Centre for Internet & Society

Re-thinking Key Escrow

Would you make duplicates of your house keys and hand them over to the local police authority? And if so, would you feel safe? Naturally, one would protest this invasion of privacy. Similarly, would it be justified for the government to have a copy of the private key to intercept and decrypt communications? This is the idea behind key escrow; it enables government ‘wiretapping’.

The evolution of technology has allowed for increased communication and interconnectedness among people, markets and institutions all over the globe. This has increasingly facilitated the transaction and exchange of all kinds of information. However, this has raised major ethical concerns surrounding the privacy of communication and security of information. Key encryption is an important tool developed to preserve an individual’s privacy. It involves transforming information, so as to ensure that it is unreadable. The need for encryption is irrefutable. 

Governments and authorities are concerned with the difficulties associated with accessing and intercepting the encrypted communication. For lawful interception a recovery key is escrowed with a trusted third party. Key escrow is controversial as it is vulnerable to lawful interception and has the potential to threaten the security of sensitive and personal data. In India, key escrow is a requirement under the Indian Internet Service Provider (ISP) license. This means that an ISP, a law enforcement agency, or other party has the potential to partake in covert surveillance and maliciously use the key, thereby compromising the data. 

In a short video Jim X. Dempsey, Vice President of Public Policy at the Centre for Democracy and Technology in Washington, DC reviews the public policy battle over key escrow in the United States that took place in the 1990's. At the time the U.S government’s approach to encryption technology involved the use of key escrow in communication devices. One danger of using key escrow in this way was that it allowed for the commercial use of encryption technology, provided that a copy of the private key is held in escrow by the U.S. government. The use of key escrow also permitted the U.S. government to decrypt all data transmitted across communication networks. The risks associated with the use of key escrow led to widespread dissatisfaction from the private sector in the U.S., which ultimately led to the rejection of encryption technology by the President and Congress.  In response to the strong negative feedback given by different stakeholders, the US government lifted the controls on encryption technology thereby allowing it to become widely available. 

The use of key escrow in India should be seriously reconsidered. Foremost, it subverts basic constitutional practices by violating various freedoms and civil liberties guaranteed in the fundamental rights. Secondly, it threatens the security of personal information. Lastly, it could significantly hinder the growth of e-commerce, transactions, and purchases made over the Internet. The Indian government should take into consideration the failed attempt in implementing the system of key escrow in the United States when deciding on whether or not to implement the use of key escrow in India.

Please see Jim Dempsey’s account on the Short History of Key Escrow.  

The views and opinions expressed on this page are those of their individual authors. Unless the opposite is explicitly stated, or unless the opposite may be reasonably inferred, CIS does not subscribe to these views and opinions which belong to their individual authors. CIS does not accept any responsibility, legal or otherwise, for the views and opinions of these individual authors. For an official statement from CIS on a particular issue, please contact us directly.

Meta

Author

Natasha Vaz

Blog

Events

Funded by

 

Offices

Bengaluru: #32, 1st Floor, 2nd Block, Austin Town, Viveka Nagar, Bengaluru, Karnataka 560047.

 

null

 

Support Us

Please help us defend citizen and user rights on the Internet!

You may donate online via Instamojo. Or, write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at Ground Floor, No 173, 9th Cross, 2nd Stage, Indiranagar, Bangalore 560038. These charitable contributions will be towards the Institutional Corpus Fund of the Centre for Internet and Society.

Follow our Works

Newsletter: Subscribe

researchers@work blog: medium.com/rawblog

Twitter (CIS): @cis_india

Twitter (CIS-A2K): @cisa2k

Instagram: @cis.india

Youtube: Centre for Internet and Society

Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to us at communications[at]cis-india[dot]org with an indication of the form and the content of the collaboration you might be interested in.

In general, we offer financial support for collaborative/invited works only through public calls.

About Us

The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The research at CIS seeks to understand the reconfiguration of social processes and structures through the internet and digital media technologies, and vice versa.

Through its diverse initiatives, CIS explores, intervenes in, and advances contemporary discourse and regulatory practices around internet, technology, and society in India, and elsewhere.

© Centre for Internet & Society

Unless otherwise specified, content licensed under Creative Commons — Attribution 3.0 Unported.