Subject: Re: Another view of the CFP From: SINCLAIR DOUGLAS N <sinclai@ecf.toronto.edu> In-Reply-To: <9403310139.AA19008@anchor.ho.att.com>; from "bill.stewart@pleasant
The proposed standards I've seen on the net say you can't encrypt *after* using Clipper, because that makes Clipper key-theft useless. On the other hand, encryption with real systems before encrypting with Clipper is undetectable until after they decrypt the Clipper, so it's hard to enforce except on people who are already suspects, and is unlikely to be convenient to implement (for interoperability) on some of the major Clipper targets, like cellphones and fax machines.
Makes sense, doesn't it? When the whitehouse guy said that encryption below clipper was legal but not above, we thought he was confused. However, we ACKed it with an NSA employee, and he confirmed it. His reasoning went like this: encryption below clipper can't be stopped, since one can just splice a cryptdec into the phone line. Encryption on top of clipper is impossible since the clipper phone will only accept audio input. No word on how that would effect clipper modems.
Having said all this, I should note that the NSA employee was not acting in an official capacity, and that he was not directly working on clipper.
The AT&T Surety Communications Voice/Data Terminal 4100 is an STUIII with a type IIIe (e for export, read clipper) cryptographic algorithm, the model numbers for type I and type II STUIIIs are series 1000 and 2000 respectively. AT&T Surity (tm) Voice/Data Terminal 4100 For Sensitive, Business Applications The AT&T Surity Voice/Data Terminal 4100 provides secure voice and data communications in one integrated package. It works both as a full-featured telephone for voice calls and as a smart modem for data applications. Part of an AT&T familty of Surity products, the Voice/Data Terminal is compact and light enough to carry with you when you travel. Developed in conjunction with the U.S. Government's STU-III program, the Voice/Data Terminal 4100 is designed to protect domestic and internation business communications. .... 4100 Specifications: Information protected - Sensitive business and/or business-proprietary User Community - U.S. corporations - High tech manufacturing - Multinational corporations - Legal and financial organizations Security features - Clipper encryption algorthin - Display window for - Secure Access Control authentification identification System (SACS) - Information to create a call - Auto-answer, auto-secure audit trail - Active and passive terminal - Non-error propagating zeroization - Plain text inhibit Key management - Negotiated key - Self-generated key - Secret key - Negotiated key with authentication Voice modes - Clear voice - Secure voice [] 4.8 kbps full-duplex CELP [] 2.4 kbps half-duplex [] 2.4 kpbs full-duplex LPC10e LPC10e Telephone features ... Secure data operation modes - 9.6 kbps full-duplex - 2.4 kbps full-duplex sync/async sync/async - 4.8 kbps full-duplex - 2.4 kbps half-duplex sync sync/async .... ------ There are clipper phones that accept data. This is probably the one the DOJ buys. Basing arguments on fallicies is counterproductive, and is the sort of thing Tim May was talking about.