PRIVACY Forum Archive Document

PRIVACY Forum Home Page

PFIR - "People For Internet Responsibility" Home Page

Vortex Technology Home Page


PRIVACY Forum Digest     Thursday, 22 April 1993     Volume 02 : Issue 14

          Moderated by Lauren Weinstein (lauren@vortex.com)
                Vortex Technology, Topanga, CA, U.S.A.
        
                     ===== PRIVACY FORUM =====

          The PRIVACY Forum digest is supported in part by the 
              ACM Committee on Computers and Public Policy.


CONTENTS
        Thoughts on Clipper (Lauren Weinstein; PRIVACY Forum Moderator)
        The Clipper Chip: A Technical Summary (Dorothy Denning)
        Slide presented at White House briefing on Clipper Chip
           (Clipper Chip Announcement) 
        Clipper Chip questions (John R. Levine)
        Clipper Chip Encryption (Bob Leone)
        Clipper Chip Announcement (F.Baube[tm])
        Clipper Chips (USC ?) (A. Padgett Peterson)
        Re: Which countries outlaw encryption? (Tom Zmudzinski)
        Clipper announcement and asset seizure (Steve Piehler)
        Re: Clipper Key announcement (Chuck Stern)
        Clipper and Who Holds Crypto Keys (Lance J. Hoffman)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The PRIVACY Forum is a moderated digest for the discussion and analysis of
issues relating to the general topic of privacy (both personal and
collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines.  Submissions without appropriate and relevant
"Subject:" lines may be ignored.  Subscriptions are by an automatic
"listserv" system; for subscription information, please send a message
consisting of the word "help" (quotes not included) in the BODY of a message
to: "privacy-request@vortex.com".  Mailing list problems should be
reported to "list-maint@vortex.com".  All submissions included in this
digest represent the views of the individual authors and all submissions
will be considered to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  All PRIVACY Forum materials are also
available through the Internet Gopher system via a gopher server on
site "gopher.vortex.com/".

For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@vortex.com, call (310) 455-9300, or FAX
to (310) 455-2364.
-----------------------------------------------------------------------------

VOLUME 02, ISSUE 14

   Quote for the day:

        "Don't panic."

                -- "Hitch Hiker's Guide to the Galaxy", preface (1979)
                    Douglas Adams (1952- )
        
----------------------------------------------------------------------

Date:    Thu, 22 Apr 93 10:53 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Thoughts on Clipper

Greetings.  Well, as you might imagine, considerable mail has been coming
into PRIVACY Forum regarding the Clipper chip announcement and related
materials.  A number of persons have asked me for my thoughts regarding the
announcement and its possible implications for privacy-related issues.  What
follows is purely my individual, personal opinion.  I apologize in advance
for its length.

I'm not a cryptography expert.  I'm not the right person to judge the
algorithmic strengths or weaknesses of a given encryption system.  It is
possible that a "team of experts" may determine that the Clipper chip is a
powerful encryption mechanism, free (as far as can be determined) of
significant algorithmic weaknesses which would impact its usefulness for the
classes of applications and level of security for which it is designed.  

It could be argued that proper analysis of such a cryptographic system could
only be conducted in an "open" environment, and that many cryptographic
experts may be unwilling to participate in a "classified" analysis either out
of general principles or concerns about possible impacts on their future
ability to publish other cryptographic works.  However, those are not the
points that directly impact privacy, and I'll leave them for others to
explore.  For the sake of the argument, let's assume Clipper uses a strong
algorithm, free from surprise "back-doors" or other weaknesses.

The privacy concerns regarding Clipper focus directly on its "key-escrow"
aspects and the implications of a cryptographic system specifically designed
to allow access by third parties to "private" communications. 

If Clipper remains purely a choice to be freely accepted or rejected by the
marketplace, and individual users, the primary question revolves around
whether or not potential users of the system are fully informed regarding
all aspects of the system (including both the relative strength of the
algorithm itself and the existence of the key-escrow mechanism) and choose
to use the system after being so informed.  To the extent that manufacturers
choose to use the system in mass-market products, the ability of users to
select other systems may be impacted, but that's an issue that market forces
can help rectify.

