Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Privacy :: priv_214.txt

Privacy Digest 2.14 4/22/93





PRIVACY Forum Digest     Thursday, 22 April 1993     Volume 02 :
Issue 14

          Moderated by Lauren Weinstein (lauren@vortex.com)
                Vortex Technology, Topanga, CA, U.S.A.
     
                     ===== PRIVACY FORUM =====

       The PRIVACY Forum digest is supported in part by the 
           ACM Committee on Computers and Public Policy.


CONTENTS
     Thoughts on Clipper (Lauren Weinstein; PRIVACY Forum
Moderator)
     The Clipper Chip: A Technical Summary (Dorothy Denning)
     Slide presented at White House briefing on Clipper Chip
        (Clipper Chip Announcement) 
     Clipper Chip questions (John R. Levine)
     Clipper Chip Encryption (Bob Leone)
     Clipper Chip Announcement (F.Baube[tm])
     Clipper Chips (USC ?) (A. Padgett Peterson)
     Re: Which countries outlaw encryption? (Tom Zmudzinski)
     Clipper announcement and asset seizure (Steve Piehler)
     Re: Clipper Key announcement (Chuck Stern)
     Clipper and Who Holds Crypto Keys (Lance J. Hoffman)


 *** Please include a RELEVANT "Subject:" line on all submissions!
***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------
------------
The PRIVACY Forum is a moderated digest for the discussion and
analysis of
issues relating to the general topic of privacy (both personal and
collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their
relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@vortex.com" and
must have
RELEVANT "Subject:" lines.  Submissions without appropriate and
relevant
"Subject:" lines may be ignored.  Subscriptions are by an automatic
"listserv" system; for subscription information, please send a
message
consisting of the word "help" (quotes not included) in the BODY of
a message
to: "privacy-request@vortex.com".  Mailing list problems should be
reported to "list-maint@vortex.com".  All submissions included in
this
digest represent the views of the individual authors and all
submissions
will be considered to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and
all
related materials, is available via anonymous FTP from site
"ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or
"anonymous", and
enter your e-mail address as the password.  The typical "README"
and "INDEX"
files are available to guide you through the files available for
FTP
access.  PRIVACY Forum materials may also be obtained automatically
via
e-mail through the listserv system.  Please follow the instructions
above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used
to access
the PRIVACY Forum archive.  All PRIVACY Forum materials are also
available through the Internet Gopher system via a gopher server on
site "gopher.vortex.com".

For information regarding the availability of this digest via FAX,
please
send an inquiry to privacy-fax@vortex.com, call (310) 455-9300, or
FAX
to (310) 455-2364.
-----------------------------------------------------------------
------------

VOLUME 02, ISSUE 14

   Quote for the day:

     "Don't panic."

          -- "Hitch Hiker's Guide to the Galaxy", preface (1979)
              Douglas Adams (1952- )
     
-----------------------------------------------------------------
-----

Date:    Thu, 22 Apr 93 10:53 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum
Moderator)
Subject: Thoughts on Clipper

Greetings.  Well, as you might imagine, considerable mail has been
coming
into PRIVACY Forum regarding the Clipper chip announcement and
related
materials.  A number of persons have asked me for my thoughts
regarding the
announcement and its possible implications for privacy-related
issues.  What
follows is purely my individual, personal opinion.  I apologize in
advance
for its length.

I'm not a cryptography expert.  I'm not the right person to judge
the
algorithmic strengths or weaknesses of a given encryption system. 
It is
possible that a "team of experts" may determine that the Clipper
chip is a
powerful encryption mechanism, free (as far as can be determined)
of
significant algorithmic weaknesses which would impact its
usefulness for the
classes of applications and level of security for which it is
designed.  

It could be argued that proper analysis of such a cryptographic
system could
only be conducted in an "open" environment, and that many
cryptographic
experts may be unwilling to participate in a "classified" analysis
either out
of general principles or concerns about possible impacts on their
future
ability to publish other cryptographic works.  However, those are
not the
points that directly impact privacy, and I'll leave them for others
to
explore.  For the sake of the argument, let's assume Clipper uses
a strong
algorithm, free from surprise "back-doors" or other weaknesses.

