1994-04-18 - Clipper self-defeating, and voice PGP

Header Data

From: rishab@dxm.ernet.in
To: albright@chaph.usc.edu
Message Hash: 7def51270582e40416cb1b364fea743cdca3d1c9ca7f5f7193fd8866d78f2265
Message ID: <gate.u80Xkc1w165w@dxm.ernet.in>
Reply To: N/A
UTC Datetime: 1994-04-18 17:27:06 UTC
Raw Date: Mon, 18 Apr 94 10:27:06 PDT

Raw message

From: rishab@dxm.ernet.in
Date: Mon, 18 Apr 94 10:27:06 PDT
To: albright@chaph.usc.edu
Subject: Clipper self-defeating, and voice PGP
Message-ID: <gate.u80Xkc1w165w@dxm.ernet.in>
MIME-Version: 1.0
Content-Type: text/plain


the LA Times article:

"As long as there is a thriving market in commercial cryptography, CLipper
is unlikely to be a threat to our privacy or our criminals."

Ummm... Isn't the whole govt strategy to flood the market with orders for
Clipper, ensuring that due to the economies of scale, any "thriving market"
will be for Skipjack? Besides, while the Clipper proposal may not say anything
about banning other crypto, DT-2 would force any common carriers wanting to
provide 'secure,' encrypted lines as a value addition to use Clipper, or 
otherwise "ensure the government agency's ability to acquire the plaintext..."

True, Clipper even if passed, will probably backfire on the govt, as the
public debate it has instigated has done more to raise awareness of other 
methods (PGP...) and of crypto in general, then we might have been able to do
without this provocation. Average citizen-units are likely to stick to 
plaintext (which is fine - they have none of the false sense of security of
Clipper users). Many people, who would like to keep their communications 
private but never thought of encryption before, may well end up
using non-Clipper devices due to the publicity for these due, ironically, to
Clipper. 

However, the government may insist that contractors and others who deal with
it use 'standard' encryption, at least for communication with the government;
presumably hoping that the substantial number of such organizations will not
bother to spend more for alternative encryption for non-governmental use.

Free, PC-based voice encryption (voice-PGP etc) may be one way to counter 
Clipper, though 'ordinary people' would definitely prefer transparently secure
phones. Voice-PGP would, of course, have the same patent problems within the US
as PGP itself. 


As an aside, a quick check showed that vanilla PGP encrypts high-entropy files
at over 20k/sec (on my 486/33 with many things in the background, excluding 
key-ring lookup time). As even a Codex FAST transmits high-entropy data (such
as encoded speech, or PGP output) at only 2.4 kbytes/sec, and voice can be
squeezed into about 1k/sec, PGP code, as it is at the present, is easily fast 
enough to cope with real-time conversation. 

The descriptions of voice-crypto that I've seen so far attempt to multiplex
voice into a (digital) datastream over a modem. Is anyone working on something
more general, that produces an *analog* encrypted audio stream? As voice
encryption takes an input that is originally analog, if it were to output 
analog noise, one could build dictaphone-like gadgets to talk through into 
even a Clipperphone, in the event that all instrument manufacturers were 
"suitably incentivized" to use only the Clipper chip.

--------------------------------------------------------------------------------
Rishab Aiyer Ghosh                            "What is civilisation
rishab@doe.ernet.in, rishab@dxm.ernet.in        but a ribonucleic
Voicemail +91 11 3760335; Vox/Fax/Data 6853410      hangover?"
H-34C Saket New Delhi 110017 INDIA
--------------------------------------------------------------------------------





Thread