the govt. key recovery fallacy (Re: What has really changed ...)

Adam Back adam at cypherspace.org
Thu, 12 Aug 1999 09:06:04 +0100 

Alistair Kelman writes:
> Caspar writes:
> > Pace advertising campaign scare stories, if someone has enough nous to
> > realize the risk of keeping important material encrypted without a key
> > backup, are they going simply to take a backup copy of their key, or are
> > they going to seek out a "Cryptography Service Provider" (whatever that 
> > is) that offers key recovery ?
> 
> It doesn't happen that way in real life. Just trawl through the requests 
> for help from serious businesses to Microsoft and Lotus when users have 
> password protected their documents and then have lost the key. 

I think you are misunderstanding the problem.  The basic crypto is
simple enough, but the field is awash with government FUD and one
needs to critically analyse government output.

OK, roles involved are business, individuals, governments and criminals:

- business and individuals want to encrypt data stored on hard disks,
  want to encrypt their communications.

- businesses don't want anyone outside the organisation reading their
  comms or data

- individuals and criminals don't want anyone except themselves to be
  able to read their comms or data

- government is most interested in ability to covertly eavesdrop on
  communications

- government is somewhat interested in ability to decrypt hard disks,
  to read data seized during 'dawn raids'.

Socially I don't think any of governments desires are acceptable;
restricting governments to use data for some purposes using policy
only has not worked historically (viz. filegate, GCHQ phone taps on
royal family, labour politicians, green peace etc).

So the solution is simple:

- businesses use _local_ key escrow to ensure availability of
encrypted data on harddisks (the software does exist to do this --
eg. www.pcguardian.com's [1] products -- sold to corporations who
think nothing of doing 1000 laptop installs of driver level hard disk
encryption has local password recovery, and many other similar
products)

- businesses mostly use email software without any 'recovery' -- if
email doens't make it to the recipient you typically resend it

- if businesses do need to spot check or record encrypted email, it
can be done again using local escrow

So I am not sure what Alistair is talking about.  

- governments have no where near a good enough record to allow them to
have keys to everything.

- business recovery for data availability uses local key escrow.
anyone who thinks businesses are going to hand their master keys over
to a thinly disguised front for GCHQ is just plain nuts.

- what Alistair proposes (to differentiate between uses, and rely on
government to only use power to decrypt) is simply not technically
possible; this is because it relies on policy which we know is
ignored, and technology can't differentiate between data types so we
can't enforce the policy using technology.

> I think we must really distinguish between electronic commerce type 
> activities and other activities. When a person uses encryption in 
> electronic commerce he/she is engaged in activities which are implicitly 
> or explicitly making use of an economic and legal framework (contracts, 
> binding representations, financial transactions, intellectual property 
> rights etc). 

where does a government backdoor fit into this picture.

> The implicit or explicit use of this infrastructure requires these
> transactions to be accessable by society.

Why?  Surely these are matters for private contract.

> In my view Key Recovery is an essential component in the proper use of 
> encryption in Electronic Commerce. But it is totally unacceptable when 
> citizens are using encryption for social or political purposes. Also it is 
> pointless when encryption is used to hide criminality - since criminals 
> are not going to escrow their private encryption keys.
> 
> The problem I feel with your FIPR message Casper is that it gets 
> simplified down to "Key Recovery is Bad". Key Recovery is good in 
> electronic commerce 

I would like to see your evidence that business thinks key recovery is
good for business -- the whole key recovery debate is immensley bad
for business -- especially US business, and in damaging the deployment
of good crypto.  The key recovery argument is responsible for 100s of
millions of lost trade for US industry, and for the state of play that
90%+ of browsers deployed use weak crypto (both inside and outside the
US).

Handing master keys over to NSA, or the French secret service is not
good for international business -- it has been shown that they are
heavily involved in industrial espionage.

> but bad everywhere else. The Electronic Commerce Bill fails to
> consider this distinction.

The problem is that you can't turn ability to decrypt on and off based
on fuzzy concepts -- encryption is binary.  Either encryption is free
of back doors or it isn't.  Given the negatives of allowing government
backdoors, I think all you lose is the anyway useless premise that key
escrow somehow has any effect on criminals (which I note you yourself
agree is a fallacy).

Adam

[1] Disclaimer: I do consulting work for pcguardian, but there are
lots of other hard disk software packages which allow local recovery.