1994-07-19 - Anti-Clipper Article in “THe Computer Applications Journal”

Header Data

From: NetSurfer <jdwilson@gold.chem.hawaii.edu>
To: cypherpunks@toad.com
Message Hash: 023fc53fd030da1bf3badbf26f29aa8c400d8518a21454f04b15aa1d5c3fc5cd
Message ID: <Pine.3.07.9407182130.C5407-f100000@gold.chem.hawaii.edu>
Reply To: N/A
UTC Datetime: 1994-07-19 07:54:48 UTC
Raw Date: Tue, 19 Jul 94 00:54:48 PDT

Raw message

From: NetSurfer <jdwilson@gold.chem.hawaii.edu>
Date: Tue, 19 Jul 94 00:54:48 PDT
To: cypherpunks@toad.com
Subject: Anti-Clipper Article in "THe Computer Applications Journal"
Message-ID: <Pine.3.07.9407182130.C5407-f100000@gold.chem.hawaii.edu>
MIME-Version: 1.0
Content-Type: text/plain



FYI the following is scanned, not stirred (or forwarded) from "The Computer
Applications Journal", July 1994, issue #48 (a 'zine with a refreshingly
technical mix of software, hardware info for board-level integration with
current popular operating systems e.g. DOS etc.)


         By John Iovine
         
         Cryptology is a science of enciphering and deciphering messages
         and information. The word conjures up images of espionage, spies, 
         hostile government action, and top secret information. We don't 
         usually associate this word with privacy--your privacy--but it 
         is this facet of cryptology that is being argued today in our 
         courts and among government agencies.
         
         ENCRYPTED PRIVACY?
         The arena where electronic bits of information are transmitted
         through data conduits is loosely termed "cyberspace." Currently, in
         cyberspace there's no guarantee of privacy. Transmitted messages
         may be intercepted and read indiscriminately. This possible invasion of
         privacy is not just limited to Email on your local BBS or on
         Internet. Our national telephone network, which handles voice and 
         fax as well as computer telecommunication, is vulnerable.
         Additional data conduits like cable television systems and satellite
         feeds are becoming more commonplace all across the country. These
         newer networks are vulnerable to interception as well.

         To better grasp the threat, imagine a company that
         routinely transmits bids or promotional information to
         field agents through one of these networks. The company can be put
         at a severe disadvantage if a competitor gains access to
         this information.

         The dark side of our information age is that technically skilled
         crooks--sometimes romantically referred to as phreakers and crackers 
         can create havoc in your life.  
         
         For a while, crackers were making national news by breaking into
         secured government databases.
  
         Intercepting various unprotected data communications makes most
         people easy targets for others to gain access to confidential
         material.

         Anyone who has been electronically mugged has very little
         sympathy for these criminals. By stealing credit card numbers,
         they are capable of making purchases, charging telephone calls to 
         your phone number, reading your Email, and listening to cellular 
         phone conversations.

         The problem is growing. Our national data network increases in size
         and complexity daily. It is changing and defining the methods by
         which people communicate, information is transferred, and business is
         conducted.

         It is therefore becoming increasingly important to secure the
         privacy of the networks and reduce their vulnerability to 
         interception. Business has been less than responsive to this threat. 
         For instance, credit card companies justify their exorbitant +19% 
         interest rates because they are needed to compensate for the
         tremendous amount of credit card (read "electronic") fraud and
         thievery. These companies should be doing
         much more to prevent electronic fraud instead of just passing the
         cost on to honest consumers in the way of high interest rates.
         Rep. Edward J. Markey (D-Mass), the chairman of the House Telecom-
         munication and Finance Subcommittee, had this to say about privacy:
         "Whether it's a cellular phone conversation, computer data, a fax 
         transmission, a satellite feed, cable programming, or other
         electronic 
        services, encryption is the key to protecting privacy and security." 
         He stated further that "developing a national policy
         for encryption and its uses is therefore a process of fundamental
         importance for the future of our national networks and our 
         competitive position internationally."
         
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>


--------- ENTER THE CYPHERPUNKS

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
  
         That's cypher, not cyber. Let's not confuse these similar sounding
         monikers. The cypherpunks want to see widespread public use 
         of cryptotechnology. They see the individual's privacy protected 
         through cryptography. However, they face powerful governmental and 
         political obstacles.

