We brainstormed questions and issues resulting from Clinton's crypto policy
review and `Clipper' proposal. Here's the raw results.
Cypherpunks, please read it over; clarify your own questions if they
didn't get transcribed correctly, and send me the updates (as Unix diffs
or context diffs) at: gnu(a)toad.com.
I'll collate the changes, and repost this document to cypherpunks.
When we're happy with it, the group can disseminate it to sci.crypt,
news media, or whoever else.
John Gilmore
Cypherpunks brainstorm question list
(copy to tenney(a)netcom.com)
Why is ATT the only one to find out early about this chip?
Why was it developed in secret?
Why not a competitive bid?
How much will it cost the taxpayers and the government to maintain
these two escrow agencies?
How much will escrow cost?
Who will pay for escrow?
what's the smallest number of people who could compromise this system
(in various configurations)?
What are the court, legislative, execute and wartime excuses for the
control of crypto?
Is emulation of clipper illegal?
Is reverse engineering illegal?
Is revealing algorithm (reverse engineered etc) illegal?
Consequences to the public if the algorithm or family key is revealed?
Does key escrow violate ED trade rules (the data protection aspects,
too)?
What's the protocol for generating keys?
How to regain privacy once a wiretap has been done?
Does a subpoena reveal earlier, recorded conversations?
How many people will know the family key?
Why hand out keys during a wiretap rather than give the cyphertext to
the escrow agency for decode?
What sort of escrow agencies have been considered?
Is it constitutional to delegate escrow to a private agency?
Is there a "separation of powers" issue?
How many people have access to the secret keys during generation?
Will smaller groups be able to establish their own escrow agencies?
How about privileged conversations (lawyer, doctor, clergy, client)?
Will the NSA claim that there is no alternative way to read messages
without the key(s)?
(How) will U.S. escrow rules have an affect on other crypto systems
like DigiCash?
Will US take subpoenas from foreign countries?
What protects US citizens fro foreign governments with violative laws?
What effect occurs for multinational companies?
Impact on intelligence gathering?
Can traffic analysis be done with serial number?
Will traffic analysis be done with serial number?
Will keys be shared with foreign intelligence organizations?
How many systems will there be to that can be used to decrypt?
Who will control them?
Would knowing the algorithms compromise security? If not, why not
publish them? If yes, what would be the effect of their discovery?
What protections do we have against blackmailing by escrow agents?
What about steaganography?
Will escrowed keys be shared with foreign intelligence organizations?
Will the make chips available now for reverse engineering?
Will it be illegal to encrypt before using clipper? How to enforce?
Will intelligence agencies be able to listen to the conversations they
are legally allowed to?
Will any decryption devices be made available to foreign intelligence
organizations?
What's the lifetime flow of keys from manufacturer, to escrow, to
wiretap agencies?
What protects the keys at each stage?
Why the hurry?
Why no public evaluation before deployment?
Where will all the decryption devices be kept?
What was the policy-making procedure that was followed in producing
this plan?
Who owns/controls Mykotronix?
Is the key escrow process online of offline?
Where will all the decryption devices be?
Since Skipjack was developed with government funds, how much is
Mykotronix compensating the government for their monopoly?
How are keys generated?
Where are keys generated?
How many key generation places/devices will there be?
Who gave the government the right to listen in?
How to citizens supply input to the crypto process? How to find out
the status?
How much will it cost to get a registered key?
Does the government believe citizens have the right to use/sell crypto
systems of our own choice?
Is the review process classified?
Do we have access to the outcome? Why?
First and Fifth Amendment issues?
Why was the Legislature not involved?
Why was industry not involved?
What evidence supports the governments claimed need to break into our
conversations?
What is it worth, breaking into our conversations?
How much cost should we bear?
What are the costs today of wiretaps?
Will we have to register to buy secure devices?
Will there be restriction on who can buy or sell them?
Are the escrowed keys tied to hardware or people?
Can we sell our clipper devices without re-registration?
Will Clipper be exportable?
Will individuals be able to take them overseas for personal use?
How long has this process been underway? Which agencies have been
involved? How long each?
Is Clipper only for voice, or data and other applications too?
Does it make sense to use Clipper for data storage?
Is Clipper intended to replace DES in all applications?
What scenarios dive the design of crypto policy?
What scenarios drive the design of Clipper?
What alternatives to Clipper have been considered?
How many successfully prosecuted terrorist cases have included wiretap
evidence?
What is the expected useful lifetime of the Clipper technology?
During the useful life what percent of keys is expected to be
revealed?
What other "family" members will be differentiated by different family
keys?
Have they filed an EIR on this?
Will it be possible to reuse a device which has been compromised?
