You are on page 1of 5

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.

0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>EFF: </title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<link rel="stylesheet" type="text/css"


href="http://www.eff.org/sites/all/themes/frontier/style.css">
<link rel="stylesheet" type="text/css"
href="http://w2.eff.org/stylesheets/www2.css">
<link rel="stylesheet"
href="http://www.eff.org/sites/all/themes/frontier/800.css" type="text/css"
media="screen" id="narrow" title="narrow" />
<link rel="alternate stylesheet"
href="http://www.eff.org/sites/all/themes/frontier/1015.css" type="text/css"
media="screen" id="wide" title="wide" />
<script src="http://www.eff.org/sites/all/themes/frontier/resizey.js"
type="text/javascript"></script>
<link rel="alternate" type="application/rss+xml" title="EFF - Deeplinks"
href="http://www.eff.org/rss/blog" />
<link rel="alternate" type="application/rss+xml" title="EFF - Press Releases"
href="http://www.eff.org/rss/pressrelease" />
<link rel="alternate" type="application/rss+xml" title="EFF - Action Alerts"
href="http://action.eff.org/feed/rss2_0/alerts.rss" />
<link rel="shortcut icon" type="image/x-icon" href="/favicon.ico" />
<script type="text/javascript">

<!--
window.onresize = doOnResize;
window.onload = doOnLoad;

//-->
</script>

</head>

<body>
<div class="wrapper">
<div id="header">
<div id="headerinner">
<div id="search"><div id="searchinner">
<form method="get" action="/cgi/search-proxy.py">
<input class="searchtextarea" type="text" name="q" size="15" maxlength="255"
value="Enter search terms" onclick="this.value = ''" /> <input type="submit"
class="submit" value="Search EFF" name="sa" /> <a class="searchinfolink"
href="/policy#search">?</a>
</form>
</div></div>
<a id="logo" href="/"><img
src="http://robin.eff.org/sites/all/themes/frontier/images/head_logo.png"
alt="Electronic Frontier Foundation" width="442" height="66" border="0" /></a>
</div>
</div>
</div><div id="topnav">
<div class="wrapper">
<ul class="links-menu">
<li><a href="http://www.eff.org/about" class=" first">About</a></li>
<li><a href="http://www.eff.org/work">Our Work</a></li>
<li><a href="http://www.eff.org/deeplinks">Deeplinks Blog</a></li>
<li><a href="http://www.eff.org/press">Press Room</a></li>
<li><a href="http://action.eff.org/">Take Action</a></li>
<li><a href="http://secure.eff.org/" class=" last">Join EFF</a></li>
</ul>
</div>
</div><div class="wrapper">
<div id="content" class="withoutsidebar">
<div class="breadcrumb">
<a href="http://www.eff.org/">Home</a> &raquo; <a href="/Privacy/">Privacy</a>
&raquo; <a href="/Privacy/Key_escrow/">Key Escrow</a><span
class="crumbspacer">&nbsp;</span>
</div>
</div>
<!-- conditional navbars -->
<div class="clr"></div>

<div id="featuretext">

<pre>

THE GOVERNMENT DOESN'T WANT KEY ESCROW

[Page last modified: October 5, 1995]


_________________________________________________________________

In spite of having published a policy which actively encourages it,


the US Government does not want citizens to use key escrow
cryptography.

What the Government wants is access to cryptographic keys (access to


cleartext of encrypted communications and files). I term this
``Government Access Cryptography'' (GAC). Clipper provides GAC.
Clipper happens to use key escrow in order to provide GAC. However,
key escrow is a technique which is neither necessary nor sufficient to
give the US Government what it wants.

Not sufficient

Someone could put together a true key escrow system, just like
Clipper, with key escrow agents and escrow grantees (the persons to
whom keys are released by escrow agents). However, if the key escrow
agents were to be chosen by Fidel Castro and the escrow grantee were
to be the Cali drug cartel, the US Government would not be getting
access and I have been assured by Administration officials that the
Government would not approve the system.

Not necessary

I could take the application code most hated by the NSA -- namely PGP
-- and implement Government Access Cryptography. If the NSA and FBI
were to generate PGP key pairs, they could send me the public keys. I
could build those keys into a copy of PGP so that every encryption
included both the NSA and the FBI as crypto-recipients (as opposed to
mail-recipients). This application provides Government Access
Cryptography but does not use key escrow to achieve it.

