From: "L. Detweiler" <ld231782@longs.lance.colostate.edu>
Date: Thu, 16 Sep 93 21:05:52 PDT
To: cypherpunks@toad.com
Subject: KEY ESCROW PROCEDURES
Message-ID: <9309170404.AA28623@longs.lance.colostate.edu>
MIME-Version: 1.0
Content-Type: text/plain


(Disclaimer: in no way should any of my own writings on this subject be
construed as supportive of key escrow.)

Key escrow procedures as revealed in Congress, received via M. Godwin
and J. Berman of EFF.  First is J. Berman analysis followed by text
itself, covering the various types of interception under 3 laws:
omnibus Crime Control & Safe Streets (1968), Foreign Intelligence
Surveillance Act (FISA), and finally under state statutes. (Perhaps
someone can identify the differences in the various procedures buried
in the bureacratese, but they are all largely verbatim copies.) Notes:

1) escrow agencies (finally) IDENTIFIED: NIST and `non-law enforcement
component of the Dept. of Treasury' as `tentative' choices to be
finalized in `the next few days'.

2) LE agents have to get `black boxes' (a PC) to extract/read the LEAF
(ID field) of the communications. Each box has an ID.

3) according to Berman, the LE agency *faxes* (?) the device ID number
to the agents along with certifications on interception authority, ID
of the black box, and the length of authorization.

4) agencies transmit the keys to the black box in a secure, encrypted
channel. `key components will only work with that particular black box,
and only for the state duration of the intercept'.

5) the most ominous sounding paragraph is the following, which
specifically *revokes* any rights or guarantees to privacy or `due
process' based on the technology & procedures:

>These procedures do not create, and are not intended to create, 
>any substantive rights for individuals intercepted through 
>electronic surveillance, and noncompliance with these procedures 
>shall not provide the basis for any motion to suppress or other 
>objection to the introduction of electronic surveillance evidence 
>lawfully acquired.

that is, this disclaimer seems to be an attempt to evade the
`exclusionary rule' and `poisoned tree' legal doctine (the practice of
courts in excluding evidence illegally obtained and other evidence
therefrom) by legislative fiat.
 
Major criticisms *not* addressed by this protocol: 

- why isn't the link *to* the encryption agencies, wherein the Clipper
phone ID is sent, secure & encrypted itself? If police `fax' these
ID's, what is to prevent them from trading them and misrepresenting
them on the warrants seen by the agencies?

- Berman writes that the LE agents tell the key escrow agencies how
long they are requesting the warrant. Now, this is strange. Does the
escrow agency ever refuse a warrant if the time period is not legal
under the applicable law? and is any police agent going to request
*less* than the maximum  period allowed by law?

- we have claim that records are kept on many sides, such as the
requesting side and the granting sides. are records kept of *failed*
requests? or do all `illegally-phrased requests' rejected by the key
escrow agencies simply disappear?

- In fact, do the key escrow agencies *ever* reject a request? this
plan below says nothing of the grounds under which requests may be
denied. What's the point?

- NO indication of the critically important key generation protocol.
Are we to take Denning's American Scientist article as authoritative?
if so, forget it.

- If there is no legal penalty in court for violating the protocols, as
the disclaimer seems to attempt to evoke, what's the point? at the
*bare minimum* there is required exclusion of tainted taps, and other
penalties for infringing parties are wholly in order.

Berman also reveals very fascinating glimpses: `The Administration
rejects the argument that voice encryption is readily available.' The
AT&T product `posed a unique threat in terms of voice quality,
affordability, portability and strength of the encryption' -- strong
confirmation of the theories that Clipper was rushed out, prematurely,
to face it. They are clearly strongly concerned about new Motorola
products, the `next voice encryption product in the pipeline'. (NSA is
in *big* trouble when there is more than one pipeline to choke, as is
rapidly becoming the case).

