[Next] [Up] [Previous]
Next: Audit Trails Up: Key Management Previous: Key Management Issues

The Real Importance of Key Escrow

In April of 1993, the United States Government announced a program called ``clipper'' for key escrow, designed to preserve the government's ability to eavesdrop on telephone and data transmissions over domestic networks. The proposed mechanism required that individuals split their secret encryption keys into two pieces, and hand them over to escrow agents of the government's choosing. In the event of a court order, the escrow agents would release their shares of the secret key in order to allow eavesdropping on encrypted communications. This is coincidentally related to a well known principle in handling of launch codes for nuclear weapons, where two parties are required to collaborate in order to produce the secret information.

The government's clipper program sparked an enormous controversy about the rights of individuals vs. the rights of government, and this controversy races on. Unfortunately, this controversy served to make ``key escrow'' a dirty word among those concerned with privacy rights, and obscured the fact that the principle of key escrow is a crucial element to the protection of information.

Probably the best way to destroy information is to encrypt it with a secret key and then throw away or lose the key. If we value information, then we should be concerned as much with the threat from failure of access as much as we are concerned with the threat to open access. When files are encrypted, it is assumed that we will someday want to retrieve the information. If the decryption key is held in only one place, then it is extremely vulnerable to catastrophic loss. People die, buildings burn down, and people simply lose information. Luckily, it is fairly simple to set up a split knowledge key escrow system, in which you break your key into two pieces so that knowledge of only one piece makes it no easier to decrypt the information. These keys can then be given to trusted third parties as a hedge against the situation where the original keys are accidentally lost. Several companies will soon announce services in this area, with the intent to provide a service for organizations that are concerned about losing data. I expect that this will become a very common service in the future as we come to use cryptography more routinely in business.



[Next] [Up] [Previous]
Next: Audit Trails Up: Key Management Previous: Key Management Issues



Kevin S. McCurley
Sat Mar 11 16:00:15 MST 1995