9.16.1. "What should Cypherpunks say about Clipper?"
- A vast amount has been written, on this list and in dozens
of other forums.
- Eric Hughes put it nicely a while back:
- "The hypothetical backdoor in clipper is a charlatan's
issue by comparison, as is discussion of how to make a key
escrow system
'work.' Do not be suckered into talking about an issue
that is not
important. If someone want to talk about potential back
doors, refuse to speculate. The existence of a front door
(key escrow) make back door issues pale in comparison.
"If someone wants to talk about how key escrow works,
refuse to
elaborate. Saying that this particular key escrow system
is bad has a large measure of complicity in saying that
escrow systems in general are OK. Always argue that this
particular key escrow system is bad because it is a key
escrow system, not because it has procedural flaws.
"This right issue is that the government has no right to my
private communications. Every other issue is the wrong
issue and detracts from this central one. If we defeat one
particular system without defeating all other possible such
systems at the same time, we have not won at all; we have
delayed the time of reckoning." [ Eric Hughes, Work the
work!, 1993-06-01]
9.16.2. What do most Americans think about Clipper and privacy?"
- insights into what we face
+ "In a Time/CNN poll of 1,000 Americans conducted last week
by Yankelovich
- Partners, two-thirds said it was more important to
protect the privacy of phone
- calls than to preserve the ability of police to conduct
wiretaps.
- When informed about the Clipper Chip, 80% said they
opposed it."
- Philip Elmer-Dewitt, "Who Should Keep the Keys", Time,
Mar. 4, 1994
9.16.3. Does anyone actually support Clipper?
+ There are actually legitimate uses for forms of escrow:
- corporations
- other partnerships
9.16.4. "Who is opposed to Clipper?"
- Association for Computing Machinery (ACM). "The USACM urges
the Administration at this point to withdraw the Clipper
Chip proposal and to begin an open and public review of
encryption policy. The escrowed encryption initiative
raises vital issues of privacy, law enforcement,
competitiveness and scientific innovation that must be
openly discussed." [US ACM, DC Office" <usacm_dc@acm.org>,
USACM Calls for Clipper Withdrawal, press release, 1994-06-
30]
9.16.5. "What's so bad about key escrow?"
+ If it's truly voluntary, there can be a valid use for this.
+ Are trapdoors justified in some cases?
+ Corporations that wish to recover encrypted data
+ several scenarios
- employee encrypts important files, then dies or is
otherwise unavailable
+ employee leaves company before decrypting all files
- some may be archived and not needed to be opened
for many years
- employee may demand "ransom" (closely related to
virus extortion cases)
- files are found but the original encryptor is
unknown
+ Likely situation is that encryption algorithms will be
mandated by corporation, with a "master key" kept
available
- like a trapdoor
- the existence of the master key may not even be
publicized within the company (to head off concerns
about security, abuses, etc.)
+ Government is trying to get trapdoors put in
- S.266, which failed ultimately (but not before
creating a ruckus)
+ If the government requires it...
- Key escrow means the government can be inside your home
without you even knowing it
- and key escrow is not really escrow...what does one get
back from the "escrow" service?
9.16.6. Why governments should not have keys
- can then set people up by faking messages, by planting
evidence
- can spy on targets for their own purposes (which history
tells us can include bribery, corporate espionage, drug-
running, assassinations, and all manner of illegal and
sleazy activities)
- can sabotage contracts, deals, etc.
- would give them access to internal corporate communications
- undermines the whole validity of such contracts, and of
cryptographic standards of identity (shakes confidence)
- giving the King or the State the power to impersonate
another is a gross injustice
- imagine the government of Iran having a backdoor to read
the secret journals of its subjects!
- 4th Amendment
- attorney-client privilege (with trapdoors, no way to know
that government has not breached confidentiality)
9.16.7. "How might the Clipper chip be foiled or defeated?"
- Politically, market-wise, and technical
- If deployed, that is
+ Ways to Defeat Clipper
- preencryption or superencryption
- LEAF blower
- plug-compatible, reverse-engineered chip
- sabotage
- undermining confidence
- Sun Tzu
9.16.8. How can Clipper be defeated, politically?
9.16.9. How can Clipper be defeated, in the market?
9.16.10. How can Clipper be defeated, technologically?
9.16.11. Questions
+ Clipper issues and questions
- a vast number of questions, comments, challenges,
tidbits, details, issues
- entire newsgroups devoted to this
+ "What criminal or terrrorist will be smart enough to use
encryption but dumb enough to use Clipper?"
- This is one of the Great Unanswered Questions. Clipper's
supporter's are mum on this one. Suggesting....
+ "Why not encrypt data before using the Clipper/EES?"
- "Why can't you just encrypt data before the clipper chip?
Two answers:
1) the people you want to communicate with won't have
hardware to
decrypt your data, statistically speaking. The beauty
of clipper
from the NSA point of view is that they are leveraging
the
installed base (they hope) of telephones and making it
impossible
(again, statistically) for a large fraction of the
traffic to be
untappable.
2) They won't license bad people like you to make
equipment like the
system you describe. I'll wager that the chip
distribution will be
done in a way to prevent significant numbers of such
systems from
being built, assuring that (1) remains true." [Tom
Knight, sci.crypt, 6-5-93]
-
+ What are the implications of mandatory key escrow?
+ "escrow" is misleading...
- wrong use of the term
- implies a voluntary, and returnable, situation
+ "If key escrow is "voluntary," what's the big deal?"
