Key escrow in the UK

Simo Sorce simo.sorce at xsec.it
Fri Jul 29 12:50:04 UTC 2005 

On Fri, 2005-07-29 at 12:11 +0200, Jeremiah Foster wrote:
> 
> 
> ______________________________________________________________________
> 
> On Jul 29, 2005, at 1:01 AM, Ben Finney wrote:
> 
>         > On 28-Jul-2005, Jeremiah Foster wrote:
> 
>         > Is it permissible to allow key escrow by the authorities?
> 
>         The only keys that would be escrowed would be those keys owned
>         by
>         people complying with the key escrow laws. People involved in
>         morally
>         heinous crimes would hardly mind breaking laws like key
>         escrow.
> 
> There could be an enforced key-recovery, which would apply to all
> keys. This is from the first article you pointed to - "Attempts to
> force the widespread adoption of key-recovery encryption through
> export controls, import or domestic use regulations, or international
> standards should be considered in light of these factors. "

A key recovery mechanism require encryption software that specifically
contemplate this mechanism, right?
And so who prohibit the Terrorist not to use it but use current
unrecoverable software?

All this forms of control suppose collaboration from the encrypting
party. So it is the same as requiring key escrow.

> So in fact these experts recommend considering enforced key-recovery.

These experts are either not experts or are playing a misleading game.
What all this stuff can do is at best to obtain a very nice security
problem. If there's a way to recover keys, be sure there will be people
that will try to unlawfully exploit it.

> Not true. If you had a key recovery mechanism, you could quickly
> recovery the key and encrypted information, thus potentially saving
> lives.

IF you had it, but I can't really see how you can force someone to use a
"key recovery mechanism" enabled software if they do not want to.

>  Look at the situation today, the police suspect another attack with
> innocent people killed is imminent, oughtn't there be a mechanism to
> prevent this needless death?

It would be wonderful if there were such, but public/private key
mechanism exist and there's nothing you can do except perhaps find a way
to break them all, because no law will force unlawful people to make
their own encryption mechanisms weak if they do not want to.

Simo.

-- 
Simo Sorce - simo.sorce at xsec.it
Xsec s.r.l. - http://www.xsec.it
via Garofalo, 39 - 20133 - Milano
mobile: +39 329 328 7702
tel. +39 02 2953 4143 - fax: +39 02 700 442 399

More information about the Discussion mailing list