The privacy concerns regarding Clipper focus directly on its
"key-escrow"
aspects and the implications of a cryptographic system specifically
designed
to allow access by third parties to "private" communications. 

If Clipper remains purely a choice to be freely accepted or
rejected by the
marketplace, and individual users, the primary question revolves
around
whether or not potential users of the system are fully informed
regarding
all aspects of the system (including both the relative strength of
the
algorithm itself and the existence of the key-escrow mechanism) and
choose
to use the system after being so informed.  To the extent that
manufacturers
choose to use the system in mass-market products, the ability of
users to
select other systems may be impacted, but that's an issue that
market forces
can help rectify.

There's a more ominous potential problem, however.  Reading
"between the
lines" of the Clipper announcement, at least the possibility of
future
legislation being proposed to ban powerful non-key-escrow systems
seems
quite real.  If such legislation became law, the negative impact on
personal
privacy rights could be serious.  If such legislation were combined
with the
passage of concepts embodied in the FBI Digital Telephony Proposal,
the
potential negative impact could be quite dramatic.

Would people put up with being told that from now on they had to
send copies
of their house keys to outside entities who would hold them in case
they were
needed by law enforcement?  Pretty doubtful.  Or would they go
along with
the idea that cameras would be mounted throughout their homes but
would only
be activated under court order?  Not very likely.  We're permitted
to speak
to each other in person using whatever languages (or codes,
presumably) that
we like--even though this could presumably limit the effectiveness
of
court-ordered bugs on a premises.  We can write letters (or send
faxes)
using whatever symbolic systems we might wish.  Is there something
significantly different about a phone call which should subject it
to
completely different privacy rules?  That's a core question in this
debate.

Properly authorized wiretaps can of course have significant law
enforcement
value.  But law enforcement *using* authorized surveillance
techniques is
one thing; *requiring* that technology be designed in such a way as
to make
surveillance simpler (or for that matter, possible in a given
situation) is
something entirely different.

As technology evolves, techniques of law enforcement, like those of
war, are
subject to change.  Centuries ago, a suit of full body armor was
protection
against most of the weapons of the era.  With the introduction of
gunpowder
in Europe, armor rapidly became obsolete--upsetting both the
governments
who had invested heavily in armor and those who made the armor! 
This is an
imperfect analogy of course, but the point is that no particular
technology
can be expected to be equally useful forever, and that attempts to
"hold
back" other aspects of technology to "protect" the usefulness of
another
part are wasteful and usually doomed to ultimate failure.

This is especially true now with computer-oriented technologies,
where
software-based techniques of immense power are within the grasp of
anyone
with a personal computer.  The genie of powerful software-based
encryption
systems is out of the bottle--it's doubtful that he can be
successfully
forced back in.  

Of course, the more convenient a particular encryption technology
is to use,
the more likely it is to *get* used.  Theoretically "perfect"
systems have
long existed (such as one-time pads) but they have generally been
relatively
inconvenient to manage logistically (modern computer technology,
however, is
changing even this). 

Does concern about key-escrow systems imply a distrust of those
organizations or agencies who would be currently holding those
keys?  No,
not necessarily.  But organizations and governments change.  The
same
entities you trust at one time may abuse their powers later.  Given
that
access to a Clipper key-escrow pair would give the ability to
decode all
future *and* all previously recorded past transmissions between
affected
units, we're talking about a power that must at least be carefully
scrutinized before being handed over.

Perhaps this is all largely academic.  Maybe there's not going to
be
any push for the limitation or banning of powerful non-key-escrow 
encryption systems.  In that case, this has all been an interesting
intellectual exercise.  But since the crystal ball is unclear,
it is to our benefits to carefully consider all the aspects of
these
technologies now, before they become widely entrenched.

One final point.  I've heard considerable numbers of persons
referring to
Clipper as a "Clinton" plan.  I think it's fairly clear that
Clipper must
have been in development for years, going back for at least one
administration
and perhaps even farther.  It seems likely that the Clinton
administration
was presented with an essentially complete program, and made the 
announcement based on the briefings and information made available
to
them at that time.

