From: schneier@chinet.chinet.com (Bruce Schneier)
To: cypherpunks@toad.com
Message Hash: cbcb30521abb365f0d1b88c451e3439eeb4dfbb8d2240a591aace7ce73056330
Message ID: <m0qUosJ-0002EdC@chinet>
Reply To: N/A
UTC Datetime: 1994-08-01 04:50:23 UTC
Raw Date: Sun, 31 Jul 94 21:50:23 PDT
From: schneier@chinet.chinet.com (Bruce Schneier)
Date: Sun, 31 Jul 94 21:50:23 PDT
To: cypherpunks@toad.com
Subject: Philadelphia Enquirer Story on Clipper
Message-ID: <m0qUosJ-0002EdC@chinet>
MIME-Version: 1.0
Content-Type: text/plain
PHILADELPHIA INQUIRER
Copyright Philadelphia Newspapers Inc. 1994
DATE: SATURDAY July 23, 1994
PAGE: A01 EDITION: FINAL
SECTION: NATIONAL LENGTH: LONG
GRAPHICS: PHOTO AND DIAGRAM
SOURCE: By Michael L. Rozansky, INQUIRER STAFF WRITER
PHONE-SCRAMBLING CHIP STIRS A DEBATE ON*PRIVACY*
U.S. IS PROMOTING A CODE SYSTEM IT CAN CRACK.
The FBI, CIA and National Security Agency say that advances in technology
are making it impossible to wiretap and decode the phone calls and computer
communications of terrorists and criminals.
So they came up with this solution:
This little square of silicon sealed in black plastic is called the
Clipper chip that Uncle Sam wants businesses and individuals interested in
keeping their telecommunications confidential to buy. It scrambles
conversations so that no one who eavesdrops on a call can understand them.
No one, that is, except the U.S. government.
That's because the government's concept was to keep a copy of the
electronic key to each Clipper chip that, with a court order, would allow it
to unscramble calls and listen in.
All this has provoked what one White House official has dubbed the ''the
Bosnia of telecommunications policy.''
The first great civil-liberties battle of the '90s is here, and it's
being fought over*privacy*in cyberspace.
This week the Clinton administration took the first step toward clipping
the Clipper. Vice President Gore wrote to a congressional critic that the
administration would consider alternatives. Indeed, it wanted to explore
industry alternatives, he said.
But there are no signs that the government is altering its fundamental
drive to make sure that changes in technology and advances in encryption do
not make it impossible for the government to tap into telephone conversations
and data communications.
Some critics hailed Gore's letter as a major victory, others said it was
less than it seemed.
''They are not withdrawing Clipper, they are not relaxing export
controls, it doesn't change anything,'' said Dave Banisar, a policy analyst
at the nonprofit Electronic*Privacy*Information Center in Washington.
The government says the Clipper chip lets people and businesses protect
their*privacy,*while giving police and spy agencies the ability to wiretap,
with a court order, to catch terrorists, drug dealers and mobsters.
Opponents say it's part of a broad government assault on*privacy.*
''Clipper is the tip of the iceberg,'' says Banisar. ''It's part of a big
push by law enforcement to have their fingers in a lot of pies.''
In addition to Clipper, Uncle Sam has come up with Capstone, a system
similar to Clipper, for high-speed computer communications. The government
also wants the telephone industry to spend what may be billions of dollars
reworking its system to make it easier for the government to tap
conversations.
These and other plans have aroused the fury of an unlikely coalition of
civil-liberties advocates and high-tech industry groups, which say those
plans are unworkable, unnecessary and harmful to business.
IBM and the International Chamber of Commerce oppose Clipper. So do the
Cypherpunks, a band of cryptography buffs, computer hackers and programmers
concerned with*privacy.*An anti-Clipper petition circulated on the Internet
gathered 47,000 electronic signatures.
The government was so intent on promoting Clipper that it eased rules
covering its export while continuing to ban the export of competing systems
capable of creating encryption that is almost unbreakable, known as ''strong
encoding'' systems. Some strong encoding systems, which are classified as
''munitions,'' can be obtained free on the Internet.
One result is that U.S. companies are losing business to foreign
competitors that make the same type of encryption systems the United States
refuses to export, said Douglas Miller, government-affairs manager for the
Software Publishers Association. He said 340 foreign crytographic systems
were available in 31 countries.
But issues of liberty versus government prying are what dominate the
debate.
