Cypherpunks will recognize some of the questions from the
brainstorming session of a few weeks ago.
------- Forwarded Message
From: djw(a)eff.org (Daniel J. Weitzner)
... The Digital Privacy and Security Working Group, coordinated by
the Electronic Frontier Foundation, sent the following questions to the
White House, the Department of Commerce, and key members of Congress.
==================
Digital Privacy and Security Working Group
666 Pennsylvania Ave, SE
Suite 303
Washington, DC 20003
Jerry Berman or Daniel J. Weitzner 202/544-9237
Leah Gurowitz 202/544-6909
ISSUES AND QUESTIONS
REGARDING THE ADMINISTRATION'S CLIPPER CHIP PROPOSAL
A. Process by Which the Proposal Was Developed
1. Why the secrecy in which the encryption code scheme was developed?
Were any members of the computer, communications, or security industries
consulted? Were any privacy experts consulted? Has the Justice Department
or the White House Office of Legal Counsel considered the constitutional
implications?
2. The Administration's announcement implies that a policy review on
encryption has been commenced; but at the same time, it appears that a
decision has already been reached to support the Clipper proposal or some
other key-escrow scheme. Is any review of the Clipper chip itself now
underway? What progress has been made? When will this expedited review be
complete?
3. What role has the National Security Agency played in the
development and selection of the Clipper Chip and key escrow system? What
will NSA's role be in the deployment and evaluation of the system? Are
these roles consistent with the principle of civilian control of computer
security, as required by the Computer Security Act of 1987?
4. What efforts are underway to improve the government's ability to
decrypt non-Clipper algorithms which are likely to be used by criminals?
Can the government decrypt all commercially available hardware sold
domestically and abroad? If not, wouldn't it be a better policy to direct
U.S. resources in that direction instead of the Clipper approach?
5. What percentage of the 800 to 900 annual Title III interceptions
encounter encrypted communications? What percentage of law enforcement
encountered encryption is estimated to be Clipper as opposed to the other
encryption schemes? Is this a solution in search of a problem?
6. Did the government consider commercially-available encryption
schemes and reject them? If so, why were they rejected, and is that
analysis available? If not, why not?
7. Capstone is the successor to Clipper with the addition of public
key exchange and digital signature capabilities. Is Clipper just an
intermediate step before Capstone is released? Why did the White House
press release not mention Capstone?
8. How will this relate to the FBI's Digital Telephony Proposal? Has
the Administration committed to supporting, discarding or reintroducing the
proposal in a new form?
9. What is the history of the proposal? How long has this been under
consideration?
10. How long has the Clipper Chip and escrow concept been in
development? Which agency originated these concepts?
B. Secrecy of the Algorithm
11. Will the Clipper proposal have the same degree of public review
that other NIST standards, such as DSS have gone through?
12. How can the public trust the security and reliability of an
algorithm that is kept classified?
13. If American firms are not able to have their encryption experts
examine the algorithm, how can they be sure that there is no "trap door"
that would allow any Clipper Chip security system to be overridden? Dr.
Kammer of NIST has said that "respected experts from outside the government
will be offered access" to the algorithm. How do interested parties go
about obtaining this access to the classified material about the Clipper
algorithm and participate in the analysis of the design to search for trap
doors and other weaknesses? What specific reports from this process will
serve to reassure users regarding the integrity of the Clipper Chip?
14. What will be the consequence if the algorithm is published? Will it
become less secure? If publication (i.e., de-classification) would make it
less secure, how secure can it be?
15. If the Clipper Chip is too weak to protect classified government
communications, why should it be used for sensitive proprietary private
sector communications?
16. Executive Order 12356 has procedures on classification and
declassification of information. Is the algorithm being classified under
the framework of this order? What agency is in charge of classification/
declassification?
17. How much effort has the government put into the design and
cryptoanalysis of the Clipper Chip as compared to the public analysis of
the Data Encryption Standard during the last 16 years?
18. Is the Skipjack algorithm being used by the Clipper Chip derived
from codes used in the management of our nuclear arsenal? Is this why the
algorithm is being kept secret? If this is so, why are we using this
secret system for a dubious commercial standard? If there is a national
security justification to avoid having this encryption technique revealed,
why risk compromising it by integrating it into publicly distributed
products?
19. If the algorithm is classified, how will it be legal to distribute
the chips to users not qualified to handle classified encryption equipment?
This seems contrary to Facility Security Clearance procedures and the
Personal Security Clearance requirements of DoD 5220.222-M, Industrial
Security Manual for Safeguarding Classified Information.
