DTI Policy Response

Ben Laurie ben at algroup.co.uk
Tue, 28 Apr 1998 20:41:06 +0100 

William H. Geiger III wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> In <3.0.3.32.19980428095917.00ab5500@cybercash.com>, on 04/28/98
>    at 08:59 AM, Carl Ellison <cme@cybercash.com> said:
> 
> >At 07:21 AM 4/28/98 -0500, Brown, R Ken wrote:
> >>compulsory infrastructure-based key-recovery GAK. In fact it rules it out
> >>for private users and unlicensed providers. To my non-lawyerly mind it says:
> >>"if you have an encrypted message that we think is evidence, and  you don't
> >>tell us what it says when we ask you, then we will put you in prison".
> 
> >So what happens when I send you a block of random numbers, base64
> >encoded?
> 
> >Do I get put on the rack until I reveal the key?
> 
> A while back I had made a proposal on the coderpunks mailing list for the
> development of a crypto dongle. This would be a self-contained piece of
> hardware that contained enough memory to store several encryption keys.
> The user would attach this device to his computer so he can do whatever
> encryption/decryption was needed and then remove it when he was done (I
> originally envisioned attaching through the parallel port similar to copy
> protection dongles).
> 
> The key to this device is it would have a "panic button" on it that would
> wipe it's memory at a moments notice. It was key that the device be able
> to destroy the contents of it's memory without any external power or
> equipment.
> 
> So when your LEA's are knocking on your door with a battering ram at 3am
> security is only a push button away. :)

At the time, I doubted the ability of iButtons to do this - however, I'm
new not so sure. The cryptobutton has its own power supply. It'll take a
bit of wrapping, I'm sure, but probably not very much.

Cheers,

Ben.

-- 
Ben Laurie            |Phone: +44 (181) 735 0686|  Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd,     |Apache-SSL author    http://www.apache-ssl.org/
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache