Message #49: White House Announcement on Clipper encryption chip
Ctrl-S to Stop/Ctrl-Q to Restart.
[=--=--=--=--=--=--=--=--=--=--=--=--=]
Msg Left By: WILLY ELECTRIX
Date Posted: Tue Apr 20 00:47:24 1993
Newsgroups: sci.crypt
From: clipper@csrc.ncsl.nist.gov (Clipper Chip Announcement)
Subject: text of White House announcement and Q&As on clipper chip encryption
Message-ID: <C5L17v.GH5@dove.nist.gov>
Sender: news@dove.nist.gov
Organization: National Institute of Standards & Technology
Distribution: na
Date: Fri, 16 Apr 1993 15:19:06 GMT
Lines: 282
Note: This file will also be available via anonymous file
transfer from csrc.ncsl.nist.gov in directory /pub/nistnews and
via the NIST Computer Security BBS at 301-948-5717.
---------------------------------------------------
THE WHITE HOUSE
Office of the Press Secretary
_________________________________________________________________
For Immediate Release April 16, 1993
STATEMENT BY THE PRESS SECRETARY
The President today announced a new initiative that will bring
the Federal Government together with industry in a voluntary
program to improve the security and privacy of telephone
communications while meeting the legitimate needs of law
enforcement.
The initiative will involve the creation of new products to
accelerate the development and use of advanced and secure
telecommunications networks and wireless communications links.
For too long there has been little or no dialogue between our
private sector and the law enforcement community to resolve the
tension between economic vitality and the real challenges of
protecting Americans. Rather than use technology to accommodate
the sometimes competing interests of economic growth, privacy and
law enforcement, previous policies have pitted government against
industry and the rights of privacy against law enforcement.
Sophisticated encryption technology has been used for years to
protect electronic funds transfer. It is now being used to
protect electronic mail and computer files. While encryption
technology can help Americans protect business secrets and the
unauthorized release of personal information, it also can be used
by terrorists, drug dealers, and other criminals.
A state-of-the-art microcircuit called the "Clipper Chip" has
been developed by government engineers. The chip represents a
new approach to encryption technology. It can be used in new,
relatively inexpensive encryption devices that can be attached to
an ordinary telephone. It scrambles telephone communications
using an encryption algorithm that is more powerful than many in
commercial use today.
This new technology will help companies protect proprietary
information, protect the privacy of personal phone conversations
and prevent unauthorized release of data transmitted
electronically. At the same time this technology preserves the
ability of federal, state and local law enforcement agencies to
intercept lawfully the phone conversations of criminals.
A "key-escrow" system will be established to ensure that the
"Clipper Chip" is used to protect the privacy of law-abiding
Americans. Each device containing the chip will have two unique
2
"keys," numbers that will be needed by authorized government
agencies to decode messages encoded by the device. When the
device is manufactured, the two keys will be deposited separately
in two "key-escrow" data bases that will be established by the
Attorney General. Access to these keys will be limited to
government officials with legal authorization to conduct a
wiretap.
The "Clipper Chip" technology provides law enforcement with no
new authorities to access the content of the private
conversations of Americans.
To demonstrate the effectiveness of this new technology, the
Attorney General will soon purchase several thousand of the new
devices. In addition, respected experts from outside the
government will be offered access to the confidential details of
the algorithm to assess its capabilities and publicly report
their findings.
The chip is an important step in addressing the problem of
encryption's dual-edge sword: encryption helps to protect the
privacy of individuals and industry, but it also can shield
criminals and terrorists. We need the "Clipper Chip" and other
approaches that can both provide law-abiding citizens with access
to the encryption they need and prevent criminals from using it
to hide their illegal activities. In order to assess technology
trends and explore new approaches (like the key-escrow system),
the President has directed government agencies to develop a
comprehensive policy on encryption that accommodates:
-- the privacy of our citizens, including the need to
employ voice or data encryption for business purposes;
-- the ability of authorized officials to access telephone
calls and data, under proper court or other legal
order, when necessary to protect our citizens;
-- the effective and timely use of the most modern
technology to build the National Information
Infrastructure needed to promote economic growth and
the competitiveness of American industry in the global
marketplace; and
-- the need of U.S. companies to manufacture and export
high technology products.