Since the project apparently proceeded with only very limited input
from the
outside cryptography or computer science communities, it seems
likely that the
Clinton administration may not have heard a range of viewpoints
regarding
the technology and its implications before the announcement.  The
press
release announcing Clipper said that there is a desire to enter
into a
dialogue regarding these technologies.  So if you have opinions
about
Clipper or similar systems, either positive or negative, I'd urge
you to
make them known, in writing, to the administration and to other
elected
representatives as you see fit.

--Lauren--

------------------------------

Date: Wed, 21 Apr 93 19:21:48 EDT
From: denning@cs.cosc.georgetown.edu (Dorothy Denning)
Subject: THE CLIPPER CHIP: A TECHNICAL SUMMARY


     [ This item was extracted from the RISKS digest. -- MODERATOR
]


                     THE CLIPPER CHIP: A TECHNICAL SUMMARY
                               Dorothy Denning
                           Revised, April 21, 1993

INTRODUCTION

On April 16, the President announced a new initiative that will
bring
together the Federal Government and industry in a voluntary program
to provide secure communications while meeting the legitimate needs
of
law enforcement.  At the heart of the plan is a new tamper-proof
encryption
chip called the "Clipper Chip" together with a split-key approach
to
escrowing keys.  Two escrow agencies are used, and the key parts
from
both are needed to reconstruct a key.


CHIP CONTENTS

The Clipper Chip contains a classified single-key 64-bit block
encryption algorithm called "Skipjack."  The algorithm uses 80 bit
keys
(compared with 56 for the DES) and has 32 rounds of scrambling
(compared with 16 for the DES).  It supports all 4 DES modes of
operation.  The algorithm takes 32 clock ticks, and in Electronic
Codebook (ECB) mode runs at 12 Mbits per second.

Each chip includes the following components:

   the Skipjack encryption algorithm
   F, an 80-bit family key that is common to all chips
   N, a 30-bit serial number (this length is subject to change)
   U, an 80-bit secret key that unlocks all messages encrypted with
the chip

The chips are programmed by Mykotronx, Inc., which calls them the
"MYK-78."  The silicon is supplied by VLSI Technology Inc.  They
are
implemented in 1 micron technology and will initially sell for
about
$30 each in quantities of 10,000 or more.  The price should drop as
the
technology is shrunk to .8 micron.


ENCRYPTING WITH THE CHIP

To see how the chip is used, imagine that it is embedded in the
AT&T
telephone security device (as it will be).  Suppose I call someone
and
we both have such a device.  After pushing a button to start a
secure
conversation, my security device will negotiate an 80-bit session
key K
with the device at the other end.  This key negotiation takes place
without the Clipper Chip.  In general, any method of key exchange
can
be used such as the Diffie-Hellman public-key distribution method.

Once the session key K is established, the Clipper Chip is used to
encrypt the conversation or message stream M (digitized voice). 
The
telephone security device feeds K and M into the chip to produce
two
values:

   E[M; K], the encrypted message stream, and 
   E[E[K; U] + N; F], a law enforcement field , 

which are transmitted over the telephone line.  The law enforcement
field thus contains the session key K encrypted under the unit key
U
concatenated with the serial number N, all encrypted under the
family
key F.  The law enforcement field is decrypted by law enforcement
after
an authorized wiretap has been installed.

The ciphertext E[M; K] is decrypted by the receiver's device using
the
session key:

   D[E[M; K]; K] = M .


CHIP PROGRAMMING AND ESCROW

All Clipper Chips are programmed inside a SCIF (Secure
Compartmented
Information Facility), which is essentially a vault.  The SCIF
contains
a laptop computer and equipment to program the chips.  About 300
chips
are programmed during a single session.  The SCIF is located at
Mykotronx.

At the beginning of a session, a trusted agent from each of the two
key
escrow agencies enters the vault.  Agent 1 enters a secret, random
80-bit value S1 into the laptop and agent 2 enters a secret, random
80-bit value S2. These random values serve as seeds to generate
unit
keys for a sequence of serial numbers.  Thus, the unit keys are a
function of 160 secret, random bits, where each agent knows only
80.
  