There's a more ominous potential problem, however.  Reading "between the
lines" of the Clipper announcement, at least the possibility of future
legislation being proposed to ban powerful non-key-escrow systems seems
quite real.  If such legislation became law, the negative impact on personal
privacy rights could be serious.  If such legislation were combined with the
passage of concepts embodied in the FBI Digital Telephony Proposal, the
potential negative impact could be quite dramatic.

Would people put up with being told that from now on they had to send copies
of their house keys to outside entities who would hold them in case they were
needed by law enforcement?  Pretty doubtful.  Or would they go along with
the idea that cameras would be mounted throughout their homes but would only
be activated under court order?  Not very likely.  We're permitted to speak
to each other in person using whatever languages (or codes, presumably) that
we like--even though this could presumably limit the effectiveness of
court-ordered bugs on a premises.  We can write letters (or send faxes)
using whatever symbolic systems we might wish.  Is there something
significantly different about a phone call which should subject it to
completely different privacy rules?  That's a core question in this debate.

Properly authorized wiretaps can of course have significant law enforcement
value.  But law enforcement using authorized surveillance techniques is
one thing; requiring that technology be designed in such a way as to make
surveillance simpler (or for that matter, possible in a given situation) is
something entirely different.

As technology evolves, techniques of law enforcement, like those of war, are
subject to change.  Centuries ago, a suit of full body armor was protection
against most of the weapons of the era.  With the introduction of gunpowder
in Europe, armor rapidly became obsolete--upsetting both the governments
who had invested heavily in armor and those who made the armor!  This is an
imperfect analogy of course, but the point is that no particular technology
can be expected to be equally useful forever, and that attempts to "hold
back" other aspects of technology to "protect" the usefulness of another
part are wasteful and usually doomed to ultimate failure.

This is especially true now with computer-oriented technologies, where
software-based techniques of immense power are within the grasp of anyone
with a personal computer.  The genie of powerful software-based encryption
systems is out of the bottle--it's doubtful that he can be successfully
forced back in.  

Of course, the more convenient a particular encryption technology is to use,
the more likely it is to get used.  Theoretically "perfect" systems have
long existed (such as one-time pads) but they have generally been relatively
inconvenient to manage logistically (modern computer technology, however, is
changing even this). 

Does concern about key-escrow systems imply a distrust of those
organizations or agencies who would be currently holding those keys?  No,
not necessarily.  But organizations and governments change.  The same
entities you trust at one time may abuse their powers later.  Given that
access to a Clipper key-escrow pair would give the ability to decode all
future and all previously recorded past transmissions between affected
units, we're talking about a power that must at least be carefully
scrutinized before being handed over.

Perhaps this is all largely academic.  Maybe there's not going to be
any push for the limitation or banning of powerful non-key-escrow 
encryption systems.  In that case, this has all been an interesting
intellectual exercise.  But since the crystal ball is unclear,
it is to our benefits to carefully consider all the aspects of these
technologies now, before they become widely entrenched.

One final point.  I've heard considerable numbers of persons referring to
Clipper as a "Clinton" plan.  I think it's fairly clear that Clipper must
have been in development for years, going back for at least one administration
and perhaps even farther.  It seems likely that the Clinton administration
was presented with an essentially complete program, and made the 
announcement based on the briefings and information made available to
them at that time.

Since the project apparently proceeded with only very limited input from the
outside cryptography or computer science communities, it seems likely that the
Clinton administration may not have heard a range of viewpoints regarding
the technology and its implications before the announcement.  The press
release announcing Clipper said that there is a desire to enter into a
dialogue regarding these technologies.  So if you have opinions about
Clipper or similar systems, either positive or negative, I'd urge you to
make them known, in writing, to the administration and to other elected
representatives as you see fit.

