From 602b2346eec1f911b475b5e5a8e31e38a2ca71aa Mon Sep 17 00:00:00 2001
From: Dr Washington Sanchez <washington.sanchez@gmail.com>
Date: Sat, 19 Apr 2014 11:57:12 +1000
Subject: [PATCH] Create 09-Policy.md
Chapter 09 unformatted
---
09-Policy/09-Policy.md | 1381 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 1381 insertions(+)
create mode 100644 09-Policy/09-Policy.md
diff --git a/09-Policy/09-Policy.md b/09-Policy/09-Policy.md
new file mode 100644
index 0000000..b5bbb4b
--- /dev/null
+++ b/09-Policy/09-Policy.md
@@ -0,0 +1,1381 @@
+9. Policy: Clipper,Key Escrow, and Digital Telephony
+
+ 9.1. copyright
+ THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666,
+ 1994-09-10, Copyright Timothy C. May. All rights reserved.
+ See the detailed disclaimer. Use short sections under "fair
+ use" provisions, with appropriate credit, but don't put your
+ name on my words.
+
+ 9.2. SUMMARY: Policy: Clipper,Key Escrow, and Digital Telephony
+ 9.2.1. Main Points
+ - Clipper has been a main unifying force, as 80% of all
+ Americans, and 95% of all computer types, are opposed.
+ - "Big Brother Inside"
+ 9.2.2. Connections to Other Sections
+ - the main connections are _legal_
+ - some possible implications for limits on crypto
+ 9.2.3. Where to Find Additional Information
+ - There have been hundreds of articles on Clipper, in nearly
+ all popular magazines. Many of these were sent to the
+ Cypherpunks list and may be available in the archives. (I
+ have at least 80 MB of Cypherpunks list stuff, a lot of it
+ newspaper and magazine articles on Clipper!)
+ + more Clipper information can be found at:
+ - "A good source is the Wired Online Clipper Archive. Send
+ e-mail to info-rama@wired.com. with no subject and the
+ words 'get help' and 'get clipper/index' in the body of
+ the message." [students@unsw.EDU.AU, alt.privacy.clipper,
+ 1994-09-01]
+ 9.2.4. Miscellaneous Comments
+ - As with a couple of other sections, I won't try to be as
+ complete as some might desire. Just too many thousands of
+ pages of stuff to consider.
+
+ 9.3. Introduction
+ 9.3.1. What is Clipper?
+ - government holds the skeleton keys
+ - analogies to other systems
+ 9.3.2. Why do most Cypherpunks oppose Clipper?
+ - fear of restrictions on crypto, derailing so many wonderful
+ possibilities
+ 9.3.3. Why does Clipper rate its own section?
+ - The announcement of the "Escrowed Encryption Standard,"
+ EES, on April 16, 1993, was a galvanizing event for
+ Cypherpunks and for a large segment of the U. S.
+ population. The EES was announced originally as "Clipper,"
+ despite the use of the name Clipper by two major products
+ (the Intergraph CPU and a dBase software tool), and the
+ government backed off on the name. Too late, though, as the
+ name "Clipper" had become indelibly linked to this whole
+ proposal.
+ 9.3.4. "Is stopping Clipper the main goal of Cypherpunks?"
+ - It certainly seems so at times, as Clipper has dominated
+ the topics since the Clipper announcement in April, 1993.
+ + it has become so, with monkeywrenching efforts in several
+ areas
+ - lobbying and education against it (though informal, such
+ lobbying has been successful...look at NYT article)
+ - "Big Brother Inside" and t-shirts
+ - technical monkeywrenching (Matt Blaze...hesitate to claim
+ any credit, but he has been on our list, attended a
+ meeting, etc.)
+ - Although it may seem so, Clipper is just one
+ aspect...step...initiative.
+ - Developing new software tools, writing code, deploying
+ remailers and digital cash are long-range projects of great
+ importance.
+ - The Clipper key escrow proposal came along (4-93) at an
+ opportune time for Cypherpunks and became a major focus.
+ Emergency meetings, analyses, etc.
+
+ 9.4. Crypto Policy Issues
+ 9.4.1. Peter Denning on crypto policy:
+ + provided by Pat Farrell, 1994-08-20; Denning comments are
+ 1992-01-22, presented at Computers, Freedom, and Privacy 2.
+ Peter D. uses the metaphor of a "clearing,"as in a forest,
+ for the place where people meet to trade, interact, etc.
+ What others call markets, agoras, or just "cyberspace."
+ - "Information technology in producing a clearing in which
+ individuals and corporations are key players besides
+ government. Any attempt by government to control the flow
+ of information over networks will be ignored or met with
+ outright hostility. There is no practical way that
+ government can control information except information
+ directly involved in the business of governing. It
+ should not try." [Peter Denning, PUBLIC POLICY FOR THE
+ 21ST CENTURY, DRAFT 1/22/92]
+ - No word on how this view squares with his wife's control
+ freak views.
+ 9.4.2. Will government and NSA in particular attempt to acquire some
+ kind of control over crypto companies?
+ + speculations, apparently unfounded, that RSA Data Security
+ is influenced by NSA wishes
+ - weaknesses in the DES keys picked?
+ - and companies may be dramatically influenced by contracts
+ (and the witholding of them)
+ 9.4.3. NIST and DSS
+ 9.4.4. Export restrictions, Munitions List, ITAR
+ 9.4.5. old crypto machines sold to Third World governments, cheaply
+ - perhaps they think they can make some changes and outsmart
+ the NSA (which probably has rigged it so any changes are
+ detectable and can be factored in)
+ - and just knowing the type of machine is a huge advantage
+ 9.4.6. 4/28/97 The first of several P-K and RSA patents expires
+ + U.S. Patent Number: 4200770
+ - Title: Cryptographic Apparatus and Method
+ - Inventors: Hellman, Diffie, Merkle
+ - Assignee: Stanford University
+ - Filed: September 6, 1977
+ - Granted: April 29, 1980
+ - [Expires: April 28, 1997]
+ + remember that any one of these several patents held by
+ Public Key Partners (Stanford and M.I.T., with RSA Data
+ Security the chief dispenser of licenses) can block an
+ effort to bypass the others
+ - though this may get fought out in court
+ 9.4.7. encryption will be needed inside computer systems
+ - for operating system protection
+ - for autonomous agents (active agents)
+ - for electronic money
+
+ 9.5. Motivations for Crypto Laws
+ 9.5.1. "What are the law enforcement and FBI worries?"
+ - "FBI Director Louis Freeh is worried. The bad guys are
+ beginning to see the light, and it is digital. ... Freeh
+ fears some pretty nasty folks have discovered they can
+ commit highway robbery and more, without even leaving home.
+ Worse, to Freeh and other top cops, by using some pretty
+ basic technologies, savvy criminals can do their crimes
+ without worrying about doing time.
+
+ "Some crooks, spies, drug traffickers, terrorists and
+ frauds already use the tools of the information age to
+ outfox law enforcement officers. Hackers use PBXs to hide
+ their tracks as they rip off phone companies and poke
+ around in other people's files. Reprogrammed cellular
+ phones give cops fits." [LAN Magazine,"Is it 1984?," by Ted
+ Bunker, August 1994]
+ - Their fears have some validity...in the same way that the
+ rulers in Gutenberg's time could have some concerns about
+ the implications of books (breaking of guilds, spread of
+ national secrets, pornography, atheism, etc.).
+ 9.5.2. "What motivated Clipper? What did the Feds hope to gain?"
+ - ostensibly to stop terrorists (only the unsophisticated
+ ones, if alternatives are allowed)
+ - to force a standard on average Americans
+ - possibly to limit crypto development
+ + Phil Karn provides an interesting motivation for Clipper:
+ "Key escrow exists only because the NSA doesn't want to
+ risk blame if some terrorist or drug dealer were to use an
+ unescrowed NSA-produced .....The fact that a terrorist or
+ drug dealer can easily go elsewhere and obtain other strong
+ or stronger algorithms without key escrow is irrelevant.
