1996-10-04 - Clipper III questions

Header Data

From: Eric Murray <ericm@lne.com>
To: cypherpunks@toad.com
Message Hash: 3f6182eb76682ccc848e7601e09996e739d9896d5e72c3e099bd96d4b1905a44
Message ID: <199610040135.SAA24060@slack.lne.com>
Reply To: N/A
UTC Datetime: 1996-10-04 04:44:51 UTC
Raw Date: Fri, 4 Oct 1996 12:44:51 +0800

Raw message

From: Eric Murray <ericm@lne.com>
Date: Fri, 4 Oct 1996 12:44:51 +0800
To: cypherpunks@toad.com
Subject: Clipper III questions
Message-ID: <199610040135.SAA24060@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain




The recent CDT policy post sez of Clipper III:

>* Access to keys internationally "would be provided in accordance with
>  destination country policies and bilateral understandings."


This reminds me of the understanding between CIA/NSA and their counterparts
in British Intelligence.  Both sides are prohibited from spying within
their own countries borders but are encouraged to spy in other countries.
Both would very much like to spy on their own citizens (for legitimate
law encorcement/national security reasons only, of course).

So, they have a simple system in place.  The British spy on the American
citizens that the Americans want spied on and then turn over the intercepts.
The Americans do the same for the British in Britain(*). 
Sometimes they lie to each other or withhold material, but that's
what spy organizations do all the time.

If Clipper III passes and the OECD gets their member nations in line
with what the American miliary wants, I predict a similar system will evolve.
"Destination country policies" will allow decryption of incoming
GAKked messages from non-citizens.  After all, they have no rights, do
they?  Cooperating intelligence agencies will then exchange intercepts.
Presto Chango, pesky privacy rules vanish right before your eyes!
Of course this is in our best intrest, we must fight against
terrorisim with all methods possible.  The ends justify the means.



A question:   What happens if a company decided not to go along
with Clipper III?  Can they still ship the "old" 40-bit-style GAKware
unimpeded?  Or will there be a slow tightening of the rules to
force compliance?  The existing way of doing things depends to a
large degree on a set of "common practice" which the NSA
doesn't have written down.  For example you won't find the 40 bit limit
written anywhere in ITAR, and if you want to export something
that's already been approved elsewhere (i.e. another implementation
of SSL) you still have to go through the approval process.



(*) this comes from "The War Aginst the Jews" which is worth
reading.  Sorry I can't find my copy at the moment, maybe someone
who's got it handy will provide authors/ISBN.  Capsule review:
covers government dirty dealing from the early 1900s on, mostly
British and American.  Concentrates on Jews and Israel of course
but they seem to have been the brunt (sometimes the instigator)
of a lot of the dirty pool that governments have played.

-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF





Thread