Newsgroups: sci.crypt,alt.privacy.clipper
Path: cantaloupe.srv.cs.cmu.edu!crabapple.srv.cs.cmu.edu!bb3.andrew.cmu.edu!news.sei.cmu.edu!fs7.ece.cmu.edu!europa.eng.gtefsd.com!emory!cs.utk.edu!lambda.msfc.nasa.gov!robichau
From: robichau@lambda.msfc.nasa.gov (Paul Robichaux)
Subject: Suggestions for escrow agencies (was: Re: More technical details)
Message-ID: <1993Apr19.154938.1203@lambda.msfc.nasa.gov>
Reply-To: robichau@lambda.msfc.nasa.gov
Organization: New Technology, Inc.
References: <1993Apr19.134346.2620@ulysses.att.com>
Date: Mon, 19 Apr 1993 15:49:38 GMT
Lines: 53

( Below is my response to Dr. Denning's letter to Steven Bellovin. Comments
  are invited. - Paul )

In alt.privacy.clipper, Steve Bellovin posted your message to
him, which included a brief passage concerning selection of agencies
as escrow agencies.

I am glad to see that the proposal as written states that the escrow
agencies won't be law enforcement agencies. I would argue, however,
that *one* of the escrow agencies shouldn't be federal at all.

As a private citizen, I would feel much more "secure in my person and
papers" knowing that an organization committed to individual civil
liberties- the ACLU and the NRA come to mind- was safeguarding half of
my key. Both the ACLU and the NRA are resistent to government pressure
by the simple expedient fact that they are not supported, funded, or
overtly controlled by the government.

Of those federal and federally funded candidate agencies that you
mentioned, I have the following comments:

	- SRI, Rand, Mitre, and national labs: I agree that they have
        great experience safeguarding sensitive information. I am not
        convinced that they would adequately safeguard _this_
	information, since in any case requiring disclosure, there's
      	likely to be sigificant pressure for disclosure- possibly
 	*wrongful* disclosure.

	- GAO: perhaps. I would like to see more concrete evidence of
 	their fidelity and ability.

	- *TREASURY*? Surely you're joking. Perhaps you'd ask BATF
	to safeguard keys. Maybe the Federal Reserve would be a 
	better choice.

Ever since last fall's "trial balloon" was posted in sci.crypt, your
name has been synonymous with those who place a great deal of trust in
the ability of government agencies and agents to act within the law.

I agree with you in part: those agencies and agents *almost always*
act properly. However, there have been enough cases where _sworn
agents of the Federal Government_ have acted wrongly to make me feel
that having two federal agencies as key repositories is unacceptable.


Respectfully,
-Paul Robichaux
 (not speaking for NTI, BCSS, or NASA)


-- 
Paul Robichaux, KD4JZG                | HELP STOP THE BIG BROTHER CHIP!
NTI Mission Software Development Div. | RIPEM key on request.
