From: uri@watson.ibm.com
To: cypherpunks@toad.com
Message Hash: cd9a431401ab5fc13d010c8924373b64e173a55f478a0dd4e5e3fd78de4d6704
Message ID: <9304271854.AA20759@buoy.watson.ibm.com>
Reply To: N/A
UTC Datetime: 1993-04-27 21:56:04 UTC
Raw Date: Tue, 27 Apr 93 14:56:04 PDT
From: uri@watson.ibm.com
Date: Tue, 27 Apr 93 14:56:04 PDT
To: cypherpunks@toad.com
Subject: Be afraid! (some Clipper details)
Message-ID: <9304271854.AA20759@buoy.watson.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain
As Ms. Dorothy Denning explained, this is the intended
"interface" between the Clipper and Law Enforcement
(taken from her posting to "comp.risks"):
1. Family Key.
F is embedded in every Clipper Chip, but like other chip keys,
unknown to the people who use them. Only law enforcement will
have a decoder box that allows the law enforcement field to be
decrypted. Initially, there will be just one box, and it will
be operated by the FBI.
Read - FBI will have the Family Key (and thus will be able to
get all the chip serial numbers, do traffic analysis etc).
And later she "corrected" herself, adding:
For the same reason as above, it is imperative that law
enforcement be able to decode the law enforcement field
in order to obtain E[K; U] and then decrypt this to get
K. It is completely impractical to go the escrow agents
for each conversation.
Read - Law Enforcement (local, "global" - whatever) will
have that Family Key as well, not only that "one box at
FBI"... But it was obvious, wasn't it?
2) Unit Key.
It is imperative that law enforcement get U. If they are tapping
a line, there may be dozens of calls on that line per day.It would
be totally impractical to have to go to the escrow agents to get
the session key for each call. It would be impossible to do
real-time decryption under that constraint.
Read - a) Law Enforcement indeed will have your Unit key
(and thus be able to decrypt whetever was sent
through your chip, from the day one, till you
throw your chip away).
b) It's indeed physically possible thus for some
corrupted Law Enforcement officials to "collect"
the Unit Keys and to do all the bad things with
them.
c) Nobody seems to be concerned about it.
3) Question about agencies capable of decrypting all the future
traffic of once-suspected individual:
After a tap has been completed, government attorneys are
required to notify the subjects of the electronic surveillance.
At that point, the subjects are certainly free to purchase a
new device with a new chip, or perhaps the vendors could simply
replace the chip.
Read - if they won't forget to notify you, that your phone
was tapped, feel free to shell another $XXX bucks for a new
chip/phone... Keep doing that until either they, or you get
tired...
4) Question about whether there's time component in the cipher.
Reasons for it - since wiretaps are authorized ONLY for
certain time periods with both start and end dates
specified, it should not be possible to be able
to decrypt the traffic outside of this frame.
I am unaware of any time component. Current wiretap laws protect
against this. Evidence collected after the warrant has expired
can be thrown out in court. In addition, it is illegal for the
service provider to implement an intercept after a warrant has
expired.With the new technologies,law enforcers will be incapable
of executing a tap without the assistance of the service provider.
Read - just as we assumed, once your key is compromised (ouch! I
mean - disclosed :-), whatever "they" bothered to record, is now
open... Well, of course it won't be legal, but then there are
many things beyond the law (:-)...
5) Question about potential weakness, which may be lurking
behind the "classified" stamp of the algorithm, known
thus only to those "cleared" to know.
The NSA has a long record of success with crypto, far better
than any individual or organization in the public community.
In addition, there are plans to bring in expert cryptographers
to assess the algorithm.
Read - she's ignorant of academia/industry crypto successes? (:-)
That's all folks! [For now :-]
Regards,
Uri.
------------
<Disclaimer>
Return to April 1993
Return to “uri@watson.ibm.com”
1993-04-27 (Tue, 27 Apr 93 14:56:04 PDT) - Be afraid! (some Clipper details) - uri@watson.ibm.com