+ The NSA simply doesn't care as long as *they* can't be
+ blamed for whatever happens. Classic CYA, nothing
+ more.....A similar analysis applies to the export control
+ regulations regarding cryptography." [Phil Karn, 1994-08-
+ 31]
+ - Bill Sommerfeld notes: "If this is indeed the case, Matt
+ Blaze's results should be particularly devastating to
+ them." [B.S., 1994-09-01]
+ 9.5.3. Steve Witham has an interesting take on why folks like
+ Dorothy Denning and Donn Parker support key escrow so
+ ardently:
+ - "Maybe people like Dot and Don think of government as a
+ systems-administration sort of job. So here they are,
+ security experts advising the sys admins on things like...
+
+ setting permissions
+ allocating quotas
+ registering users and giving them passwords.....
+ deciding what utilities are and aren't available
+ deciding what software the users need, and installing it
+ (grudgingly, based on who's yelling the loudest)
+ setting up connections to other machines
+ deciding who's allowed to log in from "foreign hosts"
+ getting mail set up and running
+ buying new hardware from vendors
+ specifying the hardware to the vendors
+ ...
+
+ "These are the things computer security experts advise on.
+ Maybe hammer experts see things as nails.
+
+ "Only a country is not a host system owned and administered
+ by the government, and citizens are not guests or users."
+ [Steve Witham, Government by Sysadmin, 1994-03-23]
+
+ 9.5.4. Who would want to use key escrow?
+ 9.5.5. "Will strong crypto really thwart government plans?"
+ - Yes, it will give citizens the basic capabilities that
+ foreign governments have had for many years
+ + Despite talk about codebreakes and the expertise of the
+ NSA, the plain fact is that no major Soviet ciphers have
+ been broken for many years
+ + recall the comment that NSA has not really broken any
+ Soviet systems in many years
+ - except for the cases, a la the Walker case, where
+ plaintext versions are gotten, i.e., where human
+ screwups occurred
+ - the image in so many novels of massive computers breaking
+ codes is absurd: modern ciphers will not be broken (but the
+ primitive ciphers used by so many Third World nations and
+ their embassies will continue to be child's play, even for
+ high school science fair projects...could be a good idea
+ for a small scene, about a BCC student who has his project
+ pulled)
+ 9.5.6. "Why does the government want short keys?"
+ - Commercial products have often been broken by hackers. The
+ NSA actually has a charter to help businesses protect their
+ secrets; just not so strongly that the crypto is
+ unbreakable by them. (This of course has been part of the
+ tension between the two sides of the NSA for the past
+ couple of decades.)
+ + So why does the government want crippled key lengths?
+ - "The question is: how do you thwart hackers while
+ permitting NSA access? The obvious answer is strong
+ algorithm(s) and relatively truncated keys." [Grady Ward,
+ sci.crypt, 1994-08-15]
+
+ 9.6. Current Crypto Laws
+ 9.6.1. "Has crypto been restricted in countries other than the
+ U.S.?"
+ - Many countries have restrictions on civilian/private use of
+ crypto. Some even insist that corporations either send all
+ transmissions in the clear, or that keys be provided to the
+ government. The Phillipines, for example. And certainly
+ regimes in the Communists Bloc, or what's left of it, will
+ likely have various laws restricting crypto. Possibly
+ draconian laws....in many cultures, use of crypto is
+ tantamount to espionage.
+
+ 9.7. Crypto Laws Outside the U.S.
+ 9.7.1. "International Escrow, and Other Nation's Crypto Policies?"
+ - The focus throughout this document on U.S. policy should
+ not lull non-Americans into complacency. Many nations
+ already have more Draconian policies on the private use of
+ encryption than the U.S. is even contemplating
+ (publically). France outlaws private crypto, though
+ enforcement is said to be problematic (but I would not want
+ the DGSE to be on my tail, that's for sure). Third World
+ countries often have bans on crypto, and mere possession of
+ random-looking bits may mean a spying conviction and a trip
+ to the gallows.
+ + There are also several reports that European nations are
+ preparing to fall in line behind the U.S. on key escrow
+ - Norway
+ - Netherlands
+ - Britain
+ + A conference in D.C. in 6/94, attended by Whit Diffie (and
+ reported on to us at the 6/94 CP meeting) had internation
+ escrow arrangements as a topic, with the crypto policy
+ makers of NIST and NSA describing various options
+ - bad news, because it could allow bilateral treaties to
+ supercede basic rights
+ - could be plan for getting key escrow made mandatory
+ + there are also practical issues
+ + who can decode international communications?
+ - do we really want the French reading Intel's
+ communications? (recall Matra-Harris)
+ - satellites? (like Iridium)
+ - what of multi-national messages, such as an encrypted
+ message posted to a message pool on the Internet...is
+ it to be escrowed with each of 100 nations?
+ 9.7.2. "Will foreign countries use a U.S.-based key escrow system?"
+ - Lots of pressure. Lots of evidence of compliance.
+ 9.7.3. "Is Europe Considering Key Escrow?"
+ - Yes, in spades. Lots of signs of this, with reports coming
+ in from residents of Europe and elsewhere. The Europeans
+ tend to be a bit more quiet in matters of public policy (at
+ least in some areas).
+ - "The current issue of `Communications Week International'
+ informs us that the European Union's Senior Officials Group
+ for Security of Information Systems has been considering
+ plans for standardising key escrow in Europe.
+
+ "Agreement had been held up by arguments over who should
+ hold the keys. France and Holland wanted to follow the
+ NSA's lead and have national governments assume this role;
+ other players wanted user organisations to do this." [
+ rja14@cl.cam.ac.uk (Ross Anderson), sci.crypt, Key Escrow
+ in Europe too, 1994-06-29]
+ 9.7.4. "What laws do various countries have on encryption and the
+ use of encryption for international traffic?"
+ + "Has France really banned encryption?"
+ - There are recurring reports that France does not allow
+ unfettered use of encryption.
+ - Hard to say. Laws on the books. But no indications that
+ the many French users of PGP, say, are being prosecuted.
+ - a nation whose leader, Francois Mitterand, was a Nazi
+ collaborationist, working with Petain and the Vichy
+ government (Klaus Barbie involved)
+ + Some Specific Countries
+ - (need more info here)
+ + Germany
+ - BND cooperates with U.S.
+ - Netherlands
+ - Russia
+ + Information
+ - "Check out the ftp site at csrc.ncsl.nist.gov for a
+ document named something like "laws.wp" (There are
+ several of these, in various formats.) This contains a
+ survey of the positions of various countries, done for
+ NIST by a couple of people at Georgetown or George
+ Washington or some such university." [Philip Fites,
+ alt.security.pgp, 1994-07-03]
+ 9.7.5. France planning Big Brother smart card?
+ - "PARIS, FRANCE, 1994 MAR 4 (NB) -- The French government
+ has confirmed its plans to replace citizen's paper-based ID
+ cards with credit card-sized "smart card" ID cards.
+ .....
+ "The cards contain details of recent transactions, as well
+ as act as an "electronic purse" for smaller value
+ transactions using a personal identification number (PIN)
+ as authorization. "Purse transactions" are usually separate
+ from the card credit/debit system, and, when the purse is
+ empty, it can be reloaded from the card at a suitable ATM
+ or retailer terminal." (Steve Gold/19940304)" [this was
+ forwarded to me for posting]
+ 9.7.6. PTTs, local rules about modem use
+ 9.7.7. "What are the European laws on "Data Privacy" and why are
+ they such a terrible idea?"