20. Is it illegal to reverse engineer the Clipper Chip? If it were
reverse engineered, would it then be illegal to reveal the algorithm?
C. Voluntariness of Clipper System
21. Will this system be truly voluntary? If so, won't criminals and
terrorists just use some other type of encryption?
22. If the use of the Clipper Chip is "voluntary," why would any party
desiring privacy or secrecy of communications use it, knowing that the US.
government has a process to allow decryption? If the Administration's
ultimate goal is to ban other forms of encryption for use domestically,
what is the legal basis for such an approach?
23. Isn't the Administration doing more than "encouraging" use of
Clipper? (E.g., discontinuing DES at the end of the current certification
cycle, directing NIST to adopt Clipper as a Federal standard, and
maintaining export restrictions on hardware/software using different
algorithms?)
24. Does the government have any plans to campaign for the
implementation of the Clipper Chip as a standard for data cryptography?
25. What impact will the introduction of Clipper have on the market for
other encryption technologies? Will the government otherwise try to
discourage other cryptographic mechanisms from being marketed domestically
and abroad?
26. Isn't the government dictating the design of technology into
commercial products rather than allowing market demand to dictate?
27. What prevents a sender of information from encrypting with secure,
easy to obtain software using DES or RSA algorithms before sending data
through a channel encrypted with the Clipper system?
28. Would the Administration ever consider making the Clipper Chip or
other key escrow system mandatory?
D. Key Escrow System
29. How can the government assure us that the keys held in escrow are
not compromised? What public or private agencies have sufficient integrity
and public trust to serve as escrow agents?
30. How can the public be sure that keys will only be revealed upon
proper warrant? Will there be clerks who actually operate the equipment
who could get anyone's keys? Or will judges have personal keys, which
would be directly authenticated to the escrow agents' equipment that
protects the users' keys?
31. Once the keys are obtained from the escrow holders, is it
envisioned that electronic surveillance can be done "real-time," or will
recording and post-processing be required?
32. To hear both sides of a conversation, does law enforcement need the
keys of both participants?
33. After law enforcement has properly obtained a pair of unit keys
from the escrow agents and conducted a wiretap, will the keys be "returned"
to the agents? What safeguards exist to prevent law enforcement from
re-using the keys without authorization in the future?
34. Once in possession of the unit keys, can the government pretend to
be ("spoof") the original unit owner?
35. What is the smallest number of people who would be in a position to
compromise the security of the system?
36. Can an escrow agent exercise discretion in the release of key
information? E.g., can they refuse an inappropriate request? (Phone
companies ensure that court orders are facially valid.) Can they publicize
an inappropriate request? Can they tell the person whose communications
were intended to be violated?
37. Who will be responsible for auditing the escrow process and the use
of revealed keys?
38. How will the government ensure that unanticipated uses of the
escrow database are prevented in the long term? (E.g., the Census database
was supposed to stay confidential for 75 years, but was released during
World War Two to allow Japanese-Americans to be imprisoned without cause.
What protections are in place to make sure that this never happens again?
39. What happens when one discovers that the keys have been captured
through theft? How difficult would it be to change keys? What is done in
the meanwhile? How difficult is it to reprogram the chip, or do you need a
replacement?
40. If the chip can be reprogrammed, how do you prevent covert changes
that will not be discovered until authorization to tap is received and
execution of the warrant is forestalled?
41. It appears that once a given chip has been compromised due to use
of the escrowed keys, the chip and the equipment it is used in are
vulnerable forever. Is there any mechanism or program to re-key or replace
compromised hardware? Is there any method for a potential acquiring party
to verify whether the keys on a given chip have been compromised? Who
should bear the cost of replacement or re-keying of compromised hardware?
42. What safeguards will be used when transporting the escrow keys?
43. What are the national security implications of widespread
deployment of Clipper? Does it make our communications more susceptible to
disruption or jamming?
44. Doesn't the two-escrowee approach make these locations targets of
opportunity for any party or foreign government that wants to gain access
to sensitive US. information? If an escrow location is compromised, all
chip data contained there is compromised. Wouldn't these locations also
become targets of opportunity for any criminal or terrorist organization
that wanted to disrupt US. law enforcement? What back-up or physical
security measures are envisioned? If multiple copies are kept, doesn't
this increase the threat of compromise?
E. Choice of Agents for the Keys
45. Who will be the agents for the keys? How secure will they be from
the outside and from the inside? What is the cost of maintaining the
escrow system? Who will pay? Who will profit?
46. When will the escrow agents be announced? Will there be a process
to allow input into the selection of these individuals/agencies?