What is the impact on society if the Clipper initiative doesn't
succeed?
How can a citizen tell if a Clipper-equipped product has been
compromised by a prior tap?
Can the chips be built overseas?
Can they be imported?
Have any Clipper chips been introduced to use yet? Where are those
keys escrowed now?
What challenge process have the Clipper chips survived?
What's an appropriate challenge process for crypto systems?
Who are the people with access to all the work products to build the
chips -- masks, net lists, wafers, half-built wafers, reject wafers?
What are the mechanisms for destroying the work products?
What is the procedure when the family key is revealed?
How can the public be sure keys will only be revealed upon proper
warrant?
How does a company qualify to manufacture Clipper chips? What does it
cost?
What environmental conditions will cause the chips programmed data to
be lost?
How does this (crypto) policy/process impact companies with existing
or future business in crypto?
How will backups of escrow agents be protected?
How many single points of failure are in the system?
Have war planners blessed the plan as acceptable risks during wartime?
What agencies have approved this plan? What agencies have DISapproved
this plan?
Given a single point of failure, what are the implications to national
security?
What about Clipper chip second-source in case of inability to
manufacture?
What impact on the economy would a temporary or permanent problem in
Mykotronix have?
Is this system immune to spoofing?
Are Clipper-encrypted devices more susceptible to jamming than other
systems or plaintext?
Does escrow release allow spoofing that user?
Does family key allow any user to be spoofed?
To hear both sides of a conversation, do you need two keys and two
warrants?
What kinds of protection is the government trying to encourage?
Traffic analysis, Authenticity privacy, anonymity?
What is the question for which Clipper is the answer? What was it's
design goals?
How will leaks in the registration process or escrow process be
detected? (viz. leaks by SSA employees?)
How long will use remain voluntary?
Do citizens have the right to use any encryption system?
Do citizens have the right to research any encryption system?
Do non-citizens have the right to use/research encryption systems?
What agency will be responsible for auditing the escrow process or use
of revealed keys?
Is there civil or other liability for escrow agents who reveal keys
illegally?
Will we get specifications of the Clipper interface so that we can
build our own encryption chips?
Will the chip transmit identifying info in the clear? As part of the
standard protocol? As an option?
Are users required to use the protocols as specified if they use the
chip in their products?
What does the government see as it's role in setting standards for
domestic cryptography?
How to restore security after a wiretap?
What is the numerical risk of the system being cracked within a year?
5 years? 10 years?
What is the risk of it's being cracked without the knowledge of the
public?
Will government feel that it is legal to record encrypted
conversations without violated the subjects rights? (Because it is
secure.)
What measures will the government use to promulgate this proposal?
Has government offered incentives to companies to encourage them to
adopt it?
How long will it take from warrant to obtain keys? (Fast response for
terrorists?)
How will the number of revealed keys be limited? By law? Currently
less than 1000 wiretaps/year.)
Will Clipper chips be allowed or required in pay phones?
Is this proposed to be accompanied by changes to the phone systems as
the Digital Telephony proposal suggested?
Who bought Dorothy Denning and for how much?
Where does Dorothy Denning's funding come from?
If wiretappers record conversations how long will the be able to save
them?
Is Clipper suitable for use in a national health care information
system?
What are the national security implications of the availability of
unavailability of encryption?
What is the cost of alternative involving direct interception of voice
using microphones?
How will the other (non-search-warranted) person involved in a wiretap
be protected?
How does the government feel about a foreign company doing business in
the US and talking to their own governments?
How will encrypted cellular phone standards be determined? In a public
process?
How will end-to-end encryption standards for phones be determined? How
will these be made interoperable?
What is the legal process required to tap a persons communications?
Then what further process is needed to decrypt intercepted
communication?
How will this scheme prevent criminals from circumventing the system?
(Buy a phone, use it only once, etc)
Does Clipper reveal the chip phone number it's receiving from, in
normal operation, like caller ID?
Can law enforcement ask for it's own keys (eg. in a sting operation?)
Can citizens query the escrow database for their own keys?
Can users determine their own chip number?
How does this interface with ISDN?
Does a warrant give access to all phones in the house (or other
warranted site)?
How will this jeopardize citizen's rights to anonymity in voting (and
electronic voting)?
Does this technology enable the same invasions as caller ID?
What is the procedure if a phone is stolen?
Why don't we develop a privacy policy rather than a policy on
cryptography?
What is the governments policy on privacy with respect to
cryptography?
What is the reaction from Data Protection Boards in other countries?
Can an individual ask whether or not that are being wiretapped? What
changes are recommended in those laws?
What are they going to do about RSA patents on which they are
infringing?