The President has directed early and frequent consultations with
affected industries, the Congress and groups that advocate the
privacy rights of individuals as policy options are developed.
3
The Administration is committed to working with the private
sector to spur the development of a National Information
Infrastructure which will use new telecommunications and computer
technologies to give Americans unprecedented access to
information. This infrastructure of high-speed networks
("information superhighways") will transmit video, images, HDTV
programming, and huge data files as easily as today's telephone
system transmits voice.
Since encryption technology will play an increasingly important
role in that infrastructure, the Federal Government must act
quickly to develop consistent, comprehensive policies regarding
its use. The Administration is committed to policies that
protect all Americans' right to privacy while also protecting
them from those who break the law.
Further information is provided in an accompanying fact sheet.
The provisions of the President's directive to acquire the new
encryption technology are also available.
For additional details, call Mat Heyman, National Institute of
Standards and Technology, (301) 975-2758.
---------------------------------
QUESTIONS AND ANSWERS ABOUT THE CLINTON ADMINISTRATION'S
TELECOMMUNICATIONS INITIATIVE
Q: Does this approach expand the authority of government
agencies to listen in on phone conversations?
A: No. "Clipper Chip" technology provides law enforcement with
no new authorities to access the content of the private
conversations of Americans.
Q: Suppose a law enforcement agency is conducting a wiretap on
a drug smuggling ring and intercepts a conversation
encrypted using the device. What would they have to do to
decipher the message?
A: They would have to obtain legal authorization, normally a
court order, to do the wiretap in the first place. They
would then present documentation of this authorization to
the two entities responsible for safeguarding the keys and
obtain the keys for the device being used by the drug
smugglers. The key is split into two parts, which are
stored separately in order to ensure the security of the key
escrow system.
Q: Who will run the key-escrow data banks?
A: The two key-escrow data banks will be run by two independent
entities. At this point, the Department of Justice and the
Administration have yet to determine which agencies will
oversee the key-escrow data banks.
Q: How strong is the security in the device? How can I be sure
how strong the security is?
A: This system is more secure than many other voice encryption
systems readily available today. While the algorithm will
remain classified to protect the security of the key escrow
system, we are willing to invite an independent panel of
cryptography experts to evaluate the algorithm to assure all
potential users that there are no unrecognized
vulnerabilities.
Q: Whose decision was it to propose this product?
A: The National Security Council, the Justice Department, the
Commerce Department, and other key agencies were involved in
this decision. This approach has been endorsed by the
President, the Vice President, and appropriate Cabinet
officials.
Q: Who was consulted? The Congress? Industry?
A: We have on-going discussions with Congress and industry on
encryption issues, and expect those discussions to intensify
as we carry out our review of encryption policy. We have
briefed members of Congress and industry leaders on the
decisions related to this initiative.
Q: Will the government provide the hardware to manufacturers?
A: The government designed and developed the key access
encryption microcircuits, but it is not providing the
microcircuits to product manufacturers. Product
manufacturers can acquire the microcircuits from the chip
manufacturer that produces them.
Q: Who provides the "Clipper Chip"?
A: Mykotronx programs it at their facility in Torrance,
California, and will sell the chip to encryption device
manufacturers. The programming function could be licensed
to other vendors in the future.
Q: How do I buy one of these encryption devices?
A: We expect several manufacturers to consider incorporating
the "Clipper Chip" into their devices.
Q: If the Administration were unable to find a technological
solution like the one proposed, would the Administration be
willing to use legal remedies to restrict access to more
powerful encryption devices?