47. Although it has been reported that the escrow holders will not be
the FBI, DoD, CIA or NSA, is it envisioned that one or both of the escrow
locations will be non-government entities? Can one or both be private
parties? What will the process be to determine what private party will be
awarded the contract for key holder?
48. Can the set of escrow agents be changed after the initial
selection? How can the government be prevented from moving the escrow
contract to a more pliable escrow agent, if one of the agents stands up
against the government for the rights of the people whose keys they are
protecting?
49. Will escrow agents be immune from prosecution during their term of
office, like Members of Congress, the President, and Justices of the
Supreme Court? If not, what will prevent the government from harassing the
agents during a dispute with the Justice Department?
50. Will there be a mechanism for particular people to keep their keys
out of the key escrow database, or to obtain Clipper Chips with keys that
have not been escrowed? (E.g. Judges, law enforcement officers, NSA
officials, the President, etc.)
F. Level of Security of Clipper Chip Encryption
51. How will the government assure American businesses that their
proprietary information is not compromised? Given the extremely
competitive nature of the high-tech industries, and the importance of
intellectual property, how can American firms be adequately protected?
52. How will the government assure American citizens that the privacy
of their electronic communications and the security of personal information
that is transmitted in electronic form will all be secure under the Clipper
Chip?
53. f the Administration is so confident about the level of security of
the Clipper Chip scheme, why will classified information not be encrypted
with it?
54. What warranty is the US. government prepared to make regarding the
security of the Clipper Chip compared to other algorithms, and indemnity
for failures for breaches of the algorithm, chips that are compromised due
to failures in the security of the escrow system, or other failures in the
Clipper approach?
55. What effect does Clipper have on other NSA and DOD programs aimed
at encryption and authentication of unclassified messages (e.g., MOSAIC)?
56. If Clipper is not approved for classified traffic, what government
agencies will be utilizing Clipper, and for what applications?
57. Normal security procedures involve changing cryptography keys
periodically, in case one has been compromised. But the family and unit
keys cannot be changed by the user. If these keys are compromised, it won't
matter how frequently the user changed their session keys. Doesn't the long
use of the same family and unit keys increase the likelihood that these
keys will be compromised while they are still in use? Doesn't this also
eliminate a significant degree of the user's control of the level of
security that their his or her system provides?
58. If the government discovered that the algorithm or family key had
been discovered by a foreign government or private individuals, would it
tell the public that the system had been compromised? Are there plans to
restore privacy and authentication if the algorithm is compromised?
59. How secure is the Clipper algorithm if it is attacked by a person
with half the key?
G. Level of Privacy Protection
60. Given the dramatic growth in transmission and storage of personal
information in electronic form, does the Administration recognize that
private individuals, as well as large organizations, need access to
affordable, robust encryption systems?
61. Is law enforcement permitted to identify the specific piece of
communications equipment without obtaining a warrant? If encrypted
communications include the serial number ("chip family key"), will law
enforcement be able to keep track of communications traffic and track
private citizens without even securing the keys from the escrow agents?
62. Does the Administration believe that all household phones are going
to be replaced with secure versions over some period of time? At what
cost?
63. It has been impossible to keep any large collection of information
completely private, including Social Security records, tax information,
police files, motor vehicle records, medical records, video rentals, highly
classified military information, and information on abuses of power. How
will users be able to tell when this happens to the key escrow information?
H. Constitutional/Legal Implications
64. Has the Administration fully considered the constitutional
implications of the Clipper Chip and other key escrow systems?
65. Does forcing someone to disclose a key for future law enforcement
access infringe the fundamental right against self incrimination embodied
in the Fifth Amendment?
66. Does requiring key disclosure in conjunction with a particular
technology violate users' right to free speech under the First Amendment?
Courts frown most severely on any government attempts to compel a
particular form of speech.
67. Does the escrow system violate the letter or the spirit of the
Fourth Amendment protections which safeguard citizens against intrusive law
enforcement practices?
68. When the Administration says "nor is the U.S. saying that 'every
American, as a matter of right, is entitled to an unbreakable commercial
encryption product,'" are they therefore saying the inverse, that every
American is not allowed to have an unbreakable commercial encryption
product?
69. Does the Administration see the need for any new legislation to
implement its Clipper Chip proposal? If so, specifically identify.
70. In the event that one or more escrow keys are obtained through
unauthorized means, what liability, if any, might the equipment
manufacturer have to bear?
71. What will be the relationship between Federal and state law
enforcement? Will the policy pre-empt state law? How will state law
enforcement access the "key" system?
