PRIVACY Forum Digest Thursday, 22 April 1993 Volume 02 : Issue 14 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Topanga, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy. CONTENTS Thoughts on Clipper (Lauren Weinstein; PRIVACY Forum Moderator) The Clipper Chip: A Technical Summary (Dorothy Denning) Slide presented at White House briefing on Clipper Chip (Clipper Chip Announcement) Clipper Chip questions (John R. Levine) Clipper Chip Encryption (Bob Leone) Clipper Chip Announcement (F.Baube[tm]) Clipper Chips (USC ?) (A. Padgett Peterson) Re: Which countries outlaw encryption? (Tom Zmudzinski) Clipper announcement and asset seizure (Steve Piehler) Re: Clipper Key announcement (Chuck Stern) Clipper and Who Holds Crypto Keys (Lance J. Hoffman) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------- ------------ The PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. ALL submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines. Submissions without appropriate and relevant "Subject:" lines may be ignored. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All submissions included in this digest represent the views of the individual authors and all submissions will be considered to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are also available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". For information regarding the availability of this digest via FAX, please send an inquiry to privacy-fax@vortex.com, call (310) 455-9300, or FAX to (310) 455-2364. ----------------------------------------------------------------- ------------ VOLUME 02, ISSUE 14 Quote for the day: "Don't panic." -- "Hitch Hiker's Guide to the Galaxy", preface (1979) Douglas Adams (1952- ) ----------------------------------------------------------------- ----- Date: Thu, 22 Apr 93 10:53 PDT From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Thoughts on Clipper Greetings. Well, as you might imagine, considerable mail has been coming into PRIVACY Forum regarding the Clipper chip announcement and related materials. A number of persons have asked me for my thoughts regarding the announcement and its possible implications for privacy-related issues. What follows is purely my individual, personal opinion. I apologize in advance for its length. I'm not a cryptography expert. I'm not the right person to judge the algorithmic strengths or weaknesses of a given encryption system. It is possible that a "team of experts" may determine that the Clipper chip is a powerful encryption mechanism, free (as far as can be determined) of significant algorithmic weaknesses which would impact its usefulness for the classes of applications and level of security for which it is designed. It could be argued that proper analysis of such a cryptographic system could only be conducted in an "open" environment, and that many cryptographic experts may be unwilling to participate in a "classified" analysis either out of general principles or concerns about possible impacts on their future ability to publish other cryptographic works. However, those are not the points that directly impact privacy, and I'll leave them for others to explore. For the sake of the argument, let's assume Clipper uses a strong algorithm, free from surprise "back-doors" or other weaknesses. The privacy concerns regarding Clipper focus directly on its "key-escrow" aspects and the implications of a cryptographic system specifically designed to allow access by third parties to "private" communications. If Clipper remains purely a choice to be freely accepted or rejected by the marketplace, and individual users, the primary question revolves around whether or not potential users of the system are fully informed regarding all aspects of the system (including both the relative strength of the algorithm itself and the existence of the key-escrow mechanism) and choose to use the system after being so informed. To the extent that manufacturers choose to use the system in mass-market products, the ability of users to select other systems may be impacted, but that's an issue that market forces can help rectify. There's a more ominous potential problem, however. Reading "between the lines" of the Clipper announcement, at least the possibility of future legislation being proposed to ban powerful non-key-escrow systems seems quite real. If such legislation became law, the negative impact on personal privacy rights could be serious. If such legislation were combined with the passage of concepts embodied in the FBI Digital Telephony Proposal, the potential negative impact could be quite dramatic. Would people put up with being told that from now on they had to send copies of their house keys to outside entities who would hold them in case they were needed by law enforcement? Pretty doubtful. Or would they go along with the idea that cameras would be mounted throughout their homes but would only be activated