Clipper/Capstone Key Escrow Management
by A. Padgett Peterson, P.E.
Recently in an E-Mail conversation with Dorothy Denning a thought occured
to me concerning a means to avoid the key-management problems inherent
with authorized wiretaps. Since this has been one of the apparent stumbling
blocks concerning the issue and since Mrs. Denning indicated that this
possibility had not come up in her conversations with NSA/NIST, the
current "call for comments" seemed to be an appropriate time to present
my concept formally.
The objection seems to have been primarily that if the keys are released
for a particular chip or chips so that a properly ordered wiretap may
take place, would not the keys (and the chips) have to be considered
comprimised thereafter ?
My concept is simply that the keys are never distributed to outside
parties.
Instead, on presentation of a properly approved wiretap order, the
requesting agency receives a special complementary Clipper chip to that
mentioned in the order that is configured for "receive only".
The chip is then used by the requesting agency for the duration of the tap
and is required to be returned to the escrow agency on expiration of the
warrant.
Utilizing this concept three advantages accrue:
1) Since the keys are never divulged, confidentiality is restored once
the wiretap chip is returned to the escrow agency.
2) Since the wiretap chip is unique and identifiable hardware, full
accountability is maintained.
3) Since the wiretap chip is "receive only", a recording of the encrypted
transmission might be admissable as part of the "chain of evidence" as
only the original Clipper could have produced it.
Note: while I have discussed the first two points before, I believe this is
the first public mention of the third possibility.
Respectfully,
A. Padgett Peterson, P.E.
|