A: This is a fundamental policy question which will be
considered during the broad policy review. The key escrow
mechanism will provide Americans with an encryption product
that is more secure, more convenient, and less expensive
than others readily available today, but it is just one
piece of what must be the comprehensive approach to
encryption technology, which the Administration is
developing.
The Administration is not saying, "since encryption
threatens the public safety and effective law enforcement,
we will prohibit it outright" (as some countries have
effectively done); nor is the U.S. saying that "every
American, as a matter of right, is entitled to an
unbreakable commercial encryption product." There is a
false "tension" created in the assessment that this issue is
an "either-or" proposition. Rather, both concerns can be,
and in fact are, harmoniously balanced through a reasoned,
balanced approach such as is proposed with the "Clipper
Chip" and similar encryption techniques.
Q: What does this decision indicate about how the Clinton
Administration's policy toward encryption will differ from
that of the Bush Administration?
A: It indicates that we understand the importance of encryption
technology in telecommunications and computing and are
committed to working with industry and public-interest
groups to find innovative ways to protect Americans'
privacy, help businesses to compete, and ensure that law
enforcement agencies have the tools they need to fight crime
and terrorism.
Q: Will the devices be exportable? Will other devices that use
the government hardware?
A: Voice encryption devices are subject to export control
requirements. Case-by-case review for each export is
required to ensure appropriate use of these devices. The
same is true for other encryption devices. One of the
attractions of this technology is the protection it can give
to U.S. companies operating at home and abroad. With this
in mind, we expect export licenses will be granted on a
case-by-case basis for U.S. companies seeking to use these
devices to secure their own communications abroad. We plan
to review the possibility of permitting wider exportability
of these products.
Message #50: White House "Encryption Fact Sheet"
Ctrl-S to Stop/Ctrl-Q to Restart.
[=--=--=--=--=--=--=--=--=--=--=--=--=]
Msg Left By: WILLY ELECTRIX
Date Posted: Tue Apr 20 00:49:34 1993
Newsgroups: alt.privacy,sci.crypt,alt.security,comp.security.misc,
comp.org.eff.talk
From: clipper@csrc.ncsl.nist.gov (Clipper Chip Announcement)
Subject: White House Public Encryption Management Fact Sheet
Message-ID: <C5LGAz.250@dove.nist.gov>
Sender: news@dove.nist.gov
Organization: National Institute of Standards & Technology
Distribution: na
Date: Fri, 16 Apr 1993 20:44:58 GMT
Lines: 94
Note: The following was released by the White House today in
conjunction with the announcement of the Clipper Chip
encryption technology.
FACT SHEET
PUBLIC ENCRYPTION MANAGEMENT
The President has approved a directive on "Public Encryption
Management." The directive provides for the following:
Advanced telecommunications and commercially available encryption
are part of a wave of new computer and communications technology.
Encryption products scramble information to protect the privacy of
communications and data by preventing unauthorized access.
Advanced telecommunications systems use digital technology to
rapidly and precisely handle a high volume of communications.
These advanced telecommunications systems are integral to the
infrastructure needed to ensure economic competitiveness in the
information age.
Despite its benefits, new communications technology can also
frustrate lawful government electronic surveillance. Sophisticated
encryption can have this effect in the United States. When
exported abroad, it can be used to thwart foreign intelligence
activities critical to our national interests. In the past, it has
been possible to preserve a government capability to conduct
electronic surveillance in furtherance of legitimate law
enforcement and national security interests, while at the same time
protecting the privacy and civil liberties of all citizens. As
encryption technology improves, doing so will require new,
innovative approaches.
In the area of communications encryption, the U. S. Government has
developed a microcircuit that not only provides privacy through
encryption that is substantially more robust than the current
government standard, but also permits escrowing of the keys needed
to unlock the encryption. The system for the escrowing of keys
will allow the government to gain access to encrypted information
only with appropriate legal authorization.