under court order? Not very likely. We're permitted to speak to each other in person using whatever languages (or codes, presumably) that we like--even though this could presumably limit the effectiveness of court-ordered bugs on a premises. We can write letters (or send faxes) using whatever symbolic systems we might wish. Is there something significantly different about a phone call which should subject it to completely different privacy rules? That's a core question in this debate. Properly authorized wiretaps can of course have significant law enforcement value. But law enforcement *using* authorized surveillance techniques is one thing; *requiring* that technology be designed in such a way as to make surveillance simpler (or for that matter, possible in a given situation) is something entirely different. As technology evolves, techniques of law enforcement, like those of war, are subject to change. Centuries ago, a suit of full body armor was protection against most of the weapons of the era. With the introduction of gunpowder in Europe, armor rapidly became obsolete--upsetting both the governments who had invested heavily in armor and those who made the armor! This is an imperfect analogy of course, but the point is that no particular technology can be expected to be equally useful forever, and that attempts to "hold back" other aspects of technology to "protect" the usefulness of another part are wasteful and usually doomed to ultimate failure. This is especially true now with computer-oriented technologies, where software-based techniques of immense power are within the grasp of anyone with a personal computer. The genie of powerful software-based encryption systems is out of the bottle--it's doubtful that he can be successfully forced back in. Of course, the more convenient a particular encryption technology is to use, the more likely it is to *get* used. Theoretically "perfect" systems have long existed (such as one-time pads) but they have generally been relatively inconvenient to manage logistically (modern computer technology, however, is changing even this). Does concern about key-escrow systems imply a distrust of those organizations or agencies who would be currently holding those keys? No, not necessarily. But organizations and governments change. The same entities you trust at one time may abuse their powers later. Given that access to a Clipper key-escrow pair would give the ability to decode all future *and* all previously recorded past transmissions between affected units, we're talking about a power that must at least be carefully scrutinized before being handed over. Perhaps this is all largely academic. Maybe there's not going to be any push for the limitation or banning of powerful non-key-escrow encryption systems. In that case, this has all been an interesting intellectual exercise. But since the crystal ball is unclear, it is to our benefits to carefully consider all the aspects of these technologies now, before they become widely entrenched. One final point. I've heard considerable numbers of persons referring to Clipper as a "Clinton" plan. I think it's fairly clear that Clipper must have been in development for years, going back for at least one administration and perhaps even farther. It seems likely that the Clinton administration was presented with an essentially complete program, and made the announcement based on the briefings and information made available to them at that time. Since the project apparently proceeded with only very limited input from the outside cryptography or computer science communities, it seems likely that the Clinton administration may not have heard a range of viewpoints regarding the technology and its implications before the announcement. The press release announcing Clipper said that there is a desire to enter into a dialogue regarding these technologies. So if you have opinions about Clipper or similar systems, either positive or negative, I'd urge you to make them known, in writing, to the administration and to other elected representatives as you see fit. --Lauren-- ------------------------------ Date: Wed, 21 Apr 93 19:21:48 EDT From: denning@cs.cosc.georgetown.edu (Dorothy Denning) Subject: THE CLIPPER CHIP: A TECHNICAL SUMMARY [ This item was extracted from the RISKS digest. -- MODERATOR ] THE CLIPPER CHIP: A TECHNICAL SUMMARY Dorothy Denning Revised, April 21, 1993 INTRODUCTION On April 16, the President announced a new initiative that will bring together the Federal Government and industry in a voluntary program to provide secure communications while meeting the legitimate needs of law enforcement. At the heart of the plan is a new tamper-proof encryption chip called the "Clipper Chip" together with a split-key approach to escrowing keys. Two escrow agencies are used, and the key parts from both are needed to reconstruct a key. CHIP CONTENTS The Clipper Chip contains a classified