''If the government succeeds in this effort, the resulting blow to
freedom and*privacy*could be immeasurable,'' Jerry Berman, executive director
of the Electronic Frontier Foundation of Washington, the leading cyberspace
civil- liberties organization, wrote in an electronic memo posted on Internet
bulletin boards.
*''Privacy*is necessary for democracy and liberty,'' said cryptographer
Bruce Schneier, author of Applied Cryptography. ''You can't have a real
democracy if you're required to tell the government all your secrets.''
He and other critics say the Clipper plan is ripe for mistakes or
government abuse that will compromise*privacy.*
Law-enforcement officials counter that the Clipper and the related
proposal, the Capstone chip, do not give them any greater right to wiretap
than they have now.
They frame the debate in different terms, saying that the key issue is
what happens if the government cannot break the encryption used by major
criminals.
''There's a potential for dire consequences, absolutely,'' said Jim
Kallstrom, FBI special agent in charge of New York's electronic surveillance
unit. ''If you're working on a kidnapping case, it's no good to get the
criminal information a week later.''
He adds: ''Are we going to have a cop on the (information) superhighway,
or are we going to create a sanctuary for criminals?''
Government officials say using Clipper - and its Capstone sister chip -
is voluntary.
''There's nothing to say people can't ignore the government endorsement
and use proprietary products,'' said F. Lynn McNulty, associate director for
computer security at the National Institute for Standards and Technology,
which developed the system.
In practice, critics say, the government is not so neutral. Companies
that have contracts to do sensitive work for the government, for example, may
be required to use Clipper encryption. And the government is buying Clipper
chips - the FBI alone has ordered 9,000 - which creates a market for Clipper
and encourages more purchases. And the ban on exports of competing strong
encoding systems also favors Clipper, the critics assert.
*
The Clipper chip was born largely out of fear - fear that the three-
letter police and spy agencies would lose their ability to wiretap.
By the late '80s, the U.S. government worried that its old standard form
of encoding, called the Data Encryption Standard, was getting easier to crack
by newer, more powerful computers. Work began on a new standard form of
encoding.
While that was underway, in 1991, AT&T Corp. told the government it was
going to come out with a mass-market voice-scrambling box: the $1,195 Surity
3600.
Until then, very strong encryption was generally used for data, not voice
communications, said the FBI's Kallstrom. For example, banks use encryption
to electronically transfer billions of dollars. But most scrambling systems
for phone calls degraded sound quality so badly they were rarely used, he
said.
''For the first time, there was something available that . . . was small,
compact, inexpensive,'' and, ''for all practical purposes to law enforcement,
was virtually unbreakable,'' Kallstrom said. ''That changed the balance of
power.''
The government's response was Clipper. In April of 1993, the government
introduced a secret mathematical scrambling system, the Skipjack algorithm,
which was encased in a computer chip to prevent tampering. It was supposed to
be 16 million times tougher to crack than the previously endorsed system.
When the government asked for comment, 320 people responded. Only two
wrote in support. Despite that, the Clipper plan was endorsed by the White
House and became government policy in February.
The government persuaded AT&T to use the Clipper system in its Surity box.
AT&T, meanwhile, also sells two other versions of the box using its own
proprietary encoding systems.
*
To limit government access to scrambled messages to occasions when a
court authorizes a wiretap, Clipper uses a type of encryption called a ''key
escrow'' system. When each Clipper chip is programmed at Mykotronx, in
Torrance, Calif., an extra numerical key is created that can be used to
decode that Clipper's signals. The extra key is split in two, with each half
going to an escrow agent - in this plan, two different government agencies.
Later, if law enforcement finds that a court-authorized wiretap picks up
a Clipper-scrambled conversation, it can go to the escrow agents, get the key
parts, assemble them and use the resulting key to decode that and subsequent
calls from the tapped phone.
In a separate, controversial move, the FBI proposed a ''Digital
Telephony'' law that requires phone companies to modify their switching
systems to facilitate wiretaps. The FBI says that new digital technology
makes wiretapping tough, and new phone services such as call-forwarding and
speed- dialing let people bypass wiretaps.
The Digital Telephony bill would give the agency continued access to the
phone system not just for wiretaps, but for data on where and when calls are
made.
''If you think crime is bad now,'' FBI Director Louis J. Freeh warned in
a May speech, ''just wait and see what happens if the FBI one day soon is no
longer able to conduct court-approved electronic surveillance.''
The bill, which has not been introduced yet, is being fought by the
United States Telephone Association, which says it could cost $2 billion to
implement and would raise public suspicions about a government ''trapdoor''
in the phone system.