To assist law enforcement and other government agencies to collect
and decrypt, under legal authority, electronically transmitted
information, I hereby direct the following action to be taken:
INSTALLATION OF GOVERNMENT-DEVELOPED MICROCIRCUITS
The Attorney General of the United States, or her representative,
shall request manufacturers of communications hardware which
incorporates encryption to install the U.S. government-developed
key-escrow microcircuits in their products. The fact of law
enforcement access to the escrowed keys will not be concealed from
the American public. All appropriate steps shall be taken to
ensure that any existing or future versions of the key-escrow
microcircuit are made widely available to U.S. communications
hardware manufacturers, consistent with the need to ensure the
security of the key-escrow system. In making this decision, I do
not intend to prevent the private sector from developing, or the
government from approving, other microcircuits or algorithms that
are equally effective in assuring both privacy and a secure key-
escrow system.
KEY-ESCROW
The Attorney General shall make all arrangements with appropriate
entities to hold the keys for the key-escrow microcircuits
installed in communications equipment. In each case, the key
holder must agree to strict security procedures to prevent
unauthorized release of the keys. The keys shall be released only
to government agencies that have established their authority to
acquire the content of those communications that have been
encrypted by devices containing the microcircuits. The Attorney
General shall review for legal sufficiency the procedures by which
an agency establishes its authority to acquire the content of such
communications.
PROCUREMENT AND USE OF ENCRYPTION DEVICES
The Secretary of Commerce, in consultation with other appropriate
U.S. agencies, shall initiate a process to write standards to
facilitate the procurement and use of encryption devices fitted
with key-escrow microcircuits in federal communications systems
that process sensitive but unclassified information. I expect this
process to proceed on a schedule that will permit promulgation of
a final standard within six months of this directive.
The Attorney General will procure and utilize encryption devices to
the extent needed to preserve the government's ability to conduct
lawful electronic surveillance and to fulfill the need for secure
law enforcement communications. Further, the Attorney General
shall utilize funds from the Department of Justice Asset Forfeiture
Super Surplus Fund to effect this purchase.
Message #51: Initial EFF Analysis of Clinton Privacy and Security Proposal
Ctrl-S to Stop/Ctrl-Q to Restart.
[=--=--=--=--=--=--=--=--=--=--=--=--=]
Msg Left By: WILLY ELECTRIX
Date Posted: Tue Apr 20 00:51:46 1993
Newsgroups: sci.crypt
From: kadie@cs.uiuc.edu (Carl M Kadie)
Subject: [EFF] Initial EFF Analysis of Clinton Privacy and Security Proposal
Message-ID: <C5LH1y.LsM@cs.uiuc.edu>
Followup-To: sci.crypt,comp.org.eff.talk
Organization: University of Illinois, Dept. of Comp. Sci., Urbana, IL
Date: Fri, 16 Apr 1993 21:01:10 GMT
Lines: 107
[An article from comp.org.eff.news, EFFector Online 5.06 - Carl]
April 16, 1993
INITIAL EFF ANALYSIS OF CLINTON PRIVACY AND SECURITY
PROPOSAL
The Clinton Administration today made a major announcement
on cryptography policy which will effect the privacy and security of
millions of Americans. The first part of the plan is to begin a
comprehensive inquiry into major communications privacy issues
such as export controls which have effectively denied most people
easy access to robust encryption as well as law enforcement issues
posed by new technology.
However, EFF is very concerned that the Administration has
already reached a conclusion on one critical part of the inquiry, before
any public comment or discussion has been allowed. Apparently, the
Administration is going to use its leverage to get all telephone
equipment vendors to adopt a voice encryption standard developed
by the National Security Agency. The so-called "Clipper Chip" is an
80-bit, split key escrowed encryption scheme which will be built into
chips manufactured by a military contractor. Two separate escrow
agents would store users' keys, and be required to turn them over
law enforcement upon presentation of a valid warrant. The
encryption scheme used is to be classified, but they chips will be
available to any manufacturer for incorporation into their
communications products.