- Taxes are supposedly "voluntary," too.
- A wise man prepares for what is _possible_ and even
_likely_, not just what is announced as part of public
policy; policies can and do change. There is plenty of
precedent for a "voluntary" system being made mandatory.
- The form of the Clipper/EES system suggests eventual
mandatory status; the form of such a ban is debatable.
+ "What is 'superencipherment,' and can it be used to defeat
Clipper?"
- preencrypting
- could be viewed as a non-English language
+ how could Clipper chip know about it (entropy measures?)
- far-fetched
- wouldn't solve traffic anal. problem
- What's the connection between Clipper and export laws?
+ "Doesn't this make the Clipper database a ripe target?"
- for subversion, sabotage, espionage, theft
- presumably backups will be kept, and _these_ will also be
targets
+ "Is Clipper just for voice encryption?"
- Clipper is a data encryption chip, with the digital data
supplied by an ADC located outside the chip. In
principle, it could thus be used for data encryption in
general.
- In practice, the name Clipper is generally associated
with telephone use, while "Capstone" is the data standard
(some differences, too). The "Skipjack" algorithm is used
in several of these proposed systems (Tessera, also).
9.16.12. "Why is Clipper worse than what we have now?"
+ John Gilmore answered this question in a nice essay. I'm
including the whole thing, including a digression into
cellular telephones, because it gives some insight--and
names some names of NSA liars--into how NSA and NIST have
used their powers to thwart true security.
- "It's worse because the market keeps moving toward
providing real encryption.
"If Clipper succeeds, it will be by displacing real
secure encryption. If real secure encryption makes it
into mass market communications products, Clipper will
have failed. The whole point is not to get a few
Clippers used by cops; the point is to make it a
worldwide standard, rather than having 3-key triple-DES
with RSA and Diffie-Hellman become the worldwide
standard.
"We'd have decent encryption in digital cellular phones
*now*, except for the active intervention of Jerry
Rainville of NSA, who `hosted' a meeting of the standards
committee inside Ft. Meade, lied to them about export
control to keep committee documents limited to a small
group, and got a willing dupe from Motorola, Louis
Finkelstein, to propose an encryption scheme a child
could break. The IS-54 standard for digital cellular
doesn't describe the encryption scheme -- it's described
in a separate document, which ordinary people can't get,
even though it's part of the official accredited
standard. (Guess who accredits standards bodies though -
- that's right, the once pure NIST.)
"The reason it's secret is because it's so obviously
weak. The system generates a 160-bit "key" and then
simply XORs it against each block of the compressed
speech. Take any ten or twenty blocks and recover the
key by XORing frequent speech patterns (like silence, or
the letter "A") against pieces of the blocks to produce
guesses at the key. You try each guess on a few blocks,
and the likelihood of producing something that decodes
like speech in all the blocks is small enough that you'll
know when your guess is the real key.
"NSA is continuing to muck around in the Digital Cellular
standards committee (TR 45.3) this year too. I encourage
anyone who's interested to join the committee, perhaps as
an observer. Contact the Telecommunications Industry
Association in DC and sign up. Like any standards
committee, it's open to the public and meets in various
places around the country. I'll lend you a lawyer if
you're a foreign national, since the committee may still
believe that they must exclude foreign nationals from
public discussions of cryptography. Somehow the crypto
conferences have no trouble with this; I think it's
called the First Amendment. NSA knows the law here --
indeed it enforces it via the State Dept -- but lied to
the committee." [John Gilmore, "Why is clipper worse than
"no encryption like we have," comp.org.eff.talk, 1994-04-
27]
9.16.13. on trusting the government
- "WHAT AM THE MORAL OF THE STORY, UNCLE REMUS?....When the
government makes any announcement (ESPECIALLY a denial),
you should figure out what the government is trying to get
you to do--and do the opposite. Contrarianism with a
vengance. Of all the advice I've offered on the
Cypherpunks Channel, this is absolutely the most certain."
[Sandy Sandfort, 1994-07-17]
- if the Founders of the U.S. could see the corrupt,
socialist state this nation has degenerated to, they'd be
breaking into missile silos and stealing nukes to use
against the central power base.
+ can the government be trusted to run the key escrow system?
- "I just heard on the news that 1300 IRS employees have
been disciplined for unauthorized accesses to
electronically filed income tax returns. ..I'm sure they
will do much better, though, when the FBI runs the phone
system, the Post Office controls digital identity and
Hillary takes care of our health." [Sandy Sandfort, 1994-
07-19]
- This is just one of many such examples: Watergate ("I am
not a crook!"), Iran-Contra, arms deals, cocaine
shipments by the CIA, Teapot Dome, graft, payoffs,
bribes, assassinations, Yankee-Cowboy War, Bohemian
Grove, Casolaro, more killings, invasions, wars. The
government that is too chicken to ever admit it lost a
war, and conspicuously avoids diplomatic contact with
enemies it failed to vanquish (Vietnam, North Korea,
Cuba, etc.), while quickly becoming sugar daddy to the
countries it did vanquish...the U.S. appears to be
lacking in practicality. (Me, I consider it wrong for
anyone to tell me I can't trade with folks in another
country, whether it's Haiti, South Africa, Cuba, Korea,
whatever. Crypto anarchy means we'll have _some_ of the
ways of bypassing these laws, of making our own moral
decisions without regard to the prevailing popular
sentiment of the countries in which we live at the
moment.)
By Tim May, see README
HTML by Jonathan Rochkind