I've had some people ask me about a non-technical synopsis of the Wiretap Chip proposal. What follows is it. Can you please look over it for errors? I am still very much the amateur when it comes to cryptography. The WIRE-TAP Proposal: Problems with it. The White House sent out a press release on Friday 16 April about a voice encryption chip called the Clipper chip. This has come to be known as the Wiretap chip since it allows any Law Enforcement agency to automatically decrypt any conversations made with it with a search warrant. The LE presents said search warrant to two different escrow agencies to obtain the keys (80 bits long) that automatically decrypts your conversation. The Electronic Freedom Foundation (EFF) and the Computer Professionals for Social Responsibility (CPSR) have both criticized the proposal. There was even a negative article already in Network World (19 Apr 93). The paragraphs that follow are facts and problems I have collected by listening to other discuss the Wiretap chip. Say you wanted to encrypt your talk with someone over a phone. Well, since you and the person you want to talk to both have the Wiretap (Clipper) chip in your phones, you can automatically encrypt your conversation. All fine and good encryption for the consumer. Now, what if you come under investigation by the local constabulary? The get a court order and ask the escrow agencies (non-law enforcement types) for your key. They already have the family key since that is the same in each chip. They now have your specific key. With these two keys, they can decrypt all conversations that you have. This includes conversations that are not legal to wiretap such as attorney-client, doctor-patient and so on. They also have that key for any all future sessions that you use that phone for. Start to see the problem? This part is all legal... Search warrants are even exceedingly easy to get at times. There have been reports of the FBI get groups of 50 signed and blank search warrants from the DoJ. Now, there are other problems. Would you give the IRS keys to your house and filing cabinet as long as they promised that they would only use it under proper authorization? The key length of 80 bits is still considered cryptographically weak. It would take determined effort by an agency with a supercomputer but your key could be broken. The cryptographic algorithm is also being kept classified. This is not the usual practice. In the cryptographic community, algorithms are public. This way people can be assured there aren't any back doors and that the algorithm can stand on its own strengths, not that of secrecy. It has also been hinted at by NIST (the agency behind the technical implementation of the chip.) that the chip could be compromised if the algorithm was made public. It is not that difficult to reverse engineer a chip these days. Finally, some of the implications behind this announcements are dire. The Wiretap chip could become the market or legislative standard. This could mean that other implementations of cryptographic voice transactions would be very difficult to obtain or would be illegal to obtain. Why would a criminal use the Wiretap chip when they knew it wouldn't encrypt their conversations against the LE agencies? They wouldn't, they would use other encryption technologies. Would this mean that using something other than the Wiretap chip is probable cause and puts you under suspicion? One last fishy thing is that AT&T has already (on the same day) announced phones with this chip. This implies (means?) that AT&T has known about this chip for a while. They seem to be more concerned about getting a jump on the competition than producing a product that will actually give their users real security. 'Course, there is the question of collusion between the governement and industry. Only two companies will be allowed to manufacture the chip, VLSI and Mykotronix. Jeff Hendy, director of new product marketing for VLSI, says his company expects to make $50 million of the chip in the next 3 years. (This from the San Jose Mercury News.) Hopefully, I haven't left stuff out. I am going to forward this to cypherpunks for the experts there to check it out. Think free, -- Defeat the Torin/Darren Stalder/Wolf __ Wiretap Chip Internet: dstalder@gmuvax2.gmu.edu \/ PGP2.x key available. Proposal! Bitnet: dstalder@gmuvax Finger me. Write me for Sprintnet: 1-703-845-1000 details. Snail: 10310 Main St., Suite 110/Fairfax, VA/22030/USA DISCLAIMER: A society where such disclaimers are needed is saddening.