Interesting insights into administration psyche with Berman's quotes of
government officials:

1) `Clipper market share' will cause momentum to the standard (hee, hee)

2) `careless bad guys' will use Clipper (yeah, right)

3) why private key agencies rejected, but also the NSA: the former,
concerns on longevity and security related to profit, the latter, `for
credibility reasons' (snicker)

4) `key criterion' for escrow agents: `experience in and an
infrastructure for handling sensitive information'

5) `briefers admitted it is not really a key escrow system'. (!)
escrows' obligation `will be to the government' with `no duties or
responsibilities to users' (?!)

>        Both John Podesta and Mark Richard stated that there is no plan on 
>or over the horizon to outlaw non-escrowed encryption.

6) International aspects `thorniest to deal with'. Clipper exportable
with a license (surprise). `Other nations would not participate in the
escrow system.' Hm, I doubt it. Not if the NSA can help it.

Cypherpunks: one can sense the undertone of confusion, hopelessness and
despair in these accounts. Let's keep up the heat until the omelette
has completely vaporized.

------- Forwarded Message

Date: Thu, 16 Sep 1993 17:31:54 -0400
From: jberman (Jerry Berman)
Subject: CLIPPER ESCROW AGENTS CHOSEN

         In the next several days, the Administration will announce it has
chosen at least one escrow agency and has developed procedures for
accessing escrow keys pursuant to warrant.  Here is an account of an
Administration hill staff briefing on September 16, 1993 and the draft
procedures for law enforcement, foreign intelligence, and state and local
law enforcement wiretapping. We are looking for comments and analysis.
Please circulate widely. 

Jerry Berman, EFF.

  ==================                                                      

RE:     Clipper Escrow Agent Briefing for Congressional Staff

        Yesterday, September 15, 1993, a briefing was held for congressional 
 staff regarding the status of the 
Clipper project.  The lead briefers for the Administration were Mark 
Richard, Deputy Assistant Attorney General, Criminal Division, DOJ; Jim 
Kallstrom, FBI; Geoff Greiveldinger, Special Counsel, Narcotic and Dangerous 
Drug Section, DOJ; and John Podesta.  Also present were Mary Lawton, 
Counsel for Intelligence Policy and Review, DOJ; Mike Waguespack, NSC; 
and Dwight Price, National District Attorneys Association.

        The Administration has tentatively settled on NIST and a yet to be 
determined non-law enforcement component of the Department of the 
Treasury as the "escrow agents."  The Administration will finalize the 
choices in the next few days, according to John Podesta.  The Attorney 
General will make an announcement, in what form has not been 
determined, but it will probably not be a Federal Register notice.  The 
Attorney General will announce that she has adopted, and the escrows 
have agreed to follow, the attached procedures.

        The system will work as follows:

(1) A black box (actually a PC) in the possession of a law enforcement 
agency will be able to read the Law Enforcement Access Field in a 
Clipper encrypted data stream and extract the identification number 
specific to the Clipper chip being used by the intercept target.  Cost of 
the black box yet undetermined.  How many will be purchased by 
law enforcement yet undetermined, although if use of Clipper 
becomes common, the black boxes will be in great demand, by 
federal as well as state and local agencies.  They will be available 
only to law enforcement, with yet to be specified controls on their 
sale.  Each black box will have a unique identifier.

        (2)  The law enforcement agency will fax the device ID  number to 
each of the escrow agents, along with a certification that the agency 
has authority to conduct the intercept, the ID number of the 
intercepting agency's black box, and the time period for which the 
intercept is authorized (in the case of Title III's, up to thirty days, 
with extensions).

(3)     The escrow agents will transmit the key components by 
encrypted link directly into the black box of the requesting law 
enforcement agency.  The key components will only work with that 
particular black box, and will only work for the stated duration of 
the intercept.  If the intercept is extended, the law enforcement 
agency will have to send a new request to the escrow agents to 
extend the life of the key components.
        The escrow agents will maintain logs of the requests. Greiveldinger 
stressed that the system is "replete with recordation of the transactions 
that will occur."  The escrow agents also have a responsibility for 
maintaining the integrity of the chip manufacturing process.

