From: Giuseppe Cimmino <0005533039@mcimail.com>
Date: Wed, 16 Jun 93 13:13:36 PDT
To: cypherpunks <cypherpunks@toad.com>
Subject: YAA (yet another article)
Message-ID: <95930616191659/0005533039ND2EM@mcimail.com>
MIME-Version: 1.0
Content-Type: text/plain


PC Week - June 14, 1993

"Clipper security scheme criticized"

By Kimberly Patch

A proposed National Security Agency standard for voice and data encryption is
not winning votes among U.S. executives concerned with security issues.

Executives attending hearings held by the federal Computer Systems Security and
Privacy Advisory Board earlier this month said the proposed Clipper chip
encryption standard does not meet their technical or export needs.

Under the Clipper guidelines, PCs would be outfitted with a board that contains
the encryption chip, while the U.S. government would be privy to a pair of
software "escrow keys" used to unlock the encryption.

Although the Clipper chip uses an 80-bit encryption scheme, executives said it
would be more expensive and slower than more popular software encryption
schemes.  Moreover, some expressed concern about its security since NSA is
keeping the details of how it works secret.

"Why would any law-abiding corporation buy equipment that has escrow keys that
[allow] the government to [decrypt information] whenever they want without
telling the corporation?" asked Ed Zeitler, a vice president at Fidelity
Investments, a financial-services firm in Boston.

An NSA spokeswoman in Fort Meade, MD., defended the scheme, claiming the keys
would be protected and law-enforcement agencies would have to go through a
formal legal process to decrypt messages.  "People will only have access if they
have a legal need for it," she said.

Corporate users, however, objected. "[The government] wants [the Clipper
standard] to be widely used so that law-enforcement people can listen in on
things that are used by criminals," said Steven Walker, president of Trusted
Information Systems, Inc., a Boston software company. "The criminals will find
some other way to do it, which is the irony of this.  It's not going to
accomplish what [that government] wants, no matter what."

One problem with today's encryption business is that U.S. firms are restrained
from exporting software that offers powerful encryption capabilities, the
executives said.

Currently, U.S. firms can only export products that use a 40-bit key, which
would take a fast computer about two and a half weeks to crack, said Zeitler. 
By contrast, the Data Encryption Standard -- a 56-bit key scheme not approved
for export -- would take the same computer 2,200 years to crack, while the
proposed Clipper chip, an 80-bit scheme, would take even longer.