+ - Various European countries have passed laws about the
+ compiling of computerized records on people without their
+ explicit permission. This applies to nearly all
+ computerized records--mailing lists, dossiers, credit
+ records, employee files, etc.--though some exceptions exist
+ and, in general, companies can find ways to compile records
+ and remain within the law.
+ - The rules are open to debate, and the casual individual who
+ cannot afford lawyers and advisors, is likely to be
+ breaking the laws repeatedly. For example, storing the
+ posts of people on the Cypherpunks list in any system
+ retrievable by name would violate Britain's Data Privacy
+ laws. That almost no such case would ever result in a
+ prosecution (for practical reasons) does not mean the laws
+ are acceptable.
+ - To many, these laws are a "good idea." But the laws miss
+ the main point, give a false sense of security (as the real
+ dossier-compilers are easily able to obtain exemptions, or
+ are government agencies themselves), and interfere in what
+ people do with information that properly and legally comes
+ there way. (Be on the alert for "civil rights" groups like
+ the ACLU and EFF to push for such data privacy laws. The
+ irony of Kapor's connection to Lotus and the failed
+ "Marketplace" CD-ROM product cannot be ignored.)
+ - Creating a law which bans the keeping of certain kinds of
+ records is an invitation to having "data inspectors"
+ rummaging through one's files. Or some kind of spot checks,
+ or even software key escrow.
+ - (Strong crypto makes these laws tough to enforce. Either
+ the laws go, or the counties with such laws will then have
+ to limit strong crypto....not that that will help in the
+ long run.)
+ - The same points apply to well-meaning proposals to make
+ employer monitoring of employees illegal. It sounds like a
+ privacy-enhancing idea, but it tramples upon the rights of
+ the employer to ensure that work is being done, to
+ basically run his business as he sees fit, etc. If I hire a
+ programmer and he's using my resources, my network
+ connections, to run an illegal operation, he exposes my
+ company to damages, and of course he isn't doing the job I
+ paid him to do. If the law forbids me to monitor this
+ situation, or at least to randomly check, then he can
+ exploit this law to his advantage and to my disadvantage.
+ (Again, the dangers of rigid laws, nonmarket
+ solutions,(lied game theory.)
+ 9.7.8. on the situation in Australia
+ + Matthew Gream [M.Gream@uts.edu.au] informed us that the
+ export situation in Oz is just as best as in the U.S. [1994-
+ 09-06] (as if we didn't know...much as we all like to dump
+ on Amerika for its fascist laws, it's clear that nearly all
+ countries are taking their New World Order Marching Orders
+ from the U.S., and that many of them have even more
+ repressive crypto laws alredy in place...they just don't
+ get the discussion the U.S. gets, for apparent reasons)
+ - "Well, fuck that for thinking I was living under a less
+ restrictive regime -- and I can say goodbye to an
+ international market for my software.]
+ - (I left his blunt language as is, for impact.)
+ 9.7.9. "For those interested, NIST have a short document for FTP,
+ 'Identification & Analysis of Foreign Laws & Regulations
+ Pertaining to the Use of Commercial Encryption Products for
+ Voice & Data Communications'. Dated Jan 1994." [Owen Lewis,
+ Re: France Bans Encryption, alt.security.pgp, 1994-07-07]
+
+ 9.8. Digital Telephony
+ 9.8.1. "What is Digital Telephony?"
+ - The Digital Telephony Bill, first proposed under Bush and
+ again by Clinton, is in many ways much worse than Clipper.
+ It has gotten less attention, for various reasons.
+ - For one thing, it is seen as an extension by some of
+ existing wiretap capabilities. And, it is fairly abstract,
+ happening behind the doors of telephone company switches.
+ - The implications are severe: mandatory wiretap and pen
+ register (who is calling whom) capaibilities, civil
+ penalties of up to $10,000 a day for insufficient
+ compliance, mandatory assistance must be provided, etc.
+ - If it is passed, it could dictate future technology. Telcos
+ who install it will make sure that upstart technologies
+ (e.g., Cypherpunks who find ways to ship voice over
+ computer lines) are also forced to "play by the same
+ rules." Being required to install government-accessible tap
+ points even in small systems would of course effectively
+ destroy them.
+ - On the other hand, it is getting harder and harder to make
+ Digital Telephony workable, even by mandate. As Jim
+ Kallstrom of the FBI puts it: ""Today will be the cheapest
+ day on which Congress could fix this thing," Kallstrom
+ said. "Two years from now, it will be geometrically more
+ expensive."" [LAN Magazine,"Is it 1984?," by Ted Bunker,
+ August 1994]
+ - This gives us a goal to shoot for: sabotage the latest
+ attempt to get Digital Telephony passed into law and it may
+ make it too intractable to *ever* be passed.
+ + "Today will be the cheapest day on which
+ - Congress could fix this thing," Kallstrom said. "Two
+ years from now,
+ - it will be geometrically more expensive."
+ - The message is clear: delay Digital Telephony. Sabotage it
+ in the court of public opinion, spread the word, make it
+ flop. (Reread your "Art of War" for Sun Tsu's tips on
+ fighting your enemy.)
+ -
+ 9.8.2. "What are the dangers of the Digital Telephony Bill?"
+ - It makes wiretapping invisible to the tappee.
+ + If passed into law, it makes central office wiretapping
+ trivial, automatic.
+ - "What should worry people is what isn't in the news (and
+ probably never will until it's already embedded in comm
+ systems). A true 'Clipper' will allow remote tapping on
+ demand. This is very easily done to all-digital
+ communications systems. If you understand network routers
+ and protocol it's easy to envision how simple it would be
+ to 're-route' a copy of a target comm to where ever you
+ want it to go..." [domonkos@access.digex.net (andy
+ domonkos), comp.org.eff.talk, 1994-06-29]
+ 9.8.3. "What is the Digital Telephony proposal/bill?
+ - proposed a few years ago...said to be inspiration for PGP
+ - reintroduced Feb 4, 1994
+ - earlier versrion:
+ + "1) DIGITAL TELEPHONY PROPOSAL
+ - "To ensure law enforcement's continued ability to conduct
+ court-
+ - authorized taps, the administration, at the request of
+ the
+ - Dept. of Justice and the FBI, proposed ditigal telephony
+ - legislation. The version submitted to Congress in Sept.
+ 1992
+ - would require providers of electronic communication
+ services
+ - and private branch exchange (PBX) operators to ensure
+ that the
+ - government's ability to lawfully intercept communications
+ is not
+ - curtailed or prevented entirely by the introduction of
+ advanced
+ - technology."
+
+ 9.9. Clipper, Escrowed Encyption Standard
+ 9.9.1. The Clipper Proposal
+ - A bombshell was dropped on April 16, 1993. A few of us saw
+ it coming, as we'd been debating...
+ 9.9.2. "How long has the government been planning key escrow?"
+ - since about 1989
+ - ironically, we got about six months advance warning
+ - my own "A Trial Balloon to Ban Encryption" alerted the
+ world to the thinking of D. Denning....she denies having
+ known about key escorw until the day before it was
+ announced, which I find implausible (not calling her a
+ liar, but...)
+ + Phil Karn had this to say to Professor Dorothy Denning,
+ several weeks prior to the Clipper announcement:
+ - "The private use of strong cryptography provides, for the
+ very first time, a truly effective safeguard against this
+ sort of government abuse. And that's why it must continue
+ to be free and unregulated.
+ - "I should credit you for doing us all a very important
+ service by raising this issue. Nothing could have lit a
+ bigger fire under those of us who strongly believe in a
+ citizens' right to use cryptography than your proposals
+ to ban or regulate it. There are many of us out here who
+ share this belief *and* have the technical skills to turn
+ it into practice. And I promise you that we will fight
+ for this belief to the bitter end, if necessary." [Phil
+ Karn, 1993-03-23]
+ -
+ -
+ 9.9.3. Technically, the "Escrowed Encryption Standard," or EES. But
+ early everyone still calls it "Clipper, " even if NSA
+ belatedly realized Intergraph's won product has been called
+ this for many years, a la the Fairchild processor chip of the
+ same name. And the database product of the same name. I
+ pointed this out within minutes of hearing about this on
+ April 16th, 1993, and posted a comment to this effect on
+ sci.crypt. How clueless can they be to not have seen in many
+ months of work what many of us saw within seconds?
