Don't believe this was posted here. Mostly a rehash, but included for completeness of the soda.berkeley.edu archive, and does note that the analyst review deadline is `the end of the month' (July). So, depending on how long the bureacrats sit on the results, we should hear something soon. Sorry about the poor format quality. (I wonder who the 6 were who defined? Surely a Who's Who in Cryptography, e.g. W. Diffie etc. I wonder if they'd have the nerve to ask Kahn?) ------- Forwarded Message Date: Mon, 26 Jul 1993 21:01:33 -0500 From: farber@central.cis.upenn.edu (David Farber) Subject: Critics Belittle Data Security Probe A bit late but ... from sci.crypt San Lose Mercury News - July 16, 1993 Critics Belittle Data Security Probe By Lee Gomes A federal effort to answer complaints about a controversial government data security plan apparently has fallen short of its goal, with critics saying the effort isn't dealing with all of their concerns. On Thursday, the National Institute of Standards and Technology, or NIST, an agency of the Comerce Department, named five outside computer researchers to evaluate software being used in the "Clipper" program, a proposed federal standard to encode computer messages in order to keep them secret. Clipper, which uses both software and a special chip, has been criticized by some cryptography experts for being an inferior technology, and for potentially having a hidden "trap door" that might allow law enforcement agencies to surreptitiously peek at computer messages. While the program would directly apply to only federal agencies, many predict the standard would also come to dominate the commercial market. In an effort to convince people no such trap door exists, the five experts working with NIST will evaluate the classified software used in Clipper and then report publicly on their findings. But Jim Bidzos, of RSA Data Security in Redwood City, a company that sells a private encryption plan and which is one of the government's main critics in the controversy, said the work of the five outsiders will be of limited value, since they will only be looking at a protion of Clipper software. "There are a million other places where you can do some funny business to grab messages," he said, including by copying or tampering with Cliper hardware. NIST has always maintained there is no trap door and that including one would be superfluous because law enforcement agencies would be able to get the "keys" to Clipper with a court order. NIST spokeswoman Janice E. Kosko said the agency had invited 11 experts to examine the actual encryption software, called Skipjack, provided they would agree to obtain a security clearance and to speak publicly about their findings without revealing the detailed workings of the software. Six declined. The five who accepted are Ernest Brickell of Sandia National Laboritories, Dorothy Denning of the computer science department of Georgetown University, Stephen T. Kent of BBN Communications Corp., David P. Maher of AT&T, and Walter Tuchman of Amperif Corp. The five outsiders have been asked to submit individual findings by the end of the month. Because Clipper software is secret, the work of the five will take place at a classified government laboratory in Bowie, MD. - --- ------- End of Forwarded Message