Clipper trapdoor? Peter Wayner <pcw@access.digex.net> writes:
My general impression is that the system is secure. Many people have played paranoid and expressed concerns that the classified algorithm might be hiding a trapdoor. It became clear to me that these concerns were really silly. There is a built-in trapdoor to be used by the government when it is "legal authorized" to intercept messages. The NSA has rarely had trouble in the past exercising either its explicitly granted legal authority or its implied authority. The phrase "national security" is a powerful pass phrase around Washington and there is no reason for me to believe that the NSA wouldn't get all of the access to the escrow database that it needs to do its job. Building in a backdoor would only leave a weakness for an opponent to exploit and that is something that is almost as sacrilidgeous at the NSA as just putting the classified secrets in a Fed Ex package to Saddam Hussein.
This raises an interesting question and I draw a totally different conclusion. If, as we have been told, the only way for an agency to obtain the escrow keys is to present a court order, than NSA needs to obtain such an order to decrypt *any* communication it intercepts. I don't really understand what Peter means when he says that "NSA has rarely had trouble in the past exercising either its explicitly granted legal authority or its implied authority. The phrase 'national security' is a powerful pass phrase around Washington and there is no reason for me to believe that the NSA wouldn't get all of the access to the escrow database that it needs to do its job." Does this mean NSA would, in fact, obtain a warrant in order to "get all of the access to the escrow database that it needs to do its job"? If so, this would represent an unprecedented change in the way NSA does "its job." NSA has no domestic law enforcement authority, so it would obviously never be in a position to obtain a law enforcement wiretap warrant under Title III. The only possible way for NSA to obtain a warrant would be under the Foreign Intelligence Surveillance Act (FISA). But the Foreign Intelligence Surveillance Court, which issues warrants under FISA, has ruled that FISA's provisions limit the authority to conduct electronic surveillances to the U.S. in a geographic sense as defined in sec. 101(i). The drafters left to another day the matter of "broadening this legislation to apply overseas ... because the problems and circumstances of overseas surveillance demand separate treatment." In the Matter of the Application of the United States for an Order Authorizing the Physical Search of Nonresidential Premises and Personal Property (1981), footnote 1 (citations omitted). Consider the following hypothetical: Iraqi agents smuggle Clipper phones out of the U.S. Saddam Hussein uses them to communicate with his military commander in Basra. NSA intercepts the communications. Question: How does NSA decrypt the messages? Note that neither Title III (law enforcement) nor FISA (U.S.-based) apply to this situation, so we have to assume that NSA will not have a court order to obtain the escrow keys. I have to conclude that NSA would not be putting this technology out into the world *unless* it did, in fact, have some way to decrypt messages *without* access to the escrow keys. Am I missing something? David Sobel CPSR Legal Counsel