single-key 64-bit block encryption algorithm called "Skipjack." The algorithm uses 80 bit keys (compared with 56 for the DES) and has 32 rounds of scrambling (compared with 16 for the DES). It supports all 4 DES modes of operation. The algorithm takes 32 clock ticks, and in Electronic Codebook (ECB) mode runs at 12 Mbits per second. Each chip includes the following components: the Skipjack encryption algorithm F, an 80-bit family key that is common to all chips N, a 30-bit serial number (this length is subject to change) U, an 80-bit secret key that unlocks all messages encrypted with the chip The chips are programmed by Mykotronx, Inc., which calls them the "MYK-78." The silicon is supplied by VLSI Technology Inc. They are implemented in 1 micron technology and will initially sell for about $30 each in quantities of 10,000 or more. The price should drop as the technology is shrunk to .8 micron. ENCRYPTING WITH THE CHIP To see how the chip is used, imagine that it is embedded in the AT&T telephone security device (as it will be). Suppose I call someone and we both have such a device. After pushing a button to start a secure conversation, my security device will negotiate an 80-bit session key K with the device at the other end. This key negotiation takes place without the Clipper Chip. In general, any method of key exchange can be used such as the Diffie-Hellman public-key distribution method. Once the session key K is established, the Clipper Chip is used to encrypt the conversation or message stream M (digitized voice). The telephone security device feeds K and M into the chip to produce two values: E[M; K], the encrypted message stream, and E[E[K; U] + N; F], a law enforcement field , which are transmitted over the telephone line. The law enforcement field thus contains the session key K encrypted under the unit key U concatenated with the serial number N, all encrypted under the family key F. The law enforcement field is decrypted by law enforcement after an authorized wiretap has been installed. The ciphertext E[M; K] is decrypted by the receiver's device using the session key: D[E[M; K]; K] = M . CHIP PROGRAMMING AND ESCROW All Clipper Chips are programmed inside a SCIF (Secure Compartmented Information Facility), which is essentially a vault. The SCIF contains a laptop computer and equipment to program the chips. About 300 chips are programmed during a single session. The SCIF is located at Mykotronx. At the beginning of a session, a trusted agent from each of the two key escrow agencies enters the vault. Agent 1 enters a secret, random 80-bit value S1 into the laptop and agent 2 enters a secret, random 80-bit value S2. These random values serve as seeds to generate unit keys for a sequence of serial numbers. Thus, the unit keys are a function of 160 secret, random bits, where each agent knows only 80. To generate the unit key for a serial number N, the 30-bit value N is first padded with a fixed 34-bit block to produce a 64-bit block N1. S1 and S2 are then used as keys to triple-encrypt N1, producing a 64-bit block R1: R1 = E[D[E[N1; S1]; S2]; S1] . Similarly, N is padded with two other 34-bit blocks to produce N2 and N3, and two additional 64-bit blocks R2 and R3 are computed: R2 = E[D[E[N2; S1]; S2]; S1] R3 = E[D[E[N3; S1]; S2]; S1] . R1, R2, and R3 are then concatenated together, giving 192 bits. The first 80 bits are assigned to U1 and the second 80 bits to U2. The rest are discarded. The unit key U is the XOR of U1 and U2. U1 and U2 are the key parts that are separately escrowed with the two escrow agencies. As a sequence of values for U1, U2, and U are generated, they are written onto three separate floppy disks. The first disk contains a file for each serial number that contains the corresponding key part U1. The second disk is similar but contains the U2 values. The third disk contains the unit keys U. Agent 1 takes the first disk and agent 2 takes the second disk. Thus each agent walks away knowing an 80-bit seed and the 80-bit key parts. However, the agent does not know the other 80 bits used to generate the keys or the other 80-bit key parts. The third disk is used to program the chips. After the chips are programmed, all information is discarded from the vault and the agents leave. The laptop may be destroyed for additional assurance that no information is left behind. The protocol may be changed slightly so that four people are in the room instead of two. The first two would provide the seeds S1 and S2, and the second two (the escrow agents) would take the disks back to the escrow agencies. The escrow agencies have as yet to be determined, but they will not be the NSA, CIA, FBI, or any other law enforcement agency. One or both may be independent from the government. LAW ENFORCEMENT USE When law enforcement has been authorized to tap an encrypted line, they will first take the warrant to the service provider in order to get