Cryptography Reference
In-Depth Information
This is why key escrow continues to be utopia. We already saw this in the
discussion about the Clipper chip. Figure 8.3 lists some substantial arguments.
This kind of insight apparently made it all the way to the highest circles. The
wish for key escrow has certainly not disappeared, but when uninformed and
suspicious citizens eventually boycott e-commerce because of this, then that's
beyond a joke. Law-abiding people suffer from key escrow (and use the new
media insufficiently, so they are not profitable for the future industry), while
criminals have no problem in bypassing the laws. That's absurd.
It is more meaningful in my opinion to focus more on catastrophic insecurity
of software and hardware used currently, see, for example, the attack against
home banking described in Section 6.5. The consequential damage can hardly
be estimated!
Key escrow is wishful thinking and just fighting the symptoms. When it first
emerged, the telephone also opened up totally new options for criminals. Back
then, people used codewords to protect themselves from being eavesdropped.
This didn't lead to banning the telephone, of course. As a sideline, a request
to submit codeword books and the ban on using own codebooks would have
corresponded to key escrow.
Nevertheless, there is a legal field of application for key escrow: internal cor-
porate use. Sensitive encrypted data need to be decrypted even if the key was
lost by carelessness, or in case of software or hardware failures. Furthermore,
the management of a corporation is entitled to check outgoing mails for confi-
dential data. But that's a technical rather than a political problem and, as such,
doesn't belong in this chapter.
Feasibility
A ban on secure cryptography becomes necessary. This is hard to control and
unacceptable for firms. No national key escrow is possible in international data
traffic.
Bypassing Potential
Cryptologically secure steganography (similar to subliminal channels for digital
signatures) will be developed and used. Algorithms implemented in hardware can
be slightly protected against key escrow by whitening. The use of secure algorithms
will be camouflaged in many different ways.
Figure 8.3:
Arguments against key escrow.
