9.18.1. Constitutional Issues - 4th Amend - privacy of attorney-client, etc. + Feds can get access without public hearings, records - secret intelligence courts - + "It is uncontested (so far as I have read) that under certain circum- - stances, the Federal intelligence community wil be permitted to - obtain Clipper keys without any court order on public record. Only - internal, classified proceedings will protect our privacy." <Steve Waldman, steve@vesheu.sar.usf.edu, sci.crypt, 4-13-94> 9.18.2. "What are some dangers of Clipper, if it is widely adopted?" + sender/receiver ID are accessible without going to the key escrow - this makes traffic analysis, contact lists, easy to generate + distortions of markets ("chilling effects") as a plan by government - make alternatives expensive, hard to export, grounds for suspicion - use of ITAR to thwart alternatives (would be helped if Cantwell bill to liberalize export controls on cryptography (HR 3627) passes) + VHDL implementations possible - speculates Lew Glendenning, sci.crypt, 4-13-94 - and recall MIPS connection (be careful here) 9.18.3. Market Isssues 9.18.4. "What are the weaknesses in Clipper?" + Carl Ellison analyzed it this way: - "It amuses the gallows-humor bone in me to see people busily debating the quality of Skipjack as an algorithm and the quality of the review of its strength. Someone proposes to dangle you over the Grand Canyon using sewing thread tied to steel chain tied to knitting yarn and you're debating whether the steel chain has been X- rayed properly to see if there are flaws in the metal. "Key generation, chip fabrication, court orders, distribution of keys once acquired from escrow agencies and safety of keys within escrow agencies are some of the real weaknesses. Once those are as strong as my use of 1024-bit RSA and truly random session keys in keeping keys on the two sides of a conversation with no one in the middle able to get the key, then we need to look at the steel chain in the middle: Skipjack itself." [Carl Ellison, 1993-08-02] + Date: Mon, 2 Aug 93 17:29:54 EDT From: cme@ellisun.sw.stratus.com (Carl Ellison) To: cypherpunks@toad.com Subject: cross-post Status: OR Path: transfer.stratus.com!ellisun.sw.stratus.com!cme From: cme@ellisun.sw.stratus.com (Carl Ellison) Newsgroups: sci.crypt Subject: Skipjack review as a side-track Date: 2 Aug 1993 21:25:11 GMT Organization: Stratus Computer, Marlboro MA Lines: 28 Message-ID: <23k0nn$8gk@transfer.stratus.com> NNTP-Posting-Host: ellisun.sw.stratus.com It amuses the gallows-humor bone in me to see people busily debating the quality of Skipjack as an algorithm and the quality of the review of its strength. Someone proposes to dangle you over the Grand Canyon using sewing thread tied to steel chain tied to knitting yarn and you're debating whether the steel chain has been X- rayed properly to see if there are flaws in the metal. Key generation, chip fabrication, court orders, distribution of keys once acquired from escrow agencies and safety of keys within escrow agencies are some of the real weaknesses. Once those are as strong as my use of 1024-bit RSA and truly random session keys in keeping keys on the two sides of a conversation with no one in the middle able to get the key, then we need to look at the steel chain in the middle: Skipjack itself. - "Key generation, chip fabrication, court orders, distribution of keys once acquired from escrow agencies and safety of keys within escrow agencies are some of the real weaknesses. Once those are as strong as my use of 1024-bit RSA and truly random session keys in keeping keys on the two sides of a conversation with no one in the middle able to get the key, then we need to look at the steel chain in the middle: Skipjack itself." 9.18.5. What it Means for the Future 9.18.6. Skipjack 9.18.7. National security exceptions - grep Gilmore's FOIA for mention that national security people will have direct access and that this will not be mentioned to the public + "The "National Security" exception built into the Clipper proposal - leaves an extraordinarily weak link in the chain of procedures designed - to protect user privacy. To place awesome powers of surveillance - technologically within the reach of a few, hoping that so weak a chain - will bind them, would amount to dangerous folly. It flies in the face - of history. <Steve Waldman, steve@vesheu.sar.usf.edu, 4- 14-94, talk.politics.crypto> 9.18.8. In my view, any focus on the details of Clipper instead of the overall concept of key escrow plays into their hands. This is not to say that the work of Blaze and others is misguided....in fact, it's very fine work. But a general focus on the _details_ of Skipjack does nothing to allay my concerns about the _principle_ of government-mandated crypto. If it were "house key escrow" and there were missing details about the number of teeth allowed on the keys, would be then all breathe a sigh of relief if the details of the teeth were clarified? Of course not. Me, I will never use a key escrow system, even if a blue ribbon panel of hackers and Cypherpunks studies the design and declares it to be cryptographically sound. 9.18.9. Concern about Clipper - allows past communications to be read + authorities could--maybe--read a lot of stuff, even illegally, then use this for other investigations (the old "we had an anonymous tip" ploy) - "The problem with Clipper is that it provides police agencies with dramatically enhanced target acquistion. There is nothing to prevent NSA, ATF, FBI (or the Special Projects division of the Justice Department) from reviewing all internet traffic, as long as they are willing to forsake using it in a criminal prosecution." [dgard@netcom.com, alt.privacy.clipper, 1994-07-05] 9.18.10. Some wags have suggested that the new escrow agencies be chosen from groups like Amnesty International and the ACLU. Most of us are opposed to the "very idea" of key escrow (think of being told to escrow family photos, diaries, or house keys) and hence even these kinds of skeptical groups are unacceptable as escrow agents.
Next Page: 9.19 Loose Ends
Previous Page: 9.17 Legal Issues with Escrowed Encryption and Clipper
By Tim May, see README
HTML by Jonathan Rochkind