Key Escrow as a Security and Recovery Device

Key Escrow as a Security and Recovery Device Presented by: Kevin Ji, Maura Tresch, Eyan Townsend, Whitney Anderson, Turner Rooney, Dan Tulley

What is a Key Escrow System Key Escrow is the use of a third party (the escrow service) to save and catalog private keys of encrypted e-mails. Escrows will help government and law enforcement agencies access potentially dangerous messages.

Necessity of Key Escrow for Law Enforcement n n Frank Quattrone-Credit Suisse First Boston 2004 Congressional Public Law Statement (Sec 801 P. L. 90 -351) q “Organized Criminals make extensive use of wire (and electronic) communications…and the interception of such communications …is an indispensable aid to law enforcement”

Feasibility and Cost-Effectiveness n n n Senate Bill 909 of the 105 th Congress (1997) proposed a key escrow system for government entities Certificate Authorities (CAs) which already manage public keys, can manage private keys Databases are more secure than transmissions

Legitimacy of Implementing Key Escrow n US Code Art. 18 Sec. 2708(a) q q q n “A governmental entity may require the disclosure by (an ISP) of the contents of a wire or electronic communication” As long as a warrant has been issued, no notice to the subscriber/customer. ISPs cannot uphold this article of the law without a Key Escrow System. Grand Central Station Lockbox Example

Possibly Counter-arguments and Why They Do Not Apply n Access by corrupt administrators q n Key Escrows (and CAs) are only in business because of their integrity, they will not compromise this. (Banks will not give out your account numbers, etc. ) Access of Database by Intruders q q Database more secure than transmission Useless without the e-mail (normal hackers have nothing to gain).

Conclusion n Key Escrow is necessary n Key Escrow is possible n Key Escrow is legal