From: geoffw@nexsys.net (Geoff White)
Date: Fri, 29 Apr 94 06:03:03 PDT
To: cypherpunks@toad.com
Subject: Clipper Chip 2/ Wired (fwd)
Message-ID: <199404291300.GAA28549@nexsys.nexsys.net>
MIME-Version: 1.0
Content-Type: text/plain



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-Copyright 1993,4 Wired USA Ltd.  All Rights Reserved=-=-=-=-=-=
-=-=For complete copyright information, please see the end of this file=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

WIRED 2.04

Electrosphere

The End Of Privacy

Did you know there's a working group of security agents and telecommunications
companies designing backdoors into the information infrastructure? Now you do. 

By Brock N. Meeks 

[Note: The following article will appear in the April 1994 issue of WIRED. We,
the editors of WIRED, are net-casting it now in its pre-published form as a
public service. Because of the vital and urgent nature of its message, we
believe readers on the Net should hear and take action now. You are free to pass
this article on electronically; in fact we urge you to replicate it throughout
the net with our blessings. If you do, please keep the copyright statements and
this note intact. For a complete listing of Clipper-related resources available
through WIRED Online, send email to with the following message: "send
clipper.index". - The Editors of WIRED] 

If privacy isn't already the first roadkill along the information superhighway,
then it's about to be. The panel members didn't try to finesse the subject. They
went right for the privacy jugular, saying law enforcement agencies wanted to
"front load" the NII with trapdoor technologies that would allow them easy
access to digital conversations, including capturing electronic communications
midstream. 

But these are tools the "good guys" said would be used only to catch the "bad
guys." Honest. We hard-working, law-abiding citizens have nothing to fear from
these cops selling out our privacy rights to make their jobs easier. Nope, we
can rest easy, knowing that child pornographers, drug traffickers, and organized
crime families will be sufficiently thwarted by law enforcement's proposed
built-in gadgetry, which they want to hang off every telephone and data network,
not to mention fax machine and PBX. 

There's just one small crack in this logic: No law enforcement agency has yet
proven it needs all these proposed digital trapdoors. In fact, "Right now most
law enforcement personnel don't have any idea what the NII is," this according
to Assistant US Attorney Kent Walker, who appeared on the panel. 

Gore Gives Go Ahead

In January, Vice President Gore had promised that the White House would work to
ensure that the NII would "help law enforcement agencies thwart criminals and
terrorists who might use advanced telecommunications to commit crimes." Panel
members representing the Justice Department, FBI, and US Attorney's office said
they had taken his promise as a tacit approval of their proposals to push for
digital wiretap access and government-mandated encryption policies. 

Gore buried those remarks deep in a speech he made in Los Angeles in which he
fleshed out how the administration planned to rewrite the rules for
communications in a new, perhaps more enlightened age. His pledge went unnoticed
by the mainstream press. 

Notwithstanding that it fell on reporters' deaf ears, Gore dropped a bombshell.
Forget Ross Perot's NAFTA-inspired "giant sucking sound." This was the dull
"thump" of Law Enforcement running over the privacy rights of the American
public on its way **at the on-ramp??**to the information superhighway. The real
crime is that the collision barely dented the damn fender. 

Walker blithely referred to this cunning, calculated move to install
interception technologies all along the information superhighway as "proactive"
law enforcement policy. Designing these technologies into future networks, which
include all telephone systems, would ensure that law enforcement organizations
"have the same capabilities [they] enjoy right now," Walker said. 

For today's wiretap operations, the Feds must get a court to approve their
request, after supplying enough evidence to warrant one. But Walker seemed to be
lobbying for the opposite. Giving the Feds the ability to listen in first and
give justification later amounts to "no big difference," he said. Besides, "it
would save time and money." 

And Walker promised that law enforcement would only use this power against evil,
never abusing it. "Frankly, I don't see the empirical evidence that law
enforcement agencies have abused [wiretap authority]," he said. With a straight
face. 

It's Us vs. Them

For Walker, privacy issues weighed against law-enforcement needs is a
black-and-white, or rather good-guys-versus-bad-guys, issue. For example, he
said, the rapid rise of private (read: not government-controlled) encryption
technologies didn't mean law enforcement would have to work harder. On the
contrary, "it only means we'll catch fewer criminals," he said. 

But if law enforcement is merely concerned with the task of "just putting the
bad guys in jail," as James Settle, head of the FBI's National Computer Crime
Squad insists, then why are we seeing a sudden move by government intelligence
agencies into areas they have historically shied from? Because law enforcement
agencies know their window of opportunity for asserting their influence is open
right now, right at the time the government is about to make a fundamental shift
in how it deals with privacy issues within the networks that make up the NII,
says David Sobel, general counsel for Computer Professionals for Social
Responsibility, who also addressed the Working Group on Privacy. 

"Because of law enforcement's concerns (regarding digital technologies), we're
seeing an unprecedented involvement by federal security agencies in the domestic
law enforcement activities," Sobel said, adding that, for the first time in
history, the National Security Agency "is now deeply involved in the design of
the public telecommunications network." 

Go ahead. Read it again. 

Sobel backs up his claims with hundreds of pages of previously classified memos
and reports obtained under the Freedom of Information Act. The involvement of
the National Security Agency in the design of our telephone networks is, Sobel
believes, a violation of federal statutes. 

Sobel is also concerned that the public might soon be looking down the throat of
a classified telecommunications standard. Another move he calls "unprecedented"
is that - if the National Security Agency, FBI, and other law enforcement
organizations have their way - the design of the national telecommunications
network will end up classified and withheld from the public.**These two
sentences are the same** 

Sobel is dead on target with his warnings. 