+ 9.9.4. Need for Clipper
+ 9.9.5. Further "justifications" for key escrow
+ + anonymous consultations that require revealing of
+ identities
+ - suicide crisis intervention
+ - confessions of abuse, crimes, etc. (Tarasoff law)
+ - corporate records that Feds want to look at
+ + Some legitimate needs for escrowed crypto
+ - for corporations, to bypass the passwords of departed,
+ fired, deceased employees,
+ 9.9.6. Why did the government develop Clipper?
+ 9.9.7. "Who are the designated escrow agents?"
+ - Commerce (NIST) and Treasury (Secret Service).
+ 9.9.8. Whit Diffie
+ - Miles Schmid was architect
+ + international key escrow
+ - Denning tried to defend it....
+ 9.9.9. What are related programs?
+ 9.9.10. "Where do the names "Clipper" and "Skipjack" come from?
+ - First, the NSA and NIST screwed up big time by choosing the
+ name "Clipper," which has long been the name of the 32-bit
+ RISC processor (one of the first) from Fairchild, later
+ sold to Intergraph. It is also the name of a database
+ compiler. Most of us saw this immediately.
+ -
+ + Clippers are boats, so are skipjacks ("A small sailboat
+ having a
+ - bottom shaped like a flat V and vertical sides" Am
+ Heritage. 3rd).
+ - Suggests a nautical theme, which fits with the
+ Cheseapeake environs of
+ - the Agency (and small boats have traditionally been a way
+ for the
+ + Agencies to dispose of suspected traitors and spies).
+ -
+ - However, Capstone is not a boat, nor is Tessera, so the
+ trend fails.
+
+ 9.10. Technical Details of Clipper, Skipjack, Tessera, and EES
+ 9.10.1. Clipper chip fabrication details
+ + ARM6 core being used
+ - but also rumors of MIPS core in Tessera
+ - MIPS core reportedly being designed into future versions
+ - National also built (and may operate) a secure wafer fab
+ line for NSA, reportedly located on the grounds of Ft.
+ Meade--though I can't confirm the location or just what
+ National's current involvement still is. May only be for
+ medium-density chips, such as key material (built under
+ secure conditions).
+ 9.10.2. "Why is the Clipper algorithm classified?"
+ - to prevent non-escrow versions, which could still use the
+ (presumably strong) algorithm and hardware but not be
+ escrowed
+ - cryptanalysis is always easier if the algorithms are known
+ :-}
+ - general government secrecy
+ - backdoors?
+ 9.10.3. If Clipper is flawed (the Blaze LEAF Blower), how can it
+ still be useful to the NSA?
+ - by undermining commercial alternatives through subsidized
+ costs (which I don't think will happen, given the terrible
+ PR Clipper has gotten)
+ - mandated by law or export rules
+ - and the Blaze attack is--at present--not easy to use (and
+ anyone able to use it is likely to be sophisticated enough
+ to use preencryption anyway)
+ 9.10.4. What about weaknesses of Clipper?
+ - In the views of many, a flawed approach. That is, arguing
+ about wrinkles plays into the hands of the Feds.
+ 9.10.5. "What are some of the weaknesses in Clipper?"
+ - the basic idea of key escrow is an infringement on liberty
+ + access to the keys
+ - "
+ + "There's a big door in the side with a
+ - big neon sign saying "Cops and other Authorized People
+ Only";
+ - the trapdoor is the fact that anybody with a fax
+ machine can make
+ - themselves and "Authorized Person" badge and walk in.
+ <Bill Stewart, bill.stewart@pleasantonca.ncr.com, 4-15-
+ 94, sci.crypt>
+ - possible back doors in the Skipjace algorithm
+ + generation of the escrow keys
+ -
+ + "There's another trapdoor, which is that if you can
+ predict the escrow
+ - keys by stealing the parameters used by the Key
+ Generation Bureau to
+ - set them, you don't need to get the escrow keys from
+ the keymasters,
+ - you can gen them yourselves. " <Bill Stewart,
+ bill.stewart@pleasantonca.ncr.com, 4-15-94, sci.crypt>
+ 9.10.6. Mykotronx
+ - MYK-78e chip, delays, VTI, fuses
+ - National Semiconductor is working with Mykotronx on a
+ faster implementation of the
+ Clipper/Capstone/Skipjack/whatever system. (May or may not
+ be connected directly with the iPower product line. Also,
+ the MIPS processor core may be used, instead of the ARM
+ core, which is said to be too slow.)
+ 9.10.7. Attacks on EES
+ - sabotaging the escrow data base
+ + stealing it, thus causing a collapse in confidence
+ - Perry Metzger's proposal
+ - FUD
+ 9.10.8. Why is the algorithm secret?
+ 9.10.9. Skipjack is 80 bits, which is 24 bits longer than the 56 bits
+ of DES. so
+ 9.10.10. "What are the implications of the bug in Tessera found by
+ Matt Blaze?"
+ - Technically, Blaze's work was done on a Tessera card, which
+ implements the Skipjace algorithm. The Clipper phone system
+ may be slightly different and details may vary; the Blaze
+ attack may not even work, at least not practically.
+ - " The announcement last month was about a discovery that,
+ with a half-hour or so of time on an average PC, a user
+ could forge a bogus LEAF (the data used by the government
+ to access the back door into Clipper encryption). With such
+ a bogus LEAF, the Clipper chip on the other end would
+ accept and decrypt the communication, but the back door
+ would not work for the government." [ Steve Brinich,
+ alt.privacy.clipper, 1994-07-04]
+ - "The "final" pre-print version (dated August 20, 1994) of
+ my paper, "Protocol Failure in the Escrowed Encryption
+ Standard" is now available. You can get it in PostScript
+ form via anonymous ftp from research.att.com in the file
+ /dist/mab/eesproto.ps . This version replaces the
+ preliminary draft (June 3) version that previously occupied
+ the same file. Most of the substance is identical,
+ although few sections are expanded and a few minor errors
+ are now corrected." [Matt Blaze, 1994-09-04]
+
+ 9.11. Products, Versions -- Tessera, Skipjack, etc.
+ 9.11.1. "What are the various versions and products associated with
+ EES?"
+ - Clipper, the MYK-78 chip.
+ - Skipjack.
+ + Tessera. The PCMCIA card version of the Escrowed Encryption
+ Standard.
+ - the version Matt Blaze found a way to blow the LEAF
+ - National Semiconductor "iPower" card may or may not
+ support Tessera (conflicting reports).
+ 9.11.2. AT&T Surety Communications
+ - NSA may have pressured them not to release DES-based
+ products
+ 9.11.3. Tessera cards
+ - iPower
+ - Specifications for the Tessera card interface can be found
+ in several places, including " csrc.ncsl.nist.gov"--see the
+ file cryptcal.txt [David Koontz, 1994-08-08].
+
+ 9.12. Current Status of EES, Clipper, etc.
+ 9.12.1. "Did the Administration really back off on Clipper? I heard
+ that Al Gore wrote a letter to Rep. Cantwell, backing off."
+ - No, though Clipper has lost steam (corporations weren't
+ interested in buying Clipper phones, and AT&T was very late
+ in getting "Surety" phones out).
+ - The Gore announcement may actually indicate a shift in
+ emphasis to "software key escrow" (my best guess).
