Key escrow in the UK

Werner Koch wk at
Sat Jul 30 11:43:06 UTC 2005

On Fri, 29 Jul 2005 14:11:46 +0200, Christophe Espern said:

> In France we have also already a law wich "allows the police to jail people 
> who don't surrender encryption keys" when they are suspected. 

During the discussion of the UK RIP act a technical solution against
the danger of forced key escrow has been discussed.  It is as simple
as to completely delete your private key after you have used it for
some time (say a week).  OpenPGP provides most means of doing such a
key roll-over and it is actually good security practise to do this -
as long as we are talking about communication and not archiving.  Ben
Laurie and others developed further specifications to be included in
the standard but unfortunately these PFS (Perfect Forward Security)
extensions have not been taken up (mainly due to lack of time).

Outlawing encryption - which is basically what key escrow is about -
is as effective as outlawing the use of backpacks, guns, explosives,
drug trafficking, fast cars or just any kind criminal action.
Criminals don't care about this - this is why they are called
criminals.  .

This whole media hype boils down to what some really want: Better
control of citizens so that they can maintain there current powers.
The question is whether there will be another July 14th.  What the
terrorists in the 70ies failed to achieve ("revealing the evil grimace
of the fascistic state") some misguided suicide bombers are close to
fulfill now.



If privacy is outlawed, only outlaws will have privacy.
                                      - Phil Zimmermann

More information about the Discussion mailing list