1993-08-04 - comments on Denning’s American Scientist article on Clipper

Header Data

From: “L. Detweiler” <ld231782@longs.lance.colostate.edu>
To: cypherpunks@toad.com
Message Hash: 776766d4aed6efcaa1e95f8bdf139bbd5708c3e8c49db59ad1c8039f002086a0
Message ID: <9308040728.AA22252@longs.lance.colostate.edu>
Reply To: N/A
UTC Datetime: 1993-08-04 07:29:25 UTC
Raw Date: Wed, 4 Aug 93 00:29:25 PDT

Raw message

From: "L. Detweiler" <ld231782@longs.lance.colostate.edu>
Date: Wed, 4 Aug 93 00:29:25 PDT
To: cypherpunks@toad.com
Subject: comments on Denning's American Scientist article on Clipper
Message-ID: <9308040728.AA22252@longs.lance.colostate.edu>
MIME-Version: 1.0
Content-Type: text/plain


Some notes on the D. Denning article on Clipper in Sigma Xi American
Scientist, July-August, vol 81 p. 319-323. Essentially almost nothing
new for people who have tracked the debate on the Internet. Some tiny
scraps at the end.

This is a sort of `Scientific American' article on the Clipper chip.
Apparently it was written before the switch to the Skipjack moniker,
although under the photo caption of the chip it states `The name
`Clipper Chip' should not be confused with Integraph Corperation's microprocessor.'

The article begins by noting that cryptography is as ancient as Julius
Caesar and the Gallic Wars. Clinton's Clipper and Capstone as a `new
government standard for encryption.'  Short blurb on public key
cryptosystems a la Diffie & Hellman and RSA in mid 1970s, `a turning
point in the development of modern cryptosystem.' (Madam, it is a
revolution.) DES in 1977 by IBM `with advice from the National Security
Agency.'  Mentions PEM as example of `growing interest in strong
cryptosystems that protect unclassified, private-sector
telecommunications and computer data.'

Next, the AT&T Model 3600 Telephone Security Device, which used the DES
chip that `illustrates the basic issues--some technical and some
societal--involved in securing voice communcations.' Denning says the
key exchange algorithm in the phone is `proprietary' but gives the
Diffie Hellman math as example.

Then we hear of Omnibus Crime Control and Safe Streets Act of 1968 that
limits electronic surveillance, including wiretapping, to be `conducted
lawfully only by law-enforcement agencies that are authorized with a
court warrant, and then only for serious criminal activities in which
other means of gathering evidence have failed, are likely to fail or
are too dangerous.'

`This act prohibits surveillance in other cases such as political
discourse. The law provides a practical basis for safeguarding privacy
rights while allowing legitimate criminal investigations. In applies
only to federal investigations; two-thirds of the states have their own
laws that govern local surveillance activities.'

`Officials in the Dept. of Justice have become concerned that the
increasing use of digital encoding and the success of public
cryptography may make it impossible to intercept or understand criminal
communications. The AT&T telephone device added urgency to that
concern.' Hm, even the Clipper announcement didn't note any `concern'...

Then, Clipper was `proposed' by Clinton administration to (1) secure
telephone conversations, (2) preserve law-enforcement capability to
`legally intercept the telephone conversations of suspected criminals'
(wow, finally a word like `suspected' or `reputed' or `alleged' in
conjunction with Clipper, a real milestone), and (3) split key escrow
system that `balances' privacy.  `The president declared that it is
essential to establish these principles now, while the `national
information infrastructure' is still young, so that privacy and
effective law enforcement can guaranteed for everyone in years ahead.'
I don't recall that proclamation. What were his exact words again?

Next, description of Clipper and Capstone and the first user-friendly
diagrams suitable for public consumption showing the key generation,
communication session, and interception.  Fairly detailed esp. with the
key generation. Does not indicate at all how the key escrow agencies
are assured that the chip IDs presented to them are actually of the
people named in a warrant. `The details of the law-enforcement field
are classified so that no one will be able to construct compatible
chips that bypass this feature. Consequently, the structure of the law
enforcement decoder is classified.'

Then, Capstone as Clipper successor `will be relased this summer' with
all the same elements plus DSA, key negotiation, exponentiation, and
random number generator. `If the Capstone Chip become available on
workstations and personal computers, it could also be used for Privacy
Enhanced Mail.'  (Boy, clearly someone at NSA is really concerned about
this PEM thing.)

Yeeks, here's the news: `The Clinton administration intends to [promote
Clipper and] by developing and promulgating a standard for all
sensitive, unclassified federal communications by the end of 1993.'' 
The ominous statement is that this seems to suggest something more than
Clipper.  `The Clinton administration believes that industry will
follow the government's lead as it did in the 1970s with the DES
system.' (we'll see.) 

`The administration does not propose to enforce the use of the Clipper
Chip because it believes the technology will become widespread without coercion'.

This is the tantalizingly familar NSAspeak into which people can read
whatever they want, the same sounds-OK-except-to-here and
what-are-they-really-saying sentence structure that permeated the
Clipper announcment. Taken in the first half, it seems to be the most
bold and unequivocal indication so far in the popular press that
Clipper nor any other system will be `enforced'. On the other hand, it
also has the ulterior suggestion that if the technology does *not*
become widespread without coercion, some other attack will be
formulated, and the `administration' cannot be considered liable for
any seeming promises for unrestriction.

Now, for the kicker: the National Security Council will finish their
`comprehensive policy review' hinted in the Clipper announcement on
`privacy, secure business communications, ... electronic surveillance,
... manufacture and export of advanced [cryptographic] products, use of
advanced [cryptographic] technologies in digital networks and
telecommunications, ... expected to be completed in September'.

Can't wait for that one. `issues such as software encryption and
private-sector standards are likely to be raised by industry during the
process'. Don't you love that ubiquitous evasive passive voice? As the
Clipper announcement stated `public debate is expected to
intensify'...yelled at and echoing off the brick wall of the castle,
soon to disgorge the concealed schemers with their Royal Proclamation
for the Citizenry...

At the end:  `Note: the author obtained some of the information in this
article during private briefings with the National Security Agency and
the Federal Bureau of Investigation.' No kidding.





Thread