To generate the unit key for a serial number N, the 30-bit value N
is
first padded with a fixed 34-bit block to produce a 64-bit block
N1.
S1 and S2 are then used as keys to triple-encrypt N1, producing a
64-bit block R1:

        R1 = E[D[E[N1; S1]; S2]; S1] .

Similarly, N is padded with two other 34-bit blocks to produce N2
and
N3, and two additional 64-bit blocks R2 and R3 are computed:  

        R2 = E[D[E[N2; S1]; S2]; S1] 
        R3 = E[D[E[N3; S1]; S2]; S1] .

R1, R2, and R3 are then concatenated together, giving 192 bits. The
first 80 bits are assigned to U1 and the second 80 bits to U2.  The
rest are discarded.  The unit key U is the XOR of U1 and U2.  U1
and U2
are the key parts that are separately escrowed with the two escrow
agencies.

As a sequence of values for U1, U2, and U are generated, they are
written onto three separate floppy disks.  The first disk contains
a
file for each serial number that contains the corresponding key
part
U1.  The second disk is similar but contains the U2 values.  The
third
disk contains the unit keys U.  Agent 1 takes the first disk and
agent
2 takes the second disk.  Thus each agent walks away knowing
an 80-bit seed and the 80-bit key parts.  However, the agent does
not
know the other 80 bits used to generate the keys or the other
80-bit
key parts.  

The third disk is used to program the chips.  After the chips are
programmed, all information is discarded from the vault and the
agents
leave.  The laptop may be destroyed for additional assurance that
no
information is left behind.
 
The protocol may be changed slightly so that four people are in the
room instead of two.  The first two would provide the seeds S1 and
S2,
and the second two (the escrow agents) would take the disks back to
the escrow agencies. 

The escrow agencies have as yet to be determined, but they will not
be the NSA, CIA, FBI, or any other law enforcement agency.  One or
both may be independent from the government.


LAW ENFORCEMENT USE

When law enforcement has been authorized to tap an encrypted line,
they
will first take the warrant to the service provider in order to get
access to the communications line.  Let us assume that the tap is
in
place and that they have determined that the line is encrypted with
the
Clipper Chip.  The law enforcement field is first decrypted with
the
family key F, giving E[K; U] + N.  Documentation certifying that a
tap
has been authorized for the party associated with serial number N
is
then sent (e.g., via secure FAX) to each of the key escrow agents,
who
return (e.g., also via secure FAX) U1 and U2.  U1 and U2 are XORed
together to produce the unit key U, and E[K; U] is decrypted to get
the
session key K.  Finally the message stream is decrypted.  All this
will
be accomplished through a special black box decoder.


CAPSTONE: THE NEXT GENERATION

A successor to the Clipper Chip, called "Capstone" by the
government
and "MYK-80" by Mykotronx, has already been developed.  It will
include
the Skipjack algorithm, the Digital Signature Standard (DSS), the
Secure Hash Algorithm (SHA), a method of key exchange, a fast
exponentiator, and a randomizer.  A prototoype will be available
for
testing on April 22, and the chips are expected to be ready for
delivery in June or July.


ACKNOWLEDGMENT AND DISTRIBUTION NOTICE.  This article is based on
information provided by NSA, NIST, FBI, and Mykotronx.  Permission
to
distribute this document is granted.

------------------------------

Date:    Mon, 19 Apr 93 9:21:53 EDT
From:    Clipper Chip Announcement <clipper@first.org>
Subject: Slide presented at White House briefing on Clipper Chip

Note:     The following material was handed out a press briefing on
the
          Clipper Chip on 4/16.

