From: dstalder@gmuvax2.gmu.edu (Darren/Torin/Who ever…)
To: cypherpunks@toad.com (CypherPunks)
Message Hash: 8d927e556e4cf91adff8b9df811ca475917a691013d97dd1d00164e1615597e3
Message ID: <9304201606.AA10704@gmuvax2.gmu.edu>
Reply To: N/A
UTC Datetime: 1993-04-20 16:10:21 UTC
Raw Date: Tue, 20 Apr 93 09:10:21 PDT
From: dstalder@gmuvax2.gmu.edu (Darren/Torin/Who ever...)
Date: Tue, 20 Apr 93 09:10:21 PDT
To: cypherpunks@toad.com (CypherPunks)
Subject: WIRETAP: Non-technical statement
Message-ID: <9304201606.AA10704@gmuvax2.gmu.edu>
MIME-Version: 1.0
Content-Type: text/plain
I've had some people ask me about a non-technical synopsis of the Wiretap
Chip proposal. What follows is it. Can you please look over it for
errors? I am still very much the amateur when it comes to cryptography.
The WIRE-TAP Proposal: Problems with it.
The White House sent out a press release on Friday 16 April about a voice
encryption chip called the Clipper chip. This has come to be known as the
Wiretap chip since it allows any Law Enforcement agency to automatically
decrypt any conversations made with it with a search warrant. The LE
presents said search warrant to two different escrow agencies to obtain the
keys (80 bits long) that automatically decrypts your conversation. The
Electronic Freedom Foundation (EFF) and the Computer Professionals for
Social Responsibility (CPSR) have both criticized the proposal. There was
even a negative article already in Network World (19 Apr 93). The
paragraphs that follow are facts and problems I have collected by listening
to other discuss the Wiretap chip.
Say you wanted to encrypt your talk with someone over a phone. Well, since
you and the person you want to talk to both have the Wiretap (Clipper) chip
in your phones, you can automatically encrypt your conversation. All fine
and good encryption for the consumer. Now, what if you come under
investigation by the local constabulary? The get a court order and ask the
escrow agencies (non-law enforcement types) for your key. They already
have the family key since that is the same in each chip. They now have
your specific key. With these two keys, they can decrypt all conversations
that you have. This includes conversations that are not legal to wiretap
such as attorney-client, doctor-patient and so on. They also have that key
for any all future sessions that you use that phone for. Start to see the
problem? This part is all legal... Search warrants are even exceedingly
easy to get at times. There have been reports of the FBI get groups of 50
signed and blank search warrants from the DoJ.
Now, there are other problems. Would you give the IRS keys to your house
and filing cabinet as long as they promised that they would only use it
under proper authorization? The key length of 80 bits is still considered
cryptographically weak. It would take determined effort by an agency with
a supercomputer but your key could be broken. The cryptographic algorithm
is also being kept classified. This is not the usual practice. In the
cryptographic community, algorithms are public. This way people can be
assured there aren't any back doors and that the algorithm can stand on its
own strengths, not that of secrecy. It has also been hinted at by NIST
(the agency behind the technical implementation of the chip.) that the chip
could be compromised if the algorithm was made public. It is not that
difficult to reverse engineer a chip these days.
Finally, some of the implications behind this announcements are dire. The
Wiretap chip could become the market or legislative standard. This could
mean that other implementations of cryptographic voice transactions would
be very difficult to obtain or would be illegal to obtain. Why would a
criminal use the Wiretap chip when they knew it wouldn't encrypt their
conversations against the LE agencies? They wouldn't, they would use other
encryption technologies. Would this mean that using something other than
the Wiretap chip is probable cause and puts you under suspicion? One last
fishy thing is that AT&T has already (on the same day) announced phones
with this chip. This implies (means?) that AT&T has known about this chip
for a while. They seem to be more concerned about getting a jump on the
competition than producing a product that will actually give their users
real security. 'Course, there is the question of collusion between the
governement and industry. Only two companies will be allowed to
manufacture the chip, VLSI and Mykotronix. Jeff Hendy, director of new
product marketing for VLSI, says his company expects to make $50 million of
the chip in the next 3 years. (This from the San Jose Mercury News.)
Hopefully, I haven't left stuff out. I am going to forward this to
cypherpunks for the experts there to check it out.
Think free,
--
Defeat the Torin/Darren Stalder/Wolf __
Wiretap Chip Internet: dstalder@gmuvax2.gmu.edu \/ PGP2.x key available.
Proposal! Bitnet: dstalder@gmuvax Finger me.
Write me for Sprintnet: 1-703-845-1000
details. Snail: 10310 Main St., Suite 110/Fairfax, VA/22030/USA
DISCLAIMER: A society where such disclaimers are needed is saddening.
Return to April 1993
Return to “dstalder@gmuvax2.gmu.edu (Darren/Torin/Who ever…)”
1993-04-20 (Tue, 20 Apr 93 09:10:21 PDT) - WIRETAP: Non-technical statement - dstalder@gmuvax2.gmu.edu (Darren/Torin/Who ever…)