72. What is the statutory authority for regulation of domestic
encryption? Are any of these statutes cold war relics? Should the
efficacy of all statutes that effect civilian encryption be reviewed?
73. What protections do we have against blackmailing by escrow agents,
or by others who have gained possession of escrowed keys? Is there civil
or criminal liability for escrow agents who reveal keys illegally?
74. What is the impact on society if the right to hold a truly private
conversation is withdrawn?
75. Is strong encryption technology important for protecting
intellectual property in a digital network environment?
I. Logistics of Chip Development and Manufacture
76. Why weren't other Chip manufacturers given the chance to bid on the
chip production process? Why was the choice made to have only one
manufacturer?
77. Since the Clipper Chip design data will need to be released to
manufacturers, how will we be assured that this information, in itself,
will not allow the user systems to be compromised?
78. What assurances will there be that the manufacturer is not keeping
a record of all keys issued?
79. We have read Dorothy Denning's explanation of how the two 80-bit
keys will be created in the SCIF. Is this description accurate? If not,
how would this process occur? If so, is the system feasible? What will the
cost be for this process and for the increased security of the involved
government agents?
80. The chips will be programmed in a Secure Compartmented Information
Facility (SCIF). Does this suggest that the chips should at some point be
classified Secret or Top Secret? What is the classification of the Clipper
and Capstone chips and the Skipjack algorithm? How will these chips be
declassified once leaving the SCIF?
81. Some of the press reports imply that AT&T has had access to this
information in order to incorporate Clipper into some of its equipment
designs. Is that implication accurate?
82. Can this scheme be implemented in software? If so, why haven't we
seen information on that software? If not, were issues of how this
hardware solution would affect continued use of software encryption
adequately evaluated? Were the comparative costs of software and hardware
encryption schemes evaluated? Is this evaluation available for analysis?
83. Current high speed DES processors have encryption rates of
approximately 200 megabits per second, while the Clipper Chip has a
throughput of 12.5 megabits per second. Within two to five years, 100 Mbs+
technologies, such as Fast Ethernet, FDDI and ATM, will become commonplace.
How will the Clipper technology be used in environments where data is sent
at 100 Mbs or faster?
J. Feasibility/Implementation
84. What testing has been done to verify the ability of Clipper to work
across the panoply of new emerging technologies? If the underlying digital
transport protocol drops a bit or two, will that interfere with Clipper
operation? How critical is synchronization of the bit stream for Clipper
operation? Has this technology been tested with ISDN, TDMA, Cellular, CDMA
Cellular, ATM, SONET, SMDS, etc. and other emerging technologies? What
effect does Clipper have on the Cellular Authentication and Voice
Encryption (CAVE) algorithm? Are these differences for key generation,
authentication, or voice privacy?
85. Does the Administration seek to extend the Clipper Chip proposal to
the TDMA and CDMA digital cellular standards?
86. When will the government publish the various Modes of Operation and
other documents for Clipper, together with a physical implementation
standard (similar to the old FS-1027)?
87. Will the government consider the development of alternate sources
for the chip or will vendors be limited to a single, monopoly supplier?
88. Initially, the Clipper Chip is being proposed for telephone
technology, but the White House specifically mentions that the technology
will be used for electronic data transmission. What is the timetable for
implementing this?
89. What is the scope that the Administration envisions for the Clipper
Chip's algorithm use? What about Capstone? Is it limited to choice, or
does it encompass electronic mail, network encryption, security modems,
long-haul bulk encryptors, video applications, computer password
protection, Intelligent Vehicle Highway Systems ("IVHS"), satellite
communications -- both transport and control, electronic funds transfers,
etc.?
90. What is the Administration's policy on other security mechanisms
beyond privacy, such as message authentication codes for banking and EFT,
and for integrity and digital signatures for sender authentication and
non-repudiation? What is the impact on international standards such as
X.500 and X.509?
91. Since Clipper, as currently defined, cannot be implemented in
software, what options are available to those who can benefit from
cryptography in software? Was a study of the impact on these vendors or of
the potential cost to the software industry conducted?
92. What is are the success criterion for the Clipper initiative?
Would the government abandon its initiative if the Clipper is shown to be
unsuccessful beyond government use?
93. What is the expected useful lifetime of the Clipper technology?
What do you expect will render it useless at some point?
94. Is it true that the name "Clipper Chip" is the intellectual
property of another company?
K. Impact on American Competitiveness
95. As the key-escrow approach is designed to ensure the ability of the
American government to access confidential data, do NIST and NSA expect
overseas customers (who do not have the protection of due process) to
purchase the chip for data protection?
