1993-05-02 - comments solicited

Header Data

From: wuthel!brand@drums.reasoning.com (Russell Brand)
To: brand@drums.reasoning.com
Message Hash: 4a0f948be2e334537ccf343c5504de296dad632b443604b10d3047d6fb8b53cd
Message ID: <9305021513.AA08322@wuthel.uucp>
Reply To: N/A
UTC Datetime: 1993-05-02 15:13:41 UTC
Raw Date: Sun, 2 May 93 08:13:41 PDT

Raw message

From: wuthel!brand@drums.reasoning.com (Russell Brand)
Date: Sun, 2 May 93 08:13:41 PDT
To: brand@drums.reasoning.com
Subject: comments solicited
Message-ID: <9305021513.AA08322@wuthel.uucp>
MIME-Version: 1.0
Content-Type: text/plain









			  Why the Clipper Clip is Bad (v1)
				       
				      by
				       
				 Russell Brand
			   wuthel!bj-4@reasoning.com
		    Copyright (C) 1993 All Rights Reserved
Permission is given to freely redistribute this document without modification.
The analysis presented has not been endorsed by any third party.  It
incorporates only UNCLASSIFIED information made by 31 April 1993.

On or about 15 April 1993, The US Government has announced a encryption chip
set called `Clipper' whose primary stated application is to encrypt VOICE
telephone communication in such a way that law officers with a lawful warrant
would be able to tap and decode the communication while no other unauthorized
person would be able to do so.  Law enforcement officials would present their
warrant to two `escrow' agencies in order to get a halfs of a special key that
they would use with a special device to decrypt the message.  The algorithm is
to remain classified. 

The number of objections to this, technical, legal and moral are numerous.  

First, a secret design is violation of the open design principle and hides
from public view future hazards.    Further there may be trap doors in the
system that allow decryption WITHOUT the warrant or escrow key. 

Second, all of the agencies that have any experience with managing secrets like
the Key Escrow process have declined to become involved or have been
disqualified.  Considering the value of the escrow data to corporate spies, one
must fear corruption including blackmail of a commercial nature.

Third, the cryptographic protocol as described is weak in a number of ways such
that the escrow keys are seemingly unneeded for decryption by the federal
government.  This combined with a recent house of representative votes to allow
the FBI to among other things conduct phone taps without a warrant when
international terrorism is suspected as well as long well documented history of
BLANK warrants being signed and issued is rather scary.

Fourth, it seems to be a mis-use of government funds to subsidize the
development of this chip to the advantage of certain companies over others
without so much a public comment period.  In addition to the development costs,
there are many other large costs including the key escrow agencies themselves.

Fifth, it will damage US competitiveness for companies to need to build both
the insecure CLIPPER chip for government regulated markets and real protection
circuitry for people that care.

Sixth, the clipper proposal will not help against organized crime; they are
bright enough to buy real encryption devices and certain details of CLIPPER
will make it easier for them to accomplish this.  Of course wire tapping itself
has been shown *NOT* to be cost effective in detecting/preventing/prosecuting
crimes.  There is no way in the system to mark a `privileged conversation' (for
example doctor-patient, lawyer-client' and hence these can and will be
captured. 

Please write to your elected officials, media, etc. to oppose this.









Thread