access to the communications line. Let us assume that the tap is in place and that they have determined that the line is encrypted with the Clipper Chip. The law enforcement field is first decrypted with the family key F, giving E[K; U] + N. Documentation certifying that a tap has been authorized for the party associated with serial number N is then sent (e.g., via secure FAX) to each of the key escrow agents, who return (e.g., also via secure FAX) U1 and U2. U1 and U2 are XORed together to produce the unit key U, and E[K; U] is decrypted to get the session key K. Finally the message stream is decrypted. All this will be accomplished through a special black box decoder. CAPSTONE: THE NEXT GENERATION A successor to the Clipper Chip, called "Capstone" by the government and "MYK-80" by Mykotronx, has already been developed. It will include the Skipjack algorithm, the Digital Signature Standard (DSS), the Secure Hash Algorithm (SHA), a method of key exchange, a fast exponentiator, and a randomizer. A prototoype will be available for testing on April 22, and the chips are expected to be ready for delivery in June or July. ACKNOWLEDGMENT AND DISTRIBUTION NOTICE. This article is based on information provided by NSA, NIST, FBI, and Mykotronx. Permission to distribute this document is granted. ------------------------------ Date: Mon, 19 Apr 93 9:21:53 EDT From: Clipper Chip Announcement Subject: Slide presented at White House briefing on Clipper Chip Note: The following material was handed out a press briefing on the Clipper Chip on 4/16. Chip Operation Microchip User's Message +----------------------+ ------------------> | | 1. Message encrypted | Encryption Algorithm | with user's key | | | Serial # | 2. User's key encrypted | |--> with chip unique key | Chip Unique Key | User's Encryption | | 3. Serial # encrypted Key | Chip Family Key | with chip family key ------------------> | | | | +----------------------+ ---------------- For Law Enforcement to Read a Suspect's Message 1. Need to obtain court authorized warrant to tap the suspect's telephone. 2. Record encrypted message 3. Use chip family key to decrypt chip serial number 4. Take this serial number *and* court order to custodians of disks A and B 5. Add the A and B components for that serial number = the chip unique key for the suspect user 6. Use this key to decrypt the user's message key for this recorded message 7. Finally, use this message key to decrypt the recorded message. ------------------------------ Date: Fri, 16 Apr 93 22:44:32 EDT From: John R. Levine Subject: Clipper Chip questions Leaving aside the fundamental bogosity of the proposal, I have some technical questions: -- Evidently each chip has its own pair of keys, or else each group of chips does (the latter meaning that the scheme would only be useful for closed networks that only talk to themselves, e.g. ATMs and a bank's central computer.) Lacking physical access to the tappee's equipment, how do the cops know which pair of keys they need? Presumably the chip broadcasts its serial number from time to time. Hmmn. -- The Q and A says that they're keeping the algorithm secret to protect the security of the key escrow, which is a most peculiar claim. The most plausible reasons I can think of to keep the scheme secret are A) they use a new super-duper scheme invented by the NSA and want to keep it from the rest of the world, B) they use a known bad scheme and want to shut up the people who would point that out, C) they use a technically respectable scheme but believe in security through obscurity. I'm completely in the dark about what this has to do with the key escrow, though. -- Is there any precedent for classifying the workings of a device that is sold to the public? My impression is that classification has been heretofore reserved for information related to the armed services and to foreign policy. If I managed to reverse engineer the device without access to secret information and published my results, would that break any laws? (Compare to the Princeton student who developed a workable design for an atomic bomb quite legally using non-classified sources.) -- Who is this outfit Mykotronx who is making the chip? And where are they fabricating it? -- Regards, John Levine, johnl@iecc.cambridge.ma.us, {spdcc|ima|world}!iecc!johnl ------------------------------ Date: Sat, 17 Apr 1993 13:07:22 -0400 From: Bob Leone Subject: clipper chip encryption regarding use of "clipper" chip to encrypt telephone transmissions (but not in such a way as to stop the feds from snooping when they so desire): This is one of the silliest ideas to come out of Washington in a long while. "Terrorists, drug dealers, and other criminals" will not bother using the system. With the advent of cheap-but-powerful notebook computers, coupled with integrated modems, voice digitization, etc, very soon it will be possible for anyone desiring secure communication (secure