+ - Our own Michael Froomkin, a lawyer, writes: "The letter is
+ a nullity. It almost quotes from testimony given a year
+ earlier by NIST to Congress. Get a copy of Senator Leahy's
+ reaction off the eff www server. He saw it for the empty
+ thing it is....Nothing has changed except Cantwell dropped
+ her bill for nothing." [A.Michael Froomkin,
+ alt.privacy.clipper, 1994-09-05]
+
+ 9.13. National Information Infrastructure, Digital Superhighway
+ 9.13.1. Hype on the Information Superhighway
+ - It's against the law to talk abou the Information
+ Superhighway without using at least one of the overworked
+ metaphors: road kill, toll boths, passing lanes, shoulders,
+ on-ramps, off-ramps, speeding, I-way, Infobahn, etc.
+ - Most of what is now floating around the suddenly-trendy
+ idea of the Digital Superduperway is little more than hype.
+ And mad metaphors. Misplaced zeal, confusing tangential
+ developments with real progress. Much like libertarians
+ assuming the space program is something they should somehow
+ be working on.
+ - For example, the much-hyped "Pizza Hut" on the Net (home
+ pizza pages, I guess). It is already being dubbed "the
+ first case of true Internet commerce." Yeah, like the Coke
+ machines on the Net so many years ago were examples of
+ Internet commerce. Pure hype. Madison Avenue nonsense. Good
+ for our tabloid generation.
+ 9.13.2. "Why is the National Information Infrastructure a bad idea?"
+ - NII = Information Superhighway = Infobahn = Iway = a dozen
+ other supposedly clever and punning names
+ + Al Gore's proposal:
+ - links hospitals, schools, government
+ + hard to imagine that the free-wheeling anarchy of the
+ Internet would persist..more likely implications:
+ - "is-a-person" credentials, that is, proof of identity,
+ and hence tracking, of all interactions
+ - the medical and psychiatric records would be part of
+ this (psychiatrists are leery of this, but they may
+ have no choice but to comply under the National Health
+ Care plans being debated)
+ + There are other bad aspects:
+ - government control, government inefficiency, government
+ snooping
+ - distortion of markets ("universal access')
+ - restriction of innovation
+ - is not needed...other networks are doing perfectly well,
+ and will be placed where they are needed and will be
+ locally paid for
+ 9.13.3. NII, Video Dialtone
+ + "Dialtone"
+ - phone companies offer an in-out connection, and charge
+ for the connection, making no rulings on content (related
+ to the "Common Carrier" status)
+ + for video-cable, I don't believe there is an analogous
+ set-up being looked at
+ + cable t.v.
+ - Carl Kadie's comments to Sternlight
+ 9.13.4. The prospects and dangers of Net subsidies
+ - "universal access," esp. if same happens in health care
+ - those that pay make the rules
+ + but such access will have strings attached
+ - limits on crypto
+ -
+ - universal access also invites more spamming, a la the
+ "Freenet" spams, in which folks keep getting validated as
+ new users: any universal access system that is not pay-as-
+ you-go will be sensitive to this *or* will result in calls
+ for universal ID system (is-a-person credentialling)
+ 9.13.5. NII, Superhighway, I-way
+ - crypto policy
+ - regulation, licensing
+
+ 9.14. Government Interest in Gaining Control of Cyberspace
+ 9.14.1. Besides Clipper, Digital Telephony, and the National
+ Information Infrastructure, the government is interested in
+ other areas, such as e-mail delivery (US Postal Service
+ proposal) and maintenance of network systems in general.
+ 9.14.2. Digital Telephony, ATM networks, and deals being cut
+ - Rumblings of deals being cut
+ - a new draft is out [John Gilmore, 1994-08-03]
+ - Encryption with hardware at full ATM speeds
+ - and SONET networks (experimental, Bay Area?)
+ 9.14.3. The USPS plans for mail, authentication, effects on
+ competition, etc.
+ + This could have a devastating effect on e-mail and on
+ cyberspace in general, especially if it is tied in to other
+ government proposals in an attempt to gain control of
+ cyberspace.
+ - Digital Telelphony, Clipper, pornography laws and age
+ enforcement (the Amateur Action case), etc.
+ + "Does the USPS really have a monopoly on first class mail?"
+ - and on "routes"?
+ - "The friendly PO has recently been visiting the mail
+ rooms of 2) The friendly PO has recently been visiting
+ the mail rooms of corporations in the Bay Area, opening
+ FedX, etc. packages (not protected by the privacy laws of
+ the PO's first class mail), and fining companies ($10,000
+ per violation, as I recall), for sending non-time-
+ sensitive documents via FedX when they could have been
+ sent via first-class mail." [Lew Glendenning, USPS
+ digital signature annoucement, sci.crypt, 1994-08-23] (A
+ citation or a news story would make this more credible,
+ but I've heard of similar spot checks.)
+ - The problems with government agencies competing are well-
+ known. First, they often have shoddy service..civil service
+ jobs, unfireable workers, etc. Second, they often cannot be
+ sued for nonperformance. Third, they often have government-
+ granted monopolies.
+ + The USPS proposal may be an opening shot in an attempt to
+ gain control of electronic mail...it never had control of e-
+ mail, but its monopoly on first-class mail may be argued by
+ them to extend to cyberspace.
+ - Note: FedEx and the other package and overnight letter
+ carriers face various restrictions on their service; for
+ example, they cannot offer "routes" and the economies
+ that would result in.
+ - A USPS takeover of the e-mail business would mean an end
+ to many Cypherpunks objectives, including remailers,
+ digital postage, etc.
+ - The challenge will be to get these systems deployed as
+ quickly as possible, to make any takeover by the USPS all
+ the more difficult.
+
+ 9.15. Software Key Escrow
+ 9.15.1. (This section needs a lot more)
+ 9.15.2. things are happening fast....
+ 9.15.3. TIS, Carl Ellison, Karlsruhe
+ 9.15.4. objections to key escrow
+ - "Holding deposits in real estate transactions is a classic
+ example. Built-in wiretaps are *not* escrow, unless the
+ government is a party to your contract. As somebody on the
+ list once said, just because the Mafia call themselves
+ "businessmen" doesn't make them legitimate; calling
+ extorted wiretaps "escrow" doesn't make them a service.
+
+ "The government has no business making me get their
+ permission to talk to anybody about anything in any
+ language I choose, and they have no business insisting I
+ buy "communication protection service" from some of their
+ friends to do it, any more than the aforenamed
+ "businessmen" have any business insisting I buy "fire
+ insurance" from *them*." [Bill Stewart, 1994-07-24]
+ 9.15.5. Micali's "Fair Escrow"
+ - various efforts underway
+ - need section here
+ - Note: participants at Karlsruhe Conference report that a
+ German group may have published on software key escrow
+ years before Micali filed his patent (reports that NSA
+ officials were "happy")
+
+ 9.16. Politics, Opposition
+ 9.16.1. "What should Cypherpunks say about Clipper?"
+ - A vast amount has been written, on this list and in dozens
+ of other forums.
+ - Eric Hughes put it nicely a while back:
+ - "The hypothetical backdoor in clipper is a charlatan's
+ issue by comparison, as is discussion of how to make a key
+ escrow system
+ 'work.' Do not be suckered into talking about an issue
+ that is not
+ important. If someone want to talk about potential back
+ doors, refuse to speculate. The existence of a front door
+ (key escrow) make back door issues pale in comparison.
+
+ "If someone wants to talk about how key escrow works,
+ refuse to
+ elaborate. Saying that this particular key escrow system
+ is bad has a large measure of complicity in saying that
+ escrow systems in general are OK. Always argue that this
+ particular key escrow system is bad because it is a key
+ escrow system, not because it has procedural flaws.
