****************************************************************** ////////////// ////////////// ////////////// /// /// /// /////// /////// /////// /// /// /// ////////////// /// /// ****************************************************************** EFFector Online Volume 5 No. 8 5/14/1993 editors@eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 604 lines -==--==--==-<>-==--==--==- In this issue: Clipper Chip-Related Excerpts from: A Letter from the Digital Privacy and Security Working Group to President Clinton A Selection of Questions Submitted by the Working Group Sent to President Clinton Whit Diffie's Testimony Before the House Subcommittee on Science A Request for Public Comment by the National Institute of Standards and Technology -==--==--==-<>-==--==--==- Background: As reported in issue 5.06 of EFFector Online, on April 16, 1993, the Clinton Administration announced its proposal for a new national cryptography policy. Under this proposed policy, a voice encryption standard utilizing a Clipper Chip would be adopted, and two escrow agents would each hold half of a code key that could be used to decrypt messages encrypted by a particular Clipper Chip. This would enable law enforcement officers to conduct court-authorized wiretaps of encrypted messages. EFF immediately released an analysis of the proposal, expressing our concerns about the secrecy surrounding the development of the Clipper Chip and the Administration's intention to keep the encryption algorithm classified. Here are some of the activities EFF and others have engaged in since that announcement was made. ************************************************************************ On May 7, 1993, the Digital Privacy and Security Working Group sent a letter to President Clinton expressing the Group's concerns and asking that a public dialogue be initiated to discuss the issue further. The Digital Privacy and Security Working Group is a coalition of communications and computer companies and associations and consumer and privacy advocates that was formed almost a decade ago and is chaired by EFF's Executive Director, Jerry Berman. The Working Group has been concerned that no inquiry had been made before the release of the proposed government Clipper standard. The Working Group proposed that the Group be included in any future review process of the Administration's encryption proposal. Here are some highlights from the Working Group's letter to the President: "Dear Mr. President: "On April 16 you initiated a broad industry/government review of privacy and cryptography policies. We applaud your efforts to develop a greater understanding of these complex issues. With the end of the Cold War and the rapid evolution of technology in the computer and communications industries, a comprehensive review of our communications security policies such as you have directed is sorely needed. As the world becomes linked by a myriad of interconnected digital networks, and computer and communications technologies converge, both government and the private sector need to evaluate information security and privacy issues. Of course, any overall policy must recognize the authorized law enforcement and national security needs, and must evaluate the impact on American competitiveness. . . . "While we recognize the importance of authorized national security and law enforcement needs, we believe that there are fundamental privacy and other constitutional rights that must be taken into account when any domestic surveillance scheme is proposed. Moreover, it is unclear how your proposal and the overall review of cryptography policy will impact on U.S. export controls. Over the past two years, the Digital Privacy and Security Working Group has held numerous meetings at which both public and private sector representatives have exchanged technical and legal information with the law enforcement community on just such issues. "In the White House press release of April 16, the Press Secretary stated that you have 'directed early and frequent consultations with affected industries...and groups that advocate the privacy rights of individuals...' "Our group of over 50 members -- from computer software and hardware firms, to telecommunications companies and energy companies, to the American Civil Liberties Union and the Electronic Frontier Foundation -- requests the opportunity to participate in developing policy on the broad range of security and privacy issues being considered, including appropriate encryption techniques. We believe that our membership has the breadth and depth of expertise and experience that would allow us to provide an excellent forum for the development of new policies in these areas. "During the past few weeks, the Working Group has met several times to identify issues that need to be addressed. Several aspects of the Administration's encryption proposal warrant further discussion, including, but not limited to: o whether a key escrow system will produce the desired law enforcement results; o the level of strength and integrity of the algorithm and the security of the key escrow system; o the advisability of a