96. In testimony before the House Telecommunications Subcommittee, Mr.
Kammer of NIST indicated that if he were a foreign customer, he would not
purchase devices that included the Clipper Chip. Doesn't this raise serious
balance-of-trade problems?
97. Will the technology, or the Chip itself, be shared with other
allied governments (e.g., the UK), or will US. producers of data security
products, forced by government standards to develop clipper-based products
for the US. market, be permanently closed out of the overseas security
market?
98. If Clipper won't be commercially accepted abroad, and export
controls continue to prohibit the exportation of other encryption schemes,
isn't the US. government limiting American companies to a US. market?
99. Given the restrictions on who can build Clipper devices, how will
Clipper keep up with advances in semiconductor speed, power, capacity and
integration? Openly available devices, such as Intel-compatible
microprocessors, have seen dramatic gains, but only because everyone was
free to try to build a better version.
100. Will the Clipper Chip be used nationally and internationally? How
will multinational operations accommodate this new system?
101. Banking and finance are truly global today. Most European financial
institutions use technology described in standards such as ISO 9796. Many
innovative new financial products and services will employ the reversible
cryptography described in these standards. Clipper does not comply with
these standards. Will US. financial institutions be able to export Clipper?
If so, will their overseas customers find Clipper acceptable?
102. If overseas companies provide systems based on algorithms that do
not have key escrow schemes that encrypt faster and more securely, how will
we compete internationally? We are market leaders in applications software
and operating systems. our world leadership in operating systems is
dependent on integrating security in internationally distributed systems.
103. Internet Privacy Enhanced Mail (PEM) is becoming an internationally
recognized system for encrypting Electronic Mail. Would Skipjack encryption
become a US. standard for encrypting electronic mail while the rest of the
world used PEM? How would E-mail traffic between the US. and other
countries be encrypted?
L. Effect on Export Control Policy
104. In light of the Clipper initiative, will export restrictions on
hardware and software encryption regimes using DES and RSA algorithms
(which are widely available abroad) remain in place?
105. Will American firms be allowed to sell devices containing the
Clipper Chip abroad? Under which governmental regulatory regime would
exports of devices containing the Clipper Chip fall? What conditions would
be applied to exports of devices containing the Clipper Chip? (E.g., would
American firms be allowed to export devices to non-US. customers without
the escrow requirement? If not, who would hold the keys?)
106. What governmental regulations will apply to imports of devices
containing the Clipper Chip? Given that most US. companies source most
customer premise equipment (e.g., telephones, fax machines, etc.) offshore,
how will the logistics be handled for the export of the Clipper Chip as a
component, and the subsequent import of the device containing the chip?
Will the US. permit non-US. manufacturers to have the Clipper algorithm? If
not, how will the Administration justify this trade barrier?
107. If the Clipper Chip cannot be reverse-engineered, and if the US.
government is capable of decrypting, why would there be any reason to limit
Clipper products from being exported?
108. If Clipper is allowed to be exported, does the US. government
foresee a problem with other governments? Would the US. government's access
to escrow keys be viewed as an exercise of extraterritorial jurisdiction?
M. Implications for Installed-Base/Existing Products
109. What are the implications of NSA/NIST withdrawing the certification
of DES? Although it may -- at some point in the future -- no longer be used
for government purposes, that is not going to effect commercial or private
users' applications of DES. What about the embedded base of DES hardware?
110. Will existing systems need to be replaced?
111. What efforts were spent to make the new encryption approach
compatible with the embedded base of equipment? If DES was becoming weak
(vulnerable), wouldn't merely extending the DES key length to 80 bits have
solved that problem?
112. There are a number of companies that employ non-escrowed
cryptography in their products today. These products range from secure
voice, data, and fax, to secure e-mail, electronic forms, and software
distribution, to name but a few. With over a million such products in use
today, what does the Clipper scheme foretell for these products and the
many corporations and individuals that are invested in them and use them?
Will the investment made by the vendors in encryption-enhanced products be
protected? If so, how? Is it envisioned that they will add escrow
features to their products or be asked to employ Clipper?
N. Process by which Input Will Be Received from Industry/Public Interest Groups
113. If the outcome of the policy review is not pre-ordained, then the
process to analyze the issues and arrive at solutions would seem to need a
great deal of definition. What roles have been identified for Congress, the
private sector, and other interested parties? Who is coordinating the
process?
114. Why does the Presidential directive on the review process remain
classified?
o o o o o
------- End of Forwarded Message