April 1993 - cypherpunks-legacy

"Big Brother" Proposal
by Perry E. Metzger 16 Apr '93

16 Apr '93

It has been suggested that we start refering to the latest Encryption Initiative by the feds as the "Big Brother" proposal. I think this is an excellent idea. If we can get the media to adopt the term, it means that every time someone refers to the proposal they have already given our propaganda slant to it. Perry

1 0

(fwd) White House Public Encryption Management Fact Sheet
by tcmay＠netcom.com 16 Apr '93

16 Apr '93

Message from Tim: The following forwarded message (below, after these introductory comments) explains in more detail the NIST/NSA proposal and adds a few disturbing wrinkles: 1. Quote: "INSTALLATION OF GOVERNMENT-DEVELOPED MICROCIRCUITS The Attorney General of the United States, or her representative, shall request manufacturers of communications hardware which incorporates encryption to install the U.S. government-developed key-escrow microcircuits in their products." This suggests more than just voice communications will be affected by the policy. "Communications hardware" suggests a broad scope. Modem makers may be told to (somehow) incorporate this system into their products...not clear what this means for old equipment, incompatible equipment, etc. 2. The "shall request manufacturers..." bit does not sound voluntary. (The whole line about "Clipper" being so attractive that manufacturers will gladly design it in....total B.S.) 3. At the end of this document is mention of using the civil forfeiture laws to enforce the new system. Not state, but implicit (I believe) is that the threat of civil forfeiture will be used to scare users into compliance. Very disturbing. Read it and weep! Then start planning. -Tim May, who hopes the Cypherpunks will adopt my suggestion that we use the Bulletin of Atomic Scientists-style "clock"...I call it 10 minutes before midnight ***Begin forwarded message from sci.crypt and other groups*** From: clipper(a)csrc.ncsl.nist.gov (Clipper Chip Announcement) Subject: White House Public Encryption Management Fact Sheet Organization: National Institute of Standards & Technology Date: Fri, 16 Apr 1993 20:44:58 GMT Note: The following was released by the White House today in conjunction with the announcement of the Clipper Chip encryption technology. FACT SHEET PUBLIC ENCRYPTION MANAGEMENT The President has approved a directive on "Public Encryption Management." The directive provides for the following: Advanced telecommunications and commercially available encryption are part of a wave of new computer and communications technology. Encryption products scramble information to protect the privacy of communications and data by preventing unauthorized access. Advanced telecommunications systems use digital technology to rapidly and precisely handle a high volume of communications. These advanced telecommunications systems are integral to the infrastructure needed to ensure economic competitiveness in the information age. Despite its benefits, new communications technology can also frustrate lawful government electronic surveillance. Sophisticated encryption can have this effect in the United States. When exported abroad, it can be used to thwart foreign intelligence activities critical to our national interests. In the past, it has been possible to preserve a government capability to conduct electronic surveillance in furtherance of legitimate law enforcement and national security interests, while at the same time protecting the privacy and civil liberties of all citizens. As encryption technology improves, doing so will require new, innovative approaches. In the area of communications encryption, the U. S. Government has developed a microcircuit that not only provides privacy through encryption that is substantially more robust than the current government standard, but also permits escrowing of the keys needed to unlock the encryption. The system for the escrowing of keys will allow the government to gain access to encrypted information only with appropriate legal authorization. To assist law enforcement and other government agencies to collect and decrypt, under legal authority, electronically transmitted information, I hereby direct the following action to be taken: INSTALLATION OF GOVERNMENT-DEVELOPED MICROCIRCUITS The Attorney General of the United States, or her representative, shall request manufacturers of communications hardware which incorporates encryption to install the U.S. government-developed key-escrow microcircuits in their products. The fact of law enforcement access to the escrowed keys will not be concealed from the American public. All appropriate steps shall be taken to ensure that any existing or future versions of the key-escrow microcircuit are made widely available to U.S. communications hardware manufacturers, consistent with the need to ensure the security of the key-escrow system. In making this decision, I do not intend to prevent the private sector from developing, or the government from approving, other microcircuits or algorithms that are equally effective in assuring both privacy and a secure key- escrow system. KEY-ESCROW The Attorney General shall make all arrangements with appropriate entities to hold the keys for the key-escrow microcircuits installed in communications equipment. In each case, the key holder must agree to strict security procedures to prevent unauthorized release of the keys. The keys shall be released only to government agencies that have established their authority to acquire the content of those communications that have been encrypted by devices containing the microcircuits. The Attorney General shall review for legal sufficiency the procedures by which an agency establishes its authority to acquire the content of such communications. PROCUREMENT AND USE OF ENCRYPTION DEVICES The Secretary of Commerce, in consultation with other appropriate U.S. agencies, shall initiate a process to write standards to facilitate the procurement and use of encryption devices fitted with key-escrow microcircuits in federal communications systems that process sensitive but unclassified information. I expect this process to proceed on a schedule that will permit promulgation of a final standard within six months of this directive. The Attorney General will procure and utilize encryption devices to the extent needed to preserve the government's ability to conduct lawful electronic surveillance and to fulfill the need for secure law enforcement communications. Further, the Attorney General shall utilize funds from the Department of Justice Asset Forfeiture Super Surplus Fund to effect this purchase. --