--Lauren--

------------------------------

Date: Wed, 21 Apr 93 19:21:48 EDT
From: denning@cs.cosc.georgetown.edu (Dorothy Denning)
Subject: THE CLIPPER CHIP: A TECHNICAL SUMMARY


        [ This item was extracted from the RISKS digest. -- MODERATOR ]


                     THE CLIPPER CHIP: A TECHNICAL SUMMARY
                               Dorothy Denning
                           Revised, April 21, 1993

INTRODUCTION

On April 16, the President announced a new initiative that will bring
together the Federal Government and industry in a voluntary program
to provide secure communications while meeting the legitimate needs of
law enforcement.  At the heart of the plan is a new tamper-proof encryption
chip called the "Clipper Chip" together with a split-key approach to
escrowing keys.  Two escrow agencies are used, and the key parts from
both are needed to reconstruct a key.


CHIP CONTENTS

The Clipper Chip contains a classified single-key 64-bit block
encryption algorithm called "Skipjack."  The algorithm uses 80 bit keys
(compared with 56 for the DES) and has 32 rounds of scrambling
(compared with 16 for the DES).  It supports all 4 DES modes of
operation.  The algorithm takes 32 clock ticks, and in Electronic
Codebook (ECB) mode runs at 12 Mbits per second.

Each chip includes the following components:

   the Skipjack encryption algorithm
   F, an 80-bit family key that is common to all chips
   N, a 30-bit serial number (this length is subject to change)
   U, an 80-bit secret key that unlocks all messages encrypted with the chip

The chips are programmed by Mykotronx, Inc., which calls them the
"MYK-78."  The silicon is supplied by VLSI Technology Inc.  They are
implemented in 1 micron technology and will initially sell for about
$30 each in quantities of 10,000 or more.  The price should drop as the
technology is shrunk to .8 micron.


ENCRYPTING WITH THE CHIP

To see how the chip is used, imagine that it is embedded in the AT&T
telephone security device (as it will be).  Suppose I call someone and
we both have such a device.  After pushing a button to start a secure
conversation, my security device will negotiate an 80-bit session key K
with the device at the other end.  This key negotiation takes place
without the Clipper Chip.  In general, any method of key exchange can
be used such as the Diffie-Hellman public-key distribution method.

Once the session key K is established, the Clipper Chip is used to
encrypt the conversation or message stream M (digitized voice).  The
telephone security device feeds K and M into the chip to produce two
values:

   E[M; K], the encrypted message stream, and 
   E[E[K; U] + N; F], a law enforcement field , 

which are transmitted over the telephone line.  The law enforcement
field thus contains the session key K encrypted under the unit key U
concatenated with the serial number N, all encrypted under the family
key F.  The law enforcement field is decrypted by law enforcement after
an authorized wiretap has been installed.

The ciphertext E[M; K] is decrypted by the receiver's device using the
session key:

   D[E[M; K]; K] = M .


CHIP PROGRAMMING AND ESCROW

All Clipper Chips are programmed inside a SCIF (Secure Compartmented
Information Facility), which is essentially a vault.  The SCIF contains
a laptop computer and equipment to program the chips.  About 300 chips
are programmed during a single session.  The SCIF is located at
Mykotronx.

At the beginning of a session, a trusted agent from each of the two key
escrow agencies enters the vault.  Agent 1 enters a secret, random
80-bit value S1 into the laptop and agent 2 enters a secret, random
80-bit value S2. These random values serve as seeds to generate unit
keys for a sequence of serial numbers.  Thus, the unit keys are a
function of 160 secret, random bits, where each agent knows only 80.
  
To generate the unit key for a serial number N, the 30-bit value N is
first padded with a fixed 34-bit block to produce a 64-bit block N1.
S1 and S2 are then used as keys to triple-encrypt N1, producing a
64-bit block R1:

        R1 = E[D[E[N1; S1]; S2]; S1] .