The telecommunications industry and the FBI have set up an ad hoc working group
to see if a technical fix for digital wiretapping can be found to make the
bureau happy. That way, legislation doesn't need to be passed that might mandate
such FBI access and stick the Baby Bells with the full cost of reengineering
their networks. 

The industry-FBI group was formed during a March 1992 meeting at the FBI's
Quantico, Virginia, facilities, according to previously classified FBI documents
released under the Freedom of Information Act. The group was only formalized
late last year, under the auspices of the Alliance for Telecommunications
Industry Solutions. The joint group operates under the innocuous sounding name
of the Electronic Communications Service Provider Committee. 

The committee meets monthly, pursuing a technological "solution" to the FBI's
request for putting a trapdoor into digital switches, allowing agents easy
access to phone conversations. To date, no industry solution has been found for
the digital-wiretap problem, according to Kenneth Raymond, a Nynex telephone
company engineer, who is the industry co-chairman of the group. 

Oh, there's also a small, but nagging problem: The FBI hasn't provided concrete
proof that such solutions are needed, Raymond said. Sobel, of Computer
Professionals for Social Responsibility, raised this same point during the panel
discussion. 

The telecommunications industry is "trying to evaluate just what is the nature
of the [digital-access] problem and how we can best solve it in some reasonable
way that is consistent with cost and demand," Raymond said. One solution might
be to write digital wiretap access into future switch specifications, he said. 

If and when the industry does find that solution, do you think the FBI will put
out a press release to tell us about it? "I doubt it very much," said FBI agent
Barry Smith of the Bureau's Congressional Affairs office. "It will be done
quietly, with no media fanfare." 

Underscoring Sobel's warnings was the little-noticed move by the Commerce
Department to establish the Federal Wireless Policy Committee. The work of this
seemingly benign committee will be "invaluable" as the administration evaluates
key issues in wireless communications with the NII, said Larry Irving,
administrator of the National Telecommunications Information Agency. But the
devil is in the details. The policy committee's four subcommittees include
Policy, Standards and Requirements, Security and Privacy, and Acquisitions.
Standards and Requirements is headed by Richard Dean, a National Security Agency
official. And Security and Privacy is to be chaired by Raymond Kammer of the
National Institute of Standards and Technology. Kammer's organization, of
course, is knee-deep responsible for the government's Clipper Chip encryption
scheme. 

Is it just me or are these headlights getting awfully close? 

The FBI's Settle is also adamant about trapdoor specifications being written
into any blueprints for the National Information Infrastructure. But there's a
catch. Settle calls these "security measures," because they'll give his office a
better chance at "catching bad guys." He wants all networks "to be required to
install some kind of standard for security." And who's writing those standards?
You guessed it: The National Security Agency, with input from the FBI and other
assorted spook agencies. 

Settle defends these standards, saying that the "best we have going for us is
that the criminal element hasn't yet figured out how to use encryption and
networks in general. When they do, we'll be in trouble. We want to stay ahead of
the curve." 

In the meantime, his division has to hustle. The FBI currently has only 25 "Net
literate" personnel, Settle admitted. "Most of these were recruited two years
ago," he said. Most have computer science degrees and were systems
administrators at one time, he said. 

You think that's funny? Hell, the Net is still a small community, relatively
speaking. One of your friends is probably an FBI Net snitch, working for Settle.

Don't laugh. 

The law enforcement establishment doesn't think you really know what you expect
when it comes to privacy. 

Assistant US Attorney Walker said: "If you ask the public, 'Is privacy more
important than catching criminals?' They'll tell you, 'No.'" 

(Write him with your own thoughts, won't you?) **e-mail addresses here for our
outraged readers to express themselves - We haven't got addresses for Walker.
There's president@whitehouse.gov and vice- president@whitehouse.gov....** 

Because of views like Walker's, the Electronic Communications Privacy Act "needs
to be broader," said Mike Godwin, legal counsel for the Electronic Frontier
Foundation. The act protects transmitted data, but it also needs to protect
stored data, he said. "A person's expectation of privacy doesn't end when they
store something on a hard disk." 

But Walker brushed Godwin aside, saying, "It's easy to get caught up in the
rhetoric that privacy is the end all be all." **correct cliche is "the be- all
and end-all"** 

Do you have an expectation of privacy for things you store on your hard disk, in
your own home? Walker said that idea is up for debate: "Part of this working
group is to establish what is a reasonable expectation of privacy." 

That's right. Toss everything you know or thought you knew about privacy out the
window, as you cruise down the fast lane of the information superhighway. Why?
Because for people like Walker, those guardians of justice, "there has to be a
balance between privacy needs and law enforcement needs to catch criminals." 

Balance, yes. Total abrogation of my rights? Fat chance. 



Brock N. Meeks (brock@well.sf.ca.us) is a frequent contributor to WIRED. He is a
reporter for Communications Daily, a Washington, DC-based trade publication. 

=-=-=-=-=-=-=-=-=-=-=-=WIRED Online Copyright Notice=-=-=-=-=-=-=-=-=-=-=-=

           Copyright 1993,4 Wired USA Ltd.  All rights reserved.

  This article may be redistributed provided that the article and this 
  notice remain intact. This article may not under any circumstances
  be resold or redistributed for compensation of any kind without prior 
  written permission from Wired Ventures, Ltd.

  If you have any questions about these terms, or would like information
  about licensing materials from WIRED Online, please contact us via 
  telephone (+1 (415) 904 0660) or email (info@wired.com).

       WIRED and WIRED Online are trademarks of Wired Ventures, Ltd.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=




----- End Included Message -----