        In opening remarks describing the need for the Clipper escrow 
system, Kallstrom had stressed that the AT&T product posed a unique 
threat in terms of voice quality, affordability, portability and strength of 
the encryption.  The Administration rejects the argument that voice 
encryption is readily available. The AT&T product, which isn't available 
yet, is unique, and competing products, the Administration argues, are yet 
further in the future.

        The next voice encryption product in the pipeline is Motorola's, and 
Motorola has expressed interest in using Clipper in its product.  The 
Administration argued that the need for compatibility would drive a 
significant share of the market to Clipper or Capstone-based products.  
Escrow coverage will not be complete, but the bad guys are careless and 
are expected to use Clipper products.

        The key criterion used in selecting the escrow agents was whether 
the agency had experience in and an infrastructure for handling sensitive 
information.  The Administration did not want to use a law enforcement or 
national security component, for credibility reasons.  It did not want to use 
private entities based on concerns about longevity and not wanting 
security to be governed by the need to make a profit.
 
        The briefers admitted that the proposed system is not really an 
escrow.  The agencies holding the key components will not have any duties 
or responsibilities to the Clipper users.  The escrows' obligation will be to 
the government, and they will be liable to Clipper users only under the 
Bivens doctrine, where any failure must be shown to be wilful.

        Both John Podesta and Mark Richard stated that there is no plan on 
or over the horizon to outlaw non-escrowed encryption.

        John and Mark said that the international aspects of the 
escrow/encryption issue are the thorniest to deal with, and there are no 
answers yet.  Clipper products would be exportable with a license, 
although other countries may try to keep them out. (Nobody asked 
questions about changes in the rules governing export of non-Clipper 
encryption.)  Other nations would not participate in the escrow system, 
nor, presumably, would they be allowed to buy the black boxes. E.G., if the 
British intercepted an IRA communication that appeared to be encrypted 
with Clipper, and came to the FBI for help, the anticipated escrow system 
would not allow the FBI to get the key from the escrow agents.             

==================
PROPOSED PROCEDURES

AUTHORIZATION PROCEDURES FOR RELEASE OF ENCRYPTION KEY COMPONENTS
IN CONJUNCTION WITH INTERCEPTS PURSUANT TO TITLE III

 
The following are the procedures for the release of escrowed key 
components in conjunction with lawfully authorized interception 
of communications encrypted with a key-escrow encryption method. 
These procedures cover all electronic surveillance conducted 
pursuant to Title III of the omnibus Crime Control and Safe 
Streets Act of 1968, as amended (Title III), Title 18, United 
States Code, Section 2510 et seq.

1)      In each case there shall be a legal authorization for 
the interception of wire and/or electronic 
communications.

2)      All electronic surveillance court orders under Title 
III shall contain provisions authorizing after-the-fact 
minimization, pursuant to 18 U.S.C. 2518(5), permitting 
the interception and retention of coded communications, 
including encrypted communications.

3)      In the event that federal law enforcement agents 
discover during the course of any lawfully authorized 
interception that communications encrypted with a key 
escrow encryption method are being utilized, they may 
obtain a certification from the investigative agency 
conducting the investigation, or the Attorney General 
of the United States or designee thereof. Such 
certification shall

(a) identify the law enforcement agency or other 
authority conducting the interception and the person 
providing the certification; 
(b) certify that necessary legal authorization has been 
obtained to conduct electronic surveillance regarding 
these communications; 
(c) specify the termination date of the period for 
which interception has been authorized; 
(d) identify by docket number or other suitable method 
of specification the source of the authorization; 
(e) certify that communications covered by that 
authorization are being encrypted with a key-escrow 
encryption method; 
(f) specify the identifier (ID) number of the key 
escrow encryption chip providing such encryption; and
(g) specify the serial (ID) number of the key-escrow 
decryption device that will be used by the law 
enforcement agency or other authority for decryption of 
the intercepted communications.

