-> From: Declan McCullagh <declan@WELL.COM>
-> Subject: FBI calls for mandatory key escrow; Denning on export ctrls
-> To: Multiple recipients of list VOXERS-AT-LARGE
-> <VOXERS-AT-LARGE@list.iex.net>
->
-> All encryption products sold or distributed in the U.S.
-> must have a key escrow backdoor "like an airbag in a car,"
-> law enforcement agents advised a Senate panel this
-> afternoon.
->
-> FBI Director Louis Freeh also told a Senate Judiciary
-> subcommittee that "network service providers should be
-> required to have some immediate decryption ability
-> available" permitting agents to readily descramble
-> encrypted messages that pass through their system.
->
-> This marks the most aggressive push to date for
-> mandatory domestic key escrow (or "key recovery"),
-> which means someone else other than the recipient can
-> decipher messages you send out. Now, the easiest way
-> to win such a political tussle in Washington is to
-> control the terms of the debate. And nobody
-> understands that rule better than Sen. Jon Kyl
-> (R-Arizona), chair of the Judiciary subcommittee on
-> technology, terrorism, and government information.
->
-> Kyl opened today's hearing not by saying its purpose
-> was to discuss crypto in a balanced manner, but that
-> he wanted "to explore how encryption is affecting the
-> way we deal with criminals, terrorists, and the
-> security needs of business." Then he talked at length
-> about "criminals and terrorists" using crypto, and
-> child pornographers "using encryption to hide
-> pornographic images of children that they transmit
-> across the Internet."
->
-> Kyl also stacked the three panels. Out of seven
-> witnesses, five were current or former law enforcement
-> agents. No privacy or civil liberties advocates
-> testified. Some companies including FedEx apparently
-> dropped out when told they'd have to pay lip service
-> to key escrow if they wanted to speak.
->
-> Dorothy Denning, a Georgetown University professor of
-> computer science, did testify. Kyl made a point of
-> asking her if she still supported key escrow systems
-> (two recent articles by Will Rodger and Simson
-> Garfinkel said she was changing her mind). "I think
-> key recovery offers a very attractive approach,"
-> Denning said. What about export controls? "In the
-> absence of any controls, the problem for law
-> enforcement would get worse," she replied.
->
-> But when Sen. Dianne Feinstein (D-Calif) asked if
-> Denning would support a *mandatory* key escrow system,
-> the computer scientist said she wouldn't. "No, because
-> we don't have a lot of experience we key recovery
-> systems... a lot of people are legitimately nervous."
->
-> (Keep in mind that although Feinstein supposedly
-> represents Silicon Valley, she's no friend of high
-> tech firms. She opposes lifting export controls; in
-> fact, she says that "nothing other than some form of
-> mandatory key recovery really does the job" of
-> preventing crime. Of course, Feinstein doesn't have a
-> clue. She talks about whether businesses would want "a
-> hard key or digital key or a key infrastructure." Yes,
-> folks, this is in fact meaningless blather.)
->
-> Marc Rotenberg, director of the Electronic Privacy
-> Information Center in Washington, DC, says, "Simply
-> stated, the Senate train is headed in the wrong
-> direction. But of course this doesn't answer the
-> question of what will ultimately be resolved by
-> Congress? There's a very popular measure in the House
-> right now that's heading in a different direction."
->
-> Rotenberg is talking about Rep. Bob Goodlatte's SAFE
-> bill, which is much more pro-business than S.909,
-> the McCain-Kerrey Senate bill that Kyl supports. Now,
-> S.909 doesn't mandate key recovery; it only strongly
-> encourages it by wielding the federal government's
-> purchasing power to jumpstart a key recovery
-> infrastructure.
->
-> But Kyl would go further. At a recent Heritage
-> Foundation roundtable on encryption, I asked him, "Why
-> not make key recovery technology mandatory -- after
-> all, terrorists, drug kingpins and other criminals
-> won't use it otherwise." Kyl's response? Not that it
-> would be a violation of the Constitution's due process
-> and search and seizure protections. Instead, he told me
-> he simply didn't have enough votes...
->
-> -Declan
->
-> =:o =:o =:o =:o =:o o:= o:= o:= o:= o:= o:=
->
<< end of forwarded material >>
-
Care about people's approval and you will be their prisoner.
-Toa Te Ching
<>tbyars@earthlink.net <>