9.16.1. "What should Cypherpunks say about Clipper?" - A vast amount has been written, on this list and in dozens of other forums. - Eric Hughes put it nicely a while back: - "The hypothetical backdoor in clipper is a charlatan's issue by comparison, as is discussion of how to make a key escrow system 'work.' Do not be suckered into talking about an issue that is not important. If someone want to talk about potential back doors, refuse to speculate. The existence of a front door (key escrow) make back door issues pale in comparison. "If someone wants to talk about how key escrow works, refuse to elaborate. Saying that this particular key escrow system is bad has a large measure of complicity in saying that escrow systems in general are OK. Always argue that this particular key escrow system is bad because it is a key escrow system, not because it has procedural flaws. "This right issue is that the government has no right to my private communications. Every other issue is the wrong issue and detracts from this central one. If we defeat one particular system without defeating all other possible such systems at the same time, we have not won at all; we have delayed the time of reckoning." [ Eric Hughes, Work the work!, 1993-06-01] 9.16.2. What do most Americans think about Clipper and privacy?" - insights into what we face + "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich - Partners, two-thirds said it was more important to protect the privacy of phone - calls than to preserve the ability of police to conduct wiretaps. - When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", Time, Mar. 4, 1994 9.16.3. Does anyone actually support Clipper? + There are actually legitimate uses for forms of escrow: - corporations - other partnerships 9.16.4. "Who is opposed to Clipper?" - Association for Computing Machinery (ACM). "The USACM urges the Administration at this point to withdraw the Clipper Chip proposal and to begin an open and public review of encryption policy. The escrowed encryption initiative raises vital issues of privacy, law enforcement, competitiveness and scientific innovation that must be openly discussed." [US ACM, DC Office" <usacm_dc@acm.org>, USACM Calls for Clipper Withdrawal, press release, 1994-06- 30] 9.16.5. "What's so bad about key escrow?" + If it's truly voluntary, there can be a valid use for this. + Are trapdoors justified in some cases? + Corporations that wish to recover encrypted data + several scenarios - employee encrypts important files, then dies or is otherwise unavailable + employee leaves company before decrypting all files - some may be archived and not needed to be opened for many years - employee may demand "ransom" (closely related to virus extortion cases) - files are found but the original encryptor is unknown + Likely situation is that encryption algorithms will be mandated by corporation, with a "master key" kept available - like a trapdoor - the existence of the master key may not even be publicized within the company (to head off concerns about security, abuses, etc.) + Government is trying to get trapdoors put in - S.266, which failed ultimately (but not before creating a ruckus) + If the government requires it... - Key escrow means the government can be inside your home without you even knowing it - and key escrow is not really escrow...what does one get back from the "escrow" service? 9.16.6. Why governments should not have keys - can then set people up by faking messages, by planting evidence - can spy on targets for their own purposes (which history tells us can include bribery, corporate espionage, drug- running, assassinations, and all manner of illegal and sleazy activities) - can sabotage contracts, deals, etc. - would give them access to internal corporate communications - undermines the whole validity of such contracts, and of cryptographic standards of identity (shakes confidence) - giving the King or the State the power to impersonate another is a gross injustice - imagine the government of Iran having a backdoor to read the secret journals of its subjects! - 4th Amendment - attorney-client privilege (with trapdoors, no way to know that government has not breached confidentiality) 9.16.7. "How might the Clipper chip be foiled or defeated?" - Politically, market-wise, and technical - If deployed, that is + Ways to Defeat Clipper - preencryption or superencryption - LEAF blower - plug-compatible, reverse-engineered chip - sabotage - undermining confidence - Sun Tzu 9.16.8. How can Clipper be defeated, politically? 9.16.9. How can Clipper be defeated, in the market? 9.16.10. How can Clipper be defeated, technologically? 9.16.11. Questions + Clipper issues and questions - a vast number of questions, comments, challenges, tidbits, details, issues - entire newsgroups devoted to this + "What criminal or terrrorist will be smart enough to use encryption but dumb enough to use Clipper?" - This is one of the Great Unanswered Questions. Clipper's supporter's are mum on this one. Suggesting.... + "Why not encrypt data before using the Clipper/EES?" - "Why can't you just encrypt data before the clipper chip? Two answers: 1) the people you want to communicate with won't have hardware to decrypt your data, statistically speaking. The beauty of clipper from the NSA point of view is that they are leveraging the installed base (they hope) of telephones and making it impossible (again, statistically) for a large fraction of the traffic to be untappable. 