This proposal raises a number of serious concerns .
First, the Administration appears to be adopting a solution
before conducting an inquiry. The NSA-developed Clipper chip may
not be the most secure product. Other vendors or developers may
have better schemes. Furthermore, we should not rely on the
government as the sole source for Clipper or any other chips. Rather,
independent chip manufacturers should be able to produce chipsets
based on open standards.
Second, an algorithm can not be trusted unless it can be tested.
Yet the Administration proposes to keep the chip algorithm
classified. EFF believes that any standard adopted ought to be public
and open. The public will only have confidence in the security of a
standard that is open to independent, expert scrutiny.
Third, while the use of the split-key, dual-escrowed
system may prove to be a reasonable balance between privacy and
law enforcement needs, the details of this scheme must be explored
publicly before it is adopted. What will give people confidence in the
safety of their keys? Does disclosure of keys to a third party waive
individual's fifth amendment rights in subsequent criminal
inquiries?
In sum, the Administration has shown great sensitivity to the
importance of these issues by planning a comprehensive inquiry into
digital privacy and security. However, the "Clipper chip" solution
ought to be considered as part of the inquiry, not be adopted before
the discussion even begins.
DETAILS OF THE PROPOSAL:
ESCROW
The 80-bit key will be divided between two escrow agents, each of
whom hold 40 bits of each key. Upon presentation of a valid
warrant, the two escrow agents would have to turn the key parts
over to law enforcement agents. Most likely the Attorney General
will be asked to identify appropriate escrow agents. Some in the
Administration have suggested one non-law enforcement federal
agency, perhaps the Federal Reserve, and one non-governmental
organization. But, there is no agreement on the identity of the agents
yet.
Key registration would be done by the manufacturer of the
communications device. A key is tied to the device, not to the person
using it.
CLASSIFIED ALGORITHM AND THE POSSIBILITY OF BACK DOORS
The Administration claims that there are no back door means by
which the government or others could break the code without
securing keys from the escrow agents and that the President will
be told there are no back doors to this classified algorithm. In order
to prove this, Administration sources are interested in arranging for
an all-star crypto cracker team to come in, under a security
arrangement, and examine the algorithm for trap doors. The results
of the investigation would then be made public.
GOVERNMENT AS MARKET DRIVER
In order to get a market moving, and to show that the government
believes in the security of this system, the feds will be the first big
customers for this product. Users will include the FBI, Secret Service,
VP Al Gore, and maybe even the President.
FROM MORE INFORMATION CONTACT:
Jerry Berman, Executive Director
Daniel J. Weitzner, Senior Staff Counsel
--
Carl Kadie -- I do not represent any organization; this is just me.
= kadie@cs.uiuc.edu =
Message #52: CPSR Statement on White House Crypto Plan
Ctrl-S to Stop/Ctrl-Q to Restart.
[=--=--=--=--=--=--=--=--=--=--=--=--=]
Msg Left By: WILLY ELECTRIX
Date Posted: Tue Apr 20 00:53:10 1993
Newsgroups: sci.crypt,alt.privacy,comp.org.eff.talk,alt.security,
alt.dcom.telecom
From: Dave Banisar <Banisar@washofc.cpsr.org>
Subject: CPSR Statement on White House Crypto Plan
Message-ID: <1993Apr16.214637.28829@eff.org>
X-Xxmessage-Id: <A7F4A1214F01AC81@coolidge.eff.org>
X-Xxdate: Fri, 16 Apr 93 17:45:05 GMT
Sender: usenet@eff.org (NNTP News Poster)
Nntp-Posting-Host: coolidge.eff.org
Organization: CPSR, Civil Liberties and Computing Project
X-Useragent: Nuntius v1.1.1d17
Date: Fri, 16 Apr 1993 21:46:37 GMT
Lines: 60
-----------------------------------------------------------
April 16, 1993
Washington, DC
COMPUTER PROFESSIONALS CALL FOR PUBLIC
DEBATE ON NEW GOVERNMENT ENCRYPTION INITIATIVE
Computer Professionals for Social Responsibility (CPSR)
today called for the public disclosure of technical data
underlying the government's newly-announced "Public Encryption
Management" initiative. The new cryptography scheme was
announced today by the White House and the National Institute
for Standards and Technology (NIST), which will implement the
technical specifications of the plan. A NIST spokesman
acknowledged that the National Security Agency (NSA), the super-
secret military intelligence agency, had actually developed the
encryption technology around which the new initiative is built.
