1993-12-08 - San Jose Merc article on s/w industry crypto deal

Header Data

From: karn@qualcomm.com (Phil Karn)
To: dmandl@panix.com
Message Hash: 02fb0f1fef20bd98ce78bec295a50acf67d69111616f6c10c8d168afe1eee070
Message ID: <199312081945.LAA16407@servo>
Reply To: <9312081826.AA14676@disvnm2.lehman.com>
UTC Datetime: 1993-12-08 19:46:02 UTC
Raw Date: Wed, 8 Dec 93 11:46:02 PST

Raw message

From: karn@qualcomm.com (Phil Karn)
Date: Wed, 8 Dec 93 11:46:02 PST
To: dmandl@panix.com
Subject: San Jose Merc article on s/w industry crypto deal
In-Reply-To: <9312081826.AA14676@disvnm2.lehman.com>
Message-ID: <199312081945.LAA16407@servo>
MIME-Version: 1.0
Content-Type: text/plain


If the government really were to commit to removing export controls on
all civilian cryptography, and to ensuring that Clipper remains truly
voluntary, then I could see how the DPSG compromise *might* have some
merit.  With or without such an agreement, Clipper is a non-starter --
as long as better alternatives are readily available.

This is already true for general purpose computers. People can easily
run whatever encryption software they like on their PCs, whether the
NSA, FBI or anyone else likes it or not. Unfortunately, it is NOT true
for voice services like digital cellular. Although they contain
computers, digital phones are not as easily reprogrammed as PCs. And
even if they were, you still need the cooperation of the carrier to
decrypt your call at the base station (unless, of course, you encrypt
end-to-end, but then you need the right kind of data service from the
carrier, plus a compatible secure telephone on the land side of the
call).

In theory, at least, under this "deal" the cellular vendors would be
free to support either Clipper or some other, better encryption
scheme, without fear of export controls destroying much of their
market.

In reality, of course, the cellular carriers and manufacturers are
large and conservative enough (and do enough business with the
government) to be easily browbeaten into installing only Clipper, if
indeed they install any real encryption at all.  Indeed, the NSA
hardly had to lift a finger to browbeat the industry into installing a
trivial "voice privacy" scheme in TDMA cellular that can be broken by
any undergrad CS student in a few minutes.

So I'm not worried about the effect of this deal on general purpose
computer applications; it may even help, by getting rid of export
controls. But the big loser will inevitably be voice privacy.

Phil







Thread