government-developed and classified algorithm; o its practicality and commercial acceptability; o the effect of the proposal on American competitiveness and the balance of trade; o possible implications for the development of digital communications; and, o the effect on the right to privacy and other constitutional rights. "A detailed list of our questions relating to this subject is being prepared to facilitate this dialogue. "We are making our views known to officials within your Administration and Members of Congress as the review begins. We would welcome the opportunity to participate in the review process and look forward to working with you and your Administration on this important issue in the coming months. Representatives of the Digital Privacy and Security Working Group are anxious to meet with your staff at their earliest convenience to establish a consultation process." Sincerely, abcd, The Microcomputer Industry Association Advanced Network & Services, Inc. American Civil Liberties Union Apple Computer, Inc. AT&T Business Software Alliance Cavanagh Associates, Inc. Cellular Telephone Industry Association Computer Professionals for Social Responsibility Computer & Business Equipment Manufacturers Association Computer & Communications Industry Association Crest Industries, Inc. Digital Equipment Corporation EDUCOM Electronic Frontier Foundation Electronic Mail Association Hewlett-Packard Company IBM Information Technology Association of America Information Industry Association Iris Associates Lotus Development Corporation McCaw Cellular Communications MCI Microsoft Corporation RSA Data Security, Inc. Software Publishers Association Sun Microsystems, Inc. Toolmaker, Inc. Trusted Information Systems United States Telephone Association *********************************************************************** Today, Friday, May 14, 1993, the Digital Privacy and Security Working Group sent its list of questions on to the President. The list contained over 100 questions. A sample of the questions follows: (for a complete list of the questions, please contact us at eff@eff.org) "Why the secrecy in which the encryption code scheme was developed? Were any members of the computer, communications, or security industries consulted? Were any privacy experts consulted? Has the Justice Department or the White House Office of Legal Counsel considered the constitutional implications?" "If American firms are not able to have their encryption experts examine the algorithm, how can they be sure that there is no 'trap door' that would allow any Clipper Chip security system to be overridden?" "Will this system be truly voluntary? If so, won't criminals and terrorists just use some other type of encryption?" "It appears that once a given chip has been compromised due to use of the escrowed keys, the chip and the equipment it is used in are vulnerable forever. Is there any mechanism or program to re-key or replace compromised hardware? Is there any method for a potential acquiring party to verify whether the keys on a given chip have been compromised? Who should bear the cost of replacement or re- keying of compromised hardware?" "Who will be the agents for the keys? How secure will they be from the outside and from the inside? What is the cost of maintaining the escrow system? Who will pay? Who will profit?" "If the Administration is so confident about the level of security of the Clipper Chip scheme, why will classified information not be encrypted with it?" "Is law enforcement permitted to identify the specific piece of communications equipment without obtaining a warrant? If encrypted communications include the serial number ("chip family key"), will law enforcement be able to keep track of communications traffic and track private citizens without even securing the keys from the escrow agents?" "Does the escrow system violate the letter or the spirit of the Fourth Amendment protections which safeguard citizens against intrusive law enforcement practices?" "Why weren't other Chip manufacturers given the chance to bid on the chip production process? Why was the choice made to have only one manufacturer?" "What testing has been done to verify the ability of Clipper to work across the panoply of new emerging technologies? If the underlying digital transport protocol drops a bit or two, will that interfere with Clipper operation? How critical is synchronization of the bit stream for Clipper operation? Has this technology been tested with ISDN, TDMA, Cellular, CDMA Cellular, ATM, SONET, SMDS, etc. and other emerging technologies? What effect does Clipper have on the Cellular Authentication and Voice Encryption (CAVE) algorithm? Are these differences for key generation, authentication, or voice privacy?" "If Clipper won't be commercially accepted abroad, and export controls continue to prohibit the exportation of other encryption schemes, isn't the US. government limiting American companies to a US. market?" "What governmental regulations will apply to imports of devices containing the Clipper Chip? Given that most US. companies source most customer premise equipment (e.g., telephones, fax