Similarly, N is padded with two other 34-bit blocks to produce N2 and
N3, and two additional 64-bit blocks R2 and R3 are computed:  

        R2 = E[D[E[N2; S1]; S2]; S1] 
        R3 = E[D[E[N3; S1]; S2]; S1] .

R1, R2, and R3 are then concatenated together, giving 192 bits. The
first 80 bits are assigned to U1 and the second 80 bits to U2.  The
rest are discarded.  The unit key U is the XOR of U1 and U2.  U1 and U2
are the key parts that are separately escrowed with the two escrow
agencies.

As a sequence of values for U1, U2, and U are generated, they are
written onto three separate floppy disks.  The first disk contains a
file for each serial number that contains the corresponding key part
U1.  The second disk is similar but contains the U2 values.  The third
disk contains the unit keys U.  Agent 1 takes the first disk and agent
2 takes the second disk.  Thus each agent walks away knowing
an 80-bit seed and the 80-bit key parts.  However, the agent does not
know the other 80 bits used to generate the keys or the other 80-bit
key parts.  

The third disk is used to program the chips.  After the chips are
programmed, all information is discarded from the vault and the agents
leave.  The laptop may be destroyed for additional assurance that no
information is left behind.
 
The protocol may be changed slightly so that four people are in the
room instead of two.  The first two would provide the seeds S1 and S2,
and the second two (the escrow agents) would take the disks back to
the escrow agencies. 

The escrow agencies have as yet to be determined, but they will not
be the NSA, CIA, FBI, or any other law enforcement agency.  One or
both may be independent from the government.


LAW ENFORCEMENT USE

When law enforcement has been authorized to tap an encrypted line, they
will first take the warrant to the service provider in order to get
access to the communications line.  Let us assume that the tap is in
place and that they have determined that the line is encrypted with the
Clipper Chip.  The law enforcement field is first decrypted with the
family key F, giving E[K; U] + N.  Documentation certifying that a tap
has been authorized for the party associated with serial number N is
then sent (e.g., via secure FAX) to each of the key escrow agents, who
return (e.g., also via secure FAX) U1 and U2.  U1 and U2 are XORed
together to produce the unit key U, and E[K; U] is decrypted to get the
session key K.  Finally the message stream is decrypted.  All this will
be accomplished through a special black box decoder.


CAPSTONE: THE NEXT GENERATION

A successor to the Clipper Chip, called "Capstone" by the government
and "MYK-80" by Mykotronx, has already been developed.  It will include
the Skipjack algorithm, the Digital Signature Standard (DSS), the
Secure Hash Algorithm (SHA), a method of key exchange, a fast
exponentiator, and a randomizer.  A prototoype will be available for
testing on April 22, and the chips are expected to be ready for
delivery in June or July.


ACKNOWLEDGMENT AND DISTRIBUTION NOTICE.  This article is based on
information provided by NSA, NIST, FBI, and Mykotronx.  Permission to
distribute this document is granted.

------------------------------

Date:    Mon, 19 Apr 93 9:21:53 EDT
From:    Clipper Chip Announcement <clipper@first.org>
Subject: Slide presented at White House briefing on Clipper Chip

Note:     The following material was handed out a press briefing on the
          Clipper Chip on 4/16.

                              Chip Operation

                         Microchip
User's Message      +----------------------+
------------------> |                      |      1.  Message encrypted
                    | Encryption Algorithm |          with user's key
                    |                      |
                    | Serial #             |      2.  User's key encrypted
                    |                      |-->       with chip unique key
                    | Chip Unique Key      |
User's Encryption   |                      |      3.  Serial # encrypted
Key                 | Chip Family Key      |          with chip family key
------------------> |                      |
                    |                      |
                    +----------------------+