                              Chip Operation

                         Microchip
User's Message      +----------------------+
------------------> |                      |      1.  Message
encrypted
                    | Encryption Algorithm |          with user's
key
                    |                      |
                    | Serial #             |      2.  User's key
encrypted
                    |                      |-->       with chip
unique key
                    | Chip Unique Key      |
User's Encryption   |                      |      3.  Serial #
encrypted
Key                 | Chip Family Key      |          with chip
family key
------------------> |                      |
                    |                      |
                    +----------------------+


                             ----------------

              For Law Enforcement to Read a Suspect's Message

1.  Need to obtain court authorized warrant to tap the suspect's
telephone.

2.  Record encrypted message

3.  Use chip family key to decrypt chip serial number

4.  Take this serial number *and* court order to custodians 
    of disks A and B

5.  Add the A and B components for that serial number = the chip
    unique key for the suspect user

6.  Use this key to decrypt the user's message key for 
    this recorded message

7.  Finally, use this message key to decrypt the recorded message.

------------------------------

Date:    Fri, 16 Apr 93 22:44:32 EDT
From:    John R. Levine <johnl@iecc.cambridge.ma.us>
Subject: Clipper Chip questions

Leaving aside the fundamental bogosity of the proposal, I have some
technical questions:

-- Evidently each chip has its own pair of keys, or else each group
of
chips does (the latter meaning that the scheme would only be useful
for
closed networks that only talk to themselves, e.g. ATMs and a
bank's
central computer.)  Lacking physical access to the tappee's
equipment, how
do the cops know which pair of keys they need?  Presumably the chip
broadcasts its serial number from time to time.  Hmmn.

-- The Q and A says that they're keeping the algorithm secret to
protect
the security of the key escrow, which is a most peculiar claim. 
The most
plausible reasons I can think of to keep the scheme secret are A)
they use
a new super-duper scheme invented by the NSA and want to keep it
from the
rest of the world, B) they use a known bad scheme and want to shut
up the
people who would point that out, C) they use a technically
respectable
scheme but believe in security through obscurity.  I'm completely
in the
dark about what this has to do with the key escrow, though.

-- Is there any precedent for classifying the workings of a device
that is
sold to the public?  My impression is that classification has been
heretofore reserved for information related to the armed services
and to
foreign policy.  If I managed to reverse engineer the device
without
access to secret information and published my results, would that
break
any laws?  (Compare to the Princeton student who developed a
workable
design for an atomic bomb quite legally using non-classified
sources.)

-- Who is this outfit Mykotronx who is making the chip?  And where
are
they fabricating it?

-- 
Regards,
John Levine, johnl@iecc.cambridge.ma.us,
{spdcc|ima|world}!iecc!johnl

------------------------------

Date:    Sat, 17 Apr 1993 13:07:22 -0400
From:    Bob Leone <leone@gandalf.ssw.com>
Subject: clipper chip encryption

regarding use of "clipper" chip to encrypt telephone transmissions
(but not
in such a way as to stop the feds from snooping when they so
desire):

This is one of the silliest ideas to come out of Washington in a
long while.
"Terrorists, drug dealers, and other criminals" will not bother
using the
system. With the advent of cheap-but-powerful notebook computers,
coupled
with integrated modems, voice digitization, etc, very soon it will
be
possible for anyone desiring secure communication (secure even from
govt),
to have a laptop which will digitize, encrypt, and digitally
transmit
his voice to another laptop (which would do the inverse
transformation).
Given the rate of technological advance, and the rate that
multi-media
technology is being incorporated in PCs, I would expect that
defeating
technology will be deployed much sooner than the clipper chip will
be.

Does the govt really believe that drug dealers doing a
multi-million-dollar
business will be unable to easily afford defeating technology? Or
that
they would communicate using equipment that everyone knows is
specially
tailored for govt monitoring?


Bob Leone

------------------------------

Date:    Sat, 17 Apr 93 22:12:57 EET
From:    flb@flb.optiplan.fi (F.Baube[tm])
Reply-To: baube@optiplan.fi
Subject: Clipper Chip Announcement

Some thoughts on the suitability of the White House proposal for
achieving
the stated ends, and a possible outcome.

Let us say that I and some correspondents of mine have purchased
(from
abroad one supposes) special-purpose encryption units that
implement an
algorithm not break- able by the authorities.  Let us call these
units PIP,
for Pretty Impregnable Privacy.

I use this PIP unit surreptitiously when communicating with my
correspondents.  I have prudently also purchased a
government-approved
Clipper unit, so that I can of course communicate with other normal
Clipper
units, but *also* so that a "casual eavesdropper" would detect
nothing amiss
on my line: since I possess said Clipper unit, one of course
*expects* my
communications to be encrypted.

