The following is something I wrote for "What's Out There?", a column I write about what's available on the net. It's more for pointing out where to find out more information and such, but also includes a few of the concerns about the announcement. Feel free to send me comments. I'll be posting this to various USENET newsgroups in the near future, as the column won't be in hardcopy until about June, 1993. FYI... -jeff Jeff Kellem Internet: composer@Beyond.Dreams.ORG p.s. This is excerpted with permission, of course, since I am the author. ;-) ===CUT HERE=== [ NOTE: Please see the COPYRIGHT/LICENSE notice at the end of this document before ANY redistribution. ] The following is a portion of Volume 1, Issue 03 of "What's Out There?" written by Jeff Kellem <composer@Beyond.Dreams.ORG>. This is expected to appear in the May/June 1993 issue of the USENIX Association's hardcopy newsletter, ";login:". Excerpted from "What's Out There?", Volume 1, Issue 03... White House and NSA (Encryption) Clipper Chip Announcement ---------------------------------------------------------- On April 16, 1993, the White House announced the development of an encryption chip for voice communications developed in conjunction with the National Security Agency (NSA) called the Clipper Chip, along with an initiative regarding telecommunications and privacy which could literally affect almost every citizen in the United States. On the same day, AT&T announced a "secure" phone which incorporated this chip. Some important things to point out: o the encryption algorithm is remaining classified [ In the cryptography community, an encryption algorithm is only considered secure after it has been examined extensively and independently by a wide array of experts around the world. With an algorithm which is kept secret, there is no guarantee that it is secure and that the encryption method has no "back door" (allowing easy decryption for those, such as the NSA, that know the "back door"). ] o though the government has announced plans to use the chip in their own phones, they do NOT plan to use it for CLASSIFIED information, only for unclassified information. o this chip has been in the making for 4 years; it would seem that the Clinton Administration has already made plans to use the chip, without public comment or discussion on a matter which is so important to the privacy of that same public. o it would seem that the Government might be granting a monopoly to Mykotronx, Inc. and VLSI Technology. It's unclear whether each company makes the entire chip or just parts thereof. o the key, which allows the information encrypted with this chip to be decrypted, is embedded in the chip [ This means that once the key is known, the chip needs to be replaced to maintain private communications. In other words, a new encryption device, if the key is ever divulged, which could just mean a wire-tap. ] o the 80-bit key is split into two (2) 40-bit pieces and kept in databases at two different escrow agencies [ It's not clear how the key databases will be kept secure. It is also unknown if the classified encryption algorithm is any less secure to brute-force attacks, once half the key is known. ] o a successor chip has already been announced, called the Capstone chip. The Capstone chip is supposed to be a "superset" of the Clipper chip and will include the "digital signature standard" (DSS), which many in the cyprotgraphy community seem to consider insecure, as I recall. The NSA also developed DSS, which wasn't disclosed until CPSR filed a FOIA request with NIST (the National Institute of Standards & Technology). This announcement, in one way, is a step in the right direction -- privacy and encryption technology are important to the general public and for international economic competitiveness. An inquiry on whether export restrictions on encryption technology is good or bad is also a good thing. Currently, companies that want to include encryption as part of their products need to make two versions -- one for domestic distribution and one for international distribution. On the other hand, there are too many things about the announcement which are bothersome and need to be discussed publicly. Some of these items have been mentioned above. I recommend talking with your local congressman, writing letters, and discussing this with friends. Both the Electronic Frontier Foundation (EFF) and the Computer Professionals for Social Responsibility (CPSR) have made public statements against the announcement. The CPSR has filed Freedom of Information Act (FOIA) requests regarding the plan. Online discussions of the announcement have been occurring all over the Net in various USENET newsgroups and mailing lists. Here's a sample of where you might find discussions of the Clipper Chip: USENET newsgroups: alt.privacy.clipper sci.crypt alt.security alt.privacy comp.org.eff.talk comp.security.misc comp.society.cu-digest comp.risks Mailing lists: cypherpunks-request@toad.com Also, check the archives for the various groups listed above, as things may have changed by the time this comes to print in hardcopy come June 1993. The official White House press release of the Clipper Chip can be found via anonymous ftp from: csrc.ncsl.nist.gov in the /pub/nistnews directory, or via the NIST Computer Security BBS at +1 301 948 5717. It should also be available with the rest of the White House press release archives mentioned above. The EFF comments were first published in the EFFector Online Issue 5.06, which is available via anonymous ftp from: ftp.eff.org in the /pub/EFF/newsletters directory. Information from CPSR is available online via anonymous ftp from: ftp.cpsr.org in the /cpsr directory. The cypherpunks mailing list also maintains an archive. Information on the Clipper Chip can be found via anonymous ftp from: soda.berkeley.edu in the /pub/cypherpunks/clipper directory. Please do read the announcement of the Clipper Chip encryption technology, think about and discuss the implications of this with your friends, congressmen, and anyone else. ...End of excerpt. COPYRIGHT/LICENSE: This document is Copyright (c) 1993 Jeff Kellem/Beyond Dreams, composer@Beyond.Dreams.ORG. This copyright notice must be kept with each document. You have permission to freely redistribute this for non-commercial and non-profit purposes. It would be nice if you let the author know about any redistributions that are expected to reach more than a single person. :-) (This would include mirroring ftp sites, etc.) Please contact the author if you wish to use this document in ANY other fashion. Most likely, there won't be a problem. If you wish to redistribute this document for commercial purposes, you MUST contact the author for permission. Thank you. Jeff Kellem Composer of Dreams Beyond Dreams Internet: composer@Beyond.Dreams.ORG