From: KALLISTE@delphi.com
To: cypherpunks@toad.com
Message Hash: ef39c22fbe65e64e6ee44d9e3209d91e22c150a7c2df7008b2cb4536ca1a8a55
Message ID: <01IFXJQE7DR69AU48I@delphi.com>
Reply To: N/A
UTC Datetime: 1997-02-28 06:27:45 UTC
Raw Date: Thu, 27 Feb 1997 22:27:45 -0800 (PST)
From: KALLISTE@delphi.com
Date: Thu, 27 Feb 1997 22:27:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: Clipper Chip Banking
Message-ID: <01IFXJQE7DR69AU48I@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain
Clipper Chip Banking
by J. Orlin Grabbe
Sandia National Laboratories have
created the digital cash equivalent of
the Clipper chip: an "anonymous"
digital cash system that would give
participants privacy from all viewers,
except for the government agencies that
would control the secret keys required
for backdoor access.
Just as the "Clipper" proposal
(the Escrowed Encryption Standard) is a
system of encrypted communication with
a Big Brother peephole, so is Sandia e-
cash a system of digital cash with a
Big Brother peephole. It was designed
that way.
Why is Sandia interested in
digital cash systems? Well, Sandia is
responsible for all non-nuclear
components of nuclear weapons. The
security of nuclear weapons depends
partly on cryptology. The code-
breaking National Security Agency
(NSA), for example, is responsible for
the communication security of the
Minuteman missile, as well as the codes
by which the President must identify
himself to authorize a nuclear strike.
The use of nuclear weapons is
normally based on a trustee system:
two or more people are necessary to
give the complete authorization code.
The NSA used this idea as the basis for
the Clipper chip: two designated
trustee agents would each have
knowledge of one-half the chip-specific
unique key by which to decode the
session key that encoded a particular
communication passing through the chip.
The Clipper chip was originally
proposed for incorporation into every
digital communication device: computer,
fax, and cable TV.
The sales aspect of Clipper was a
new encryption algorithm based on 80-
bit encryption keys. Financial and
other institutions had begun to worry
about the security of the Data
Encryption Standard (DES) which uses 56-
bit keys. An 80-bit key space would be
2^24 times as large as the DES key
space. The catch was that acceptance
of the new algorithm would involve
acceptance of the NSA backdoor. At the
present time, the financial industry
has said, "No, thank you," and is
focusing on triple-DES, which has the
security equivalent of 112-bit
encryption keys, and no backdoor.
Sandia e-cash is a simple
extension of the trustee notion. Sandia
e-cash was announced as "the first
electronic cash system that
incorporates trustee-based tracing,
while provably protecting user
anonymity". The trustees in this case
are key-escrow agents, and a minimal
subset of them (say three out of five)
would be able to combine their
knowledge to trace an individual's
electronic transactions. The fact that
several agents would need to act in
concert "protects users from the
possibility that one or two trustees
might be corrupt". (In other words,
depending on the level of official
corruption, the system would either be
somewhat secure, or totally insecure.)
Anonymity or privacy in financial
transactions generally means an
inability to determine an individual's
spending patterns. Anonymity requires
first and foremost protection from the
prying eyes of the bank.
If the bank knows what is going on
in your account, then potentially so
can anyone else: the records can be
seized, or surreptitiously accessed by
computer, or a bank employee can be
bribed to make them available. (In
this respect, it is useful to note that
the system of Swiss numbered accounts
was created to protect bank customers
from bank employees. Bank employees,
observing what occurred in a customer's
account, could possibly subject the
customer to blackmail.)
Anonymity involves several
aspects, including "unlinkability" and
"untraceability".
"Unlinkability" refers to the
inability of a bank (even colluding
with merchants) to determine that two
payments were made by the same user.
To understand this, consider the
opposite case: your monthly American
Express or credit card bill. Such a
statement contains a set of
transactions which are all linked by a
common element--your AMEX or credit
card account number. Because these
payments are linked, they present a
limited picture (a subset) of your
behavior, movements, and habit
patterns. Your private behavior is
potentially public information.
Unlinkability is therefore an aspect of
anonymity. Because linkability in
anonymous digital cash involves
cryptological protocols, it is
actually a probability concept: how
probable is it that two payments can be
accurately identified as having been
made by the same user? Unlinkability
means such probability is negligible.
"Untraceability" refers to the
inability of a bank to match
withdrawals of digital cash with
subsequent payments. To have
untraceability, the information a
person reveals about himself by making
payments must be statistically
independent of the information a person
reveals about himself by making
withdrawals. Of course if the bank,
even when colluding with merchants,
can't link or trace a person's
transactions--even in probability terms-
-then neither can FINCEN or the NSA.
Anonymity and privacy thus ultimately
hinges on concealing this type of
information from the bank itself.
But such anonymity, naturally,
raises the issue of the selectively-
enforced money-laundering laws. The
prevention of money-laundering is
stated as a principal raison d'ˆtre for
Sandia's e-cash system of non-anonymous
"anonymity":
"Money laundering . . . is
hampered by physical cash and
would be made easier by a
completely anonymous
electronic counterpart. . . .
With anonymous e-cash, money-
laundering would be as simple
as depositing one set of
electronic "coins" in an
account under an assumed name
and withdrawing another set
from the same account."
(Peter S. Gemmel, "Traceable
e-cash," Technology and the
Electronic Economy, IEEE
Spectrum, February 1997.)
To prevent such nefarious
activity, Sandia even envisions one
future world in which individuals would
be required to submit regular reports
of their financial transactions to the
government:
"In a different trustee-based
e-cash system, the users'
"wallet" software would
require them to supply the
authorities from time to time
with transaction records
stored in their electronic
wallets and encrypted with
their tracing keys." (Ibid.)
This proposal is somewhat similar to a
requirement to regularly send one's
bank statements to the IRS for filing,
with a committee controlling access to
the file cabinet.
While Sandia ponders the future
needs of Big Brother government, over
at the Treasury, meanwhile, Robert
Rubin has appointed the Comptroller of
the Currency, Eugene Ludwig, as the
point man to oversee government efforts
to keep a peephole into every bank
account. To this end, Ludwig--when he
is not attending Clinton coffee-
klatsches--coordinates the electronic
cash spying plans of FINCEN, U.S.
Customs, the IRS, the Secret Service,
ATF, and the Office of Foreign Assets
Control.
February 27, 1997
Web Page: http://www.aci.net/kalliste/
Return to February 1997
Return to “Toto <toto@sk.sympatico.ca>”