[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
NSA weisst die US Regierung auf das GAK Beispiel PGP hin.
- To: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org
- Subject: NSA weisst die US Regierung auf das GAK Beispiel PGP hin.
- From: Lutz Donnerhacke <email@example.com>
- Date: Tue, 14 Oct 1997 18:18:49 +0200
- Comment: This message comes from the debate mailing list.
- Reply-To: firstname.lastname@example.org
- Sender: email@example.com
Der beigelegte Text stammt von einem Treffen mit Kongreßangeordneten.
Im Punkt 4 weist die NSA darauf hin, daß GAK machbar ist, wie PGP es vorführt.
Das konterkarriert natürlich alle Bemühungen, Schlüsselhinterlegungen zu
meiden. Danke Phil! *sauer*
Date: Tue, 14 Oct 1997 10:15:07 -0500
From: Bruce Schneier <firstname.lastname@example.org>
Subject: PGP Key Escrow and Congress
The attached is from Barbara Simons of the U.S. ACM. Note item 4, where
Congressional staffers point to PGP as an example of key escrow software
being possible. To those of us fighing the government control of
cryptography, this is not helpful.
Date: Mon, 13 Oct 1997 13:27:03 PDT
Reply-To: "Barbara Simons" <simons@VNET.IBM.COM>
Sender: ACM US Public Policy Committee <USACM@ACM.ORG>
From: "Barbara Simons" <simons@VNET.IBM.COM>
Subject: Hill ... Blues
On Thursday and Friday of last week I met with Hill staffers of the
following Congresspeople: Sen. Feinstein, Sen. Boxer, Rep. Eshoo,
Rep. Campbell, and Sen. Kerrey. As you may have noticed, there was a Ca.
theme to the group, with the exception of Nebraska's Kerrey, of S909 fame.
Both Feinstein's and Boxer's staffer suggested that I speak with Kerrey's
staff, which is how I ended up meeting with Christopher McLean, Kerrey's
Legislative Counsel, and Lorenzo Goco, who is Special Assistant to the
Vice Chairman of the Senate Select Committee on Intelligence.
My discussion with them was very interesting and somewhat lively. I don't
know whether or not they had noticed our letter in opposition to S909,
but they at least appeared to be surprised when I said that we had written
such a letter, a copy of which was given to each at the meeting.
I had the strong impression that McLean and Goco had had a hand in the
writing of S909. They certainly were well versed in the arguments.
Here is some of what they said:
1. S909 impacts only the government, NOT universities that receive
government funding for networks. This is not our interpretation of
the bill, and I'd be interested in hearing from some of the lawyers
who are on USACM as to whether or not they agree with McLean and Goco.
2. If we are concerned about the well being of the computer industry in
the U.S., we should be supporting S909, since the alternatives are
either a more draconian bill or no bill at all, with the maintenance
of the status quo export restrictions. They claim that Clinton will
veto any bill that does not contain provisions that address some of
law enforcement's concerns.
3. If we are concerned about inappropriate behavior vis-a-vis key escrow
or recovery, we should be supporting S909, since it includes strong
penalties for unlawfully revealing or obtaining others' keys.
4. The NSA states that key recovery is doable and will not jeopardize
national security. And there is an existence proof for key recovery
software in the new PGP release.
5. Yes, they would like to see widespread use of key recovery, but their
idea is to encourage the development of encryption with key recovery
by using the buying power of the government to cause widespread and
inexpensive key recovery encryption to come into being.
6. They are simply doing what the NRC report recommended, namely "testing"
key recovery on the government without imposing it on the citizenry.
7. Key recovery or key escrow are simply attempts at maintaining the
status quo for law enforcement, who are now able to wiretap at will.
Some of these are old arguments that we've been hearing for a while,
but some are newer. In particular, points 4 and 6 are difficult to
refute without getting into some technical details. Both points also
undercut the argument that a key recovery infrastructure potentially
weakens security. After all, the NSA thinks it's secure enough that it
can be used by the government.