1 0

Key Registration and Big Brother--Time to Fight!
by tcmay＠netcom.com 16 Apr '93

16 Apr '93

(Perry Metzger forwarded my message this morning to the Cypherpunks list on the latest White House proposal....I should've also sent it to the Extropians list myself, my vacation from the list notwithstanding. Some things are just too important!) The latest White House proposal to authorize a certain form of encryption, called "Clipper Chip," (a bizarre name, which also conflicts with the "Clipper" processor made by Intergraph), represents the reification of all the "key registration" themes discussed for many months on sci.crypt and elsewhere. I urge those on the Extropians list who are interested in preserving their dwindling freedoms in these Beknighted States of America to: 1. Follow the debate on sci.crypt and elsewhere. Hal Finney just mentioned the various places the White House announcement was posted. 2. Subscribe to the Cypherpunks list by sending a message to "cypherpunks-request(a)toad.com". The latest "Wired," which I have not yet seen myself, apparently has some good stuff on our group. (I reviewed Levy's article for him, but haven't seen the mag on the newsstands yet.) 3. Get your PGP and MacPGP before "the other shoe drops." The "other shoe" may be legal moves by RSA Data Security and others (Commerce? Justice?) to crack down on PGP...rumblings of this have been heard for months now, and were discussed at the last physical Cypherpunks meeting. (And the steganographic aspects--the hiding of the mere _existence_ of an encrypted message--will probably assume a greater importance than before.) 4. The Boston area just had its first physical Cypherpunks meeting, with Julf intending to attend (J. Helsingius, operator of the Finnish anonymous remailer)....I haven't heard the outcome. The U.K has had one for several months, and of course the Bay Area has had one since before there was even a mailing list. The Southern California area has several leading Cypherpunks (Hal Finney, Phil Karn, Eli Brandt, others) and wants to host a meeting of "the Cypherpunks." Instead, and in light of the serious danger that encryption will soon have limits placed on it, I would urge them to *just begin their own meeting* ASAP! (Sorry to sound so urgent, but they need to start meeting long before we can arrange a meeting in San Diego or LA.) (One thing we talked about at the 4-10-93 meeting in Mountain View, CA, was a conference call linking up some of the "satellite Cypherpunks." Not secure, of course, but then neither is this list nor our physical meetings...anybody can attend, can get added to the list, etc.) 5. Prof. Denning has more to say about key escrow and registration in the latest (or very recent) "Communications of the ACM," which should be available in large university libraries. Now that the proposal has become real, it takes on more meaning. 6. It is clear that the "trial balloon" I cited in my message many months back to sci.crypt is nauseatingly real. Under the guise of stopping "drug dealers, terrorists, and child pornographers," we will see limits placed on our ability to communicate privately. I have few hopes that this proposal will be overturned by the courts, including the Supreme Court. A "garrison state" like the U.S. is turning itself into, what with the War on (Some) Drugs, the no-knock raids on suspects, the civil forfeiture laws, and the attacks on "whacko Waco religious cults," has need of Nazi-like police powers. It seems ironic, and appropriate, that this White House announcement came on the 50th anniversary of the discovery of LSD...April 16th, 1943. As I said six months ago, "Be afraid, be very afraid." As Phil Karn put it, the battle is joined. -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay(a)netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available.