         The end of the cold war hasn't eliminated the need for cryptography
         and secret codes used by our government. But it should
         have alleviated some of the regulations concerning private use of
         cryptotechnology. The government still classifies cryptotechnology 
         with hard military weapons such as tanks. The U.S. government agency 
         in charge of cryptotechnology is the National Security Agency (NSA). 
         The cypherpunks see the NSA as trying to keep its monopoly on
         cryptotechnology intact.

         One of the most outspoken and visible members of the cypherpunks is
         Iohn Gillmore. Mr. Gillmore has this to say on the subject:
         
         Government investment leads to government control.

         Government control is detrimental to the development of the media.

         Government seized the control of radio and television in their
         infancy. Since then the media has never had full first amendment
         rights or protection.

         Encryption technology is the key for people and companies to maintain
         their privacy over the networks.  The government should cease its
         involvement .
         
         John has fought legal battles with the NSA on a few fronts. So
         far he has been victorious.
         
         BATTLE LINES
         
         The lines are drawn. On one side you have the cypherpunks who feel
         that good public cryptographic technology safeguards our privacy. The
         NSA feels this is compromising our national security.
         
         The government has threatened private cryptographers with jail. John
         Gillmore was threatened by the NSA stating that he was on the
         verge of violating the Espionage Act. A conviction would have sent 
         him to jail  for 10 years.

         How can the government threaten private citizens7 Easily: as stated
         previously, the government classifies cryptographic tools with
         military tanks and bomber planes.
         
         THE WASHINGTON CONNECTION

         The Administration wants America to encrypt its information to
         protect it from unauthorized access.  The encryption scheme, con-
         tained in the government-sponsored Clipper chip, includes voice as 
         well as data information sent over communication lines. A major
         catch  in this plan is that only the government-approved encryption is 
         allowed in any device used by the government or in government
         projects. 

         Other encryption methods continue to be legal for domestic use, but 
         only in nongovernment applications.

         The second catch is the potential for a trap door in the
         encryption chip's program that would allow law enforcement agencies 
         to decipher any encrypted data. Therefol-e, this method of encryption 
         doesn't alleviate concerns that the government could abuse its ability 
         to tap into the privacy of the citizenship.

         Of course, organized crime would use its own crytotechnology, anyway.
         So a trap door would only be effective for spying on
         small incidental crooks and private citizens.

         The encryption algorithm touted by the Administration is
         contained in an integrated circuit. This chip, designed by Mykotronx 
         in Torrance, Calif. and manufactured by VLSI in San Jose, Calif., is 
         nicknamed "Clipper." It is a 12-Mbps encryption coprocessor. The OEM 
         cost of the chip is $26 when purchased in large quantities, which
         trickles down to an increase of $100 in the street price of any 
         electronic equipment (computer, phone, fax that contains the chip.
         
         SOFTWARE VS. HARDWARE

         There are less expensive encryption chips on the market than the
         Clipper. 

         Usually anyone interested in encryption takes a software 
         approach.  It may be a little slower than hardware, but the
         recurring cost is much less. Speed only becomes a critical 
         consideration when it's necessary to secure fast communication
         such as video or voice communication.
         
         RECENT EVENTS

         On February 4, 1994, the U.S. Government officially endorsed the
         Clipper chip and directed the Commerce Department's National
         Institute of Standards and Technology (NIST) and the Treasury 
         Department to hold in escrow the keys used to unlock the Clipper
         codes. It also establishes new procedures for exporting products 
         using Clipper to most countries.

         The government has formed an interagency group whose job it is to
         develop encryption technologies that could serve as alternatives to 
         Clipper.

         The Clipper endorsement contains three flaws according to a
         policy paper released in January 1994 by the Institute of Electrical 
         and Electronic Engineers: a classified algorithm, the key-escrow 
         system, and an encryption standard developed for public use without 
         public scrutiny.

         The Clipper chip has developed many industrial and congressional
         opponents.  So far, Novell, AT&T, Citicorp, Computer Associates,
         Hughes Aircraft, Motorola, and other major corporations openly 
         oppose the Clipper encryption standard. The failure of recent 
         administrations lies in
         the fact that they did not seek greater industry participation
         before proposing the Clipper chip. Further, they ignored protests 
         from industry and Congress.
         
         THE BIG BROTHER ISSUE

         The Clipper chip can provide government agencies with
         unprecedented wiretapping ability.

         Ideally, the Clipper chip encrypts (scrambles) communication to
         everyone except the intended recipient. The key code to unscramble
         communication is held by two separate government agencies. The 
         government has the option of using a joining key code to unscramble
         communications with court-approved legal authorization.

