> As I understand it, the idea of commercial key escrow is
> that you might someday want to recover encrypted data, and
> therefore you escrow the key with your corporate escrow agent,
> so that it can be recovered as necessary.
> Now, with firewall-to-firewall encryption, in which
> the encryption is being applied to *IP* *PACKETS* can you think
> of anything more useless than an escrowed packet?
> Suppose I FTP a file to my office in Europe - it is
> transparently encrypted in transit - are we to imagine a
> scenario in which someday I will want to recover my file by
> reassembling it from encrypted IP packets? Huh? Does anyone
> on this list archive their *PACKETS* for future recovery?
> I'm sure this brain damage isn't TIS' idea, they're
> working under some pretty wacky regulations. Your tax dollars
> at work, eh what?
I dont think the real motivation for escrow is to assist users in the
event of them requiring recovery.
Most governments have been trying very hard to address what they see as
national security and criminal issues in the environment created by
international data networking. Most users do not like the idea of
governments being able to intercept and decode their traffic. In
consequence, governments have been attempting to find a compromise which
meets their perceived needs for public and national security but is
acceptable to data users.
The reality is that almost every government already has legislation which
governs the use of telephone and postal information traffic and provides
the means whereby those governments may intercept and read that
information. Some governments make modest use of those powers and observe
strict conventions with a number of safety checks to avoid abuse of power
by government officials and subordinate authorities, but others widely
abuse what powers they have. Of course the abusers do not confine their
abuse or denial of civil liberty only to information traffic but thats
The powers have existed so long and affected so few people directly that
we take them for granted and may not even be aware that they exist. The
only thing which is different with regulations governing the use of data
network traffic is that the legislation is just being introduced and the
nature of data networking extends beyond national boundaries.
That is also not really a new situation because it has applied to radio
traffic for decades and where we are today as data users is where radio
users were 70 years ago. Perhaps more directly, we are where Citizens Band
Radio was in the 1970's because many of the issues are very similar, as
are many of the fears.
Whether the current attempts by governments to legislate on data
networking will be any more effective than attempts to legislate on a
range of issues including gun control, CB radio, and telephonic
communication are questionable. In many respects it is much like typical
firewall implementations in that it is more effective in keeping honest
people honest than it is with preventing the determined criminal.
Like it or not, every government will attempt to introduce controls and
some will be more effective than others. Some governments will widely
abuse the new powers and others will not.
Right now several governments are making rapid progress, particularly the
governments of Canada, New Zealand, and the United Kingdom. The US
Government has been less willing to move on encryption issues, but in a
world of international networking and commerce, international agreement
and co-operation is inevitable just as it was with letter post and radio