_________________________________________________________________

Immediate, Voluntary GAC

Mike Nelson, in the August 17, 1995 meeting on key escrow, repeated
the refrain: "voluntary, voluntary, voluntary". He was emphasizing
that the Clinton Administration would never institute controls on
domestic cryptography. However, he is also clear that the
Administration wants to have US citizens use Government Access
Cryptography (GAC).

I can implement voluntary GAC within hours, with a little cooperation


of the FBI and NSA. If they would generate PGP public keys for
themselves and send them to me, I would sign those keys and post them
to the worldwide PGP key servers. Since my key is signed by Derek
Atkins and his key is signed by Phil Zimmerman, this would provide a
certification chain from Phil to both the NSA and the FBI. I would
then post a signed message on all relevant newsgroups announcing the
new keys and testifying to their validity. Citizens using PGP would
then be free to download those keys and add them to their public key
rings. Those users could then voluntarily include either the NSA or
the FBI or both as crypto-recipients. This implements Government
Access Cryptography (or, in government-speak, Software Key Escrow)
with almost no cost and almost no delay, within hours of the
generation of those keys.

It is my claim that the voluntary GAC described above is the most the
Government will be able to expect. So -- let's implement it now and
end this discussion.

_________________________________________________________________

Etymology

There are a number of words used by various people as if they were


interchangeable:

* Key Escrow -- a technique which puts cryptographic keys in escrow.


The term is borrowed from financial transactions where something
of value is transferred from the object's owner to the escrow
grantee, subject to some condition. However, the owner doesn't
necessarily trust the grantee. Therefore, the object is given to a
trusted third party -- the escrow agent -- who holds the object
until the grantee satisfies the condition at which time the object
transfer is completed. [Presumably, if the condition is not met
and there is a deadline, the object is then transferred back to
the owner.]

The term ``Key Escrow'' as used in the Clipper/Capstone program


refers to a system in which the object is a citizen's
cryptographic master key, the grantee is a US Government
surveillance agency, the escrow agent is a pair of US Government
agencies and the condition is that the surveillance agency submits
paperwork stating that it has a right to the key in question. In
this case, there is no condition under which the grantee fails to
the extent that the key is returned to its owner.

The use of the phrase ``Key Escrow'' in Clipper/Capstone might be


an attempt to deflect attention away from the central fact of the
mechanism (that the Government gets access on demand). It might
even be clever -- since the term ``escrow'' is known by the
citizenry to be a legal term and to be related to home ownership
(therefore related to the American Dream).

However, key escrow is a technique which does not necessarily


involve Government access (see my example at the head of this
page). It can even be benign, in which the escrow agent is a
corporation, the grantee is an employee's manager and the
condition is that the employee is unavailable. Therefore, we need
to distinguish between the neutral technique and what the US
Government really wants.

* GAK (Government Access to Keys) was my first attempt to describe


the Government's desire. It fits, although it isn't as general as
it could be.

* GACK (Government Access to Citizens' Keys) is a variant on GAK


(coined by a cypherpunk) which emphasizes the (inappropriate)
target of the access desire.

* GAC (Government Access Cryptography) is the most general form I


know -- allowing for other methods of getting Government access
(weak keys, subverted random number generation, cryptographic
algorithms with back doors, Government key escrow, direct transfer
of keys to the Government (ala my PGP example), key exchange
methods with back doors, etc.).

_________________________________________________________________

Carl Ellison --- cme@acm.org


</pre>

</div>

</div>
</div>
</div>

<!-- footer -->


<div id="footer">
<div class="wrapper">
<div id="footerinner">
<div id="cc">
<a href="http://www.eff.org/copyright"><img
src="http://robin.eff.org/sites/all/themes/frontier/images/cclogo.png"
alt="Creative Commons Licensed" width="22" height="23" border="0" /></a>
</div>
<div id="footernav">
<ul class="links-menu">
<li><a href="http://www.eff.org/thanks" title="Thanks" class="
first">Thanks</a></li>
<li><a href="http://www.eff.org/rss" title="RSS Feeds">RSS Feeds</a></li>
<li><a href="http://www.eff.org/policy" title="Privacy Policy">Privacy
Policy</a></li>
<li><a href="http://www.eff.org/about/contact" title="Contact EFF" class="
last">Contact EFF</a></li>
</ul>
</div>
<div class="clr"></div>
</div>
</div>
</div>

</body>
</html>