According to NIST, the technical specifications and the
Presidential directive establishing the plan are classified. To
open the initiative to public review and debate, CPSR today
filed a series of Freedom of Information Act (FOIA) requests
with key agencies, including NSA, NIST, the National Security
Council and the FBI for information relating to the encryption
plan. The CPSR requests are in keeping with the spirit of the
Computer Security Act, which Congress passed in 1987 in order to
open the development of non-military computer security standards
to public scrutiny and to limit NSA's role in the creation of
such standards.
CPSR previously has questioned the role of NSA in
developing the so-called "digital signature standard" (DSS), a
communications authentication technology that NIST proposed for
government-wide use in 1991. After CPSR sued NIST in a FOIA
lawsuit last year, the civilian agency disclosed for the first
time that NSA had, in fact, developed that security standard.
NSA is due to file papers in federal court next week justifying
the classification of records concerning its creation of the
DSS.
David Sobel, CPSR Legal Counsel, called the
administration's apparent commitment to the privacy of
electronic communications, as reflected in today's official
statement, "a step in the right direction." But he questioned
the propriety of NSA's role in the process and the apparent
secrecy that has thus far shielded the development process from
public scrutiny. "At a time when we are moving towards the
development of a new information infrastructure, it is vital
that standards designed to protect personal privacy be
established openly and with full public participation. It is
not appropriate for NSA -- an agency with a long tradition of
secrecy and opposition to effective civilian cryptography -- to
play a leading role in the development process."
CPSR is a national public-interest alliance of computer
industry professionals dedicated to examining the impact of
technology on society. CPSR has 21 chapters in the U.S. and
maintains offices in Palo Alto, California, Cambridge,
Massachusetts and Washington, DC. For additional information on
CPSR, call (415) 322-3778 or e-mail <cpsr@csli.stanford.edu>.
Message #53: Clipper chip -- technical details (so far)
Ctrl-S to Stop/Ctrl-Q to Restart.
[=--=--=--=--=--=--=--=--=--=--=--=--=]
Msg Left By: WILLY ELECTRIX
Date Posted: Tue Apr 20 00:56:12 1993
Newsgroups: sci.crypt,alt.privacy.clipper
From: smb@research.att.com (Steven Bellovin)
Subject: Clipper chip -- technical details
Message-ID: <1993Apr18.200737.14815@ulysses.att.com>
Date: Sun, 18 Apr 1993 20:07:37 GMT
Organization: AT&T Bell Laboratories
Lines: 121
I received the following two notes from Martin Hellman with details
on how Clipper will work. They are posted with his permission. The
implications of some details are fascinating.
-------
Date: Sat, 17 Apr 93 23:05:23 PDT
From: "Martin Hellman" <hellman@isl.stanford.edu>
To: (a long list of recipients)
Subject: Clipper Chip
Most of you have seen the announcement in Friday's NY Times,
etc. about NIST (National Institute of Standards & Technology)
announcing the "Clipper Chip" crypto device. Several messges
on the net have asked for more technical details, and some have
been laboring under understandable misunderstandings given
the lack of details in the news articles. So here to help out
is your friendly NSA link: me. I was somewhat surprised Friday
to get a call from the Agency which supplied many of the missing
details. I was told the info was public, so here it is (the cc of this
to Dennis Branstad at NIST is mostly as a double check on my
facts since I assume he is aware of all this; please let me know
if I have anything wrong):
The Clipper Chip will have a secret crypto algorithm embedded in
Silicon. Each chip will have two secret, 80-bit keys. One will be the
same for all chips (ie a system-wide key) and the other will be unit
specific. I don't know what NIST and NSA will call them, but I will
call them the system key SK and unit key UK in this message.
