Cyphernomicon Top
Cyphernomicon 9.16

Policy: Clipper,Key Escrow, and Digital Telephony:
Politics, Opposition


   9.16.1. "What should Cypherpunks say about Clipper?"
           - A vast amount has been written, on this list and in dozens
              of other forums.
           - Eric Hughes put it nicely a while back:
           - "The hypothetical backdoor in clipper is a charlatan's
              issue by comparison, as is discussion of how to make a key
              escrow system
              'work.'  Do not be suckered into talking about an issue
              that is not
              important.  If someone want to talk about potential back
              doors, refuse to speculate.  The existence of a front door
              (key escrow) make back door issues pale in comparison.
              
              "If someone wants to talk about how key escrow works,
              refuse to
              elaborate.  Saying that this particular key escrow system
              is bad has a large measure of complicity in saying that
              escrow systems in general are OK.  Always argue that this
              particular key escrow system is bad because it is a key
              escrow system, not because it has procedural flaws.
              
              "This right issue is that the government has no right to my
              private communications.  Every other issue is the wrong
              issue and detracts from this central one.  If we defeat one
              particular system without defeating all other possible such
              systems at the same time, we have not won at all; we have
              delayed the time of reckoning." [ Eric Hughes, Work the
              work!, 1993-06-01]
   9.16.2. What do most Americans think about Clipper and privacy?"
           - insights into what we face
           + "In a Time/CNN poll of 1,000 Americans conducted last week
              by Yankelovich
             - Partners, two-thirds said it was more important to
                protect the privacy of phone
             - calls than to preserve the ability of police to conduct
                wiretaps.
             - When informed about the Clipper Chip, 80% said they
                opposed it."
             - Philip Elmer-Dewitt, "Who Should Keep the Keys", Time,
                Mar. 4, 1994
   9.16.3. Does anyone actually support Clipper?
           + There are actually legitimate uses for forms of escrow:
             - corporations
             - other partnerships
   9.16.4. "Who is opposed to Clipper?"
           - Association for Computing Machinery (ACM). "The USACM urges
              the Administration at this point to withdraw the Clipper
              Chip proposal and to begin an open and public review of
              encryption policy.  The escrowed encryption initiative
              raises vital issues of privacy, law enforcement,
              competitiveness and scientific innovation that must be
              openly discussed." [US ACM, DC Office" <usacm_dc@acm.org>,
              USACM Calls for Clipper Withdrawal, press release, 1994-06-
              30]
   9.16.5. "What's so bad about key escrow?"
           + If it's truly voluntary, there can be a valid use for this.
             + Are trapdoors justified in some cases?
               + Corporations that wish to recover encrypted data
                 + several scenarios
                   - employee encrypts important files, then dies or is
                      otherwise unavailable
                   + employee leaves company before decrypting all files
                     - some may be archived and not needed to be opened
                        for many years
                   - employee may demand "ransom" (closely related to
                      virus extortion cases)
                   - files are found but the original encryptor is
                      unknown
               + Likely situation is that encryption algorithms will be
                  mandated by corporation, with a "master key" kept
                  available
                 - like a trapdoor
                 - the existence of the master key may not even be
                    publicized within the company (to head off concerns
                    about security, abuses, etc.)
               + Government is trying to get trapdoors put in
                 - S.266, which failed ultimately (but not before
                    creating a ruckus)
           + If the government requires it...
             - Key escrow means the government can be inside your home
                without you even knowing it
           - and key escrow is not really escrow...what does one get
              back from the "escrow" service?
   9.16.6. Why governments should not have keys
           - can then set people up by faking messages, by planting
              evidence
           - can spy on targets for their own purposes (which history
              tells us can include bribery, corporate espionage, drug-
              running, assassinations, and all manner of illegal and
              sleazy activities)
           - can sabotage contracts, deals, etc.
           - would give them access to internal corporate communications
           - undermines the whole validity of such contracts, and of
              cryptographic standards of identity (shakes confidence)
           - giving the King or the State the power to impersonate
              another is a gross injustice
           - imagine the government of Iran having a backdoor to read
              the secret journals of its subjects!
           - 4th Amendment
           - attorney-client privilege (with trapdoors, no way to know
              that government has not breached confidentiality)
   9.16.7. "How might the Clipper chip be foiled or defeated?"
           - Politically, market-wise, and technical
           - If deployed, that is
           + Ways to Defeat Clipper
             - preencryption or superencryption
             - LEAF blower
             - plug-compatible, reverse-engineered chip
             - sabotage
             - undermining confidence
             - Sun Tzu
   9.16.8. How can Clipper be defeated, politically?
   9.16.9. How can Clipper be defeated, in the market?
  9.16.10. How can Clipper be defeated, technologically?
  9.16.11. Questions
           + Clipper issues and questions
             - a vast number of questions, comments, challenges,
                tidbits, details, issues
             - entire newsgroups devoted to this
           + "What criminal or terrrorist will be smart enough to use
              encryption but dumb enough to use Clipper?"
             - This is one of the Great Unanswered Questions. Clipper's
                supporter's are mum on this one. Suggesting....
           + "Why not encrypt data before using the Clipper/EES?"
             - "Why can't you just encrypt data before the clipper chip?
                
