1993-08-11 - Clipper trapdoor?

Header Data

From: David Sobel <dsobel@washofc.cpsr.org>
To: Cypherpunks <cypherpunks@toad.com>
Message Hash: d1809c6f9c26932c6b37b44fe71f081c956970ecf792ab52e5ac32a7e2cfe60f
Message ID: <00541.2827923432.4658@washofc.cpsr.org>
Reply To: N/A
UTC Datetime: 1993-08-11 21:32:06 UTC
Raw Date: Wed, 11 Aug 93 14:32:06 PDT

Raw message

From: David Sobel <dsobel@washofc.cpsr.org>
Date: Wed, 11 Aug 93 14:32:06 PDT
To: Cypherpunks <cypherpunks@toad.com>
Subject: Clipper trapdoor?
Message-ID: <00541.2827923432.4658@washofc.cpsr.org>
MIME-Version: 1.0
Content-Type: text/plain


  Clipper trapdoor?

Peter Wayner <pcw@access.digex.net> writes:

>My general impression is that the system is secure. Many people
>have played paranoid and expressed concerns that the classified
>algorithm might be hiding a trapdoor. It became clear to me that
>these concerns were really silly. There is a built-in trapdoor
>to be used by the government when it is "legal authorized" to
>intercept messages. The NSA has rarely had trouble in the past
>exercising either its explicitly granted legal authority  or
>its implied authority. The phrase "national security" is a
>powerful pass phrase around Washington and there is no reason
>for me to believe that the NSA wouldn't get all of the access
>to the escrow database that it needs to do its job. Building in
>a backdoor would only leave a weakness for an opponent to exploit
>and that is something that is almost as sacrilidgeous at the NSA
>as just putting the classified secrets in a Fed Ex package to 
>Saddam Hussein.

This raises an interesting question and I draw a totally different
conclusion.  If, as we have been told, the only way for an agency to
obtain the escrow keys is to present a court order, than NSA needs
to obtain such an order to decrypt *any* communication it intercepts.

I don't really understand what Peter means when he says that "NSA has 
rarely had trouble in the past exercising either its explicitly granted 
legal authority  or its implied authority. The phrase 'national security'
is a powerful pass phrase around Washington and there is no reason
for me to believe that the NSA wouldn't get all of the access
to the escrow database that it needs to do its job."

Does this mean NSA would, in fact, obtain a warrant in order to "get all 
of the access to the escrow database that it needs to do its job"?  If so,
this would represent an unprecedented change in the way NSA does "its
job."  NSA has no domestic law enforcement authority, so it would
obviously never be in a position to obtain a law enforcement wiretap
warrant under Title III.  The only possible way for NSA to obtain a warrant
would be under the Foreign Intelligence Surveillance Act (FISA).  But the
Foreign Intelligence Surveillance Court, which issues warrants under FISA,
has ruled that FISA's provisions

   limit the authority to conduct electronic surveillances to the U.S.
   in a geographic sense as defined in sec. 101(i).  The drafters left
   to another day the matter of "broadening this legislation to apply
   overseas ... because the problems and circumstances of overseas
   surveillance demand separate treatment."

In the Matter of the Application of the United States for an Order
Authorizing
the Physical Search of Nonresidential Premises and Personal Property (1981),
footnote 1 (citations omitted).

Consider the following hypothetical: Iraqi agents smuggle Clipper phones
out of the U.S.  Saddam Hussein uses them to communicate with his military
commander in Basra.  NSA intercepts the communications.  Question:  How
does NSA decrypt the messages?

Note that neither Title III (law enforcement) nor FISA (U.S.-based) apply
to this situation, so we have to assume that NSA will not have a court order
to obtain the escrow keys.  I have to conclude that NSA would not be putting
this technology out into the world *unless* it did, in fact, have some way
to
decrypt messages *without* access to the escrow keys.

Am I missing something?


David Sobel
CPSR Legal Counsel








Thread