From: fergp@sytex.com (Paul Ferguson)
Date: Wed, 28 Apr 93 08:41:13 PDT
To: cypherpunks@toad.com
Subject: Wiretap Chip and Key Escrow Abuses
Message-ID: <e13P3B2w165w@sytex.com>
MIME-Version: 1.0
Content-Type: text/plain


I've been following the discussions on several newsgroups and
mailing lists (RISKS, PRIVACY and Cypherpunks) concerning the
Wiretap Chip (Clipper/Capstone) and the proposed key escrow
system.
 
Here's my $.02, as well.
 
In RISK 14.55, <jim@RSA.COM> Jim Bidzos wrote -
 
JB> Since Clipper, as currently defined, cannot be implemented in
JB> software, what options are available to those who can benefit
JB> from cryptography in software? Was a study of the impact on
JB> these vendors or of the potential cost to the software industry
JB> conducted?  (Much of the use of cryptography by software
JB> companies, particularly those in the entertainment industry, is
JB> for the protection of their intellectual property. Using hardware
JB> is not economically feasible for most of them.)
 
 Jim raises a valid concern. Although a hardware based system is
 ideal for voice encryption, the idea of registered key systems,
 where government and/or LE agencies have involvement, is not a
 popular one. The key escrow scheme in this proposal reeks of Big
 Brother. (As in, "Trust me. I'm from the government and I'm your
 friend.") In some circles, it is not even a consideration.
 Software encryption systems employed to protect intellectual and
 commercial data and electronic mail are much more flexible and
 desirable, especially when they are not governmentally proposed,
 imposed, designed and sanctioned by spook organizations such as
 the NSA.
 
 The real sore spot with the Clipper proposal is that private
 industry and citizenry were blind-sided by this entire process.
 The possibility that Uncle Sam will try to make this a de-facto
 standard and subsequently place restrictions on other forms of
 crypto (eg. software based) is real.
 
 Also in RISKS 14.55, <billc@glacier.sierra.com> Bill Campbell
 wrotes -
 
BC> There are dozens, perhaps hundreds, of commercial, criminal and
BC> governmental entities with access to government resources who
BC> would not hesitate for a moment to violate my rights if they
BC> found it expedient to do so.  These individuals and organizations
BC> have demonstrated beyond question that they are not constrained
BC> by legal or ethical considerations, and as has been suggested
BC> in a number of other postings, the technology employed by Clipper
BC> (including the dual escrow sham) will probably not even pose so
BC> much as an inconvenience to a determined adversary.  To suggest
BC> otherwise is, at best, profoundly naive.
 
 I have a tendency to agree with Bill. In fact, California is
 currently embroiled in a scandal involving the release of
 confidential data (DMV addresses), by employees of the Anaheim
 Police Department, to third party interests. This is clearly in
 violation of their employer's policies, their own terms of
 employment, state criminal law, and civil law. What's to
 stop the same blatant, unethical breech of confidentiality with
 regards to the Clipper key escrow implementation? Nothing, that's
 what. In the future, information will be the most powerful possession
 and in the spirit of SNEAKERS, s/he who has control of and access to
 the information is the most powerful. Power corrupts, but absolute
 power corrupts absolutely. I think that Clipper offers maximum abuse
 in this scenario.
 
 Also in RISK 14.55, <firth@SEI.CMU.EDU> Robert Firth wrote -
 
RF> You see, friends, if the Clipper becomes the normal, standard, or
RF> accepted means of encryption, then *the use of any other encryption
RF> scheme can of itself be considered "probable cause" for search and
RF> seizure*.  And thereby could be lost in the courts what was won at
RF> such great cost.
 
 This is perhaps my greatest concern in all of the Clipper/Capstone
 hoopla. Personally, I don't have much faith in the law enforcment
 agencies to act responsibly. The Secret Service and FBI have, in the
 past, clearly demonstrated that do not grasp the scope of the
 problems technically challenging modern society. The Steve Jackson
 Games case is one instance that immediately springs to mind. Some
 parts of the country are demographically more at risk than others.
 For example, the criteria which may be deemed as "probable cause"
 for search and seizure in Jackson, Mississippi could very well be
 reason for the ACLU to file a suit against the LEA in New York City.
 
 Also in RISKS 14.55, <padgett@tccslr.dnet.mmc.com> A. PADGETT
 PETERSON writes -
 
PP> Like I said, both the government and corporate America *need*
PP> Clipper, the designers are some of the best in the world, and
PP> the administration has more to lose than we do. Given that,
PP> Clipper will work as advertised.
 
 The only way that I can imagine the government actually *needing*
 Clipper is where Clipper is forced upon the country as the de-facto
 standard and other forms of cryptography are restricted. Uncle Sam
 tends to forget that what is desirable for the government, is not
 always acceptable to the public at large.
 
 Cynically,

Paul Ferguson                  |  Uncle Sam wants to read
Network Integrator             |       your e-mail...
Centreville, Virginia USA      | Just say "NO" to the Clipper
fergp@sytex.com                |          Chip...
-------------------------------+------------------------------
         I love my country, but I fear it's government.