1994-02-13 - Actively Sabotaging Clipper and Capstone?

Header Data

From: tcmay@netcom.com (Timothy C. May)
To: cypherpunks@toad.com
Message Hash: e31968f2e8e932b71841162c30b87fae25371d1a339fda85ec25b5b10f3f913c
Message ID: <199402131947.LAA03223@mail.netcom.com>
Reply To: N/A
UTC Datetime: 1994-02-13 19:53:56 UTC
Raw Date: Sun, 13 Feb 94 11:53:56 PST

Raw message

From: tcmay@netcom.com (Timothy C. May)
Date: Sun, 13 Feb 94 11:53:56 PST
To: cypherpunks@toad.com
Subject: Actively Sabotaging Clipper and Capstone?
Message-ID: <199402131947.LAA03223@mail.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


It's becoming more and more evident that the Crypto War has already
started, that the fascists in power have decided to ban the keeping of
secrets and the use of strong crypto by nongovernment folks.

In later messages I will expand on the ways we can actively sabotage
the Clipper/Skipjack/Capstone/MYK-xx/Tessera key escrow systems,
sabotage them with reverse engineering, with the planting of
compromised versions on store shelves, with the publication of
technical specs (such as "someone" did with the dumpster-diving
adventure at Mykotronx--which I've heard freaked out the national
security establishment!), and with the active spreading of
disinformation about the compromise of the key escrow system.

(Not everyone will like this "call to arms." I expect some harsh
responses. But isn't this what we cherish about free speech, the
ability to talk about controversial matters, even something as
controversial (well, not to me, of course) as advocating the overthrow
of the U.S. government?)

How could Clipper be sabotaged?

As a hint of what to expect, imagine the reaction of potential Clipper
users to the reports that BlackNet has already seen the offer of
$200,000 for the family keys? Or for the information leaking out of
VLSI Technology Inc., fabricators of the Mykotronx chip (and the ARM 6
that is part of the key escrow system), that different "family keys"
are being produced for different _countries_ (UK, Japan, etc.). I'm
sure these countries will be thrilled to welcome these chips onto
their shores, knowing that the family keys have already been provided
to the National Security Agency! 

(Sidebar on U.S. surveillance of Japan: Japan's version of the NSA,
the little talked about Chobetsu, is already advising Japanese chip
makers that the NSA listening sites at Misawa Air Force Base is
heavily targeting economic intelligence. "Yomiuri Shimbun," a large
daily newspaper, reported on 2-29-92 that the NSA and other U.S.
intelligence agencies had stepped up spying activities on Japanese
manufacturing companies, intercepting faxes, voicemail, and ordinary
conversations. Ostensibly, I suppose, this interception is targeted at
detecting evidence of collusion by the keiretsus, arms agreement
violations (recall the Toshiba propeller-machining case), and
shipments of sensitive technology to U.S. adversaries. However, my
contacts in the U.S.  chip industry say the intercepted material is
being used in pricing decisions and in trade negotiation talks, as
with the "20% of your chip purchases must be of U.S. chips, or
else....," and that the Japanese have just in the last 2 years
launched a major effort to secure their faxes, voice lines, and
computer networks against interception by the NSA and their affiliated
eavesdropping compadres (Naval Security Group, Air Force Electronic
Security Command, and Army Intelligence and Security Command (INSCOM),
all of which operate out of large military bases maintained in Japan,
but whose antennas are increasing turned away from Sakhalin Island and
toward the commercial traffic flowing in our major economic opponent.
These are the potential--but not very likely!--customers of Clipjack.)

Methinks the "classifed aspects" of Clipper/Skipjack that Dorothy
Denning recently mentioned (Denning: there are things the goverment
needs to do that it can't tell you about) have largely to do with this
economic espionage. Which is why we're already seeing "family keys"
generated for specific target countries, like Japan, Germany, and
France (our major "enemies" in this new world without our former

Part of our sabotage of key escrow can be the recruiting of more
Cypherpunks in these targeted countries and the providing of them with
material we find from anonymous sources who forward juicy material
(like the Mykotronx contracts, dates, specs, etc.). We can help create
an attitude of intense skepticism about key escrow, perhaps even
resulting in the widespread repudiation of Clipper use by corporations
in these countries. (For example, how would Toshiba react to the
report that Intel's Flash Memory group was tipped off about the
planned production volumes for Toshiba's 16 Mbit flash? Do you think
Toshiba will be an eager customer for Clipjacked phones from the U.S.?

And key escrow can of course be attacked on "general principles." The
idea that some conversations must be "escrowed" (whether the _keys_
are escrowed or the entire conversation is escrowed for later opening
is a distinction without a difference) is anathema to everything this
country once stood for.