                Two answers:
                
                1) the people you want to communicate with won't have
                hardware to
                   decrypt your data, statistically speaking.  The beauty
                of clipper
                   from the NSA point of view is that they are leveraging
                the
                   installed base (they hope) of telephones and making it
                impossible
                   (again, statistically) for a large fraction of the
                traffic to be
                   untappable.
                
                2) They won't license bad people like you to make
                equipment like the
                   system you describe.  I'll wager that the chip
                distribution will be
                   done in a way to prevent significant numbers of such
                systems from
                   being built, assuring that (1) remains true." [Tom
                Knight, sci.crypt, 6-5-93]
                
             -
           + What are the implications of mandatory key escrow?
             + "escrow" is misleading...
               - wrong use of the term
               - implies a voluntary, and returnable, situation
           + "If key escrow is "voluntary," what's the big deal?"
             - Taxes are supposedly "voluntary," too.
             - A wise man prepares for what is _possible_ and even
                _likely_, not just what is announced as part of public
                policy; policies can and do change. There is plenty of
                precedent for a "voluntary" system being made mandatory.
             - The form of the Clipper/EES system suggests eventual
                mandatory status; the form of such a ban is debatable.
           + "What is 'superencipherment,' and can it be used to defeat
              Clipper?"
             - preencrypting
             - could be viewed as a non-English language
             + how could Clipper chip know about it (entropy measures?)
               - far-fetched
             - wouldn't solve traffic anal. problem
           - What's the connection between Clipper and export laws?
           + "Doesn't this make the Clipper database a ripe target?"
             - for subversion, sabotage, espionage, theft
             - presumably backups will be kept, and _these_ will also be
                targets
           + "Is Clipper just for voice encryption?"
             - Clipper is a data encryption chip, with the digital data
                supplied by an ADC located outside the chip. In
                principle, it could thus be used for data encryption in
                general.
             - In practice, the name Clipper is generally associated
                with telephone use, while "Capstone" is the data standard
                (some differences, too). The "Skipjack" algorithm is used
                in several of these proposed systems (Tessera, also).
  9.16.12. "Why is Clipper worse than what we have now?"
           + John Gilmore answered this question in a nice essay. I'm
              including the whole thing, including a digression into
              cellular telephones, because it gives some insight--and
              names some names of NSA liars--into how NSA and NIST have
              used their powers to thwart true security.
             - "It's worse because the market keeps moving toward
                providing real encryption.
                
                "If Clipper succeeds, it will be by displacing real
                secure encryption. If real secure encryption makes it
                into mass market communications products, Clipper will
                have failed.  The whole point is not to get a few
                Clippers used by cops; the point is to make it a
                worldwide standard, rather than having 3-key triple-DES
                with RSA and Diffie-Hellman become the worldwide
                standard.
                
