From: koontzd@lrcs.loral.com (David Koontz )
Date: Thu, 2 Jun 94 08:40:01 PDT
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9406021539.AA17518@io.lrcs.loral.com>
MIME-Version: 1.0
Content-Type: text/plain


San Jose Mercury News, Front Page June 2, 1994

SCIENTIST FINDS FLAW IN CODE TECHNOLOGY

New York Times

  A computer scientist at AT&T Bell Laboratories has discovered a basic
flaw in the technology that the Clinton administration has been promoting
to allow law-enforcement officials to eavesdrop on electronically scrambled
telephone and computer conversations.

  Someone with sufficient computer skills can defeat the government's
technology by using it to encode messages so that not event the government
can crack them, according to the Bell Labs researcher, Matthew Blaze.

  For more than a year, the Clinton administration has been advocating the
encoding technology as the best way to ensure the privacy of telephone and
computer conversations while retaining the traditional right of law-
enforcement officials to use court-authorized wiretaps to eavesdrop on the
conversations of suspected criminals or terrorists.

  The technology, based on what is known as the Clipper chip, has been 
widely criticized by communications executives and privacy-rights advocates,
who fear its Big Brother potential.  The industry also fears foreign customers
might shun equipment if Washington keeps a set of electronic keys.

  But now, Blaze, as a result of his independent testing of Clipper, is 
putting forth perhaps the most compelling criticism yet:  The technology
simply does not work as advertised.  Blaze spelled out his findings in
a draft report that has been quietly circulated among computer researchers
and federal agencies in recent weeks.

  "The government is fighting an uphill battle," said Martin Hellman,
a Stanford University computer scientist who has read Blaze's paper and is
an expert in data encryption, as the field is known.  "People who want to
work around Clipper will be able to do it."

  But the National Security Agency, the government's electronic spying
agency, which played a lead role in developing the technology, said Wednesday
that Clipper remained useful, despite the flaw uncovered by Blaze. Agency
officials do not dispute the flaw's existence.

  "Anyone interested in circumventing law-enforcement access would most likely
choose simpler alternatives," Micheal A. Smith, the agency's director of
policy, said in a written statement.  "More difficult and time-consuming
efforts, like those discussed in the Blaze paper, are very unlikely to be
employed."

A necessary compromise?

  Since announcing the Clipper coding technology 13 months ago, White House
and Justice Department officials have argued forcefully that it is a 
necessary information-age compromise between the constitutional right to
privacy and the traditional powers of law-enforcement officials.

  The Clinton administration intends to use Clipper, which it is trying to
promote as an industry standard, for the government's sensitive non-military
communications.  The federal government is the nation's largest purchaser
of information technology. 

  But industry executives have resisted adopting Clipper's electronic
"backdoor," which is designed for legal wiretapping of communications, could
make it subject to abuse by the government or unscrupulous civilian computer
experts, who might eavesdrop without first obtaining a court order and the
electronic "keys" that are to be held in escrow by two government agencies.
Privacy-rights advocates have cited similar concerns.

  Industry executives also have worried that making Clipper a federal
government standard would be a first step toward prescribing the technology
for private industry or requiring that it be included in sophisticated
computing and communications that are to be exported.

Secret conversations

  Blaze said that the flaw he discovered in the Clipper design would not
permit a third party to break a coded computer conversation.  But it would 
enable two people to have a secret conversation that law-enforcement officials
could not unscramble.  And that could render Clipper no more useful to the
government than encryption technology already on the market to which it does
not hold the mathematical keys.

  "Nothing I've found affects the security of the Clipper system from the
point of view of people who might want to break the system," Blaze said 
Wednesday.  "This does quite the opposite, Somebody can use it to circumvent
the law-enforcement surveillance mechanism."

  Blaze said that several simple changes to the Clipper design could correct 
the flaw but that they might be difficult to adopt because they would require
the government to start over in the designing of Clipper.

  The government has already begun ordering telephones containing the Clipper
chip for use by federal agencies, and it is designing another Clipper-based
device, called the Tessera card, for use in personal computers.

  Hellman at Stanford said that the government was counting on most crooks and
terrorists not to go to the trouble of modifying the Clipper design or
otherwise seeking to disable it - fi they used it at all.

System not subverted

  One computer scientist who has been a proponent of the Clipper plan and who
is familiar with Blaze's paper said that the flaw would not immediately subvert
the system.

  "I don't think this undermines the Clipper," said Dorthy Denning, a computer
scientist at Georgetown University and part of a team chosen by the government
to evaluate the technology.  "But it's good to know what the vulnerabilities
are."

  Clipper was designed by researchers at the National Security Agency in 
cooperation with computer scientists at the National Institute of Standards
and Technology, a civilian agency that is responsible for setting computer
standards for non-military government applications.

  The Clipper chip is known as an "escrowed encryption system."  It is designed
so that law-enforcement officials wishing to eavesdrop on Clipper-encoded
communications must present a court warrant and a special number - or key -
generated by a Clipper chip to two separate government agencies.  Each of the
agencies would hold portions of a special number, which can be used together 
to decode the conversation.