If the government holds true to its word, not assembling the key
except with
a court's permission, then under ordinary circumstances, no-one in
law
enforcement need know that I sometimes use this special PIP unit. 
Without
using the completed Clipper key, the authorities cannot distin-
guish a data
stream generated by my PIP unit from a data stream generated by my
decidedly
legal Clipper unit.

The poser comes if it should come to pass that law enforce- ment
does obtain
a warrant, assembles the key halves, and finds they cannot decrypt
my
communications.  What do they do now ?

IF the law states that ownership and use of superior encryption is
illegal, then do they have grounds to raid my premises and
confiscate my
PIP unit, along with anything else that supports their
investigation ?
Because if they cannot simply raid my premises, and instead must go
thru
less intru- sive procedures to stop my using my PIP unit, then of
course I
*know* I am under surveillance; *if* I have been using it for
illegal
purposes, I can act accordingly, to avoid being "caught with the
goods".

Whereas on the other hand, if use of superior encryption equipment
is NOT
prohibited, its use might well become wide spread.  Consider: if
super-crypto is outlawed, only outlaws will have super-crypto; but
if it is
legal and affordable, and purched by any American valuing his or
her
privacy, this will over time severely dent the authorities' ability
to
conduct wiretap surveillance.

This argument would seem to point inexorably towards prohi bition
of the use
of superior encryption, and a government right of search and
seizure if its
use is detected.  But to restate: if I and my correspondents do use
it
anyways, for whatever reasons known only to us (we're not telling
!), then
does this make us subject to search and seizure on these grounds
only:
possession of a particular technical capability whose main effect
is to
enhance our privacy ?  Am I to be an outlaw, merely for having
outlaw-quality crypto ?

With PIP in my den, I and my correspondents, perhaps acti- vists
for a
liberal cause out of favor with the authorities, have fewer fears
of being
the target of a COINTELPRO-style program.  Nor need we fear
development of
Clipper-cracking technology by other parties.  And when the
technology comes
into being for real-time comprehension of the spoken word, I do not
need to
worry about having the contents of my every phone call added to a
data bank
somewhere, no matter what the prevailing political mood is, and no
matter
what degree of lawbreaking there is by the guardians of the law.  

And there certainly seems to have been plenty of *that* in the last
25 years.

-- 
* Fred Baube (tm)         *  In times of intellectual ferment,
* baube@optiplan.fi       * advantage to him with the intellect
* #include <disclaimer.h> * most fermented !
* May '68, Paris: It's Retrospective Time !!  

------------------------------

Date:    Sun, 18 Apr 93 09:44:41 -0400
From:    padgett@tccslr.dnet.mmc.com (A. Padgett Peterson)
Subject: Clipper Chips (USC ?)

Clipper Chip (shades of 1812 - first Mil-Std-1815 and now this 8*)

As you may know, for some years I have been pushing for a
token-pin-challenge
based encryption system for session as well as password encryption
& this
IMHO answers many questions posed by the CC.

I suspect from the wording is that the prime use of the "Baltimore
Clipper"
will be for cellular telephony. Already there is enormous pressure,
primarily resulting from the very high levels of toll faud, to
encrypt
cellular phone communications. Today you have essentially three
choices
in cell phone use: a) don't, b) in the clear, or c) STU-III. This
would
provide a fourth choice. In this case the double key is acceptable
but
does raise the question of how well are the telco's going to
protect them ?
(no more roaming ?)

The field of digital computer communications is as different as Jib
from
Genoa - the concept is the same but the requirements are entirely
different:

1: Instead of having to reveal the keys to a single telco, it will
have to
   be revealed to multiple sites (single sign-on will help but not
eliminate
   the problem).

2: If the key is lost, does the device become worthless ? If field
   programmable, what will stop someone from doing so ? The
authorities
   would not find out until they obtained the court order & the
keys and
   found that they still could not decrypt it. Then what ?