4)      The agency conducting the interception shall 
submit this certification to each of the 
designated key component escrow agents. If the 
certification has been provided by an 
investigative agency, as soon thereafter as 
practicable, an attorney associated with the 
United States Attorney's Office supervising the 
investigation shall provide each of the key 
component escrow agents with written 
confirmation of the certification.

5)      Upon receiving the certification from the 
requesting investigative agency, each key 
component escrow agent shall release the 
necessary key component to the requesting 
agency. The key components shall be provided in 
a manner that assures they cannot be used other 
than in conjunction with the lawfully 
authorized electronic surveillance for which 
they were requested.

6)      Each of the key component escrow agents shall 
retain a copy of the certification of the 
requesting agency, as well as the subsequent 
confirmation of the United States Attorney's 
office. In addition, the requesting agency 
shall retain a copy of the certification and 
provide copies to the following:

(a) the United States Attorney's office 
supervising the investigation, and 
(b) the Department of Justice, Office of 
Enforcement operations .

7) Upon, or prior to, completion of the electronic 
surveillance phase of the investigation, the ability of 
the requesting agency to decrypt intercepted 
communications shall terminate, and the requesting agency 
may not retain the key components.

These procedures do not create, and are not intended to create, 
any substantive rights for individuals intercepted through 
electronic surveillance, and noncompliance with these procedures 
shall not provide the basis for any motion to suppress or other 
objection to the introduction of electronic surveillance evidence 
lawfully acquired.

AUTHORIZATION PROCEDURES FOR RELEASE OF ENCRYPTION KEY COMPONENTS
IN CONJUNCTION WITH INTERCEPTS PURSUANT TO FISA

The following are the procedures for the release of escrowed key 
components in conjunction with lawfully authorized interception 
of communications encrypted with a key-escrow encryption method. 
These procedures cover all electronic surveillance conducted 
pursuant to the Foreign Intelligence Surveillance Act (FISA), 
Pub. L. 9S-511, which appears at Title 50, U.S. Code, Section 
1801 et seq.

1)      In each case there shall be a legal authorization for 
the interception of wire and/or electronic 
communications.

2)      In the event that federal authorities discover during 
the course of any lawfully authorized interception that 
communications encrypted with a key-escrow encryption 
method are being utilized, they may obtain a 
certification from an agency authorized to participate 
in the conduct of the interception, or from the 
Attorney General of the United States or designee 
thereof. Such certification shall

(a) identify the agency participating in the conduct of 
the interception and the person providing the 
certification; 
(b) certify that necessary legal authorization has been 
obtained to conduct electronic surveillance regarding 
these communications; 
(c) specify the termination date of the period for 
which interception has been authorized; 
(d) identify by docket number or other suitable method 
of specification the source of the authorization; 
(e) certify that communications covered by that 
authorization are being encrypted with a key-escrow 
encryption method; 
(f) specify the identifier (ID) number of the key 
escrow encryption chip providing such encryption; and
(g) specify the serial (ID) number of the key-escrow 
decryption device that will be used by the agency 
participating in the conduct of the interception for 
decryption of the intercepted communications.

4)      This certification shall be submitted to each of the 
designated key component escrow agents. If the 
certification has been provided by an agency authorized 
to participate in the conduct of the interception, as 
soon thereafter as practicable, an attorney associated 
with the Department of Justice, office of Intelligence 
Policy and Review, shall provide each of the key 
component escrow agents with written confirmation of 
the certification.

5)      Upon receiving the certification, each key component 
escrow agent shall release the necessary key component to 
the agency participating in the conduct of the 
interception. The key components shall be provided in a 
manner that assures they cannot be used other than in 
conjunction with the lawfully authorized electronic 
surveillance for which they were requested.

6)      Each of the key component escrow agents shall retain a 
copy of the certification, as well as the subsequent 
written confirmation of the Department of Justice, Office 
of Intelligence Policy and Review.

7)      Upon, or prior to, completion of the electronic 
surveillance phase of the investigation, the ability of 
the agency participating in the conduct of the 
interception to decrypt intercepted communications shall 
terminate, and such agency may not retain the key 
components.