+
+ "This right issue is that the government has no right to my
+ private communications. Every other issue is the wrong
+ issue and detracts from this central one. If we defeat one
+ particular system without defeating all other possible such
+ systems at the same time, we have not won at all; we have
+ delayed the time of reckoning." [ Eric Hughes, Work the
+ work!, 1993-06-01]
+ 9.16.2. What do most Americans think about Clipper and privacy?"
+ - insights into what we face
+ + "In a Time/CNN poll of 1,000 Americans conducted last week
+ by Yankelovich
+ - Partners, two-thirds said it was more important to
+ protect the privacy of phone
+ - calls than to preserve the ability of police to conduct
+ wiretaps.
+ - When informed about the Clipper Chip, 80% said they
+ opposed it."
+ - Philip Elmer-Dewitt, "Who Should Keep the Keys", Time,
+ Mar. 4, 1994
+ 9.16.3. Does anyone actually support Clipper?
+ + There are actually legitimate uses for forms of escrow:
+ - corporations
+ - other partnerships
+ 9.16.4. "Who is opposed to Clipper?"
+ - Association for Computing Machinery (ACM). "The USACM urges
+ the Administration at this point to withdraw the Clipper
+ Chip proposal and to begin an open and public review of
+ encryption policy. The escrowed encryption initiative
+ raises vital issues of privacy, law enforcement,
+ competitiveness and scientific innovation that must be
+ openly discussed." [US ACM, DC Office" <usacm_dc@acm.org>,
+ USACM Calls for Clipper Withdrawal, press release, 1994-06-
+ 30]
+ 9.16.5. "What's so bad about key escrow?"
+ + If it's truly voluntary, there can be a valid use for this.
+ + Are trapdoors justified in some cases?
+ + Corporations that wish to recover encrypted data
+ + several scenarios
+ - employee encrypts important files, then dies or is
+ otherwise unavailable
+ + employee leaves company before decrypting all files
+ - some may be archived and not needed to be opened
+ for many years
+ - employee may demand "ransom" (closely related to
+ virus extortion cases)
+ - files are found but the original encryptor is
+ unknown
+ + Likely situation is that encryption algorithms will be
+ mandated by corporation, with a "master key" kept
+ available
+ - like a trapdoor
+ - the existence of the master key may not even be
+ publicized within the company (to head off concerns
+ about security, abuses, etc.)
+ + Government is trying to get trapdoors put in
+ - S.266, which failed ultimately (but not before
+ creating a ruckus)
+ + If the government requires it...
+ - Key escrow means the government can be inside your home
+ without you even knowing it
+ - and key escrow is not really escrow...what does one get
+ back from the "escrow" service?
+ 9.16.6. Why governments should not have keys
+ - can then set people up by faking messages, by planting
+ evidence
+ - can spy on targets for their own purposes (which history
+ tells us can include bribery, corporate espionage, drug-
+ running, assassinations, and all manner of illegal and
+ sleazy activities)
+ - can sabotage contracts, deals, etc.
+ - would give them access to internal corporate communications
+ - undermines the whole validity of such contracts, and of
+ cryptographic standards of identity (shakes confidence)
+ - giving the King or the State the power to impersonate
+ another is a gross injustice
+ - imagine the government of Iran having a backdoor to read
+ the secret journals of its subjects!
+ - 4th Amendment
+ - attorney-client privilege (with trapdoors, no way to know
+ that government has not breached confidentiality)
+ 9.16.7. "How might the Clipper chip be foiled or defeated?"
+ - Politically, market-wise, and technical
+ - If deployed, that is
+ + Ways to Defeat Clipper
+ - preencryption or superencryption
+ - LEAF blower
+ - plug-compatible, reverse-engineered chip
+ - sabotage
+ - undermining confidence
+ - Sun Tzu
+ 9.16.8. How can Clipper be defeated, politically?
+ 9.16.9. How can Clipper be defeated, in the market?
+ 9.16.10. How can Clipper be defeated, technologically?
+ 9.16.11. Questions
+ + Clipper issues and questions
+ - a vast number of questions, comments, challenges,
+ tidbits, details, issues
+ - entire newsgroups devoted to this
+ + "What criminal or terrrorist will be smart enough to use
+ encryption but dumb enough to use Clipper?"
+ - This is one of the Great Unanswered Questions. Clipper's
+ supporter's are mum on this one. Suggesting....
+ + "Why not encrypt data before using the Clipper/EES?"
+ - "Why can't you just encrypt data before the clipper chip?
+
+ Two answers:
+
+ 1) the people you want to communicate with won't have
+ hardware to
+ decrypt your data, statistically speaking. The beauty
+ of clipper
+ from the NSA point of view is that they are leveraging
+ the
+ installed base (they hope) of telephones and making it
+ impossible
+ (again, statistically) for a large fraction of the
+ traffic to be
+ untappable.
+
+ 2) They won't license bad people like you to make
+ equipment like the
+ system you describe. I'll wager that the chip
+ distribution will be
+ done in a way to prevent significant numbers of such
+ systems from
+ being built, assuring that (1) remains true." [Tom
+ Knight, sci.crypt, 6-5-93]
+
+ -
+ + What are the implications of mandatory key escrow?
+ + "escrow" is misleading...
+ - wrong use of the term
+ - implies a voluntary, and returnable, situation
+ + "If key escrow is "voluntary," what's the big deal?"
+ - Taxes are supposedly "voluntary," too.
+ - A wise man prepares for what is _possible_ and even
+ _likely_, not just what is announced as part of public
+ policy; policies can and do change. There is plenty of
+ precedent for a "voluntary" system being made mandatory.
+ - The form of the Clipper/EES system suggests eventual
+ mandatory status; the form of such a ban is debatable.
+ + "What is 'superencipherment,' and can it be used to defeat
+ Clipper?"
+ - preencrypting
+ - could be viewed as a non-English language
+ + how could Clipper chip know about it (entropy measures?)
+ - far-fetched
+ - wouldn't solve traffic anal. problem
+ - What's the connection between Clipper and export laws?
+ + "Doesn't this make the Clipper database a ripe target?"
+ - for subversion, sabotage, espionage, theft
+ - presumably backups will be kept, and _these_ will also be
+ targets
+ + "Is Clipper just for voice encryption?"
+ - Clipper is a data encryption chip, with the digital data
+ supplied by an ADC located outside the chip. In
+ principle, it could thus be used for data encryption in
+ general.
+ - In practice, the name Clipper is generally associated
+ with telephone use, while "Capstone" is the data standard
+ (some differences, too). The "Skipjack" algorithm is used
+ in several of these proposed systems (Tessera, also).
+ 9.16.12. "Why is Clipper worse than what we have now?"
+ + John Gilmore answered this question in a nice essay. I'm
+ including the whole thing, including a digression into
+ cellular telephones, because it gives some insight--and
+ names some names of NSA liars--into how NSA and NIST have
+ used their powers to thwart true security.
+ - "It's worse because the market keeps moving toward
+ providing real encryption.
+
+ "If Clipper succeeds, it will be by displacing real
+ secure encryption. If real secure encryption makes it
+ into mass market communications products, Clipper will
+ have failed. The whole point is not to get a few
+ Clippers used by cops; the point is to make it a
+ worldwide standard, rather than having 3-key triple-DES
+ with RSA and Diffie-Hellman become the worldwide
+ standard.
+
+ "We'd have decent encryption in digital cellular phones
+ *now*, except for the active intervention of Jerry
+ Rainville of NSA, who `hosted' a meeting of the standards
+ committee inside Ft. Meade, lied to them about export
+ control to keep committee documents limited to a small
+ group, and got a willing dupe from Motorola, Louis
+ Finkelstein, to propose an encryption scheme a child
+ could break. The IS-54 standard for digital cellular
+ doesn't describe the encryption scheme -- it's described
+ in a separate document, which ordinary people can't get,
+ even though it's part of the official accredited
+ standard. (Guess who accredits standards bodies though -
+ - that's right, the once pure NIST.)