1 0

EFF crypto statement and press release
by gnu 16 Apr '93

16 Apr '93

April 16, 1993 INITIAL EFF ANALYSIS OF CLINTON PRIVACY AND SECURITY PROPOSAL The Clinton Administration today made a major announcement on cryptography policy which will effect the privacy and security of millions of Americans. The first part of the plan is to begin a comprehensive inquiry into major communications privacy issues such as export controls which have effectively denied most people easy access to robust encryption, and law enforcement issues posed by new technology. However, EFF is very concerned that the Administration has already reached a conclusion on one critical part of the inquiry, before any public comment or discussion has been allowed. Apparently, the Administration is going to use its leverage to get all telephone equipment vendors to adopt a voice encryption standard developed by the National Security Agency. The so-called "Clipper Chip" is an 80-bit, split key escrowed encryption scheme which will be built into chips manufactured by a military contractor. Two separate escrow agents would store users' keys, and be required to turn them over law enforcement upon presentation of a valid warrant. The encryption scheme used is to be classified, but the chips will be available to any manufacturer for incorporation into its communications products. This proposal raises a number of serious concerns . First, the Administration has adopted a solution before conducting an inquiry. The NSA-developed Clipper Chip may not be the most secure product. Other vendors or developers may have better schemes. Furthermore, we should not rely on the government as the sole source for the Clipper or any other chips. Rather, independent chip manufacturers should be able to produce chipsets based on open standards. Second, an algorithm cannot be trusted unless it can be tested. Yet, the Administration proposes to keep the chip algorithm classified. EFF believes that any standard adopted ought to be public and open. The public will only have confidence in the security of a standard that is open to independent, expert scrutiny. Third, while the use of the use of a split-key, dual escrowed system may prove to be a reasonable balance between privacy and law enforcement needs, the details of this scheme must be explored publicly before it is adopted. What will give people confidence in the safety of their keys? Does disclosure of keys to a third party waive an individual's Fifth Amendment rights in subsequent criminal inquiries? These are but a few of the many questions the Administrations proposal raised but fails to answer. In sum, the Administration has shown great sensitivity to the importance of these issues by planning a comprehensive inquiry into digital privacy and security. However, the "Clipper Chip" solution ought to be considered as part of the inquiry, and not be adopted before the discussion even begins. DETAILS OF THE PROPOSAL: ESCROW The 80-bit key will be divided between two escrow agents, each of whom hold 40-bits of each key. The manufacturer of the communications device would be required to register all keys with the two independent escrow agents. A key is tied to the device, however, not the person using it. Upon presentation of a valid court order, the two escrow agents would have to turn the key parts over to law enforcement agents. According to the Presidential Directive just issued, the Attorney General will be asked to identify appropriate escrow agents. Some in the Administration have suggested that one non-law enforcement federal agency (perhaps the Federal Reserve), and one non-governmental organization could be chosen, but there is no agreement on the identity of the agents yet. CLASSIFIED ALGORITHM AND THE POSSIBILITY OF BACK DOORS The Administration claims that there are no back doors -- means by which the government or others could break the code without securing keys from the escrow agents -- and that the President will be told there are no back doors to this classified algorithm. In order to prove this, Administration sources are interested in arranging for an all-star crypto cracker team to come in, under a security arrangement, and examine the algorithm for trap doors. The results of the investigation would then be made public. The Clipper Chipset was designed and is being produced and a sole-source, secret contract between the National Security Agency and two private firms: VLSI and Mycotronx. NSA work on this plan has been underway for about four years. The manufacturing contract was let 14 months ago. GOVERNMENT AS MARKET DRIVER In order to get a market moving, and to show that the government believes in the security of this system, the feds will be the first big customers for this product. Users will include the FBI, Secret Service, VP Al Gore, and maybe even the President. At today's Commerce Department press briefing, a number of people asked this question, though: why would any private organization or individual adopt a classified standard that had no independent guaranty of security or freedom from trap doors? COMPREHENSIVE POLICY INQUIRY The Administration has also announced that it is about to commence an inquiry into all policy issues related to privacy protection, encryption, and law enforcement. The items to be considered include: export controls on encryption technology and the FBI's Digital Telephony Proposal. It appears that the this inquiry will be conducted by the National Security Council. Unfortunately, however, the Presidential Directive describing the inquiry is classified. Some public involvement in the process has been promised, but they terms have yet to be specified. FROM MORE INFORMATION CONTACT: Jerry Berman, Executive Director (jberman(a)eff.org) Daniel J. Weitzner, Senior Staff Counsel (djw(a)eff.org) Full text of the Press releases and Fact Sheets issued by the Administration will be available on EFF's ftp site. =================== PRESS RELEASE FOR IMMEDIATE RELEASE: April 16, 1993 Electronic Frontier Foundation responds to Clinton Administration Digital Privacy and Security proposals. EFF Chairman Mitchell Kapor praises process but questions need for secret standard. The Clinton Administration today made a major announcement on privacy and security for electronic communications including regular and cellular phones. Mitchell Kapor, EFF Chairman of the Board, praised Administration efforts to study comprehensive solutions to privacy problems, but questioned the specific solution which the government is seeking to impose. "The Administration is to be commended for launching a broad inquiry into these critical problems," said Kapor, "but they should not attempt to impose a solution before the process has begun." "A system based on classified, secret technology will not and should not gain the confidence of the American public," continued Kapor, commenting on the proposed use of the NSA-developed "Clipper Chip." The Clipper chip is to be sold to private corporations for incorporation in communications products, but will be based on a classified coding system. Kapor explained that "in the past, government-designed standards have suffered under the suspicion that a hidden 'trap door' would allow unauthorized governmental or private intrusion. The only way to avoid this mistake is to publish open standards and subject them to expert, independent scrutiny." The Clipper proposal would also require users to deposit their code "keys" with "trusted" escrow agents in order to allow law enforcement to conduct court-authorized wiretaps. Jerry Berman, EFF's Executive Director, said that "the escrow system is an intriguing proposal, but the details of this scheme must be explored publicly before it is adopted. What will give people confidence in the safety of their keys? Does disclosure of keys to a third party waive an individual's Fifth Amendment rights against self-incrimination? The administration will need to answer questions such as these before it proceeds with this, or any other, proposal." Contact: Jerry Berman, Executive Director Daniel J. Weitzner, Senior Staff Counsel tel: 202-544-3077 or 202-544-9237 eff(a)eff.org