                             ----------------

              For Law Enforcement to Read a Suspect's Message

1.  Need to obtain court authorized warrant to tap the suspect's telephone.

2.  Record encrypted message

3.  Use chip family key to decrypt chip serial number

4.  Take this serial number and court order to custodians 
    of disks A and B

5.  Add the A and B components for that serial number = the chip
    unique key for the suspect user

6.  Use this key to decrypt the user's message key for 
    this recorded message

7.  Finally, use this message key to decrypt the recorded message.

------------------------------

Date:    Fri, 16 Apr 93 22:44:32 EDT
From:    John R. Levine <johnl@iecc.cambridge.ma.us>
Subject: Clipper Chip questions

Leaving aside the fundamental bogosity of the proposal, I have some
technical questions:

-- Evidently each chip has its own pair of keys, or else each group of
chips does (the latter meaning that the scheme would only be useful for
closed networks that only talk to themselves, e.g. ATMs and a bank's
central computer.)  Lacking physical access to the tappee's equipment, how
do the cops know which pair of keys they need?  Presumably the chip
broadcasts its serial number from time to time.  Hmmn.

-- The Q and A says that they're keeping the algorithm secret to protect
the security of the key escrow, which is a most peculiar claim.  The most
plausible reasons I can think of to keep the scheme secret are A) they use
a new super-duper scheme invented by the NSA and want to keep it from the
rest of the world, B) they use a known bad scheme and want to shut up the
people who would point that out, C) they use a technically respectable
scheme but believe in security through obscurity.  I'm completely in the
dark about what this has to do with the key escrow, though.

-- Is there any precedent for classifying the workings of a device that is
sold to the public?  My impression is that classification has been
heretofore reserved for information related to the armed services and to
foreign policy.  If I managed to reverse engineer the device without
access to secret information and published my results, would that break
any laws?  (Compare to the Princeton student who developed a workable
design for an atomic bomb quite legally using non-classified sources.)

-- Who is this outfit Mykotronx who is making the chip?  And where are
they fabricating it?

-- 
Regards,
John Levine, johnl@iecc.cambridge.ma.us, {spdcc|ima|world}!iecc!johnl

------------------------------

Date:    Sat, 17 Apr 1993 13:07:22 -0400
From:    Bob Leone <leone@gandalf.ssw.com>
Subject: clipper chip encryption

regarding use of "clipper" chip to encrypt telephone transmissions (but not
in such a way as to stop the feds from snooping when they so desire):

This is one of the silliest ideas to come out of Washington in a long while.
"Terrorists, drug dealers, and other criminals" will not bother using the
system. With the advent of cheap-but-powerful notebook computers, coupled
with integrated modems, voice digitization, etc, very soon it will be
possible for anyone desiring secure communication (secure even from govt),
to have a laptop which will digitize, encrypt, and digitally transmit
his voice to another laptop (which would do the inverse transformation).
Given the rate of technological advance, and the rate that multi-media
technology is being incorporated in PCs, I would expect that defeating
technology will be deployed much sooner than the clipper chip will be.

Does the govt really believe that drug dealers doing a multi-million-dollar
business will be unable to easily afford defeating technology? Or that
they would communicate using equipment that everyone knows is specially
tailored for govt monitoring?


Bob Leone

------------------------------

Date:    Sat, 17 Apr 93 22:12:57 EET
From:    flb@flb.optiplan.fi (F.Baube[tm])
Reply-To: baube@optiplan.fi
Subject: Clipper Chip Announcement

Some thoughts on the suitability of the White House proposal for achieving
the stated ends, and a possible outcome.

Let us say that I and some correspondents of mine have purchased (from
abroad one supposes) special-purpose encryption units that implement an
algorithm not breakable by the authorities.  Let us call these units PIP,
for Pretty Impregnable Privacy.

I use this PIP unit surreptitiously when communicating with my
correspondents.  I have prudently also purchased a government-approved
Clipper unit, so that I can of course communicate with other normal Clipper
units, but also so that a "casual eavesdropper" would detect nothing amiss
on my line: since I possess said Clipper unit, one of course expects my
communications to be encrypted.

If the government holds true to its word, not assembling the key except with
a court's permission, then under ordinary circumstances, no-one in law
enforcement need know that I sometimes use this special PIP unit.  Without
using the completed Clipper key, the authorities cannot distinguish a data
stream generated by my PIP unit from a data stream generated by my decidedly
legal Clipper unit.