machines, etc.) offshore, how will the logistics be handled for the export of the Clipper Chip as a component, and the subsequent import of the device containing the chip? Will the US. permit non-US. manufacturers to have the Clipper algorithm? If not, how will the Administration justify this trade barrier?" "There are a number of companies that employ non-escrowed cryptography in their products today. These products range from secure voice, data, and fax, to secure e-mail, electronic forms, and software distribution, to name but a few. With over a million such products in use today, what does the Clipper scheme foretell for these products and the many corporations and individuals that are invested in them and use them? Will the investment made by the vendors in encryption-enhanced products be protected? If so, how? Is it envisioned that they will add escrow features to their products or be asked to employ Clipper?" "If the outcome of the policy review is not pre-ordained, then the process to analyze the issues and arrive at solutions would seem to need a great deal of definition. What roles have been identified for Congress, the private sector, and other interested parties? Who is coordinating the process?" ********************************************************************** On May 11, 1993, Whitfield Diffie, one of the original pioneers of the public key encryption standard and Distinguished Engineer at Sun Microsystems, Inc., testified before the House Subcommittee on Science about his concerns with the Clipper Chip proposal. Representative Rick Boucher (D-VA) heads that committee and initiated these hearings to discuss security issues regarding the National Research and Education Network (NREN). Here are some highlights from Whitfield Diffie's testimony: . . . "In the month that has elapsed since the announcement, we have studied the Clipper chip proposal as carefully as the available information permits. We conclude that such a proposal is at best premature and at worst will have a damaging effect on both business security and civil rights without making any improvement in law enforcement. "To give you some idea of the importance of the issues this raises, I'd like to suggest that you think about what are the most essential security mechanisms in your daily life and work. I believe you will realize that the most important things any of you ever do by way of security have nothing to do with guards, fences, badges, or safes. Far and away the most important element of your security is that you recognize your family, your friends, and your colleagues. Probably second to that is that you sign your signature, which provides the people to whom you give letters, checks, or documents, with a way of proving to third parties that you have said or promised something. Finally you engage in private conversations, saying things to your loved ones, your friends, or your staff that you do not wish to be overheard by anyone else. "These three mechanisms lean heavily on the physical: face to face contact between people or the exchange of written messages. At this moment in history, however, we are transferring our medium of social interaction from the physical to the electronic at a pace limited only by the development of our technology. Many of us spend half the day on the telephone talking to people we may visit in person at most a few times a year and the other half exchanging electronic mail with people we never meet in person. "Communication security has traditionally been seen as an arcane security technology of real concern only to the military and perhaps the banks and oil companies. Viewed in light of the observations above, however, it is revealed as nothing less than the transplantation of fundamental social mechanisms from the world of face to face meetings and pen and ink communication into a world of electronic mail, video conferences, electronic funds transfers, electronic data interchange, and, in the not too distant future, digital money and electronic voting. "No right of private conversation was enumerated in the constitution. I don't suppose it occurred to anyone at the time that it could be prevented. "Now, however, we are on the verge of a world in which electronic communication is both so good and so inexpensive that intimate business and personal relationships will flourish between parties who can at most occasionally afford the luxury of traveling to visit each other. If we do not accept the right of these people to protect the privacy of their communication, we take a long step in the direction of a world in which privacy will belong only to the rich. "The import of this is clear: The decisions we make about communication security today will determine the kind of society we live in tomorrow. . . . "Eavesdropping, as its name reminds us, is not a new phenomenon. But in spite of the fact that police and spies have been doing it for a long time, it has acquired a whole new dimension since the invention of the telegraph. "Prior to electronic communication, it was a hit or miss affair. Postal services as we know them today are a fairly new phenomenon and messages were carried