1 0

Mailing list name
by pmetzger＠lehman.com 16 Apr '93

16 Apr '93

In the light of recent developments concerning government cryptography initiatives, we might soon find ourselves innundated by working press. Given this, I think that the name "cypherpunks" produces the wrong connotations -- it makes us sound like criminals when we are in fact people who are interested in expanding personal privacy with technology. Often, little things like this end up being of tremendous importance in the long haul. I would propose changing the name of the mailing list to "cryptoprivacy" or something similar. It denotes what we are about in a way that mundane people understand better, and it portrays us in the proper light -- as people struggling to improve the prospects for personal freedom, not a bunch of "punks". Perry

2 1

Re: ANON: Chaining to Penet remailer
by nobody＠alumni.cco.caltech.edu 16 Apr '93

16 Apr '93

I am not very inclined to defend myself or my news.admin.policy postings, since saying someones an asshole seems to be what the group is for, but I am listening to the discussion and take seriously peoples crticisms and listening hard. FOr what it's worth, I said I was sorry but It pisses me off that when a nym tells some jerk to fuck off, everyone jumps all over me. EVen so, I'll listen to what people have to say since I don't want to lose access ... without the remailers I am Nowhere, Man. Isn't that ironic???

1 0

circling the wagons
by derek＠cs.wisc.edu 16 Apr '93

16 Apr '93

Assuming that the "Clipper chip" initiative isn't a teapot tempest, I suppose we'd better start sharpening our rhetorical knives. Privacy arguments and sheer outrage will be useful, but it seems to me that the "modern steganography" discussion from a few weeks back offers an irrefutable argument: By performing rather simple camouflaging, it is possible to make an encrypted message undetectable by encoding it in (images, voice, any other signal that could plausibly contain noise). This is rather easy to do, so those who REALLY want to hide what they're doing (terrorists, criminals, republican campaign staff) will still be able to do so. In fact, by encrypting the wrapper with your "Clipper" system, they look like they're hiding noting. All that you are buying is a false sense of security. derek