The poser comes if it should come to pass that law enforcement does obtain
a warrant, assembles the key halves, and finds they cannot decrypt my
communications.  What do they do now ?

IF the law states that ownership and use of superior encryption is
illegal, then do they have grounds to raid my premises and confiscate my
PIP unit, along with anything else that supports their investigation ?
Because if they cannot simply raid my premises, and instead must go thru
less intrusive procedures to stop my using my PIP unit, then of course I
know I am under surveillance; if I have been using it for illegal
purposes, I can act accordingly, to avoid being "caught with the goods".

Whereas on the other hand, if use of superior encryption equipment is NOT
prohibited, its use might well become wide spread.  Consider: if
super-crypto is outlawed, only outlaws will have super-crypto; but if it is
legal and affordable, and purched by any American valuing his or her
privacy, this will over time severely dent the authorities' ability to
conduct wiretap surveillance.

This argument would seem to point inexorably towards prohi bition of the use
of superior encryption, and a government right of search and seizure if its
use is detected.  But to restate: if I and my correspondents do use it
anyways, for whatever reasons known only to us (we're not telling !), then
does this make us subject to search and seizure on these grounds only:
possession of a particular technical capability whose main effect is to
enhance our privacy ?  Am I to be an outlaw, merely for having
outlaw-quality crypto ?

With PIP in my den, I and my correspondents, perhaps activists for a
liberal cause out of favor with the authorities, have fewer fears of being
the target of a COINTELPRO-style program.  Nor need we fear development of
Clipper-cracking technology by other parties.  And when the technology comes
into being for real-time comprehension of the spoken word, I do not need to
worry about having the contents of my every phone call added to a data bank
somewhere, no matter what the prevailing political mood is, and no matter
what degree of lawbreaking there is by the guardians of the law.  

And there certainly seems to have been plenty of that in the last 25 years.

-- 
* Fred Baube (tm)         *  In times of intellectual ferment,
* baube@optiplan.fi       * advantage to him with the intellect
* #include <disclaimer.h> * most fermented !
* May '68, Paris: It's Retrospective Time !!  

------------------------------

Date:    Sun, 18 Apr 93 09:44:41 -0400
From:    padgett@tccslr.dnet.mmc.com (A. Padgett Peterson)
Subject: Clipper Chips (USC ?)

Clipper Chip (shades of 1812 - first Mil-Std-1815 and now this 8*)

As you may know, for some years I have been pushing for a token-pin-challenge
based encryption system for session as well as password encryption & this
IMHO answers many questions posed by the CC.

I suspect from the wording is that the prime use of the "Baltimore Clipper"
will be for cellular telephony. Already there is enormous pressure,
primarily resulting from the very high levels of toll faud, to encrypt
cellular phone communications. Today you have essentially three choices
in cell phone use: a) don't, b) in the clear, or c) STU-III. This would
provide a fourth choice. In this case the double key is acceptable but
does raise the question of how well are the telco's going to protect them ?
(no more roaming ?)

The field of digital computer communications is as different as Jib from
Genoa - the concept is the same but the requirements are entirely different:

1: Instead of having to reveal the keys to a single telco, it will have to
   be revealed to multiple sites (single sign-on will help but not eliminate
   the problem).

2: If the key is lost, does the device become worthless ? If field
   programmable, what will stop someone from doing so ? The authorities
   would not find out until they obtained the court order & the keys and
   found that they still could not decrypt it. Then what ?