Since I have been thinking about this for quite some time, I do
have some
thoughts however since the government chose not to ask, I doubt
that they
could be incorporated into the existing Clipper. However I would
like to
present them for your consideration:

a) Each Clipper II is programmed with a subset of a very complex
code: say of
   a key and algorithm matrix (the two pieces) capable of 2^112
combinations,
   each chip uses a subset capable of 2^20 (1 million)
combinations, each of
   more than DES strength (I know, these are big numbers but
computers are 
   good at that & this is just for thought - actual numbers could
be firmed 
   up later.

b) A program is included that will pick a unique key/algorithm
combination
   for each communications path. With a million possible
combinations, it
   is doubtful that anyone would run out.

c) Since the GOV would have the full key/algorithm set for that
chip,
   decoding would merely be a matter of a 2^20 search, a few
seconds & made
   simpler if the initial handshake & synch were defined. To a
holder of a
   single key, the set of required searches would be much larger
(2^112 or
   double DES). If a key is disclosed, that using pair simply
selects a
   different one without having to change the others.

Thoughts ? To me the biggest problem is: How would two Clipper
Chips, one
on each end be able to interpret each other - would you use two
key/algorithm
pairs, one for each direction ? The chip might be built with a
fixed
send and a programmable receive. Still simple, just several
possibilities.

For that matter, it might be possible for each transmission use a 
combination of the keyset used at *both ends*. Either would provide
additional protection in that a wiretap order would apply only
to specific sites/conversations and would need both keys. More food
for 
thought.

                                                  Warmly,
                                                            Padgett

------------------------------

Date:    Mon, 19 Apr 93 10:06:38 EDT
From:    Tom Zmudzinski <zmudzint@CC.ims.disa.mil>
Subject: Re: Which countries outlaw encryption? [Privacy #13]

  So spake: "Dave Bakken" <bakken@cs.arizona.edu> 16 Apr 1993 14:51
MST

>   Friday's announcement about the new Clipper Chip
>   mentioned in passing that some countries have effectively
>   outlawed encryption.  Where can one find a list of such
countries
>   or a paper discussing this?  Thanks!

  I can share only partial information (but I do have it on the
highest
  authority -- personal experience):  FRANCE and ENGLAND do not
permit
  private use of encryption (specific details vary -- this is
news?).
  Can anyone else add to the list?

  /z/

  Copyright (c) 1993 by Thomas E. Zmudzinski.  All Rights Reserved.
  Permission granted to PRIVACY FORUM for posting, and ELECTRONIC
reposting
  is permitted in its ENTIRETY, with this notice intact.  Printed
(hard-)
  copy may only be made for personal (non-profit) use.  The author
retains
  all rights to the material herein.  Otherwise bad karma may
result.

------------------------------

Date:    Mon, 19 Apr 93 13:28:56 EDT
From:    sep24@cas.org (Steve Piehler)
Subject: Clipper announcement and asset seizure

The Public Encryption Management Fact Sheet contains this tidbit:

> PROCUREMENT AND USE OF ENCRYPTION DEVICES
>
> [paragraph deleted]
>
> The Attorney General will procure and utilize encryption devices
to
> the extent needed to preserve the government's ability to conduct
> lawful electronic surveillance and to fulfill the need for secure
> law enforcement communications.  Further, the Attorney General
> shall utilize funds from the Department of Justice Asset
Forfeiture
> Super Surplus Fund to effect this purchase.

Is this Asset Forteiture Super Surplus Fund the place where, for
example, cash
seized in drug busts goes?  After reading several horror stories of
assets being
seized with no charges filed and speculation that some busts occur
mainly to
acquire cash and property, I hope this Clipper announcement does
not give law
enforcement officials more incentive to conduct raids. 
(Administrator to field
officers:  "We need a secure phone.  Who can we bust that will have
$199.95 on
hand?")