1 0

White House press release on encryption policy
by gnu 16 Apr '93

16 Apr '93

Note: This file will also be available via anonymous file transfer from csrc.ncsl.nist.gov in directory /pub/nistnews and via the NIST Computer Security BBS at 301-948-5717. --------------------------------------------------- THE WHITE HOUSE Office of the Press Secretary _________________________________________________________________ For Immediate Release April 16, 1993 STATEMENT BY THE PRESS SECRETARY The President today announced a new initiative that will bring the Federal Government together with industry in a voluntary program to improve the security and privacy of telephone communications while meeting the legitimate needs of law enforcement. The initiative will involve the creation of new products to accelerate the development and use of advanced and secure telecommunications networks and wireless communications links. For too long there has been little or no dialogue between our private sector and the law enforcement community to resolve the tension between economic vitality and the real challenges of protecting Americans. Rather than use technology to accommodate the sometimes competing interests of economic growth, privacy and law enforcement, previous policies have pitted government against industry and the rights of privacy against law enforcement. Sophisticated encryption technology has been used for years to protect electronic funds transfer. It is now being used to protect electronic mail and computer files. While encryption technology can help Americans protect business secrets and the unauthorized release of personal information, it also can be used by terrorists, drug dealers, and other criminals. A state-of-the-art microcircuit called the "Clipper Chip" has been developed by government engineers. The chip represents a new approach to encryption technology. It can be used in new, relatively inexpensive encryption devices that can be attached to an ordinary telephone. It scrambles telephone communications using an encryption algorithm that is more powerful than many in commercial use today. This new technology will help companies protect proprietary information, protect the privacy of personal phone conversations and prevent unauthorized release of data transmitted electronically. At the same time this technology preserves the ability of federal, state and local law enforcement agencies to intercept lawfully the phone conversations of criminals. A "key-escrow" system will be established to ensure that the "Clipper Chip" is used to protect the privacy of law-abiding Americans. Each device containing the chip will have two unique 2 "keys," numbers that will be needed by authorized government agencies to decode messages encoded by the device. When the device is manufactured, the two keys will be deposited separately in two "key-escrow" data bases that will be established by the Attorney General. Access to these keys will be limited to government officials with legal authorization to conduct a wiretap. The "Clipper Chip" technology provides law enforcement with no new authorities to access the content of the private conversations of Americans. To demonstrate the effectiveness of this new technology, the Attorney General will soon purchase several thousand of the new devices. In addition, respected experts from outside the government will be offered access to the confidential details of the algorithm to assess its capabilities and publicly report their findings. The chip is an important step in addressing the problem of encryption's dual-edge sword: encryption helps to protect the privacy of individuals and industry, but it also can shield criminals and terrorists. We need the "Clipper Chip" and other approaches that can both provide law-abiding citizens with access to the encryption they need and prevent criminals from using it to hide their illegal activities. In order to assess technology trends and explore new approaches (like the key-escrow system), the President has directed government agencies to develop a comprehensive policy on encryption that accommodates: -- the privacy of our citizens, including the need to employ voice or data encryption for business purposes; -- the ability of authorized officials to access telephone calls and data, under proper court or other legal order, when necessary to protect our citizens; -- the effective and timely use of the most modern technology to build the National Information Infrastructure needed to promote economic growth and the competitiveness of American industry in the global marketplace; and -- the need of U.S. companies to manufacture and export high technology products. The President has directed early and frequent consultations with affected industries, the Congress and groups that advocate the privacy rights of individuals as policy options are developed. 3 The Administration is committed to working with the private sector to spur the development of a National Information Infrastructure which will use new telecommunications and computer technologies to give Americans unprecedented access to information. This infrastructure of high-speed networks ("information superhighways") will transmit video, images, HDTV programming, and huge data files as easily as today's telephone system transmits voice. Since encryption technology will play an increasingly important role in that infrastructure, the Federal Government must act quickly to develop consistent, comprehensive policies regarding its use. The Administration is committed to policies that protect all Americans' right to privacy while also protecting them from those who break the law. Further information is provided in an accompanying fact sheet. The provisions of the President's directive to acquire the new encryption technology are also available. For additional details, call Mat Heyman, National Institute of Standards and Technology, (301) 975-2758. - - --------------------------------- QUESTIONS AND ANSWERS ABOUT THE CLINTON ADMINISTRATION'S TELECOMMUNICATIONS INITIATIVE Q: Does this approach expand the authority of government agencies to listen in on phone conversations? A: No. "Clipper Chip" technology provides law enforcement with no new authorities to access the content of the private conversations of Americans. Q: Suppose a law enforcement agency is conducting a wiretap on a drug smuggling ring and intercepts a conversation encrypted using the device. What would they have to do to decipher the message? A: They would have to obtain legal authorization, normally a court order, to do the wiretap in the first place. They would then present documentation of this authorization to the two entities responsible for safeguarding the keys and obtain the keys for the device being used by the drug smugglers. The key is split into two parts, which are stored separately in order to ensure the security of the key escrow system. Q: Who will run the key-escrow data banks? A: The two key-escrow data banks will be run by two independent entities. At this point, the Department of Justice and the Administration have yet to determine which agencies will oversee the key-escrow data banks. Q: How strong is the security in the device? How can I be sure how strong the security is? A: This system is more secure than many other voice encryption systems readily available today. While the algorithm will remain classified to protect the security of the key escrow system, we are willing to invite an independent panel of cryptography experts to evaluate the algorithm to assure all potential users that there are no unrecognized vulnerabilities. Q: Whose decision was it to propose this product? A: The National Security Council, the Justice Department, the Commerce Department, and other key agencies were involved in this decision. This approach has been endorsed by the President, the Vice President, and appropriate Cabinet officials. Q: Who was consulted? The Congress? Industry? A: We have on-going discussions with Congress and industry on encryption issues, and expect those discussions to intensify as we carry out our review of encryption policy. We have briefed members of Congress and industry leaders on the decisions related to this initiative. Q: Will the government provide the hardware to manufacturers? A: The government designed and developed the key access encryption microcircuits, but it is not providing the microcircuits to product manufacturers. Product manufacturers can acquire the microcircuits from the chip manufacturer that produces them. Q: Who provides the "Clipper Chip"? A: Mykotronx programs it at their facility in Torrance, California, and will sell the chip to encryption device manufacturers. The programming function could be licensed to other vendors in the future. Q: How do I buy one of these encryption devices? A: We expect several manufacturers to consider incorporating the "Clipper Chip" into their devices. Q: If the Administration were unable to find a technological solution like the one proposed, would the Administration be willing to use legal remedies to restrict access to more powerful encryption devices? A: This is a fundamental policy question which will be considered during the broad policy review. The key escrow mechanism will provide Americans with an encryption product that is more secure, more convenient, and less expensive than others readily available today, but it is just one piece of what must be the comprehensive approach to encryption technology, which the Administration is developing. The Administration is not saying, "since encryption threatens the public safety and effective law enforcement, we will prohibit it outright" (as some countries have effectively done); nor is the U.S. saying that "every American, as a matter of right, is entitled to an unbreakable commercial encryption product." There is a false "tension" created in the assessment that this issue is an "either-or" proposition. Rather, both concerns can be, and in fact are, harmoniously balanced through a reasoned, balanced approach such as is proposed with the "Clipper Chip" and similar encryption techniques. Q: What does this decision indicate about how the Clinton Administration's policy toward encryption will differ from that of the Bush Administration? A: It indicates that we understand the importance of encryption technology in telecommunications and computing and are committed to working with industry and public-interest groups to find innovative ways to protect Americans' privacy, help businesses to compete, and ensure that law enforcement agencies have the tools they need to fight crime and terrorism. Q: Will the devices be exportable? Will other devices that use the government hardware? A: Voice encryption devices are subject to export control requirements. Case-by-case review for each export is required to ensure appropriate use of these devices. The same is true for other encryption devices. One of the attractions of this technology is the protection it can give to U.S. companies operating at home and abroad. With this in mind, we expect export licenses will be granted on a case-by-case basis for U.S. companies seeking to use these devices to secure their own communications abroad. We plan to review the possibility of permitting wider exportability of these products.

1 0

FWEE!: alt.prematurity
by internaut＠aol.com 16 Apr '93

16 Apr '93

*/ Ladies & Germs, /* Certain cpunks have called for the immediate establishment of alt.whistleblowerson Usenet. I have noted a certain respect for engineering matters in these notes, but a lack of acknowledgement for the "other" business involved in setting up a serious whistleblower service. I beg your attention for a moment whilst I toss in my two cents: As I am the person doing some of the legwork to establish the body of Users/Subscribers for the alt.wb service (in my spare time), I would like to request that this action NOT be taken at this time. I am as anxious as anyone to see this become a reality, but I have learned over the years that both information services and sex can be ruined by prematurity. You're welcome to screw up your sex lives by cumming in your pants too soon, but PLEASE don't give saddle this potentially IMPORTANT information service a huge birth defect by putting it out before I am ready. There, I've admitted it, I am not ready yet (nor are the Users). If it flies before I can set up the org's that will take advantage of it, it would not be a good thing, IMHO. I have mentioned prematurity before this and have been roundly ignored, to my chagrin. Alas... I am not suggesting that we can't begin exPERimenting in SOME way to get the technology right, but I AM saying that we have a LOT of work to do if we want this service to mean anything. On the other hand, if we're just a bunch of engineers jacking off over our ideas, and not true crusaders trying to invent a new method for busting sniveling government weasel-embezzelers, then who am I to stop y'all? Gee, Dave, just _why_ is it a bad idea right now? - Not enough people are educated enough to use it. I have spoken with Congressional staffers, media people and several activist orgs. They all need either email accounts, PGP software and some readme files (or all three) before they can take advantage of any WB info. They're not even sure how to approach the issue of verification and we'll have to help them with this concept. Imagine Picasso pitching the wonders of Assymetry to an audience of People Who've Never Heard of Painting. - We haven't figured out who'll be polled to send in msgs and exactly HOW we'll offer them some sort of anonymity and what they need to do afterward. It should be a select group at first, but we have not established the guidelines for this service. Putting it out without any kind of guidelines could be disastrous. This is the Trusted Reputation Issue. Please do not underestimate this. - Not a single cpunk has yet submitted any suggestions to me for the Guidelines as I have asked twice. Not one person. Do that first, O Verbose Ones! After we build such a document and have prominent people (such as Nicholas Johnson, former FCC head under L.B.Johnson - "eh... no relation") sign statements of support based on it (as discussed before, with I think, nearly unanimous approval), then we can more _safely_ proceed. Have you heard of the Declaration of Independence? They prepared that document well, got all their Ducks in a Row and it's lasted for over 200 years. How many decades do you think a good WB system could last/evolve for? I ask only that you engage your long-range vision for a moment. - Except for good ol' John Gilmore, no one has sent me their pubkey for the list of volunteers after I publicly requested same some weeks back. Belly up to the Bar, Dewds. - ? There are other excellent reasons to keep it in our collective pants for a while, but if THESE don't convince you, then perhaps I am asking the wrong group of folks to help get this started properly. I suggest that we set up a dummy area and begin to conduct some experiments ala Tim May's F117A bogus post. Hopefully, this will allow our more impatient members to spew to their heart's delight while the rest of us continue with the legwork and phonework to give it social armor. Anybody can put a box out on the street and say "everybody put your complaints in here," but it takes some real thinkers to put out a serious whistleblower system. Lastly, I ask your forgiveness for all my sins... dave PS: Only kiddin', I never sin. Well, hardly ever these days. Well, pretty often then, but I keep it to a few times a day. OK, well, maybe hourly, but I'm really acting in the best interest of everyone. OK, I lied, I sin and sin and sin every second of my existence. ...So sue me!

2 1

White House announcement on encryption--FORWARDED
by tcmay＠netcom.com 16 Apr '93

16 Apr '93

Cypherpunks, Here's a message from sci.crypt that's of relevance to us in several ways. I assume from its length, seriousness, and wording that it's not a spoof...I can't check the White House's signature! Some messages: 1. It tells us what Denning and Rivest were probably actually working on when they floated their "trial balloons" last summer and fall. 2. A goverment-sanctioned phone encryption technique has implications for the phone encryption topics we've discussed at the Cypherpunks meetings (notably with Paul Rubin and Whit Diffie). 3. As always, end-to-end encryption, bypassing such schemes as this, is looking better and better. 4. It is not clear if the government scheme will legally preclude other encryption schemes. 5. I expect a lively debate will soon take place in sci.crypt. Newsgroups: sci.crypt Path: netcom.com!netcomsv!decwrl!uunet!dove!csrc.ncsl.nist.gov!clipper From: clipper(a)csrc.ncsl.nist.gov (Clipper Chip Announcement) Subject: text of White House announcement and Q&As on clipper chip encryption Message-ID: <C5L17v.GH5(a)dove.nist.gov> Sender: news(a)dove.nist.gov Organization: National Institute of Standards & Technology Distribution: na Date: Fri, 16 Apr 1993 15:19:06 GMT Lines: 282 Note: This file will also be available via anonymous file transfer from csrc.ncsl.nist.gov in directory /pub/nistnews and via the NIST Computer Security BBS at 301-948-5717. --------------------------------------------------- THE WHITE HOUSE Office of the Press Secretary _________________________________________________________________ For Immediate Release April 16, 1993 STATEMENT BY THE PRESS SECRETARY The President today announced a new initiative that will bring the Federal Government together with industry in a voluntary program to improve the security and privacy of telephone communications while meeting the legitimate needs of law enforcement. The initiative will involve the creation of new products to accelerate the development and use of advanced and secure telecommunications networks and wireless communications links. For too long there has been little or no dialogue between our private sector and the law enforcement community to resolve the tension between economic vitality and the real challenges of protecting Americans. Rather than use technology to accommodate the sometimes competing interests of economic growth, privacy and law enforcement, previous policies have pitted government against industry and the rights of privacy against law enforcement. Sophisticated encryption technology has been used for years to protect electronic funds transfer. It is now being used to protect electronic mail and computer files. While encryption technology can help Americans protect business secrets and the unauthorized release of personal information, it also can be used by terrorists, drug dealers, and other criminals. A state-of-the-art microcircuit called the "Clipper Chip" has been developed by government engineers. The chip represents a new approach to encryption technology. It can be used in new, relatively inexpensive encryption devices that can be attached to an ordinary telephone. It scrambles telephone communications using an encryption algorithm that is more powerful than many in commercial use today. This new technology will help companies protect proprietary information, protect the privacy of personal phone conversations and prevent unauthorized release of data transmitted electronically. At the same time this technology preserves the ability of federal, state and local law enforcement agencies to intercept lawfully the phone conversations of criminals. A "key-escrow" system will be established to ensure that the "Clipper Chip" is used to protect the privacy of law-abiding Americans. Each device containing the chip will have two unique 2 "keys," numbers that will be needed by authorized government agencies to decode messages encoded by the device. When the device is manufactured, the two keys will be deposited separately in two "key-escrow" data bases that will be established by the Attorney General. Access to these keys will be limited to government officials with legal authorization to conduct a wiretap. The "Clipper Chip" technology provides law enforcement with no new authorities to access the content of the private conversations of Americans. To demonstrate the effectiveness of this new technology, the Attorney General will soon purchase several thousand of the new devices. In addition, respected experts from outside the government will be offered access to the confidential details of the algorithm to assess its capabilities and publicly report their findings. The chip is an important step in addressing the problem of encryption's dual-edge sword: encryption helps to protect the privacy of individuals and industry, but it also can shield criminals and terrorists. We need the "Clipper Chip" and other approaches that can both provide law-abiding citizens with access to the encryption they need and prevent criminals from using it to hide their illegal activities. In order to assess technology trends and explore new approaches (like the key-escrow system), the President has directed government agencies to develop a comprehensive policy on encryption that accommodates: -- the privacy of our citizens, including the need to employ voice or data encryption for business purposes; -- the ability of authorized officials to access telephone calls and data, under proper court or other legal order, when necessary to protect our citizens; -- the effective and timely use of the most modern technology to build the National Information Infrastructure needed to promote economic growth and the competitiveness of American industry in the global marketplace; and -- the need of U.S. companies to manufacture and export high technology products. The President has directed early and frequent consultations with affected industries, the Congress and groups that advocate the privacy rights of individuals as policy options are developed. 