Latest News Stories:

• NORAD Intelligence Blackout
• Y2k -- You´re Okay
• Amiga Sold
• OSAll Plans
• The Belgians Need Our Help
• Back from Vacation
• Standards in Compsec
• NSA FOIA Request
• Happy Birthday Attrition
• More News...

Only $31.95

New Methodology:

• AS/400 Security
• Is YOUR Network Secure?
• Case Study: Stupidity of Sys Admins
• Solaris Auditing Overview
• Understanding NetBIOS
• Checking For RPC
• Sniffing FAQ
• More Soon...

Product Reviews

OSAll is starting to do weekly product reviews, to be published every single Friday.  Check out software, book and hardware reviews.

 Check it out!

Front | Methods | BBS | FAQ | Adverts | Mail | Write | Link | Shop

"Y2k, all hype, all the time."

The Case for Key Escrow

contiro
OSAll Contributor

Key escrow is one of the most controversial items in computer security, and probably in computers in general.  The NSA introduced the Clipper program which has pretty much fallen flat and the Clinton administration has introduced bill after bill trying to implement key escrow as law.  The thing is that key escrow can be good.

Drug dealers: bad.  Murderers: bad.  Mobsters: bad.  Privacy: good.  These things are mutually exclusive, right?  Possibly.  The thing is that the current key escrow proposals are pretty promising.

The main argument against key escrow is that some employee at the FBI (or whatever other agency) can just grab a key and read your encrypted messages.  The current proposals call for two seperate agencies to hold the escrowed keys -- and for the FBI to specifically request those keys to be released.

It´s something like a nuclear missile submarine.  When orders arrive at the submarine to launch the missiles they´re first authenticated by two people.  If they´re authenticated the captain goes on the intercom to the entire ship and announces they´ve received a valid launch code.  The executive officer must then echo that announcement.  Assuming they both agree, the entire ship must be prepped for launch.  They then both have to turn their keys simultaneously. 

With the current proposal for key escrow the order would come from the court, which would then be authenticated by two agencies.  The two agencies would then each have to individually release one half of the key.  The FBI would then combine these two halves to form the key to decrypt the messages.  Abuse is impossible with four different authorities involved.

This way encrypted messages about drug deals or terrorist activities could be read by the FBI so that they could head off the activities -- much like they tap phones now.  In fact, the key escrow system would be safer than the current system -- where a rogue agent at the FBI could listen in on phone conversations without too much trouble.

So what´s so bad about key escrow?

Related Links

• OSAll BBSystem
• Electronic Frontier Foundation
• NSA
• FBI

Don´t forget to discuss this issue on the OSAll BBSystem!

All content copyright 1998 - 99 unless book covers or otherwise noted.  Book covers copyright 1998 - 99 Amazon.com.  All OSAll-owned content may be reprinted with the following header added: "Copyright 1998 - 99 Owl Services.  Visit aviary-mag.com for computer security news and information."  Article authors retain a non-exclusive right to republish their work.   324