even from govt), to have a laptop which will digitize, encrypt, and digitally transmit his voice to another laptop (which would do the inverse transformation). Given the rate of technological advance, and the rate that multi-media technology is being incorporated in PCs, I would expect that defeating technology will be deployed much sooner than the clipper chip will be. Does the govt really believe that drug dealers doing a multi-million-dollar business will be unable to easily afford defeating technology? Or that they would communicate using equipment that everyone knows is specially tailored for govt monitoring? Bob Leone ------------------------------ Date: Sat, 17 Apr 93 22:12:57 EET From: flb@flb.optiplan.fi (F.Baube[tm]) Reply-To: baube@optiplan.fi Subject: Clipper Chip Announcement Some thoughts on the suitability of the White House proposal for achieving the stated ends, and a possible outcome. Let us say that I and some correspondents of mine have purchased (from abroad one supposes) special-purpose encryption units that implement an algorithm not break- able by the authorities. Let us call these units PIP, for Pretty Impregnable Privacy. I use this PIP unit surreptitiously when communicating with my correspondents. I have prudently also purchased a government-approved Clipper unit, so that I can of course communicate with other normal Clipper units, but *also* so that a "casual eavesdropper" would detect nothing amiss on my line: since I possess said Clipper unit, one of course *expects* my communications to be encrypted. If the government holds true to its word, not assembling the key except with a court's permission, then under ordinary circumstances, no-one in law enforcement need know that I sometimes use this special PIP unit. Without using the completed Clipper key, the authorities cannot distin- guish a data stream generated by my PIP unit from a data stream generated by my decidedly legal Clipper unit. The poser comes if it should come to pass that law enforce- ment does obtain a warrant, assembles the key halves, and finds they cannot decrypt my communications. What do they do now ? IF the law states that ownership and use of superior encryption is illegal, then do they have grounds to raid my premises and confiscate my PIP unit, along with anything else that supports their investigation ? Because if they cannot simply raid my premises, and instead must go thru less intru- sive procedures to stop my using my PIP unit, then of course I *know* I am under surveillance; *if* I have been using it for illegal purposes, I can act accordingly, to avoid being "caught with the goods". Whereas on the other hand, if use of superior encryption equipment is NOT prohibited, its use might well become wide spread. Consider: if super-crypto is outlawed, only outlaws will have super-crypto; but if it is legal and affordable, and purched by any American valuing his or her privacy, this will over time severely dent the authorities' ability to conduct wiretap surveillance. This argument would seem to point inexorably towards prohi bition of the use of superior encryption, and a government right of search and seizure if its use is detected. But to restate: if I and my correspondents do use it anyways, for whatever reasons known only to us (we're not telling !), then does this make us subject to search and seizure on these grounds only: possession of a particular technical capability whose main effect is to enhance our privacy ? Am I to be an outlaw, merely for having outlaw-quality crypto ? With PIP in my den, I and my correspondents, perhaps acti- vists for a liberal cause out of favor with the authorities, have fewer fears of being the target of a COINTELPRO-style program. Nor need we fear development of Clipper-cracking technology by other parties. And when the technology comes into being for real-time comprehension of the spoken word, I do not need to worry about having the contents of my every phone call added to a data bank somewhere, no matter what the prevailing political mood is, and no matter what degree of lawbreaking there is by the guardians of the law. And there certainly seems to have been plenty of *that* in the last 25 years. -- * Fred Baube (tm) * In times of intellectual ferment, * baube@optiplan.fi * advantage to him with the intellect * #include * most fermented ! * May '68, Paris: It's Retrospective Time !! ------------------------------ Date: Sun, 18 Apr 93 09:44:41 -0400 From: padgett@tccslr.dnet.mmc.com (A. Padgett Peterson) Subject: Clipper Chips (USC ?) Clipper Chip (shades of 1812 - first Mil-Std-1815 and now this 8*) As you may know, for some years I have been pushing for a token-pin-challenge based encryption system for session as well as password encryption & this IMHO answers many questions posed by the CC. I suspect from the wording is that the prime use of the "Baltimore Clipper" will be for cellular telephony. Already there is enormous pressure, primarily resulting from the very high levels of toll faud, to encrypt cellular phone communications. Today you have essentially three choices in cell phone use: a) don't, b) in the clear, or c) STU-III. This would provide a fourth choice. In this case the double key is acceptable but does raise the question of how well are the telco's going to protect them ? (no more roaming ?) The field of digital computer communications is as different as Jib from Genoa - the concept is the same but the requirements are entirely different: 1: Instead of having to reveal the keys to a single telco, it will have to be revealed to multiple sites (single sign-on will help but not eliminate the problem). 