Since I have been thinking about this for quite some time, I do have some
thoughts however since the government chose not to ask, I doubt that they
could be incorporated into the existing Clipper. However I would like to
present them for your consideration:

a) Each Clipper II is programmed with a subset of a very complex code: say of
   a key and algorithm matrix (the two pieces) capable of 2^112 combinations,
   each chip uses a subset capable of 2^20 (1 million) combinations, each of
   more than DES strength (I know, these are big numbers but computers are 
   good at that & this is just for thought - actual numbers could be firmed 
   up later.

b) A program is included that will pick a unique key/algorithm combination
   for each communications path. With a million possible combinations, it
   is doubtful that anyone would run out.

c) Since the GOV would have the full key/algorithm set for that chip,
   decoding would merely be a matter of a 2^20 search, a few seconds & made
   simpler if the initial handshake & synch were defined. To a holder of a
   single key, the set of required searches would be much larger (2^112 or
   double DES). If a key is disclosed, that using pair simply selects a
   different one without having to change the others.

Thoughts ? To me the biggest problem is: How would two Clipper Chips, one
on each end be able to interpret each other - would you use two key/algorithm
pairs, one for each direction ? The chip might be built with a fixed
send and a programmable receive. Still simple, just several possibilities.

For that matter, it might be possible for each transmission use a 
combination of the keyset used at both ends. Either would provide
additional protection in that a wiretap order would apply only
to specific sites/conversations and would need both keys. More food for 
thought.

                                                  Warmly,
                                                            Padgett

------------------------------

Date:    Mon, 19 Apr 93 10:06:38 EDT
From:    Tom Zmudzinski <zmudzint@CC.ims.disa.mil>
Subject: Re: Which countries outlaw encryption? [Privacy #13]

  So spake: "Dave Bakken" <bakken@cs.arizona.edu> 16 Apr 1993 14:51 MST

>   Friday's announcement about the new Clipper Chip
>   mentioned in passing that some countries have effectively
>   outlawed encryption.  Where can one find a list of such countries
>   or a paper discussing this?  Thanks!

  I can share only partial information (but I do have it on the highest
  authority -- personal experience):  FRANCE and ENGLAND do not permit
  private use of encryption (specific details vary -- this is news?).
  Can anyone else add to the list?

  /z/

  Copyright (c) 1993 by Thomas E. Zmudzinski.  All Rights Reserved.
  Permission granted to PRIVACY FORUM for posting, and ELECTRONIC reposting
  is permitted in its ENTIRETY, with this notice intact.  Printed (hard-)
  copy may only be made for personal (non-profit) use.  The author retains
  all rights to the material herein.  Otherwise bad karma may result.

------------------------------

Date:    Mon, 19 Apr 93 13:28:56 EDT
From:    sep24@cas.org (Steve Piehler)
Subject: Clipper announcement and asset seizure

The Public Encryption Management Fact Sheet contains this tidbit:

> PROCUREMENT AND USE OF ENCRYPTION DEVICES
>
> [paragraph deleted]
>
> The Attorney General will procure and utilize encryption devices to
> the extent needed to preserve the government's ability to conduct
> lawful electronic surveillance and to fulfill the need for secure
> law enforcement communications.  Further, the Attorney General
> shall utilize funds from the Department of Justice Asset Forfeiture
> Super Surplus Fund to effect this purchase.

Is this Asset Forteiture Super Surplus Fund the place where, for example, cash
seized in drug busts goes?  After reading several horror stories of assets being
seized with no charges filed and speculation that some busts occur mainly to
acquire cash and property, I hope this Clipper announcement does not give law
enforcement officials more incentive to conduct raids.  (Administrator to field
officers:  "We need a secure phone.  Who can we bust that will have $199.95 on
hand?")

------------------------------

Date:    Tue, 20 Apr 1993 10:41:47 -0400
From:    cstern@novus.com (Chuck Stern)
Subject: Re: Clipper Key announcement

>
>Subject: text of White House announcement and Q&As on clipper chip encryption

[ the MODERATOR sez: ]
>     A few general thoughts do seem appropriate, though.  There are
>     clearly several different aspects of this announcement that
>     need to be carefuly considered.  
>...
>
>     Another aspect revolves around how this technology and its use
>     would relate to current and future wiretap law and the actual
>     interception of communications, regardless of whether or not
>     intercepted data were immediately decoded.
>
>     Finally, there's the whole issue of "public trust" as it
>     relates to the concept of the proposed "key escrow" system and
>     the conditions under which those split keys would be assembled
>     and utilized.
>

A debate here is whether such a system will maintain the status quo vis-a-vis
wiretaps and electronic surveillance.  I think that this scheme will do so
(although I'm leery of the NSA proposing something for use by non-military
entities).