3 The Administration is committed to working with the private sector to spur the development of a National Information Infrastructure which will use new telecommunications and computer technologies to give Americans unprecedented access to information. This infrastructure of high-speed networks ("information superhighways") will transmit video, images, HDTV programming, and huge data files as easily as today's telephone system transmits voice. Since encryption technology will play an increasingly important role in that infrastructure, the Federal Government must act quickly to develop consistent, comprehensive policies regarding its use. The Administration is committed to policies that protect all Americans' right to privacy while also protecting them from those who break the law. Further information is provided in an accompanying fact sheet. The provisions of the President's directive to acquire the new encryption technology are also available. For additional details, call Mat Heyman, National Institute of Standards and Technology, (301) 975-2758. --------------------------------- QUESTIONS AND ANSWERS ABOUT THE CLINTON ADMINISTRATION'S TELECOMMUNICATIONS INITIATIVE Q: Does this approach expand the authority of government agencies to listen in on phone conversations? A: No. "Clipper Chip" technology provides law enforcement with no new authorities to access the content of the private conversations of Americans. Q: Suppose a law enforcement agency is conducting a wiretap on a drug smuggling ring and intercepts a conversation encrypted using the device. What would they have to do to decipher the message? A: They would have to obtain legal authorization, normally a court order, to do the wiretap in the first place. They would then present documentation of this authorization to the two entities responsible for safeguarding the keys and obtain the keys for the device being used by the drug smugglers. The key is split into two parts, which are stored separately in order to ensure the security of the key escrow system. Q: Who will run the key-escrow data banks? A: The two key-escrow data banks will be run by two independent entities. At this point, the Department of Justice and the Administration have yet to determine which agencies will oversee the key-escrow data banks. Q: How strong is the security in the device? How can I be sure how strong the security is? A: This system is more secure than many other voice encryption systems readily available today. While the algorithm will remain classified to protect the security of the key escrow system, we are willing to invite an independent panel of cryptography experts to evaluate the algorithm to assure all potential users that there are no unrecognized vulnerabilities. Q: Whose decision was it to propose this product? A: The National Security Council, the Justice Department, the Commerce Department, and other key agencies were involved in this decision. This approach has been endorsed by the President, the Vice President, and appropriate Cabinet officials. Q: Who was consulted? The Congress? Industry? A: We have on-going discussions with Congress and industry on encryption issues, and expect those discussions to intensify as we carry out our review of encryption policy. We have briefed members of Congress and industry leaders on the decisions related to this initiative. Q: Will the government provide the hardware to manufacturers? A: The government designed and developed the key access encryption microcircuits, but it is not providing the microcircuits to product manufacturers. Product manufacturers can acquire the microcircuits from the chip manufacturer that produces them. Q: Who provides the "Clipper Chip"? A: Mykotronx programs it at their facility in Torrance, California, and will sell the chip to encryption device manufacturers. The programming function could be licensed to other vendors in the future. Q: How do I buy one of these encryption devices? A: We expect several manufacturers to consider incorporating the "Clipper Chip" into their devices. Q: If the Administration were unable to find a technological solution like the one proposed, would the Administration be willing to use legal remedies to restrict access to more powerful encryption devices? A: This is a fundamental policy question which will be considered during the broad policy review. The key escrow mechanism will provide Americans with an encryption product that is more secure, more convenient, and less expensive than others readily available today, but it is just one piece of what must be the comprehensive approach to encryption technology, which the Administration is developing. The Administration is not saying, "since encryption threatens the public safety and effective law enforcement, we will prohibit it outright" (as some countries have effectively done); nor is the U.S. saying that "every American, as a matter of right, is entitled to an unbreakable commercial encryption product." There is a false "tension" created in the assessment that this issue is an "either-or" proposition. Rather, both concerns can be, and in fact are, harmoniously balanced through a reasoned, balanced approach such as is proposed with the "Clipper Chip" and similar encryption techniques. Q: What does this decision indicate about how the Clinton Administration's policy toward encryption will differ from that of the Bush Administration? A: It indicates that we understand the importance of encryption technology in telecommunications and computing and are committed to working with industry and public-interest groups to find innovative ways to protect Americans' privacy, help businesses to compete, and ensure that law enforcement agencies have the tools they need to fight crime and terrorism. Q: Will the devices be exportable? Will other devices that use the government hardware? A: Voice encryption devices are subject to export control requirements. Case-by-case review for each export is required to ensure appropriate use of these devices. The same is true for other encryption devices. One of the attractions of this technology is the protection it can give to U.S. companies operating at home and abroad. With this in mind, we expect export licenses will be granted on a case-by-case basis for U.S. companies seeking to use these devices to secure their own communications abroad. We plan to review the possibility of permitting wider exportability of these products. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay(a)netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay(a)netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available.

1 0