Reply From: William T Wilson <fluffyat_private> > understand what the govt wants to do. What I don't understand is why > people think the Internet is a fundamentally different form of > communication medium than the telephone or mail. There are many reasons. First, the Internet is the first medium wherein strong encryption is readily available for use by anyone that wants to use it. While it would be possible to encrypt paper mail using the same techniques used for e-mail, it wouldn't be as convenient. :) Second, the Internet is the first medium wherein it is very easy to read the contents of mail sent across it. When you send paper mail, only a relatively few postal workers see it, and they don't have much of a chance to inspect it. On the Internet, more or less anyone can read your mail if they try hard enough. Third, the Internet being a computer medium is naturally used to send a lot of sensitive computer data that would otherwise be sent on floppy disks or paper using Federal Express. Conversely, it is a medium wherein it is possible (albeit difficult) to read data on a connected system from more or less anywhere else. There is just more computer data to be compromised than there is telephone data. Fourth, a key escrow system is more dangerous than the current ability to intercept and/or disrupt mail or phone conversations because currently, an attacker must compromise each piece of mail individually. (I suppose he could hold up a mail truck...) But with a key escrow system, the minute it is compromised, every single key will get out and effectively be in the public domain. Fifth, the key escrow system is less of a separation between private and non-private and division of responsibility than we have now. As it is now, the government must obtain a separate warrant for every phone or mail wiretap and make physical alterations to the phone system to carry it out. Many different employees are involved. Several agents (in different agencies) must cooperate in a conspiracy to perform a wiretap (or whatever) without a warrant. But with key escrow, all that is required is for a single employee with access to the key database to steal keys. Even if that is guarded against with special security measures, there is still the matter of separation of powers - the Postal Service delivers the mail, the phone company handles the phone system, and law enforcement handles the wiretaps. With key escrow, law enforcement requests the wiretaps and law enforcement also handles the key escrow. There is much more potential for corruption. Sixth, there is much doubt about the competency of the government to keep a key escrow system intact. Many (most?) people believe that they would bungle it. Finally, there is the philisophical and moral issue of whether the government has any right to snoop on private conversations at all, and if so, whether we should really be entrusting the police with the means to do it. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:56:07 PDT