsoft Corp. She and other Clipper critics testifying last week argued that software encryption is widely available. "Federal efforts to put the genie back in the bottle will be futile," Murray said." ["Congress adds its voice to Clipper debate," George Leopold, "EE Times," 1994-05-09, p. 16] And this chilling comment from Stephen Walker of TIS: " "Most Americans would accept government-imposed key escrow if it was established by law" and subject to judicial review, said Stephen Walker, president of Trusted Systems Inc. [sic] and a former NSA official." ["Congress adds its voice to Clipper debate," George Leopold, "EE Times," 1994-05-09, p. 16] From these and other articles I continue to believe that several related things are happening: * The Administrations has backed away from the hardware-based, proprietary Skipjack approach that Clipper and EES represented. Though Clipper is not yet officialy dead, its brain wave has flatlined. * The software industry was apparently pressured, based on comments by various people, including Rep. Maria Cantwell (D-Wash) and Sen. Patty Murray. The form and timing of this pressure is not public knowledge, but hints of it keep emerging. * A software-based key escrow system, involving the new Walker-Belenson-others algorithm, is the likely basis for this new "more versatile, less expensive system" that Gore says would be "implementable in software, firmware, hardware or any combination thereof..." Practically speaking, this means software, as the hardware base of machines already out in the world pretty much makes hardware- or firmware-based deployment very problematic...few people will buy new hardware, which is what helped to kill Clipper. * Ostensibly this will be "voluntary," but the "voluntary" part may only be choice from a Chinese menu of approved and licensed escrow agents. [This is my interpretation, reading between the line of a dozen or so articles, articles which quote sources about how "private industry" will provide escrow agents, how choice will be preserved, and how the infamous "legitimate needs of law enforcment" will be preserved. * This compromise will likely put software key escrow (SKE, or Carl Ellison's "GAK"..."Government Access to Keys") into the software for audio and video teleconferencing, communication, and possibly into the OS itself (as this would be needed to ensure wide coverage of installed machines). * The articles suggest Sen. Leahy, Rep. Cantwell, and many others have already accepted this compromise. Enabling legislation could come at any time, and may be closely related to the Digital Telephony Bill, which has had the same behind-the-scenes negotiating. In closing, I reject the point made by Walker, that Americans will accept a "government imposed key escrow if it was established by law." I think this is the real threat on the horizon. --Tim May