These procedures do not create, and are not intended to 
create, any substantive rights for individuals intercepted through 
electronic surveillance, and noncompliance with these procedures 
shall not provide the basis for any motion to suppress or other 
objection to the introduction of electronic surveillance evidence 
lawfully acquired.


AUTHORIZATION PROCEDURES FOR RELEASE OF ENCRYPTION KEY COMPONENTS
IN CONJUCTION WITH INTERCEPTS PURSUANT TO STATE STATUTES

Key component escrow agents may only release escrowed key 
components to law enforcement or prosecutorial authorities for use 
in conjunction with lawfully authorized interception of 
communications encrypted with a key escrow encryption method. 
These procedures apply to the release of key components to State 
and local law enforcement or prosecutorial authorities for use in 
conjunction with interceptions conducted pursuant to relevant 
State statutes authorizing electronic surveillance, and Title III 
of the omnibus Crime Control and Safe Streets Act of 1968, as 
amended, Title 18, United States Code, Section 2510 et seq.

1)      The State or local law enforcement or prosecutorial 
authority must be conducting an interception of wire 
and/or electronic communications pursuant to lawful 
authorization.

2)      Requests for release of escrowed key components must be 
submitted to the key component escrow agents by the 
principal prosecuting attorney of the State, or of a 
political subdivision thereof, responsible for the 
lawfully authorized electronic surveillance.

3)      The principal prosecuting attorney of such State or 
political subdivision of such State shall submit with the 
request for escrowed key components a certification that 
shall

(a) identify the law enforcement agency or other 
authority conducting the interception and the prosecuting 
attorney responsible therefore; 
(b) certify that necessary legal authorization for 
interception has been obtained to conduct electronic 
surveillance regarding these communications; 
(c) specify the termination date of the period for which 
interception has been authorized 
(d) identify by docket number or other suitable method of 
specification the source of the authorization; 
(e) certify that communications covered by that 
authorization are being encrypted with a key-escrow 
encryption method; 
(f) specify the identifier (ID) number of the key escrow 
chip providing such encryption; and 
(g) specify the serial (ID) number of the key-escrow 
decryption device that will be used by the law 
enforcement agency or other authority for decryption the 
intercepted communications.

4)      Such certification must be submitted by the principal 
prosecuting attorney of that State or political 
subdivision to each of the designated key component 
escrow agents.

5)      Upon receiving the certification from the principal 
prosecuting attorney of the State or political 
subdivision, each key component escrow agent shall 
release the necessary key component to the intercepting 
State or local law enforcement agency or other authority. 
The key components shall be provided in a manner that 
assures they cannot be used other than in conjunction 
with the lawfully authorized electronic surveillance for 
which they were requested.

6)      Each of the key component escrow agents shall retain a 
copy of the certification of the principal prosecuting 
attorney of the State or political subdivision. In 
addition, such prosecuting attorney shall provide a copy 
of the certification to the Department of Justice.

7)      The U.S. Department of Justice may, to assure conformance 
with these procedures, make inquiry of the certifying 
prosecuting attorney regarding, inter alia, the 
genuineness of the certification and confirmation of the 
existence of lawful authorization to conduct the relevant 
electronic surveillance. The inquiry of the U.S. 
Department of Justice will not involve intrusion into 
matters that must, under relevant statute, be kept from 
public disclosure.

8) Upon, or prior to, completion of the electronic 
surveillance phase of the investigation, the ability of 
the intercepting law enforcement agency or other 
authority to decrypt intercepted communications shall 
terminate, and the intercepting law enforcement agency or 
other authority may not retain the key components.

These procedures do not create, and are not intended to 
create, any substantive rights for individuals intercepted through 
electronic surveillance, and noncompliance with these procedures 
shall not provide the basis for any motion to suppress or other 
objection to the introduction of electronic surveillance evidence 
lawfully acquired.

- -----------------------------------------------------------



------- End of Forwarded Message