(Key escrow is analogous of course to requiring all Citizen Units of
these Beknighted States to "escrow" their personal letters, diaries,
family album pictures, and kitchen recipes with the local constables.
After all, what if the government "needs" to consult these escrowed
files to see if illegal kiddie porn pictures of one's infants are
being pasted into the photo album, or if seditious thoughts are being
discussed in letters, or if "hateful speech" is being used? As
Professor Denning has pointed out, escrowing of the contents of one's
house does not affect the law-abiding citizen, who has nothing to fear
if he has nothing to hide, and allows law enforcement officers the
needed means of ensuring full compliance with all 17,532 laws now on
the books. Besides, the key escrow systems ensures that safeguards
exist: both the FBI and the Department of Justice will have to agree
before your escrowed diaries, letters, photo albums, and recipes can
be examined. You, of course, will not be notified that this has happened.)

Clipper and Capstone (the data standard that is coming), known also by
various names such as Skipjack, MYK-xx, Tessera, etc., are said to be
"voluntary" standards, but the signs are pointing toward the
outlawing--officially or practically (more on what I mean by this
below)--of alternatives to these Big Brotherish systems:

* Clipper/Capstone/Tessera will be useless in "fighting crime" if the
targets refuse to use them. Even a "dumb criminal" is not going to pay
extra money for an official AT&T "Clipjack" phone....he'll either take
no special precautions whatsoever (a la John Gotti) or his technicians
will set him up with something other than the key escrow system.

* The inevitable "market failure" of Clipperphones ("Reach out and tap
someone") will result in calls for a mandatory standard. We've all
seen this coming ever since the first proposal (and earlier, as I
wrote in my October 1992 piece, "A Trial Balloon to Ban Encryption?")

* The "Digital Data Superhighway" (what a dumb name!) will almmost
certainly attempt to impose various kinds of regulations and rules for
data. You all can speculate on the laws...

* The tax avoidance implications of strong crypto are so profound that
the Feds are undoubtedly panicking about this. (A source tells me that
my "crypto anarchy" schemes, now being talked about by others, and the
subject of articles in various magazines, are being taken seriously be
the Treasury folks and FinCEN, and that they are getting more and more
active in the NSA-NIST-CIA-Justice planning for key escrow,
wiretapping, and surveillance. (Cf. the great article in "Wired," the
December issue (I think--it has Sonic the Hedgehog on the cover), on
FinCEN, the Financial Crimes Enforcement Network.)

* Speaking of wiretapping, the S.266-based wiretap proposal *has not
gone away*. It will come back bigger and badder than ever. I'm
attaching the description of what's cooking now, based on an article
from yesterday's NYT.

Key escrow, wiretapping, increased surveillance of economic
transactions, FinCEN, the collusion of the credit reporting agencies
with intelligence folks (how do you think 50,000 people in the Witness
Security Program (aka Witness Protection Program) are so well hidden
in this age of computers?), all are changing the equation drastically.

There are more than 700 subscribers to the Cypherpunks list. If only a
handful of us actively sabotage the Clipper/Skipjack system, we may
have a major impact. (Of course, our putting the "penny on the track"
could also produce the train wreck of a complete crackdown on computer
communications, but this is unlikely: the genie's already out of the
bottle, the networks are already too anarchic and too ubiquitous, the
sites are already beyond the control of the U.S. government.

Time to sabotage this whole Big Brother system.

--Tim May

And here's the article, or a summary of it, about the Administration's
ongoing plans to put a goverment wiretap in every network:

From: Junger@samsara.law.cwru.edu (Peter D. Junger)
Newsgroups: talk.politics.crypto
Subject: White House Seeking Software to Aid in Wiretaps
Date: Sat, 12 Feb 1994 14:09:20 GMT
Lines: 27
Message-ID: <Junger.274.761062160@samsara.law.cwru.edu>

	The New York Times has an article this morning (9/12/94) on the 
first page of the national edition by Edmund L. Andrews, datelined 
Washington, Feb. 11 with the headline that appears above in the subject line.

I quote two paragraphs:

	"The White House is pressing for legislation to force telephone and 
cable companies to install computer software on their networks that would 
enable law enforcement agencies to eavesdrop on phone calls and computer 
transmissions, Clinton Administration officials said today.

	". . . .

	"Like the computer chip plan, the new bill is likely to put the 
Administration on a collision course with both telecommunication companies 
and civil rights groups.  Industry executives believe any such measure could 
cost as much as $300 million, so that they would have to seek higher rates 
from customers.  Civil rights groups argue the measure is largely 
unnecessary and poses potential threats to privacy."

	The bill is supposedly a new version of the wiretapping bill that 
Bush asked for and did not get.

Peter D. Junger

Case Western Reserve University Law School, Cleveland, OH