The question is whether the status quo effectively guarantees a citizen's
rights against unauthorized or illegal surveillance by the government.

The numbers (of authorized wiretaps) are not the telling part of the
statistics.  If I remember correctly, the various units of local and federal
government have gotten on the order of 2 000 wiretap authorizations over the
past year.  This is a vanishingly small number as a percentage of total
telephone and data circuits in the US system.  The danger is not from
authorized wiretaps, but from unauthorized ones.

The FBI, especially under Hoover, conducted unauthorized wiretaps on citizens
of the US, not because of suspected criminal behavior, but because of their
political beliefs.  Because of the revelations about these wiretaps (and the
death of Hoover), the FBI had been put on somewhat of a shorter leash.

At the risk of sounding like Chicken Little (for non-US readers, Chicken
Little was hit on the head by an acorn but created a Crisis in Farmland by
saying that the "sky is falling") (where was I? oh yes) our civil liberties
are quickly being eroded by the current court's contraction of the
exclusionary rule.  The exclusionary rule says in short that any evidence
that is gained as a direct result of illegal conduct by the police cannot be
considered as evidence in a criminal proceeding.  This had been expanded to
the "fruit of a poisoned tree" doctrine: for example, the evidence obtained
via a legally obtained search warrant, if the 'probable cause' for the search
warrant was obtained via an illegal wiretap, should be excluded.  Under the
current court, however, the exclusionary rule has been relaxed: if the police
were 'acting in good faith,' then the evidence obtained via an illegally or
improperly executed search warrant (for example) is admissable.

All of this leads me to my conclusion that the given the current court makeup
and the "War on Drugs", the current wiretap laws do not offer sufficient
guarantees of our civil rights to justify maintaining the status quo.  With
that, I come to the further conclusion that a key that is breakable, or one
whose constituent parts are held by two different governmental agencies, does
nothing except further the government's encroachment into our lives.

I am not proposing that we hamper law enforcement agencies from doing their
legitimate jobs of 1) upholding the law of the land and 2) protecting
citizens from having their rights trampled by other citizens.  I am proposing
that we make it harder for agencies of the government to illegally collect
information on its citizens.  I do not trust the government to not expand its
power to, ultimately, pass a law that will make useless privately-owned
encryption schemes, and I think that this split-key proposal is the first
step in this direction.

        Chuck Stern

------------------------------

Date:    Wed, 21 Apr 93 16:54:14 EDT
From:    "Lance J. Hoffman" <hoffman@seas.gwu.edu>
Subject: Clipper and Who Holds Crypto Keys

In the light of the recent Clipper announcement, forum readers may wish
to revisit the discussions of "Who Holds the Keys?".  A good place to
start, in addition to some of the material in CACM of March 1993 (which
relates mainly to the FBI's digital telephony initiative), is Proceedings
of the 2nd Conference on Computers, Freedom, and Privacy (order no. 533921
from ACM Press, 1515 Broadway, New York NY 10036.  The same discussion is
available on audiotape from Audio Archives International, 800 747-8069 and
on videotape from Sweet Pea Productions, 800 235-4922 (cfpvideo@well.sf.ca.us).

-- 
Professor Lance J. Hoffman
Department of Electrical Engineering and Computer Science
The George Washington University
Washington, D. C. 20052

(202) 994-4955
fax: (202) 994-0227
hoffman@seas.gwu.edu

------------------------------

End of PRIVACY Forum Digest 02.14
************************


PRIVACY Forum Home Page

Vortex Technology Home Page

Copyright © 2005 Vortex Technology. All Rights Reserved.