The IC will be designed to be extremely difficult to reverse so
that the system key can be kept secret. (Aside: It is clear that
they also want to keep the algorithm secret and, in my opinion,
it may be as much for that as this stated purpose.) The unit key
will be generated as the XOR of two 80-bit random numbers K1
and K2 (UK=K1+K2) which will be kept by the two escrow
authorities. Who these escrow authorities will be is still to be
decided by the Attorney General, but it was stressed to me that
they will NOT be NSA or law enforcement agencies, that they
must be parties acceptable to the users of the system as unbiased.
When a law enforcement agency gets a court order, they will
present it to these two escrow authorities and receive K1 and
K2, thereby allowing access to the unit key UK.
In addition to the system key, each user will get to choose his
or her own key and change it as often as desired. Call this key
plain old K. When a message is to be sent it will first be
encrypted under K, then K will be encrypted under the unit key UK,
and the serial number of the unit added to produce a three part
message which will then be encrypted under the system key SK
producing
E{ E[M; K], E[K; UK], serial number; SK}
When a court order obtains K1 and K2, and thence K, the law
enforcement agency will use SK to decrypt all information
flowing on the suspected link [Aside: It is my guess that
they may do this constantly on all links, with or without a
court order, since it is almost impossible to tell which links
over which a message will flow.] This gives the agency access to
E[M; K], E[K; UK], serial number
in the above message. They then check the serial number
of the unit and see if it is on the "watch list" for which they
have a court order. If so, they will decrypt E[K; UK] to obtain K,
and then decrypt E[M; K] to obtain M.
I am still in the process of assessing this scheme, so please do
not take the above as any kind of endorsement of the proposed
scheme. All I am trying to do is help all of us assess the scheme
more knowledgably. But I will say that the need for just one court
order worries me. I would feel more comfortable (though not
necessarily comfortable!) if two separate court orders were
needed, one per escrow authority. While no explanation is
needed, the following story adds some color: In researching
some ideas that Silvio Micali and I have been kicking around,
I spoke with Gerald Gunther, the constitutional law expert
here at Stanford and he related the following story: When
Edward Levi became Pres. Ford's attorney general (right
after Watergate), he was visited by an FBI agent asking
for "the wiretap authorizations." When Levy asked for
the details so he could review the cases as required by
law, the agent told him that his predecessors just turned
over 40-50 blank, signed forms every time. Levi did not
comply and changed the system, but the lesson is clear:
No single person or authority should have the power to
authorize wiretaps (or worse yet, divulging of personal
keys). Sometimes he or she will be an Edward Levi
and sometimes a John Mitchell.
Martin Hellman
----
Date: Sun, 18 Apr 93 11:41:42 PDT
From: "Martin Hellman" <hellman@isl.stanford.edu>
To: smb@research.att.com
Subject: Re: Clipper Chip
It is fine to post my previous message to sci.crypt
if you also post this message with it in which:
1. I ask recipients to be sparse in their requesting further info
from me or asking for comments on specific questions. By
this posting I apologize for any messages I am unable to
respond to. (I already spend too much time answering too much
e-mail and am particularly overloaded this week with other
responsibilities.)
