-----BEGIN PGP SIGNED MESSAGE----- This is essentially the same as what David posted, but it's directly from the New York Times and it includes a few bits that were edited out of the San Jose version. I'd already typed this in when David's version showed up here, so I decided to compare the two -- which helped me to find some typos (in both versions :-) and to see the odd collection of minor stylistic differences between the two papers. Zeke ============================================================================== The New York Times Vol. CXLIII Copyright (c) 1994 The New York Times Thursday, June 2, 1994 FLAW DISCOVERED IN FEDERAL PLAN FOR WIRETAPPING ---------------- CLIPPER CHIP IS AT ISSUE ---------------- Scientist at Bell Laboratories Says Criminals Can Close an Electronic Backdoor ---------------- By JOHN MARKOFF A computer scientist at AT&T Bell Laboratories has discovered a basic flaw in the technology that the Clinton Administration has been promoting as a way to allow law enforcement officials to eavesdrop on electronically scrambled telephone and computer conversations. Someone with sufficient computer skills can defeat the Government's technology by using it to encode messages so that not even the Government can crack them, according to the Bell Labs researcher, Matthew Blaze. For more than a year, the Clinton Administration has been advocating the encoding technology as the best way to insure the privacy of telephone and computer conversations while retaining the traditional right of law-enforcement officials to use court-authorized wiretaps to eavesdrop on the conversations of suspected criminals or terrorists. The technology, based on what is known as the Clipper chip, has been widely criticized by communications executives and privacy-rights advocates, who fear its Big Brother potential. The industry also fears foreign customers might shun equipment if Washington keeps a set of electronic keys. But now Dr. Blaze, as a result of his independent testing of Clipper, is putting forth perhaps the most compelling criticism yet: the technology simply does not work as advertised. Dr. Blaze detailed his findings in a draft report that he has been quietly circulating among computer researchers and Federal agencies in recent weeks and which he made available on Tuesday to the New York Times. ``The Government is fighting an uphill battle,'' said Martin Hellman, a Stanford University computer scientist who has read Dr. Blaze's paper and who is himself an expert in data encryption, as the field is known. ``People who want to work around Clipper will be able to do it.'' But the National Security Agency, the Government's electronic spying agency, which played a lead role in developing the technology, said yesterday that Clipper remained useful, despite the flaw uncovered by Dr. Blaze. Agency officials do not dispute the flaw's existence. ``Anyone interested in circumventing law-enforcement access would most likely choose simpler alternatives,'' Michael A. Smith, the agency's director of policy, said in a written statement in response to a reporter's questions. ``More difficult and time-consuming efforts, like those discussed in the Blaze paper are very unlikely to be employed.'' Since announcing the Clipper coding technology 13 months ago, White House and Justice Department officials have argued forcefully that it is a necessary information-age compromise between the constitutional right to privacy and the traditional powers of law enforcement officials. The Clinton Administration intends to use Clipper, which is [sic] is trying to promote as an industry standard, for the Government's sensitive nonmilitary communications. The Federal Government is the nation's largest purchaser of information technology. But industry executives have resisted adopting Clipper as a standard for several reasons. Because the underlying mathematics of the technology remain a classified Government secret, industry officials say there is no way to be certain that it is as secure as encoding techniques already on the market. They also fear that Clipper's electronic ``backdoor,'' which is designed for legal wiretapping of communications, could make it subject to abuse by the Government or unscrupulous civilian computer experts, who might eavesdrop without first obtaining a court order and the electronic ``keys'' that are to be held in escrow by two Government agencies. Privacy-rights advocates have cited similar concerns. Industry executives have also worried that making Clipper a Federal Government standard would be a first step toward prescribing the technology for private industry or requiring that it be included in sophisticated computing and communications devices that are to be exported. Dr. Blaze said that the flaw he discovered in the Clipper design would not permit a third party to break a coded computer conversation. But it would enable two people to have a secret conversation that law enforcement officials could not unscramble. And that could render Clipper no more useful to the Government than encryption technology already on the market to which it does not hold the mathematical keys. Circumventing Surveillance ``Nothing I've found affects the security of the Clipper system from the point of view of people who might want to break the system,'' Dr. Blaze said in a telephone interview yesterday. ``This does quite the opposite. Somebody can use it to circumvent the law-enforcement surveillance mechanism.'' Dr. Blaze said that several simple changes to the Clipper design could correct the flaw, but that they might be difficult to adopt because they would require the Government to start over in designing the Clipper. The Government has already begun ordering telephones containing the Clipper chip for use by Federal agencies, and it is designing another Clipper-based device, called the Tessera card, for use in personal computers. Dr. Hellman at Stanford said that the Government was counting on most crooks and terrorists not to go to the trouble of modifying the Clipper design or otherwise seeking to disable it -- if they used it at all. Oliver North Cited He cited the example of the Reagan Administration aide Oliver North, who he said was both intelligent and security conscious; yet he ignored the existence of computer back-up tapes of his electronic mail messages, which were later obtained by Federal investigators in the Iran-Contra inquiry. One computer scientist who has been a proponent of the Clipper plan and who is familiar with Dr. Blaze's paper said that the flaw would not immediately subvert the system. ``I don't think this undermines the Clipper,'' Dorothy Denning, a computer scientist at Georgetown University and part of a team chosen by the Government to evaluate the technology, said. ``But it's good to know what the vulnerabilities are.'' Clipper was designed by researchers at the National Security Agency in cooperation with computer scientists at the National Institute of Standards and Technology, a civilian agency that is responsible for setting computer standards for nonmilitary Government applications. The Clipper chip is known as an ``escrowed encryption system.'' It is designed so that law enforcement officials wishing to eavesdrop on Clipper-encoded communications must present a court warrant and a special number -- or key -- generated by a Clipper chip to two separate Government escrow agencies. Each of the agencies would hold portions of a special number, which can be used together to decode the conversation. The flaw found by Dr. Blaze exploits the technology feature of the Clipper system that creates the number key that can later be used by law enforcement officials to generate the second key number. The first number is known as the Law Enforcement Access Field, or LEAF. The LEAF elements includes a unique number known as the encrypted session key and a separate number -- called a checksum -- that mathematically verifies that the session key is valid for Clipper. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLe4igxVg/9j67wWxAQGV3AP7BYrXK/G1YKwwCwzgjSsMDXaDiG6s8oY9 jCKKOGNKNX5X5EhpuzrdNDOEEjGTEvQEONZR9scc77Fx1ZSaR629QlykRIzAY3WA hd1mbgYcfwznY/oAPgoLkTWamMSpuyYK1fIPU/RMVh4RQypfcbUzcZDf42Ho25tI WL1l1isAFio= =aID9 -----END PGP SIGNATURE-----