Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
The draft paper by Matt Blaze* describes several techniques aimed at circumventing law enforcement access to key escrowed encryption products based on government-developed technologies.
As Blaze himself points out, these techniques only deal with the law enforcement feature, and in no way reduce the key escrow chips' inherent security and data privacy.
- "None of the methods given here permit an attacker to discover the contents of encrypted traffic or compromise the integrity of signed messages. Nothing here affects the strength of the system from the point of view of the communicating parties...." p. 7.
Furthermore, Blaze notes that the techniques he is suggesting are of limited use in real-world voice applications. (See attached quotes from draft report.)
- "28 minutes obviously adds too much latency to the setup time for real-time applications such as secure telephone calls." p. 7.
- "The techniques used to implement them do carry enough of a performance penalty, however, to limit their usefulness in real-time voice telephony, which is perhaps the government's richest source of wiretap- based intelligence." p. 8
Anyone interested in circumventing law enforcement access would most likely choose simpler alternatives (e.g., use other non- escrowed devices, or super encryption by a second device). More difficult and time-consuming efforts, like those discussed in the Blaze paper, merit continued government review—but they are very unlikely to be employed in actual communications.
All sound cryptographic designs and products consider trade-offs among design complexity, costs, time and risks. Voluntary key escrow technology is no exception. Government researchers recognized and accepted that the law enforcement access feature could be nullified, but only if the user was willing to invest substantial time and trouble, as the Blaze report points out. Clearly, the government's basic design objective for key escrow technology was met: to provide users with very secure communications that will still enable law enforcement agencies to benefit from lawfully authorized wiretaps. It is still the only such technology available today.
Today, most Americans using telephones, fax machines, and cellular phones have minimal privacy protection. The key escrow technology—which is available on a strictly voluntary basis to the private sector—will provide the security and privacy that Americans want and need.
* Statements from "Protocol Failure in the Escrowed Encryption Standard," May 20 draft report by Matt Blaze, AT&T; Bell Laboratories