1994-03-17 - Denning Presentation and Q&A at George Mason University

Header Data

From: cfrye@ciis.mitre.org (Curtis D. Frye)
To: cypherpunks@toad.com
Message Hash: cdcdc7111932965656f5db90fdd102c893fca9f4701eba9087d73ab7065609a4
Message ID: <9403172127.AA03674@ciis.mitre.org>
Reply To: N/A
UTC Datetime: 1994-03-17 21:19:10 UTC
Raw Date: Thu, 17 Mar 94 13:19:10 PST

Raw message

From: cfrye@ciis.mitre.org (Curtis D. Frye)
Date: Thu, 17 Mar 94 13:19:10 PST
To: cypherpunks@toad.com
Subject: Denning Presentation and Q&A at George Mason University
Message-ID: <9403172127.AA03674@ciis.mitre.org>
MIME-Version: 1.0
Content-Type: text/plain


On March 8, Dr. Dorothy Denning was a guest speaker for LRNG 572 - Taming
the Electronic Frontier, a course at George Mason University.  The
professor, Dr. Brad Cox, is a veteran software developer who has turned his
attention to developing models for electronic commerce and
"student-centered education".  The latter is my own term for his concept of
students, through a demand-based process, having much more control over and
interaction with the university education process.  

Brad has expressed strong opinions on several issues regarding personal
privacy and the Clipper/Digital Telephony proposals; I don't presume to
speak for him, but I should note that our homework includes installing PGP
2.2 or 2.3a on our personal machines, generating key pairs, distributing
our public keys, and broadcasting an essay encrypted with everyone else's
public keys.

The lecture was broadcast on the George Mason University channel, 48 on
Media General Cable Systems in Fairfax County, VA, and other channels
around the DC Metro Area.  Tapes are available in the GMU Library and, I
believe, may be copied and distributed freely.  If any of you would like a
copy of the session, I'll look into what has to happen to get it done.

I do not have a VCR at home and am not referring to the tape as I write
this summary, so there may be some inaccuracies.  Further, as I was not
taking careful notes, my own comments and questions are most prominent in
this summary.  In my note to the class, I'll ask them to contribute their
own views of the proceedings.  

I am forwarding this note to Brad, Dr. Denning, and the class to ensure all
parties have the opportunity to correct any misrepresentations or
omissions.


***The Presentation***

Dr. Denning was clearly nervous -- she indicated that she had never worked
with the combination of television, overhead projector and computer-cueing
system in the video classroom.  Also, I surmise that Brad had warned her
that she wouldn't be facing the most sympathetic audience in the world. 
Each student had written an essay about Clipper and emailed it to Brad,
cc'ing the rest of the class.  Most of the class didn't think
Clipper/Digital Telephony was a hot idea, but there were several
supporters. 

After a brief intro describing Clipper as a "voluntary" standard, she
quickly described the key initialization and two-party decryption
processes.  This part of the lecture was notation-laden and somewhat hard
for me to follow, and I've read most of Schneier's _Applied Cryptography_! 
The folks around me seemed to be lost in the particulars of how the various
keys were generated and interacted (especially the session key).  However,
I believe the basic points got through clearly enough - the class is mostly
professionals and is sophisticated enough to pick up anything that's
explained well.

After Denning indicated that NIST and Treasury were to be the two escrow
agents, I asked about VP Gore's 9 February remarks on the potential
problems of both agents being in the Executive Branch etc.  She glossed
over the issue by replying that the process was still being examined and
that she didn't see a problem with the two agents residing in the same
branch of government.  The theme that "the key escrow system prevents
abuse" resonated throughout her presentation.  

A few minutes later, I asked Dr. Denning whether she her earlier published
(on Usenet, anyway) statements to the effect that if Clipper were made
mandatory she would probably withdraw her support for the standard.  She
did not dispute the basis of the question but did not answer it per se,
either.  Her final response (paraphrased) was that she could not foresee
all possible outcomes and did not want to commit herself to a position
without observable results.

After further questions, Denning described the Digital Telephony proposal,
stressing that the idea was to maintain the current level of wiretap
capabilities despite technological advances.  She was very careful to
delineate the goals for Clipper and Digital Telephony as follows:

  o  Clipper is designed to provide US citizens strong cryptography that
won't threaten US national security;

  o  Clipper is *not* designed to catch crooks;

  o  Digital Telephony is designed to maintain the current level of wiretap
capabilities and gives law enforcement officials no new abilities.


The first statement is hard to dispute on its face, despite the invocation
of that vague concept called "national security".  As many others,
including Tim May, have said, the government is fighting an imaginary enemy
which is, by virtue of it being imaginary, capable of anything.

If cellular phones, baby monitors (!) and regular telephones used
Clipper-like technology, many citizen-to-citizen privacy worries would be
solved since ham radio and scanner operators would be unable to monitor
these transmissions.  However, the idea that the standard is voluntary, an
idea she defended even when pressed that everyone in the government (except
the judiciary) answers to the same guy raises a question as to how
voluntary the standard is.


The second statement goes against much of the rhetoric Clipper supporters
have used to link the proposal to the War on Drugs and the general fear of
crime.  It's interesting to note that, even while she was disavowing
Clipper's link to catching crooks, she read anecdotes from the back cover
of a book entitled something like _The World's Dumbest Criminals_ and
opined that, if someone is dumb enough to call hotel security and report
$1000 of cocaine missing from his room, they just might be dumb enough to
use Clipper.  After all, they talk in the clear now!

I think this argument has gotten short shrift on Cypherpunks and does
deserve more attention.  If the price of ClipperPhones comes down enough so
that they're affordable _and_ there's no market competitor of note, why
wouldn't drug dealers use the equipment?  After all, even assuming the full
search warrent process is bypassed, the government needs to know what's
happening before they tap the line.

The solution, of course, is to market alternative crypto-boxes that can fit
between the phone unit and the wall socket.  Price competition against high
volume manufacturers will be a serious obstacle to successfully
circumventing the escrowed technologies.

The difference in the rhetorical significance of crime-fighting when
Clipper is presented to technical and non-technical audiences is
interesting.


The final theme, that Digital Telephony adds no new law enforcement
capabilities, was not something anyone in the class seemed to have the
knowledge to dispute on technical grounds.  When I raised the issue of
phone calls being directed to central law enforcement sites instead of
requiring agents to move to a remote location, Dr. Denning indicated that
wiretaps are done by directing calls to a central location now.  While J.P.
Barlow challenged related issues in the America On Line debate, I have not
seen a refutation of this particular point.  Can anyone elaborate?


***Personal Notes and Editorials***

o  None of us brought up the government ability to request and examine
phone usage information without a warrant or pointed out that law
enforcement agencies currently do this more than 100,000 times per year. 
[I wasn't aware of the number until Barlow cited it on AOL.]  

o  I would hope that the ability of government to accumulate behavioral
dossiers on private citizens through the information mosaic and link
analysis tools is something that would appear in _Time_ right beside the
Clipper and Digital Telephony expository articles in the future.  If
Digital Telephony makes this ability stronger, there is a greater danger of
the fishing expeditions and data matching exercises the 1974 Privacy Act is
designed to prevent.

o  In my opinion Dr. Denning sincerely believes these proposals will make a
positive difference; however, the sincerity of the advocate does not give
credence to the position advocated.

--
Best regards,

Curtis D. Frye - Job Search Underway!!!
cfrye@ciis.mitre.org or cfrye@mason1.gmu.edu
"MITRE's in the past, now.  Time to move on!"







Thread