The following is something I wrote for "What's Out There?", a column I
write about what's available on the net. It's more for pointing out where
to find out more information and such, but also includes a few of the
concerns about the announcement.
Feel free to send me comments. I'll be posting this to various USENET
newsgroups in the near future, as the column won't be in hardcopy until
about June, 1993.
FYI...
-jeff
Jeff Kellem
Internet: composer@Beyond.Dreams.ORG
p.s. This is excerpted with permission, of course, since I am the author. ;-)
===CUT HERE===
[ NOTE: Please see the COPYRIGHT/LICENSE notice at the end of this
document before ANY redistribution. ]
The following is a portion of Volume 1, Issue 03 of "What's Out There?"
written by Jeff Kellem . This is expected
to appear in the May/June 1993 issue of the USENIX Association's
hardcopy newsletter, ";login:".
Excerpted from "What's Out There?", Volume 1, Issue 03...
White House and NSA (Encryption) Clipper Chip Announcement
----------------------------------------------------------
On April 16, 1993, the White House announced the development of an
encryption chip for voice communications developed in conjunction
with the National Security Agency (NSA) called the Clipper Chip, along
with an initiative regarding telecommunications and privacy which
could literally affect almost every citizen in the United States.
On the same day, AT&T announced a "secure" phone which incorporated
this chip.
Some important things to point out:
o the encryption algorithm is remaining classified
[ In the cryptography community, an encryption algorithm is only
considered secure after it has been examined extensively and
independently by a wide array of experts around the world. With an
algorithm which is kept secret, there is no guarantee that it is
secure and that the encryption method has no "back door" (allowing
easy decryption for those, such as the NSA, that know the "back
door"). ]
o though the government has announced plans to use the chip in their
own phones, they do NOT plan to use it for CLASSIFIED information,
only for unclassified information.
o this chip has been in the making for 4 years; it would seem that
the Clinton Administration has already made plans to use the chip,
without public comment or discussion on a matter which is so
important to the privacy of that same public.
o it would seem that the Government might be granting a monopoly to
Mykotronx, Inc. and VLSI Technology. It's unclear whether each
company makes the entire chip or just parts thereof.
o the key, which allows the information encrypted with this chip to
be decrypted, is embedded in the chip
[ This means that once the key is known, the chip needs to be
replaced to maintain private communications. In other words, a new
encryption device, if the key is ever divulged, which could just
mean a wire-tap. ]
o the 80-bit key is split into two (2) 40-bit pieces and kept in
databases at two different escrow agencies
[ It's not clear how the key databases will be kept secure. It
is also unknown if the classified encryption algorithm is any
less secure to brute-force attacks, once half the key is known. ]
o a successor chip has already been announced, called the Capstone
chip. The Capstone chip is supposed to be a "superset" of the
Clipper chip and will include the "digital signature standard" (DSS),
which many in the cyprotgraphy community seem to consider insecure,
as I recall. The NSA also developed DSS, which wasn't disclosed
until CPSR filed a FOIA request with NIST (the National Institute of
Standards & Technology).
This announcement, in one way, is a step in the right direction -- privacy
and encryption technology are important to the general public and for
international economic competitiveness. An inquiry on whether export
restrictions on encryption technology is good or bad is also a good thing.
Currently, companies that want to include encryption as part of their
products need to make two versions -- one for domestic distribution and one
for international distribution.
On the other hand, there are too many things about the announcement which
are bothersome and need to be discussed publicly. Some of these items
have been mentioned above. I recommend talking with your local
congressman, writing letters, and discussing this with friends.
Both the Electronic Frontier Foundation (EFF) and the Computer
Professionals for Social Responsibility (CPSR) have made public statements
against the announcement. The CPSR has filed Freedom of Information Act
(FOIA) requests regarding the plan.
Online discussions of the announcement have been occurring all over the
Net in various USENET newsgroups and mailing lists. Here's a sample of
where you might find discussions of the Clipper Chip:
USENET newsgroups:
alt.privacy.clipper
sci.crypt
alt.security
alt.privacy
comp.org.eff.talk
comp.security.misc
comp.society.cu-digest
comp.risks
Mailing lists:
cypherpunks-request@toad.com
Also, check the archives for the various groups listed above, as things
may have changed by the time this comes to print in hardcopy come June 1993.
The official White House press release of the Clipper Chip can be found via
anonymous ftp from:
csrc.ncsl.nist.gov
in the
/pub/nistnews
directory, or via the NIST Computer Security BBS at +1 301 948 5717. It
should also be available with the rest of the White House press release
archives mentioned above.
The EFF comments were first published in the EFFector Online Issue 5.06,
which is available via anonymous ftp from:
ftp.eff.org
in the
/pub/EFF/newsletters
directory.
Information from CPSR is available online via anonymous ftp from:
ftp.cpsr.org
in the
/cpsr
directory.
The cypherpunks mailing list also maintains an archive. Information
on the Clipper Chip can be found via anonymous ftp from:
soda.berkeley.edu
in the
/pub/cypherpunks/clipper
directory.
Please do read the announcement of the Clipper Chip encryption technology,
think about and discuss the implications of this with your friends,
congressmen, and anyone else.
...End of excerpt.
COPYRIGHT/LICENSE:
This document is Copyright (c) 1993 Jeff Kellem/Beyond Dreams,
composer@Beyond.Dreams.ORG. This copyright notice must be
kept with each document.
You have permission to freely redistribute this for non-commercial
and non-profit purposes. It would be nice if you let the author
know about any redistributions that are expected to reach more
than a single person. :-) (This would include mirroring ftp
sites, etc.)
Please contact the author if you wish to use this document in ANY
other fashion. Most likely, there won't be a problem.
If you wish to redistribute this document for commercial purposes,
you MUST contact the author for permission. Thank you.
Jeff Kellem
Composer of Dreams
Beyond Dreams
Internet: composer@Beyond.Dreams.ORG