+
+ "The reason it's secret is because it's so obviously
+ weak. The system generates a 160-bit "key" and then
+ simply XORs it against each block of the compressed
+ speech. Take any ten or twenty blocks and recover the
+ key by XORing frequent speech patterns (like silence, or
+ the letter "A") against pieces of the blocks to produce
+ guesses at the key. You try each guess on a few blocks,
+ and the likelihood of producing something that decodes
+ like speech in all the blocks is small enough that you'll
+ know when your guess is the real key.
+
+ "NSA is continuing to muck around in the Digital Cellular
+ standards committee (TR 45.3) this year too. I encourage
+ anyone who's interested to join the committee, perhaps as
+ an observer. Contact the Telecommunications Industry
+ Association in DC and sign up. Like any standards
+ committee, it's open to the public and meets in various
+ places around the country. I'll lend you a lawyer if
+ you're a foreign national, since the committee may still
+ believe that they must exclude foreign nationals from
+ public discussions of cryptography. Somehow the crypto
+ conferences have no trouble with this; I think it's
+ called the First Amendment. NSA knows the law here --
+ indeed it enforces it via the State Dept -- but lied to
+ the committee." [John Gilmore, "Why is clipper worse than
+ "no encryption like we have," comp.org.eff.talk, 1994-04-
+ 27]
+ 9.16.13. on trusting the government
+ - "WHAT AM THE MORAL OF THE STORY, UNCLE REMUS?....When the
+ government makes any announcement (ESPECIALLY a denial),
+ you should figure out what the government is trying to get
+ you to do--and do the opposite. Contrarianism with a
+ vengance. Of all the advice I've offered on the
+ Cypherpunks Channel, this is absolutely the most certain."
+ [Sandy Sandfort, 1994-07-17]
+ - if the Founders of the U.S. could see the corrupt,
+ socialist state this nation has degenerated to, they'd be
+ breaking into missile silos and stealing nukes to use
+ against the central power base.
+ + can the government be trusted to run the key escrow system?
+ - "I just heard on the news that 1300 IRS employees have
+ been disciplined for unauthorized accesses to
+ electronically filed income tax returns. ..I'm sure they
+ will do much better, though, when the FBI runs the phone
+ system, the Post Office controls digital identity and
+ Hillary takes care of our health." [Sandy Sandfort, 1994-
+ 07-19]
+ - This is just one of many such examples: Watergate ("I am
+ not a crook!"), Iran-Contra, arms deals, cocaine
+ shipments by the CIA, Teapot Dome, graft, payoffs,
+ bribes, assassinations, Yankee-Cowboy War, Bohemian
+ Grove, Casolaro, more killings, invasions, wars. The
+ government that is too chicken to ever admit it lost a
+ war, and conspicuously avoids diplomatic contact with
+ enemies it failed to vanquish (Vietnam, North Korea,
+ Cuba, etc.), while quickly becoming sugar daddy to the
+ countries it did vanquish...the U.S. appears to be
+ lacking in practicality. (Me, I consider it wrong for
+ anyone to tell me I can't trade with folks in another
+ country, whether it's Haiti, South Africa, Cuba, Korea,
+ whatever. Crypto anarchy means we'll have _some_ of the
+ ways of bypassing these laws, of making our own moral
+ decisions without regard to the prevailing popular
+ sentiment of the countries in which we live at the
+ moment.)
+
+ 9.17. Legal Issues with Escrowed Encryption and Clipper
+ 9.17.1. As John Gilmore put it in a guest editorial in the "San
+ Francisco Examiner," "...we want the public to see a serious
+ debate about why the Constitution should be burned in order
+ to save the country." [J.G., 1994-06-26, quoted by S.
+ Sandfort]
+ 9.17.2. "I don't see how Clipper gives the government any powers or
+ capabilities it doesn't already have. Comments?"
+ 9.17.3. Is Clipper really voluntary?
+ 9.17.4. If Clipper is voluntary, who will use it?
+ 9.17.5. Restrictions on Civilian Use of Crypto
+ 9.17.6. "Has crypto been restricted in the U.S.?"
+ 9.17.7. "What legal steps are being taken?"
+ - Zimmermann
+ - ITAR
+ 9.17.8. reports that Department of Justice has a compliance
+ enforcement role in the EES [heard by someone from Dorothy
+ Denning, 1994-07], probably involving checking the law
+ enforcement agencies...
+ 9.17.9. Status
+ + "Will government agencies use Clipper?"
+ - Ah, the embarrassing question. They claim they will, but
+ there are also reports that sensitive agencies will not
+ use it, that Clipper is too insecure for them (key
+ lenght, compromise of escrow data, etc.). There may also
+ be different procedures (all agencies are equal, but some
+ are more equal than others).
+ - Clipper is rated for unclassified use, so this rules out
+ many agencies and many uses. An interesting double
+ standard.
+ + "Is the Administration backing away from Clipper?"
+ + industry opposition surprised them
+ - groups last summer, Citicorp, etc.
+ - public opinion
+ - editorial remarks
+ - so they may be preparing alternative
+ - and Gilmore's FOIA, Blaze's attack, the Denning
+ nonreview, the secrecy of the algortithm
+ + will not work
+ - spies won't use it, child pornographers probably won't
+ use it (if alternatives exist, which may be the whole
+ point)
+ - terrorists won't use it
+ - Is Clipper in trouble?
+ 9.17.10. "Will Clipper be voluntary?"
+ - Many supporters of Clipper have cited the voluntary nature
+ of Clipper--as expressed in some policy statements--and
+ have used this to counter criticism.
+ + However, even if truly voluntary, some issues
+ + improper role for government to try to create a
+ commercial standard
+ - though the NIST role can be used to counter this point,
+ partly
+ - government can and does make it tough for competitors
+ - export controls (statements by officials on this exist)
+ + Cites for voluntary status:
+ - original statement says it will be voluntary
+ - (need to get some statements here)
+ + Cites for eventual mandatory status:
+ - "Without this initiative, the government will eventually
+ become helpless to defend the nation." [Louis Freeh,
+ director of the FBI, various sources]
+ - Steven Walker of Trusted Information Systems is one of
+ many who think so: "Based on his analysis, Walker added,
+ "I'm convinced that five years from now they'll say 'This
+ isn't working,' so we'll have to change the rules." Then,
+ he predicted, Clipper will be made mandatory for all
+ encoded communications." [
+ + Parallels to other voluntary programs
+ - taxes
+
+ 9.18. Concerns
+ 9.18.1. Constitutional Issues
+ - 4th Amend
+ - privacy of attorney-client, etc.
+ + Feds can get access without public hearings, records
+ - secret intelligence courts
+ -
+ + "It is uncontested (so far as I have read) that under
+ certain circum-
+ - stances, the Federal intelligence community wil be
+ permitted to
+ - obtain Clipper keys without any court order on public
+ record. Only
+ - internal, classified proceedings will protect our
+ privacy." <Steve Waldman, steve@vesheu.sar.usf.edu,
+ sci.crypt, 4-13-94>
+ 9.18.2. "What are some dangers of Clipper, if it is widely adopted?"
+ + sender/receiver ID are accessible without going to the key
+ escrow
+ - this makes traffic analysis, contact lists, easy to
+ generate
+ + distortions of markets ("chilling effects") as a plan by
+ government
+ - make alternatives expensive, hard to export, grounds for
+ suspicion
+ - use of ITAR to thwart alternatives (would be helped if
+ Cantwell bill to liberalize export controls on
+ cryptography (HR 3627) passes)
+ + VHDL implementations possible
+ - speculates Lew Glendenning, sci.crypt, 4-13-94
+ - and recall MIPS connection (be careful here)
+ 9.18.3. Market Isssues
+ 9.18.4. "What are the weaknesses in Clipper?"