2. I note a probably correction sent to me by Dorothy Denning.
She met with the person from NSA that
I talked with by phone, so her understanding is likely to
better than mine on this point: Where I said the transmitted
info is E{ E[M; K], E[K; UK], serial number; SK}
she says the message is not double encrypted. The system
key (or family key as she was told it is called) only encrypts
the serial number or the serial number and the encrypted
unit key. This is not a major difference, but I thought it
should be mentioned and thank her for bringing it to
my attention. It makes more sense since it cuts down
on encryption computation overhead.
Message #54: Fighting the Clipper Initiative
Ctrl-S to Stop/Ctrl-Q to Restart.
[=--=--=--=--=--=--=--=--=--=--=--=--=]
Msg Left By: WILLY ELECTRIX
Date Posted: Tue Apr 20 00:57:45 1993
Newsgroups: sci.crypt,alt.security.pgp
From: prz@sage.cgd.ucar.edu (Philip Zimmermann)
Subject: Fighting the Clipper Initiative
Message-ID: <1993Apr19.003710.20736@ncar.ucar.edu>
Summary: Ways to fight it
Sender: news@ncar.ucar.edu (USENET Maintenance)
Organization: Climate and Global Dynamics Division/NCAR, Boulder, CO
Date: Mon, 19 Apr 1993 00:37:10 GMT
Lines: 71
Here are some ideas for those of you who want to oppose the White
House Clipper chip crypto initiative. I think this is going to be a
tough measure to fight, since the Government has invested a lot of
resources in developing this high-profile initiative. They are
serious about it now. It won't be as easy as it was defeating Senate
Bill 266 in 1991.
Possible actions to take in response:
1) Mobilize your friends to to all the things on this list, and
more.
2) Work the Press. Talk with your local newspaper's science and
technology reporter. Write to your favorite trade rags. Better yet,
write some articles yourself for your favorite magazines or
newspapers. Explain why the Clipper chip initiative is a bad idea.
Remember to tailor it to your audience. The general public may be
slow to grasp why it's a bad idea, since it seems so technical and
arcane and innocent sounding. Try not to come across as a flaming
libertarian paranoid extremist, even if you are one.
3) Lobby Congress. Write letters and make phone calls to your
Member of Congress in your own district, as well as your two US
Senators. Many Members of Congress have aides that advise them of
technology issues. Talk to those aides.
4) Involve your local political parties. The Libertarian party
would certainly be interested. There are also libertarian wings of
the Democrat and Republican parties. The right to privacy has a
surprisingly broad appeal, spanning all parts of the political
spectrum. We have many natural allies. The ACLU. The NRA. Other
activist groups that may someday find themselves facing a government
that can suppress them much more efficiently if these trends play
themselves out. But you must articulate our arguments well if you
want to draw in people who are not familiar with these issues.
4) Contribute money to the Electronic Frontier Foundation (EFF) and
Computer Professionals for Social Responsibility (CPSR), assuming
these groups will fight this initiative. They need money for legal
expenses and lobbying.
5) Mobilize opposition in industry. Companies that will presumably
develop products that will incorporate the Clipper chip should be
lobbied against it, from within and from without. If you work for a
telecommunications equipment vendor, first enlist the aid of your
coworkers and fellow engineers against this initiative, and then
present your company's management with a united front of engineering
talent against this initiative. Write persuasive memos to your
management, with your name and your colleagues' names on it. Hold
meetings on it.
6) Publicize, deploy and entrench as much guerrilla
techno-monkeywrenching apparatus as you can. That means PGP,
anonymous mail forwarding systems based on PGP, PGP key servers,
etc. The widespread availability of this kind of technology might
also be used as an argument that it can't be effectively suppressed
by Government action. I will also be working to develop new useful
tools for these purposes.
7) Be prepared to engage in an impending public policy debate on
this topic. We don't know yet how tough this fight will be, so we
may have to compromise to get most of what we want. If we can't
outright defeat it, we may have to live with a modified version of
this Clipper chip plan in the end. So we'd better be prepared to
analyze the Government's plan, and articulate how we want it
modified.
-Philip Zimmermann
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
