Law enforcement usage Edit
"The requirements put forward to meet law enforcement demands for such global key recovery systems include:
- Third-party/government access without notice to or consent of the user. Even so-called "self-escrow" systems, where companies might hold their own keys, are required to provide sufficient insulation between the recovery agents and the key owners to avoid revealing when decryption information has been released.
- Ubiquitous international adoption of key recovery. Key recovery helps law enforcement only if it is so widespread that it is used for the bulk of encrypted stored information and communications, whether or not there is end-user demand for a recovery feature.
- High-availability, around-the-clock access to plaintext under a variety of operational conditions. Law enforcement seeks the ability to obtain decryption keys quickly — within two hour under current U.S. and other proposed regulations. Few commercial encryption users need the ability to recover lost keys around the clock, or on such short notice.
- Access to encrypted communications traffic as well as to encrypted stored data. To the extent that there is commercial demand for key recovery, it is limited to stored data rather than communications traffic."
"The deployment of key-recovery-based encryption infrastructures to meet law enforcement's stated specifications will result in substantial sacrifices in security and greatly increased costs to the end user. Building the secure computer-communication infrastructures necessary to provide adequate technological underpinnings demanded by these requirements would be enormously complex and is far beyond the experience and current competency of the field. Even if such infrastructures could be built, the risks and costs of such an operating environment may ultimately prove unacceptable. In addition, these infrastructures would generally require extraordinary levels of human trustworthiness."
- ↑ The Risks of Key Recovery, Key Escrow, and Trusted Third-party Encryption, at 7.
- ↑ Id. at 3.
See also Edit
- Key escrow system
- Key recovery