by a variety of couriers, travelers, and merchants. Sensitive messages in particular, did not necessarily go by standardized channels. Paul Revere, who is generally remembered for only one short ride, was the American Revolution's courier, traveling routinely from Boston to Philadelphia with his saddle bags full of political broadsides. "Even when a letter was intercepted, opened, and read, there was no guarantee, despite some people's great skill with flaps and seals, that the victim would not notice the intrusion. "The development of the telephone, telegraph, and radio have given the spies a systematic way of intercepting messages. The telephone provides a means of communication so effective and convenient that even people who are aware of the danger routinely put aside their caution and use it to convey sensitive information. Digital switching has helped eavesdroppers immensely in automating their activities and made it possible for them to do their listening a long way from the target with negligible chance of detection. . . . "The law enforcement function of the Clipper system, as it has been described, is not difficult to bypass. Users who have faith in the secret Skipjack algorithm and merely want to protect themselves from compromise via the Law Enforcement Exploitation Field, need only encrypt that one item at the start of transmission. In many systems, this would require very small changes to supporting programs already present. This makes it likely that if Clipper chips become as freely available as has been suggested, many products will employ them in ways that defeat a major objective of the plan. . . . "I urge the committee to take what is good in the Administration's proposal and reject what is bad. o The Skipjack algorithm and every other aspect of this proposal should be made public, not only to expose them to public scrutiny but to guarantee that once made available as standards they will not be prematurely withdrawn. Configuration control techniques pioneered by the public community can be used to verify that some pieces of equipment conform to government standards stricter than the commercial where that is appropriate. o I likewise urge the committee to recognize that the right to private conversation must not be sacrificed as we move into a telecommunicated world and reject the Law Enforcement Exploitation Function and the draconian regulation that would necessarily come with it. o I further urge the committee to press the Administration to accept the need for a sound international security technology appropriate to the increasingly international character of the world's economy." ************************************************************************ The Computer System Security and Privacy Advisory Board of the National Institute of Standards and Technology (NIST) will be holding hearings on the Clipper Chip from June 2-4, 1993, at NIST in Gaithersburg, MD. Public submissions are requested and are due by 4:00 p.m. EDT, May 27, 1993. Submissions should be sent to: Cryptographic Issue Statements Computer System Security and Privacy Advisory Board Technology Building, Room B-154 National Institute of Standards and Technology Gaithersburg, MD 20899 fax: 301/948-1784 Submissions may also be sent electronically to: crypto@csrc.ncsl.nist.gov For more information about the NIST meeting, including a more detailed request for statements and an agenda, send a note to eff@eff.org. **If you do submit anything to NIST, EFF would be interested in a copy of your statement, as well. Thanks.** . . . "Issues on which comments are sought include the following: "1. CRYPTOGRAPHIC POLICIES AND SOCIAL/PUBLIC POLICY ISSUES "Public and Social policy aspects of the government-developed 'key escrow' chip and, more generally, escrowed key technology and government cryptographic policies. "Issues involved in balancing various interests affected by government cryptographic policies. "2. LEGAL AND CONSTITUTIONAL ISSUES "Consequences of the government-developed 'key escrow' chip technology and, more generally, key escrow technology and government cryptographic policies. "3. INDIVIDUAL PRIVACY "Issues and impacts of cryptographic-related statutes, regulations, and standards, both national and international, upon individual privacy. "Issues related to the privacy impacts of the government-developed 'key escrow' chip and 'key escrow' technology generally. "4. QUESTIONS DIRECTED TO AMERICAN INDUSTRY . . . "5. QUESTIONS DIRECTED TO THE AMERICAN BUSINESS COMMUNITY . . . "6. OTHER "Please describe any other impacts arising from Federal government cryptographic policies and regulations. "Please describe any other impacts upon the Federal government in the protection of unclassified computer systems. "Are there any other comments you wish to share? "The Board agenda will include a period of time, not to exceed ten hours, for oral presentations of summaries of selected written statements submitted to the Board by May 27, 1993. As appropriate and to the extent possible, speakers addressing the same topic will be grouped together. Speakers, prescheduled by the Secretariat and notified in