2: If the key is lost, does the device become worthless ? If field programmable, what will stop someone from doing so ? The authorities would not find out until they obtained the court order & the keys and found that they still could not decrypt it. Then what ? Since I have been thinking about this for quite some time, I do have some thoughts however since the government chose not to ask, I doubt that they could be incorporated into the existing Clipper. However I would like to present them for your consideration: a) Each Clipper II is programmed with a subset of a very complex code: say of a key and algorithm matrix (the two pieces) capable of 2^112 combinations, each chip uses a subset capable of 2^20 (1 million) combinations, each of more than DES strength (I know, these are big numbers but computers are good at that & this is just for thought - actual numbers could be firmed up later. b) A program is included that will pick a unique key/algorithm combination for each communications path. With a million possible combinations, it is doubtful that anyone would run out. c) Since the GOV would have the full key/algorithm set for that chip, decoding would merely be a matter of a 2^20 search, a few seconds & made simpler if the initial handshake & synch were defined. To a holder of a single key, the set of required searches would be much larger (2^112 or double DES). If a key is disclosed, that using pair simply selects a different one without having to change the others. Thoughts ? To me the biggest problem is: How would two Clipper Chips, one on each end be able to interpret each other - would you use two key/algorithm pairs, one for each direction ? The chip might be built with a fixed send and a programmable receive. Still simple, just several possibilities. For that matter, it might be possible for each transmission use a combination of the keyset used at *both ends*. Either would provide additional protection in that a wiretap order would apply only to specific sites/conversations and would need both keys. More food for thought. Warmly, Padgett ------------------------------ Date: Mon, 19 Apr 93 10:06:38 EDT From: Tom Zmudzinski Subject: Re: Which countries outlaw encryption? [Privacy #13] So spake: "Dave Bakken" 16 Apr 1993 14:51 MST > Friday's announcement about the new Clipper Chip > mentioned in passing that some countries have effectively > outlawed encryption. Where can one find a list of such countries > or a paper discussing this? Thanks! I can share only partial information (but I do have it on the highest authority -- personal experience): FRANCE and ENGLAND do not permit private use of encryption (specific details vary -- this is news?). Can anyone else add to the list? /z/ Copyright (c) 1993 by Thomas E. Zmudzinski. All Rights Reserved. Permission granted to PRIVACY FORUM for posting, and ELECTRONIC reposting is permitted in its ENTIRETY, with this notice intact. Printed (hard-) copy may only be made for personal (non-profit) use. The author retains all rights to the material herein. Otherwise bad karma may result. ------------------------------ Date: Mon, 19 Apr 93 13:28:56 EDT From: sep24@cas.org (Steve Piehler) Subject: Clipper announcement and asset seizure The Public Encryption Management Fact Sheet contains this tidbit: > PROCUREMENT AND USE OF ENCRYPTION DEVICES > > [paragraph deleted] > > The Attorney General will procure and utilize encryption devices to > the extent needed to preserve the government's ability to conduct > lawful electronic surveillance and to fulfill the need for secure > law enforcement communications. Further, the Attorney General > shall utilize funds from the Department of Justice Asset Forfeiture > Super Surplus Fund to effect this purchase. Is this Asset Forteiture Super Surplus Fund the place where, for example, cash seized in drug busts goes? After reading several horror stories of assets being seized with no charges filed and speculation that some busts occur mainly to acquire cash and property, I hope this Clipper announcement does not give law enforcement officials more incentive to conduct raids. (Administrator to field officers: "We need a secure phone. Who can we bust that will