         However, there is a strong possibility that a trap door exists in the
         Clipper chip that would allow agencies unauthorized tapping. The
         government wouldn't allow the algorithm used in the Clipper, called
         "SkipJack," to be studied publicly, so no one knows for sure.
         When the Administration endorsed the Clipper as a Federal Data
         Processing Standard on February 4, it was backed up with an immediate
         order for 50,000 Clipper chips. Meanwhile, a forced export
         embargo keeps all other encryption schemes expensive. U.S.manu-
         facturers must "dumb down" their data encryption programs by
         keeping the key lengths to 40 bits or fewer for legal export. The
         Clipper uses an 80-bit code.
         
         ENCRYPTION BASICS

         The following is a list of some of the basic terms that are used in
         encryption. Plaintext is the original unaltered message or file. 
         Ciphertext is the encrypted message or file. An encryption
         algorithm is the function that maps plaintext into ciphertext.  
         Keys are used to determine mapping.  Keyspace describes the size
         of the key; it determines 
         the number of all possible keys. For instance, an 8-bit key has a
         keyspace of 256 (256 possible values), where a 16-bit key has a 
         keyspace of 65,536.  Keys are usually alphanumeric.

         There are three main types of ciphers: substitution, transposition,
         and product. Substitution ciphers substitute each character in the 
         plaintext with another, determined by the key. Transposition ciphers
         rearrange the characters in plaintext, again, determined by the key. 
         Product ciphers combine the substitution and transposition
         algorithms.

         A substitution cipher simply substitutes each plaintext character
         with another character determined by the key. For instance, we could 
         easily displace the alphabet by one character to generate a simple 
         substitution. For example, ABC...XYZ could become BCD...YZA, and the 
         phrase "HELLO WORLD" would become "IFMMP XPSME."
         Substitution ciphers are also called Caesar ciphers, because Julius 
         Caesar used this simple method of encoding messages.

         The transposition cipher system rearranges the characters in
         plaintext. A simple system rearranges every two characters, so "ab" 
         becomes "ba." With this kind of cipher, "HELLO WORLD" becomes 
         "EHLLW ORODL."
         
         GENERATING MORE COMPLEX CIPHER SYSTEMS

         Blaise de Vigenere, a French cryptographer in the sixteenth century,
         complicated the simple Caesar code. He proposed that the key be
         used to change the plaintext in a periodic manner. When a message is 
         encoded by this method, you change a plaintext letter for each 
         successive letter in the key, always running through the same 
         sequence of key letters. A simple example should clear any confusion.

         Suppose the name "John" was selected for the key code. This corre-
         sponds to the number sequence 9, 14, 7, 13. To encode a message
         using this key sequence, divide the letters of the plaintext message
         into groups of four.  This corresponds to the four letters used in the
         key. 

         To each letter group, add 9 to the number value of the
         first letter of each group, 14 to the second letter, 7 to the third 
         letter, and 13 to the fourth letter. The example below illustrates 
         the Vigenere code:
         
         Key Code: JohnJohnJohnJohn
         Plaintext message: helloworld
         Ciphertext message: qssy xlvf m
         
         As you can see, the coding algorithms are becoming more
         complex. Even this code pales to the more sophisticated programs 
         available.
         
         THE DEBATE CONTINUES

         I've only scratched the surface in the great encryption debate. 
         There are a number of on-line newsletters carried on the Circuit 
         Cellar BBS that follow the issue closely Computer Underground Digest 
         [CuD] and Electronic Frontier Foundation [EFF].  If you are 
         interested in following along,  check them out.

         So what do you think? Write and let me nkwo (pun intended) 
         
         John Iovine is a free-lance writer living in Staten Island, N.Y.
         He has published numerous books on electronics and science-related
         topics. He may be reached at 75425.673@compuserve.com.
         
         For those who wish to pursue data encryption, Images Company
         offers an encryption program titled Cipher 1.0 for $9.95. Images 
         Company, P.O. Box 140742, Staten Island, NY 10314, l 718 698-8305. 
         New York residents must add the appropriate sales tax. Add $5.00 
         postage and handling to  all orders.


-NetSurfer

#include standard.disclaimer

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
==  =    = |James D. Wilson        |V.PGP 2.4:   512/E12FCD 1994/03/17 >
 "  "    " |P. O. Box 15432        |     finger for full PGP key        >
 "  " /\ " |Honolulu, HI  96830    |====================================>
\"  "/  \" |Serendipitous Solutions|    Also NetSurfer@sersol.com      >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>













Thread