advance, will be allotted fifteen to thirty minutes to orally present their written statements. Individuals and organizations submitting written materials are requested to advise the Secretariat if they would be interested in orally summarizing their materials for the Board at the meeting. "Another period of time, not to exceed one hour, will be reserved for oral comments and questions from the public. Each speaker will be allotted up to five minutes; it will be necessary to strictly control the length of presentations to maximize public participation and the number of presentations. "Except as provided for above, participation in the Board's discussions during the meeting will be at the discretion of the Designated Federal Official. "Approximately thirty seats will be available for the public, including three seats reserved for the media. Seats will be available on a first- come, first-served basis. "FOR FURTHER INFORMATION CONTACT: Mr. Lynn McNulty, Executive Secretary and Associate Director for Computer Security, Computer Systems Laboratory, National Institute of Standards and Technology, Building 225, Room B154, Gaithersburg, Maryland 20899, telephone: (301) 975-3240. "SUPPLEMENTARY INFORMATION: Background information on the government-developed "key escrow" chip proposal is available from the Board Secretariat; see address in 'for further information' section. Also, information on the government-developed 'key escrow' chip is available electronically from the NIST computer security bulletin board, phone 301-948-5717. "The Board intends to stress the public and social policy aspects, the legal and Constitutional consequences of this technology, and the impacts upon American business and industry during its meeting. "It is the Board's intention to create, as a product of this meeting, a publicly available digest of the important points of discussion, conclusions (if any) that might be reached, and an inventory of the policy issues that need to be considered by the government. Within the procedures described above, public participation is encouraged and solicited." -==--==--==-<>-==--==--==- ============================================================= EFFector Online is published by The Electronic Frontier Foundation 666 Pennsylvania Ave. SE Washington, DC 20003 USA Phone: +1 202 544 9237 FAX: +1 202 547 5481 Internet Address: eff@eff.org Coordination, production and shipping by Cliff Figallo, EFF Online Communications Coordinator (fig@eff.org) Introduction and article assembly by Shari Steele (ssteele@eff.org) Reproduction of this publication in electronic media is *encouraged*. Signed articles do not necessarily represent the view of the EFF. To reproduce signed articles individually, please contact the authors for their express permission. *This newsletter is printed on 100% recycled electrons* ============================================================= MEMBERSHIP IN THE ELECTRONIC FRONTIER FOUNDATION In order to continue the work already begun and to expand our efforts and activities into other realms of the electronic frontier, we need the financial support of individuals and organizations. If you support our goals and our work, you can show that support by becoming a member now. Members receive our bi-weekly electronic newsletter, EFFector Online (if you have an electronic address that can be reached through the Net), and special releases and other notices on our activities. But because we believe that support should be freely given, you can receive these things even if you do not elect to become a member. Your membership/donation is fully tax deductible. Our memberships are $20.00 per year for students and $40.00 per year for regular members. You may, of course, donate more if you wish. Our privacy policy: The Electronic Frontier Foundation will never, under any circumstances, sell any part of its membership list. We will, from time to time, share this list with other non-profit organizations whose work we determine to be in line with our goals. But with us, member privacy is the default. This means that you must actively grant us permission to share your name with other groups. If you do not grant explicit permission, we assume that you do not wish your membership disclosed to any group for any reason. ============================================================= Mail to: The Electronic Frontier Foundation, Inc. 238 Main St. Cambridge, MA 02142 I wish to become a member of the EFF. I enclose: $_______ I wish to renew my membership in the EFF. I enclose: $_______ $20.00 (student or low income membership) $40.00 (regular membership) [ ] I enclose an additional donation of $_______ Name: Organization: Address: City or Town: State: Zip: Phone: ( ) (optional) FAX: ( ) (optional) Email address: I enclose a check [ ]. Please charge my membership in the amount of $ to my Mastercard [ ] Visa [ ] American Express [ ] Number: Expiration date: Signature: ________________________________________________ Date: I hereby grant permission to the EFF to share my name with other non-profit groups from time to time as it deems appropriate [ ]. Initials:___________________________