2) They won't license bad people like you to make equipment like the system you describe. I'll wager that the chip distribution will be done in a way to prevent significant numbers of such systems from being built, assuring that (1) remains true." [Tom Knight, sci.crypt, 6-5-93] - + What are the implications of mandatory key escrow? + "escrow" is misleading... - wrong use of the term - implies a voluntary, and returnable, situation + "If key escrow is "voluntary," what's the big deal?" - Taxes are supposedly "voluntary," too. - A wise man prepares for what is _possible_ and even _likely_, not just what is announced as part of public policy; policies can and do change. There is plenty of precedent for a "voluntary" system being made mandatory. - The form of the Clipper/EES system suggests eventual mandatory status; the form of such a ban is debatable. + "What is 'superencipherment,' and can it be used to defeat Clipper?" - preencrypting - could be viewed as a non-English language + how could Clipper chip know about it (entropy measures?) - far-fetched - wouldn't solve traffic anal. problem - What's the connection between Clipper and export laws? + "Doesn't this make the Clipper database a ripe target?" - for subversion, sabotage, espionage, theft - presumably backups will be kept, and _these_ will also be targets + "Is Clipper just for voice encryption?" - Clipper is a data encryption chip, with the digital data supplied by an ADC located outside the chip. In principle, it could thus be used for data encryption in general. - In practice, the name Clipper is generally associated with telephone use, while "Capstone" is the data standard (some differences, too). The "Skipjack" algorithm is used in several of these proposed systems (Tessera, also). 9.16.12. "Why is Clipper worse than what we have now?" + John Gilmore answered this question in a nice essay. I'm including the whole thing, including a digression into cellular telephones, because it gives some insight--and names some names of NSA liars--into how NSA and NIST have used their powers to thwart true security. - "It's worse because the market keeps moving toward providing real encryption. "If Clipper succeeds, it will be by displacing real secure encryption. If real secure encryption makes it into mass market communications products, Clipper will have failed. The whole point is not to get a few Clippers used by cops; the point is to make it a worldwide standard, rather than having 3-key triple-DES with RSA and Diffie-Hellman become the worldwide standard. "We'd have decent encryption in digital cellular phones *now*, except for the active intervention of Jerry Rainville of NSA, who `hosted' a meeting of the standards committee inside Ft. Meade, lied to them about export control to keep committee documents limited to a small group, and got a willing dupe from Motorola, Louis Finkelstein, to propose an encryption scheme a child could break. The IS-54 standard for digital cellular doesn't describe the encryption scheme -- it's described in a separate document, which ordinary people can't get, even though it's part of the official accredited standard. (Guess who accredits standards bodies though - - that's right, the once pure NIST.) "The reason it's secret is because it's so obviously weak. The system generates a 160-bit "key" and then simply XORs it against each block of the compressed speech. Take any ten or twenty blocks and recover the key by XORing frequent speech patterns (like silence, or the letter "A") against pieces of the blocks to produce guesses at the key. You try each guess on a few blocks, and the likelihood of producing something that decodes like speech in all the blocks is small enough that you'll know when your guess is the real key. "NSA is continuing to muck around in the Digital Cellular standards committee (TR 45.3) this year too. I encourage anyone who's interested to join the committee, perhaps as an observer. Contact the Telecommunications Industry Association in DC and sign up. Like any standards committee, it's open to the public and meets in various places around the country. I'll lend you a lawyer if you're a foreign national, since the committee may still believe that they must exclude foreign nationals from public discussions of cryptography. Somehow the crypto conferences have no trouble with this; I think it's called the First Amendment. NSA knows the law here -- indeed it enforces it via the State Dept -- but lied to the committee." [John Gilmore, "Why is clipper worse than "no encryption like we have," comp.org.eff.talk, 1994-04- 27] 9.16.13. on trusting the government - "WHAT AM THE MORAL OF THE STORY, UNCLE REMUS?....When the government makes any announcement (ESPECIALLY a denial), you should figure out what the government is trying to get you to do--and do the opposite. Contrarianism with a vengance. Of all the advice I've offered on the Cypherpunks Channel, this is absolutely the most certain." [Sandy Sandfort, 1994-07-17] - if the Founders of the U.S. could see the corrupt, socialist state this nation has degenerated to, they'd be breaking into missile silos and stealing nukes to use against the central power base. + can the government be trusted to run the key escrow system? - "I just heard on the news that 1300 IRS employees have been disciplined for unauthorized accesses to electronically filed income tax returns. ..I'm sure they will do much better, though, when the FBI runs the phone system, the Post Office controls digital identity and Hillary takes care of our health." [Sandy Sandfort, 1994- 07-19] - This is just one of many such examples: Watergate ("I am not a crook!"), Iran-Contra, arms deals, cocaine shipments by the CIA, Teapot Dome, graft, payoffs, bribes, assassinations, Yankee-Cowboy War, Bohemian Grove, Casolaro, more killings, invasions, wars. The government that is too chicken to ever admit it lost a war, and conspicuously avoids diplomatic contact with enemies it failed to vanquish (Vietnam, North Korea, Cuba, etc.), while quickly becoming sugar daddy to the countries it did vanquish...the U.S. appears to be lacking in practicality. (Me, I consider it wrong for anyone to tell me I can't trade with folks in another country, whether it's Haiti, South Africa, Cuba, Korea, whatever. Crypto anarchy means we'll have _some_ of the ways of bypassing these laws, of making our own moral decisions without regard to the prevailing popular sentiment of the countries in which we live at the moment.)
Next Page: 9.17 Legal Issues with Escrowed Encryption and Clipper
Previous Page: 9.15 Software Key Escrow
By Tim May, see README
HTML by Jonathan Rochkind