Commercial key escrow: An Australian perspective

Abstract

“Commercial Key Escrow (CKE)”, and an earlier “Software Key Escrow (SKE) scheme, have been proposed by Trusted Information Systems Inc. (TIS) in the USA as a possible compromise scheme to meet the demands of commerce and industry for new levels of information security, particularly transaction and message confidentiality in an international and national networked environment, while meeting law enforcement demands for continued effectiveness of telecommunications line-tapping ability. These latter requirements relate to the perceived need by law enforcement agencies to make use of legitimate authorised linetapping capabilities for the gathering of appropriate intelligence and/or evidence for the purpose of fulfilling perceived roles in the protection of society from criminal activity against the potential case where such line-taps produce intercepts that are encrypted. CKE, involving the incorporation of software based cryptography in computer and network systems with associated key recovery data transmitted during data network activity and provision of “Data Recovery Centres (DRC)”, is seen as presenting a new solution to the problems encountered in the USA with the “Clipper” initiative in that country announced in 1993. This paper examines the CKE/SKE proposals in an Australian and international context and sets the proposal against the more general debate on cryptography, its technology and usage, and public policy. A likely scenario is suggested for Australia involving the incorporation of backup and recovery and network directory services into the encryption scheme and the use of Australia Post, and indeed any national post office structure, as an ideal candidate for trials of both the technology and public/business acceptance of this overall structure. More basic principles of “freedom-of-speech” are also raised in conjunction with this overall analysis of a concrete proposal.