After reviewing the NIST rebuttal to Matt Blaze's Paper, 'Protocol Failure in the Escrowed Encryption Standard', referring to how the Unit ID (UID) was expanded from 24 bits to 32 bits, I e-mailed the following question to Dorthy Denning, informing her that I wanted to share the answer. The question arises, does the unit ID indeed contain a field registered to the equipment manufacturer? Professor Denning replied: "Yes, the UID contains bits that identify the manufacturer." (I didn't think to ask how many) The implication is that a counterfeit LEAF is detectible. As per FIPS Pub 185, The Escrowed Encryption Standard, a transmission or stream of data is preceded by the Cryptographic Protocol Field (CPF) which is registered to a particular application (Clipper phone - AT&T, for example). The CPF is used to determine where to find the LEAF, the LEAF Creation Method (LCM) and the Family Key (KF). Thus the CPF also identifies the manufacturer, or group of manufacturers for a theoretically second sourced product, by identifying the data protocols of the encrypted data (RCELP in the case of AT&T). A Bogus LEAF tested against the Escrow Authenticator (EA) must still match the manufacturer information found in the Unit ID. I would expect that there is between 10 and 12 bits of the UID specifying manufacturer. The bad news is that to escape detection by the Law Enforcement/National Security monitoring activity, you need to produce a LEAF that not only produces an acceptable Escrow Authenticator used by the recipient EES chip, but also produces a UID falling with some number of bits that matches LE expectations as a result of examing the CPF. The problem is that without knowledge of the Family Key and the LEAF creation method, there is no possiblity of checking for a match in the UID's manufacturers identifier.