Cypherpunks, This may be old news to most of you, but I just got my HP ScanJet IIc working with Caere's OmniPage Pro 2.1, and thought I'd scan this in to give it a try. Note to D.C. Cypherpunks (or anyone else, for that matter): I'll be happy to scan any documents or newsclippings you send my way. I'm located in Columbia, Maryland. I'm reachable by UUCP e-mail at uunet!anagld!ftgcorp!dan.
From Network World, issue date May 31, 1993.
OPINIONS SECURITY PERSPECTIVES BY MICHEL KABAY Vigilance is needed to keep Clipper Chip in check Last month, the federal government endorsed a new encryption technology based on the Clipper Chip. The Clipper Chip will give federal agencies a key to unlock users' encrypted voice and data communications. Network users can live with this situation, but only if they're vigilant about preventing any attempt to make the Clipper Chip the only legal encryption mechanism available in the U.S. The Clipper Chip will serve some legitimate needs. As the U.S. builds its National Information Infrastructure, increasing amounts of data will flow electronically throughout the nation. Users will need encryption to protect their sensitive data. In a multivendor world, having a common encryption standard, such as the Clipper Chip, will simplify protection so users won't even notice their communications being encrypted. However, users have many questions and concerns about the Clipper Chip, as well. Internet users are curious about how the chip was developed: specifically, what companies and individuals were consulted and how the initial manufacturer, Mykotronx, Inc. of Torrance, Calif., was selected. This information might cast light on the quality of the chip and the price to be charged. Internet users also wonder why the algorithm is being kept secret. Without free access to the algorithm, many argue, the scientific community will not be sure that the algorithm actually functions as claimed. Defenders of the plan point to a proposed examination by selected experts, but any closed process leaves open the question of whether there is a back door to decryption. A major user concern involves key escrow, which is at the heart of the administration's proposal. Government agencies would hold pairs of incomplete decryption keys for every Clipper Chip installed in the U.S. To decrypt private communications, a government agency would need to get a warrant to obtain the two parts of the decryption key. INSET: Clipper Chip will give federal agencies a key to users' encrypted communications Anyone who discovers the key pairs for a specific Clipper Chip could decode all encrypted communications initiated by that device, even after the warrant expires. Therefore, the trustworthiness of the key escrow agencies is crucial to avoid abuses of the decryption keys. The partial keys might be stored in databases or generated by black-box decryption devices. Any party involved in creating these databases or devices would be a vulnerable point in the control over decryption. It would be valuable to know whether the federal government has studied the risks and estimated the costs of providing adequate protection. If so, many users would want to evaluate such studies independently. Key escrow for foreign purchasers of the Clipper Chip and for foreign manufacturers will also cause problems. If other countries use the technology and have all the keys in escrow, U.S. users may find their own security compromised by legal systems beyond their control. But the biggest concern regarding this technology is that it could lead to a ban on all unauthorized encryption technology in the U.S. A few years from now, anyone using a non-Clipper Chip encryption method could be assumed to be engaging in crime. Political pressure to ban all non-Clipper Chip encryption could become intense. Making non-Clipper Chip encryption illegal would lead to enforcement problems. Applying the technology only to voice transmissions would raise the popularity of data transmission -- that is, digitally encoded voice file transfers. So it would have to be applied to data, too. But failure to produce clear text using the Clipper Chip decryption could be construed as evidence of illegal encryption, even if the original data stream was not, in fact, interpretable. The prospect of astronomers being arrested because law enforcement officials couldn't make sense of their data on elemental composition of supernovas is pretty funny--if you like that kind of joke. I urge all users to fight any attempt to make the Clipper Chip the only legal encryption mechanism in the U.S. For further developments in the ongoing debate, users should follow the dialogues on the Internet in the Risks forum, the Privacy forum and the new alt.privacy.clipper news group. END Kabay is director of education with the National Computer Security Association in Carlisle, Pa. He can be reached at (717) 258-1816 or on the Internet at 75300.3232@compuserve.com. -- dan@ftgcorp.UUCP (Dan Veeneman) Fountainhead Title Group