|
||||||||
Internet >
Security Issues > Encryption >
Encryption Key Recovery Systems
Key recovery systems are designed to enable encrypted communications to be read by an authorized third party. As described in the previous sections, governments are powerfully motivated to be able to intercept communications in order to help control crime and protect their national security. The uncontrolled, widespread deployment of strong encryption significantly prevents them from achieving this goal. Since the release of PGP, the US, UK, and other governments invested a lot of effort in trying to put the encryption cat back in the bag through implementation of key recovery systems, but the effort petered out as the rate of technology change outstripped the policy effort. Key recovery systems require vendors of encryption software to add a "key recovery" mechanism that maintains normal security in usual use, but can be turned on by the government to decrypt your communications through a back door (sometimes called "trap door") when authorized. Key recovery systems use a "third key", in addition to the public and private keys usually employed by Public Key Cryptography. This third key is typically kept in escrow with a third-party government or arms-length organization, and can be used to decrypt your communications when released to the authorities. The requirements for release of these keys varies from country to country, from almost no oversite at all, to the requirement to obtain a court order from a judge. Naturally, key recovery is a controversial issue, pitting the needs of the national community against the rights of the individual. So the balance will always be a matter of debate. A summary of the arguments on each side can be found below:
The Key Recovery Alliance (originally at KRA.org) was an industry organization of 30 international companies that supported key recovery, including the leading firm RSA Security, but it disbanded in 1999 under pressure from civil rights groups. Individual countries such as the US and UK have since moved to try and implement key recovery systems on their own. In 1998, an eminent group of Cryptographers and Computer Scientists published the influential report The Risks of Key Recovery, Key Escrow, & Trusted Third Party Encryption, which helped slow the government push. |