+ + Carl Ellison analyzed it this way:
+ - "It amuses the gallows-humor bone in me to see people
+ busily debating the quality of Skipjack as an algorithm
+ and the quality of the review of its strength.
+
+ Someone proposes to dangle you over the Grand Canyon
+ using
+
+ sewing thread
+ tied to
+ steel chain
+ tied to
+ knitting yarn
+
+ and you're debating whether the steel chain has been X-
+ rayed properly to see if there are flaws in the metal.
+
+ "Key generation, chip fabrication, court orders,
+ distribution of keys once acquired from escrow agencies
+ and safety of keys within escrow agencies are some of the
+ real weaknesses. Once those are as strong as my use of
+ 1024-bit RSA and truly random session keys in keeping
+ keys on the two sides of a conversation with no one in
+ the middle able to get the key, then we need to look at
+ the steel chain in the middle: Skipjack itself." [Carl
+ Ellison, 1993-08-02]
+ + Date: Mon, 2 Aug 93 17:29:54 EDT
+ From: cme@ellisun.sw.stratus.com (Carl Ellison)
+ To: cypherpunks@toad.com
+ Subject: cross-post
+ Status: OR
+
+ Path: transfer.stratus.com!ellisun.sw.stratus.com!cme
+ From: cme@ellisun.sw.stratus.com (Carl Ellison)
+ Newsgroups: sci.crypt
+ Subject: Skipjack review as a side-track
+ Date: 2 Aug 1993 21:25:11 GMT
+ Organization: Stratus Computer, Marlboro MA
+ Lines: 28
+ Message-ID: <23k0nn$8gk@transfer.stratus.com>
+ NNTP-Posting-Host: ellisun.sw.stratus.com
+
+
+ It amuses the gallows-humor bone in me to see people
+ busily debating the
+ quality of Skipjack as an algorithm and the quality of
+ the review of its
+ strength.
+
+ Someone proposes to dangle you over the Grand Canyon
+ using
+
+ sewing thread
+ tied to
+ steel chain
+ tied to
+ knitting yarn
+
+ and you're debating whether the steel chain has been X-
+ rayed properly
+ to see if there are flaws in the metal.
+
+ Key generation, chip fabrication, court orders,
+ distribution of keys once
+ acquired from escrow agencies and safety of keys within
+ escrow agencies are
+ some of the real weaknesses. Once those are as strong as
+ my use of
+ 1024-bit RSA and truly random session keys in keeping
+ keys on the two sides
+ of a conversation with no one in the middle able to get
+ the key, then we
+ need to look at the steel chain in the middle: Skipjack
+ itself.
+
+ - "Key generation, chip fabrication, court orders,
+ distribution of keys once acquired from escrow agencies
+ and safety of keys within escrow agencies are some of
+ the real weaknesses. Once those are as strong as my
+ use of 1024-bit RSA and truly random session keys in
+ keeping keys on the two sides of a conversation with no
+ one in the middle able to get the key, then we need to
+ look at the steel chain in the middle: Skipjack
+ itself."
+ 9.18.5. What it Means for the Future
+ 9.18.6. Skipjack
+ 9.18.7. National security exceptions
+ - grep Gilmore's FOIA for mention that national security
+ people will have direct access and that this will not be
+ mentioned to the public
+ + "The "National Security" exception built into the Clipper
+ proposal
+ - leaves an extraordinarily weak link in the chain of
+ procedures designed
+ - to protect user privacy. To place awesome powers of
+ surveillance
+ - technologically within the reach of a few, hoping that so
+ weak a chain
+ - will bind them, would amount to dangerous folly. It
+ flies in the face
+ - of history. <Steve Waldman, steve@vesheu.sar.usf.edu, 4-
+ 14-94, talk.politics.crypto>
+ 9.18.8. In my view, any focus on the details of Clipper instead of
+ the overall concept of key escrow plays into their hands.
+ This is not to say that the work of Blaze and others is
+ misguided....in fact, it's very fine work. But a general
+ focus on the _details_ of Skipjack does nothing to allay my
+ concerns about the _principle_ of government-mandated crypto.
+
+ If it were "house key escrow" and there were missing details
+ about the number of teeth allowed on the keys, would be then
+ all breathe a sigh of relief if the details of the teeth were
+ clarified? Of course not. Me, I will never use a key escrow
+ system, even if a blue ribbon panel of hackers and
+ Cypherpunks studies the design and declares it to be
+ cryptographically sound.
+ 9.18.9. Concern about Clipper
+ - allows past communications to be read
+ + authorities could--maybe--read a lot of stuff, even
+ illegally, then use this for other investigations (the old
+ "we had an anonymous tip" ploy)
+ - "The problem with Clipper is that it provides police
+ agencies with dramatically enhanced target acquistion.
+ There is nothing to prevent NSA, ATF, FBI (or the Special
+ Projects division of the Justice Department) from
+ reviewing all internet traffic, as long as they are
+ willing to forsake using it in a criminal prosecution."
+ [dgard@netcom.com, alt.privacy.clipper, 1994-07-05]
+ 9.18.10. Some wags have suggested that the new escrow agencies be
+ chosen from groups like Amnesty International and the ACLU.
+ Most of us are opposed to the "very idea" of key escrow
+ (think of being told to escrow family photos, diaries, or
+ house keys) and hence even these kinds of skeptical groups
+ are unacceptable as escrow agents.
+
+ 9.19. Loose Ends
+ 9.19.1. "Are trapdoors--or some form of escrowed encryption--
+ justified in some cases?"
+ + Sure. There are various reasons why individuals, companies,
+ etc. may want to use crypto protocols that allow them to
+ decrypt even if they've lost their key, perhaps by going to
+ their lawyer and getting the sealed envelope they left with
+ him, etc.
+ - or using a form of "software key escrow" that allows them
+ access
+ + Corporations that wish to recover encrypted data
+ + several scenarios
+ - employee encrypts important files, then dies or is
+ otherwise unavailable
+ + employee leaves company before decrypting all files
+ - some may be archived and not needed to be opened for
+ many years
+ - employee may demand "ransom" (closely related to virus
+ extortion cases)
+ - files are found but the original encryptor is unknown
+ + Likely situation is that encryption algorithms will be
+ mandated by corporation, with a "master key" kept available
+ - like a trapdoor
+ - the existence of the master key may not even be
+ publicized within the company (to head off concerns about
+ security, abuses, etc.)
+ - The mandatory use of key escrow, a la a mandatory Clipper
+ system, or the system many of us believe is being developed
+ for software key escrow (SKE, also called "GAK," for
+ "government access to keys, by Carl Ellison) is completely
+ different, and is unacceptable. (Clipper is discussed in
+ many places here.)
+ 9.19.2. DSS
+ + Continuing confusion over patents, standards, licensing,
+ etc.
+ - "FIPS186 is DSS. NIST is of the opinion that DSS does not
+ violate PKP's patents. PKP (or at least Jim Bidzos) takes
+ the position that it does. But for various reasons, PKP
+ won't sue the government. But Bidzos threatens to sue
+ private parties who infringe. Stay tuned...." [Steve
+ Wildstrom, sci.crypt, 1994-08-19]
+ - even Taher ElGamal believes it's a weak standard
+ - subliminal channels issues
+ 9.19.3. The U.S. is often hypocritical about basic rights
+ - plans to "disarm" the Haitians, as we did to the Somalians
+ (which made those we disarmed even more vulnerable to the
+ local warlords)
+ - government officials are proposing to "silence" a radio
+ station in Ruanda they feel is sending out the wrong
+ message! (Heard on "McNeil-Lehrer News Hour," 1994-07-21]
+ 9.19.4. "is-a-person" and RSA-style credentials
+ + a dangerous idea, that government will insist that keys be
+ linked to persons, with only one per person
+ - this is a flaw in AOCE system
+ - many apps need new keys generated many times