Opponents say it also will enable police to gather information about
people's consumer, spending and even political habits from monitoring their
transactions over phone or cable-television lines.
''It makes the presumption,'' Banisar said, ''that law enforcement and
the military have needs above everyone else, and we have to satisfy those
needs first and then satisfy everyone else's basic civil rights.''
Freeh and other law-enforcement officials say electronic surveillance has
been critical in cracking major cases of terrorism, drugs and kidnapping -
such as the arrests in Chicago's El Rukn street gang, purportedly acting for
Libya in a plot to shoot down a commercial airplane with a stolen military
rocket.
Civil libertarians find the FBI's arguments misleading and inaccurate.
''They have a couple of horror stories about child molesters or whatever,
but they account for just the smallest fraction of what wiretaps are used
for,'' said Banisar, of the*privacy*information center.
Banisar said law enforcement seeks and gets court permission for fewer
than 1,000 electronic surveillance cases a year (there were 976 cases in
1993), but that those include electronic bugs. Banisar said 70 percent of the
cases concern drugs.
Banisar notes that in the El Rukn case the gang bought the stolen
military rocket in an FBI sting.
Clipper's critics concede that police may fail to solve some cases if
strong encryption is widely available.
''I am willing to accept that law enforcement will be hamstrung. You're
giving up some safety in exchange for personal freedom,'' said cryptographer
Schneier. He said strong encryption protects ''both terrorists and Chinese
dissidents.''
Daniel J. Weitzner, senior staff counsel of the Electronic Frontier
Foundation, said the government certainly has the right to wiretap - but
''nowhere does it say that law enforcement is entitled to success in every
search, which is what (Clipper) is saying.''
Clipper's opponents say it's ineffective for a variety of reasons.
Because its use is voluntary, they say, crooks can easily use some other kind
of encryption.
''What criminal's dumb enough to go to Radio Shack to buy an encrypting
device that says 'FBI approved' stamped on the package?'' Weitzner asks.
That's not the point, say Clipper's defenders. They say the Clipper
program will ensure at least that the biggest-selling form of encryption can
be cracked. And, they add, crooks are often really dumb, pointing to
lawbreakers who leave fingerprints, make calls from their home phones and -
in the World Trade Center bombing - tried to get back a deposit on the rented
truck that carried the bomb.
Allowing non-Clipper systems also seems to undercut any value Clipper has.
''It's doubtful that foreign buyers, especially foreign governments, will
want an encryption system (if) . . . the U.S. government holds and has access
to the keys,'' said Nanette DiTosto, manager of telecommunications for the
U.S. Council for International Business.
She said multinational companies might have to buy two encryption systems
- one to deal with the U.S. government and another to deal with customers and
governments overseas.
Clipper's defenders brush aside many of the protests and focus instead on
the ramifications of a world without Clipper. Dorothy E. Denning, chairman of
the computer-science department at Georgetown University and a supporter of
the Clipper plan, said such a world would be like ''highways without traffic
lights and people without driver's licenses.'' She said the public was far
more concerned with crime than*privacy.*
Weitzner says the government's effort is tantamount to trying to suppress
a language. ''Can the government ban a language it doesn't understand?'' asks
Weitzner. ''If there are only two people left in the world who speak Navajo,
can the government ban them from using the language?''
GRAPHICS: PHOTO (3)
1. (Uncaptioned) Clipper chip
2. Analyst Dave Banisar of the Electronic*Privacy*Information Center said
law enforcement wants ''to have their fingers in a lot of pies.'' (The
Philadelphia Inquirer / MICHAEL MALLY)
3. Daniel J. Weitzner of the Electronic Frontier Foundation says the
government's Clipper effort is like trying to suppress a language. DIAGRAM (2)
1-2. The Clipper Chip Controversy: How it works; Government Access (SOURCE:
Mykotronx Inc., Federal agencies; The Philadelphia Inquirer / CRISTINA RIVERO)
KEYWORDS: US GOVERNMENT COMPUTER COMMUNICATIONS SCIENCE AND
TECHNOLOGY*PRIVACY* RIGHT
END OF DOCUMENT.
Return to August 1994
Return to “schneier@chinet.chinet.com (Bruce Schneier)”
1994-08-01 (Sun, 31 Jul 94 21:50:23 PDT) - Philadelphia Enquirer Story on Clipper - schneier@chinet.chinet.com (Bruce Schneier)