                "We'd have decent encryption in digital cellular phones
                *now*, except for the active intervention of Jerry
                Rainville of NSA, who `hosted' a meeting of the standards
                committee inside Ft. Meade, lied to them about export
                control to keep committee documents limited to a small
                group, and got a willing dupe from Motorola, Louis
                Finkelstein, to propose an encryption scheme a child
                could break.  The IS-54 standard for digital cellular
                doesn't describe the encryption scheme -- it's described
                in a separate document, which ordinary people can't get,
                even though it's part of the official accredited
                standard.  (Guess who accredits standards bodies though -
                - that's right, the once pure NIST.)
                
                "The reason it's secret is because it's so obviously
                weak.  The system generates a 160-bit "key" and then
                simply XORs it against each block of the compressed
                speech.  Take any ten or twenty blocks and recover the
                key by XORing frequent speech patterns (like silence, or
                the letter "A") against pieces of the blocks to produce
                guesses at the key.  You try each guess on a few blocks,
                and the likelihood of producing something that decodes
                like speech in all the blocks is small enough that you'll
                know when your guess is the real key.
                
                "NSA is continuing to muck around in the Digital Cellular
                standards committee (TR 45.3) this year too.  I encourage
                anyone who's interested to join the committee, perhaps as
                an observer.  Contact the Telecommunications Industry
                Association in DC and sign up.  Like any standards
                committee, it's open to the public and meets in various
                places around the country.  I'll lend you a lawyer if
                you're a foreign national, since the committee may still
                believe that they must exclude foreign nationals from
                public discussions of cryptography.  Somehow the crypto
                conferences have no trouble with this; I think it's
                called the First Amendment.  NSA knows the law here --
                indeed it enforces it via the State Dept -- but lied to
                the committee." [John Gilmore, "Why is clipper worse than
                "no encryption like we have," comp.org.eff.talk, 1994-04-
                27]
  9.16.13. on trusting the government
           - "WHAT AM THE MORAL OF THE STORY, UNCLE REMUS?....When the
              government makes any announcement (ESPECIALLY a denial),
              you should figure out what the government is trying to get
              you to do--and do the opposite.  Contrarianism with a
              vengance.  Of all the advice I've  offered on the
              Cypherpunks Channel, this is absolutely the most certain."
              [Sandy Sandfort, 1994-07-17]
           - if the Founders of the U.S. could see the corrupt,
              socialist state this nation has degenerated to, they'd be
              breaking into missile silos and stealing nukes to use
              against the central power base.
           + can the government be trusted to run the key escrow system?
             - "I just heard on the news that 1300 IRS employees have
                been disciplined for unauthorized accesses to
                electronically filed income tax returns.  ..I'm sure they
                will do much better, though, when the FBI runs the phone
                system, the Post Office controls digital identity and
                Hillary takes care of our health." [Sandy Sandfort, 1994-
                07-19]
             - This is just one of many such examples: Watergate ("I am
                not a crook!"), Iran-Contra, arms deals, cocaine
                shipments by the CIA, Teapot Dome, graft, payoffs,
                bribes, assassinations, Yankee-Cowboy War, Bohemian
                Grove, Casolaro, more killings, invasions, wars. The
                government that is too chicken to ever admit it lost a
                war, and conspicuously avoids diplomatic contact with
                enemies it failed to vanquish (Vietnam, North Korea,
                Cuba, etc.), while quickly becoming sugar daddy to the
                countries it did vanquish...the U.S. appears to be
                lacking in practicality. (Me, I consider it wrong for
                anyone to tell me I can't trade with folks in another
                country, whether it's Haiti, South Africa, Cuba, Korea,
                whatever. Crypto anarchy means we'll have _some_ of the
                ways of bypassing these laws, of making our own moral
                decisions without regard to the prevailing popular
                sentiment of the countries in which we live at the
                moment.)
 

Next Page: 9.17 Legal Issues with Escrowed Encryption and Clipper
Previous Page: 9.15 Software Key Escrow

By Tim May, see README

HTML by Jonathan Rochkind