For those of you who do not receive the comp.risks feed, the Wiretap Chip (Clipper) is debate is taking hold on several forefronts. What this tells me is this: People are starting to realize the negative implications of this Big Brother "technology." I say: Great, but there's alot of eyes to open out there and we need to let Joe and Janet Lunchbucket know how this will affect them. 8<------ Begin forwarded message ------------------------ Date: Thu, 22 Apr 93 12:12:44 -0700 From: Mark Seecof <marks@wimsey.latimes.com> Subject: "key escrow" (Clipper Chip; RISKS 14.51) (At the risk of redundancy (with other contributors)): 1. Although gov't press releases and gov't surrogates like Dorothy Denning keep talking about warrants (actually, they say "proper authorization") for Clipper keys, the government has never abandoned (and does not even deny) the practice of conducting warrantless wiretaps for "national security" reasons. How will keys be obtained to decrypt such intercepts? My guess--the security of the "escrow" agencies will be secretly compromised. And then, the time will come when the NSA turns over political or criminal information with little or no "national security/foreign/military intelligence" content to the FBI, etc. My fallback guess is that the Skipjack algorithm will have a back door. 2. The key escrow scheme is a pottery container of fecal matter. Right now in California we are enjoying two scandals involving the release, to unauthorized persons, of "secret" data, by employees of government and private organizations, in violation of: their employers' policies, their own terms of employment, state criminal law, and common (civil) law. These (Anaheim PD employee release of DMV address info to anti-abortion terrorists; various people including police employees giving info to an ADL investigator) are representative, not exhaustive of the problem. Does anybody remember the Walker (U.S. Navy) spy scandal of a few years ago? Walker ring members, despite vetting by the military (perhaps inefficient, but more thorough than likely in civilian agencies), exposure to the most severe legal sanctions, and even the cultural pressures of their military communities, sold out Navy cipher secrets and keys to actual enemies for fairly small amounts of money. N.B.: the Walker ring had no ideological motivations. Anyone who says that the key escrow scheme will protect the privacy of Clipper users is naive, stupid, or wicked. Of course, as someone will point out: "the Walker ring got caught!"--but catching malefactors will not prevent the harm they do before they are detected. 3. The assertion that the government should, by rights, be able to decrypt private communications for "law enforcement" purposes should be challenged. Privacy advocates should not concede this important debate-framing assumption. Advances in digital computing have made it possible for ordinary people to use powerful machine cipher techniques. But such systems will not prevent police agents from eavesdropping directly or by various bugging methods. It may be (I suspect it is so) that depriving the police of convenient wiretapping might have little effect over, say, ten years, on their (police) ability to detect and interfere with criminals. Mark Seecof <marks@latimes.com> 8<----- End forwarded message ------------------------- Someone drop this guy a line to get him to join our cause! (Actually, I'v already done that.) We can always use a LA Times cypherpunk, can't we? ;-) Cheers. Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Centreville, Virginia USA | Just say "NO" to the Clipper fergp@sytex.com | Chip...