Will a search warrant cover a phone, a line, a person, or device, or
place?
What is going to be done about "Clipper" trademark conflict?
Can you find the unit key of your own device?
What will be done about other patents being infringed?
What are the implications of swapping chips between devices?
How to government and private need for privacy differ?
Is it worth risking the privacy of 240 million citizens for 1000
wiretaps a year?
In what other areas can this technology be used (camcorders, FAX, etc)
How will clipper keep up with current advances in semiconductor speed,
given restrictions on who can build them?
Who is Clipper for? Who benefits?
Is chip packaging part of security of the device, or is it all in the
fab? (eg. can it fit in any desirable package.)
How does technology and fab requirements affect yield and price?
How will chips and devices be tested?
Are there "undocumented" test modes that might reveal properties of
the algorithm or programming?
How does current Clipper design relate to the designers previous
designs? (personal design style, libraries used, etc)
Could Clipper be integrated economically with a general purpose CPU?
What statistics will the chip main on-board? Who will get specs?
What info will Clipper subliminally transmit in messages?
How does the strength of Clipper compare to DES, RSA, or IDEA? How
does the efficiency compare?
Do you plan to monitor peoples movie choices selected via "video
dialtone" services?
Will there be a mechanism for particular people to keep their IDs out
of the database? (judges, law enforcement, etc)
Will the NSA or law enforcement use Clipper themselves? Will their
keys be escrowed in the same way?
If Clipper is not good enough for law enforcement etc why is it good
enough for private individuals?
What secondary uses (without serial numbers) will be made of the
escrow database? (ie. counts of families, where families were
sold/shipped, etc)
Will chip numbers be correlated with personal ID (soc sec number,
etc)?
How will they ensure that further uses of the escrow data base be
prevented? (see census database misuses)
What happens if a (the?) Global Crypto Review policy says Clipper is a
bad design? What if it says that the government shouldn't be setting
crypto policy?
What is the implication of another company/country produces a
competing device?
Why is DES still not exportable?
What is the cost to commerce of export controls on crypto? Cost to
privacy? Cost to civil liberties? Cost to trust in government? Cost to
programs where crypto is ancillary (Prokey, Aldus Freehand, PKZIP,
etc) "Not for export outside US or Canada"
How would a non-escrowed-key crypto policy work?
How does export control of a work of art or literary work survive a
First Amendment challenge?
Can crypto source code be exported on paper, in a book, in human
readable form? Can the same code be exported as bits? As bar code?
Printed?
What cryptographic systems can currently be cracked by the NSA? At
what cost?
How much has been spent on crypto research in the last 50 years?
How many fundamental mathematical breakthroughs have been made and
revealed? How many are still secret?
What is the cost to society of the secrecy?
Would disclosure of the Skipjack/Clipper process/method/algorithm
compromise it?
How will we find reputable independent cryptographers who are willing
to live within the limits imposed by getting a security clearance?
What tangible results have benefited society from the intelligence
community? Were they worth the cost?
Has the intelligence community ever prevented a nuclear war? A
terrorist attack affecting N (100,000?) people?
How does the security of ClipperPhones compare to STU-35's? The cost?
How many patent secrecy orders on crypto exist? Communications
secrecy?
Total number of patent secrecy orders are now in effect?
What is the expected incidence of finding encrypted material in
wiretaps without Clipper?
How many crypto documents been declassified and reclassified? Why?
By what authority did the NSA stop the phone encryption standard?
What is the proper role in NSA setting domestic cryptography
standards? ...policy?
How can NIST be made independent of the NSA influence in setting
domestic policy?
How does secrecy detract from America's global competitiveness?
What would be the international equivalent of "Clipper", allowing
international business and wiretapping by all the governments?
How many Clipper chips does the government expect one person to own?
Can a free society be founded upon a societal model that assumes no
ability to have truly private conversations?
Can strong cryptography be outlawed while keeping freedom of inquiry
and expression?
How does Clipper interrelate with ISDN?
Should the Federal government be allowed to accomplish with it's
commercial and publicity activities what is prohibited from doing with
it's enumerated powers?
Will Clipper allow banks to stop using DES?
If stored data can be encrypted with Clipper, can a warrant be
obtained to decrypt stored information? What procedural safeguard will
exist, like special requirements for wiretap requirements?
Under what conditions or protections can a person be forced to reveal
your keys? ...an escrow agency...?
How can freedom of conscience be preserved when there is no privacy?
Can Clipper be used for authentication? Can the government circumvent
this if so?
Are there different levels of protection for different types of data?
Why is Capstone chip just made known to the public?
-- THAT'S ALL FOLKS!!