have $199.95 on hand?") ------------------------------ Date: Tue, 20 Apr 1993 10:41:47 -0400 From: cstern@novus.com (Chuck Stern) Subject: Re: Clipper Key announcement > >Subject: text of White House announcement and Q&As on clipper chip encryption [ the MODERATOR sez: ] > A few general thoughts do seem appropriate, though. There are > clearly several different aspects of this announcement that > need to be carefuly considered. >... > > Another aspect revolves around how this technology and its use > would relate to current and future wiretap law and the actual > interception of communications, regardless of whether or not > intercepted data were immediately decoded. > > Finally, there's the whole issue of "public trust" as it > relates to the concept of the proposed "key escrow" system and > the conditions under which those split keys would be assembled > and utilized. > A debate here is whether such a system will maintain the status quo vis-a-vis wiretaps and electronic surveillance. I think that this scheme will do so (although I'm leery of the NSA proposing something for use by non-military entities). The question is whether the status quo effectively guarantees a citizen's rights against unauthorized or illegal surveillance by the government. The numbers (of authorized wiretaps) are not the telling part of the statistics. If I remember correctly, the various units of local and federal government have gotten on the order of 2 000 wiretap authorizations over the past year. This is a vanishingly small number as a percentage of total telephone and data circuits in the US system. The danger is not from authorized wiretaps, but from unauthorized ones. The FBI, especially under Hoover, conducted unauthorized wiretaps on citizens of the US, not because of suspected criminal behavior, but because of their political beliefs. Because of the revelations about these wiretaps (and the death of Hoover), the FBI had been put on somewhat of a shorter leash. At the risk of sounding like Chicken Little (for non-US readers, Chicken Little was hit on the head by an acorn but created a Crisis in Farmland by saying that the "sky is falling") (where was I? oh yes) our civil liberties are quickly being eroded by the current court's contraction of the exclusionary rule. The exclusionary rule says in short that any evidence that is gained as a direct result of illegal conduct by the police cannot be considered as evidence in a criminal proceeding. This had been expanded to the "fruit of a poisoned tree" doctrine: for example, the evidence obtained via a legally obtained search warrant, if the 'probable cause' for the search warrant was obtained via an illegal wiretap, should be excluded. Under the current court, however, the exclusionary rule has been relaxed: if the police were 'acting in good faith,' then the evidence obtained via an illegally or improperly executed search warrant (for example) is admissable. All of this leads me to my conclusion that the given the current court makeup and the "War on Drugs", the current wiretap laws do not offer sufficient guarantees of our civil rights to justify maintaining the status quo. With that, I come to the further conclusion that a key that is breakable, or one whose constituent parts are held by two different governmental agencies, does nothing except further the government's encroachment into our lives. I am not proposing that we hamper law enforcement agencies from doing their legitimate jobs of 1) upholding the law of the land and 2) protecting citizens from having their rights trampled by other citizens. I am proposing that we make it harder for agencies of the government to illegally collect information on its citizens. I do not trust the government to not expand its power to, ultimately, pass a law that will make useless privately-owned encryption schemes, and I think that this split-key proposal is the first step in this direction. Chuck Stern ------------------------------ Date: Wed, 21 Apr 93 16:54:14 EDT From: "Lance J. Hoffman" Subject: Clipper and Who Holds Crypto Keys In the light of the recent Clipper announcement, forum readers may wish to revisit the discussions of "Who Holds the Keys?". A good place to start, in addition to some of the material in CACM of March 1993 (which relates mainly to the FBI's digital telephony initiative), is Proceedings of the 2nd Conference on Computers, Freedom, and Privacy (order no. 533921 from ACM Press, 1515 Broadway, New York NY 10036. The same discussion is available on audiotape from Audio Archives International, 800 747-8069 and on videotape from Sweet Pea Productions, 800 235-4922 (cfpvideo@well.sf.ca.us). -- Professor Lance J. Hoffman Department of Electrical Engineering and Computer Science The George Washington University Washington, D. C. 20052 (202) 994-4955 fax: (202) 994-0227 hoffman@seas.gwu.edu ------------------------------ End of PRIVACY Forum Digest 02.14