------------------------------

Date:    Tue, 20 Apr 1993 10:41:47 -0400
From:    cstern@novus.com (Chuck Stern)
Subject: Re: Clipper Key announcement

>
>Subject: text of White House announcement and Q&As on clipper chip
encryption

[ the MODERATOR sez: ]
>     A few general thoughts do seem appropriate, though.  There
are
>     clearly several different aspects of this announcement that
>     need to be carefuly considered.  
>...
>
>     Another aspect revolves around how this technology and its
use
>     would relate to current and future wiretap law and the actual
>     interception of communications, regardless of whether or not
>     intercepted data were immediately decoded.
>
>     Finally, there's the whole issue of "public trust" as it
>     relates to the concept of the proposed "key escrow" system
and
>     the conditions under which those split keys would be
assembled
>     and utilized.
>

A debate here is whether such a system will maintain the status quo
vis-a-vis
wiretaps and electronic surveillance.  I think that this scheme
will do so
(although I'm leery of the NSA proposing something for use by
non-military
entities).

The question is whether the status quo effectively guarantees a
citizen's
rights against unauthorized or illegal surveillance by the
government.

The numbers (of authorized wiretaps) are not the telling part of
the
statistics.  If I remember correctly, the various units of local
and federal
government have gotten on the order of 2 000 wiretap authorizations
over the
past year.  This is a vanishingly small number as a percentage of
total
telephone and data circuits in the US system.  The danger is not
from
authorized wiretaps, but from unauthorized ones.

The FBI, especially under Hoover, conducted unauthorized wiretaps
on citizens
of the US, not because of suspected criminal behavior, but because
of their
political beliefs.  Because of the revelations about these wiretaps
(and the
death of Hoover), the FBI had been put on somewhat of a shorter
leash.

At the risk of sounding like Chicken Little (for non-US readers,
Chicken
Little was hit on the head by an acorn but created a Crisis in
Farmland by
saying that the "sky is falling") (where was I? oh yes) our civil
liberties
are quickly being eroded by the current court's contraction of the
exclusionary rule.  The exclusionary rule says in short that any
evidence
that is gained as a direct result of illegal conduct by the police
cannot be
considered as evidence in a criminal proceeding.  This had been
expanded to
the "fruit of a poisoned tree" doctrine: for example, the evidence
obtained
via a legally obtained search warrant, if the 'probable cause' for
the search
warrant was obtained via an illegal wiretap, should be excluded. 
Under the
current court, however, the exclusionary rule has been relaxed: if
the police
were 'acting in good faith,' then the evidence obtained via an
illegally or
improperly executed search warrant (for example) is admissable.

All of this leads me to my conclusion that the given the current
court makeup
and the "War on Drugs", the current wiretap laws do not offer
sufficient
guarantees of our civil rights to justify maintaining the status
quo.  With
that, I come to the further conclusion that a key that is
breakable, or one
whose constituent parts are held by two different governmental
agencies, does
nothing except further the government's encroachment into our
lives.

I am not proposing that we hamper law enforcement agencies from
doing their
legitimate jobs of 1) upholding the law of the land and 2)
protecting
citizens from having their rights trampled by other citizens.  I am
proposing
that we make it harder for agencies of the government to illegally
collect
information on its citizens.  I do not trust the government to not
expand its
power to, ultimately, pass a law that will make useless
privately-owned
encryption schemes, and I think that this split-key proposal is the
first
step in this direction.

     Chuck Stern

------------------------------

Date:    Wed, 21 Apr 93 16:54:14 EDT
From:    "Lance J. Hoffman" <hoffman@seas.gwu.edu>
Subject: Clipper and Who Holds Crypto Keys

In the light of the recent Clipper announcement, forum readers may
wish
to revisit the discussions of "Who Holds the Keys?".  A good place
to
start, in addition to some of the material in CACM of March 1993
(which
relates mainly to the FBI's digital telephony initiative), is
Proceedings
of the 2nd Conference on Computers, Freedom, and Privacy (order no.
533921
from ACM Press, 1515 Broadway, New York NY 10036.  The same
discussion is
available on audiotape from Audio Archives International, 800
747-8069 and
on videotape from Sweet Pea Productions, 800 235-4922
(cfpvideo@well.sf.ca.us).

-- 
Professor Lance J. Hoffman
Department of Electrical Engineering and Computer Science
The George Washington University
Washington, D. C. 20052

(202) 994-4955
fax: (202) 994-0227
hoffman@seas.gwu.edu

------------------------------

End of PRIVACY Forum Digest 02.14
 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH