1994-02-06 - A Nice Summary of Motives for Clipper

Header Data

From: tcmay@netcom.com (Timothy C. May)
To: cypherpunks@toad.com
Message Hash: 9062ee8eb385507ca9bc662a1e65ec273a6b602f6b4adb4e120764be7303633e
Message ID: <199402061911.LAA20333@mail.netcom.com>
Reply To: N/A
UTC Datetime: 1994-02-06 19:11:08 UTC
Raw Date: Sun, 6 Feb 94 11:11:08 PST

Raw message

From: tcmay@netcom.com (Timothy C. May)
Date: Sun, 6 Feb 94 11:11:08 PST
To: cypherpunks@toad.com
Subject: A Nice Summary of Motives for Clipper
Message-ID: <199402061911.LAA20333@mail.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



This fellow has written a nice summary of the "carrot and stick"
motivations on Clipper. Nothing we haven't seen discussed, but a nice
synopsis.

His analysis is accurate:

- the government will make Clipper use very easy to export, and to use
(perhaps by subsidizing production costs of the MYK-xx chip for some
time)

- the government will make non-Clipper use very hard to export, may
harrass those who post code to ftp sites (a la PGP, Moby Crypt, etc.),
and will do other things to throw roadblocks up

- the result will probably be that in 5 years mosts crypto use is of
the key escrow sort, with all that that implies

Comment from TCM: Yes, we've "already won" in some sense, in that
strong crypto can't be completely eliminated. But if 99% of all crypto
users are using key escrow in 1999, for practical reasons, then in
some sense we have lost.

I'm curious about what RSA Data Security Inc. thinks of all this, as
this carrot-and-stick move worsens the export situation immmensely:
key escrow technologies get a "pass," while non key escrow
technologies get scrutinized, delayed, and generally told not to
bother to try to export (this is my interpretation). Could be real bad
news for Bidzos and Company. (Don't flame me for urging an alliance
with RSADSI! I'm just speculating on who will be hit hard here. Could
have some implications for what Cypherpunks support.)

Here's the article:


Newsgroups: alt.activism,alt.politics.datahighway,alt.privacy,alt.privacy.clipper,alt.security.pgp,alt.wired,comp.org.eff.talk,talk.politics.crypto
From: shephard@fraser.sfu.ca (Gordon Shephard)
Subject: Re: CRYPTO: DoJ's new rules for access to Clipper keys
Message-ID: <shephard.760538361@sfu.ca>
Sender: news@sfu.ca (seymour news)
Organization: Simon Fraser University, Burnaby, B.C., Canada
Distribution: inet
Date: Sun, 6 Feb 1994 12:39:21 GMT
Lines: 107

strnlght@netcom.com (David Sternlight) writes:

>You still don't get it. Clipper is a system for the private sector with good
>security except for the escrow. The escrow is there to prevent the bad guys
>from using what would otherwise be a very hard to break system.

This reveals some of the mindset behind Government encryption policy.  For 
the past year or so, I've been discussing the "Clipper Concept", and have
constantly bewildered myself and others with the question:

   Why on earth would the black hats use a system which can be compromised
	by law enforcement agencies?

The conclusion which we normally came to was that after the introduction of
Clipper technology, the United States Government would work towards making
it illegal for cryptographic systems other than Clipper (or some other
Government controlled Key Escrow system) to be sold or produced in the
United States.

Now, Mr. Sternlight's view that Government is not attempting to prevent black 
hats from using non-clipper technology, and that they simply do not wish 
to allow criminals to use the Governments strong encryption system,
contrasts somewhat with the current dialogue on the subject.

And it makes sense - Clipper is going to dominate the market.  We may
all strut about and swear up and down how we will never use a cryptographic
system which the Government can break, but, given that commerical providers
will probably have huge incentives to develop clipper chip systems, (Govt.
Contracts and such :) this is the system that you and I will probably be 
purchasing.

A careful re-reading of the Press Releases provides supporting evidence. 

In particular, the administration will allow export of key escrow technologies,
and their new policies will result in:
	 - expedited delivery of products
	 - reduced shipping and reporting costs
	 - fewer individual licenses
	 - personal exemptions for the use of encryption technology taken
		out of the country by business persons.

The administration is going to also work with industry, with the NIST leading
these efforts.  Mention was made of money being tossed into this effort (Staff
will be hired....)     

So, that's the carrot, now for the stick:

"The Administration will continue to restrict export of the most
 sophisticated  encryption devices."

So, picture in your mind a Company such as AT&T, or U.S. Robotics, that
is about to start selling an encrypting modem/telephone:

They can either provide to Joe Public a Key Escrow technology, or they
can put together their own proprietary encryption system.

The Key Escrow technology system can be sold to the U.S. Government (Big
Bucks, How much would you like to bet that in the next 3 or 4 years, 
numerous government departments will be allocated large sums of money
to purchase encryption devices, regardless of whether they need it or
not - The press releases reveal that All Govt. Purchases will be Key Escrow - 
Never underestimate the impact of Government contracts)

The Key Escrow technology system will be free of Red Tape, can be exported,
will not require individual licensing for each country, can be taken
out of the country by business persons (The vast majority of which could care
less whether the Govt. can crack their communications, it's the competition 
they are concerned about), etc, etc....

Or, they can create a proprietary system and face the mother of all red
tape trying to sell the damn thing (At a significantly increased cost.)

The Result:

	1) Commerical Companies will not produce Non Key Escrow Technology.
	2) The few that do, will have their lives made so difficult by the
		Administration, it will be difficult to find their product.

And this is an issue that Nobody seems to discuss:  

	Encryption is only useful if BOTH ends of the communciation line 
	are using the same encryption technology.

Who will you be able to talk to if you are using a proprietary 
encryption system.  (A technically alert member of the press should
ask the following question: Will the administration seek to prevent
encryption systems which incorporate the clipper chip from having secondary
encryption technolgies embedded (I.E. Imagine if the modem you manufactured
could only talk V.32terbo, and not V.32/V.32bis - Nobody would buy it
because everyone else has a V.32bis modem. ) 

And here is where the Government may have made a strategic error though;
by not revealing their encryption algorithm, they may have opened up
a market for people who are concerned about the strength of the
encryption algorithm.  E.G. AT&T can come along and market their 
encrypting telephones with multiple levels of security, standard
"Clipper" encryption, or new and improved AT&T laboratory technology
which has been attacked by every encryption researcher on the planet.
Of course this device would still face the Red tape which the government
will be using as its primary weapon against non key escrow technology
in the coming years.

You heard it here first.  (Well, maybe not.  Anyone hear how the
Government has been treating PGP lately? :)

| Gordon Harry Shephard, shephard@sfu.ca,(message)252-4387, (res)524-8622 
| In No Way am I speaking for my Employers or Simon Fraser University.

--







Thread