Cypherpunks will recognize some of the questions from the brainstorming session of a few weeks ago. ------- Forwarded Message From: djw@eff.org (Daniel J. Weitzner) ... The Digital Privacy and Security Working Group, coordinated by the Electronic Frontier Foundation, sent the following questions to the White House, the Department of Commerce, and key members of Congress. ================== Digital Privacy and Security Working Group 666 Pennsylvania Ave, SE Suite 303 Washington, DC 20003 Jerry Berman or Daniel J. Weitzner 202/544-9237 Leah Gurowitz 202/544-6909 ISSUES AND QUESTIONS REGARDING THE ADMINISTRATION'S CLIPPER CHIP PROPOSAL A. Process by Which the Proposal Was Developed 1. Why the secrecy in which the encryption code scheme was developed? Were any members of the computer, communications, or security industries consulted? Were any privacy experts consulted? Has the Justice Department or the White House Office of Legal Counsel considered the constitutional implications? 2. The Administration's announcement implies that a policy review on encryption has been commenced; but at the same time, it appears that a decision has already been reached to support the Clipper proposal or some other key-escrow scheme. Is any review of the Clipper chip itself now underway? What progress has been made? When will this expedited review be complete? 3. What role has the National Security Agency played in the development and selection of the Clipper Chip and key escrow system? What will NSA's role be in the deployment and evaluation of the system? Are these roles consistent with the principle of civilian control of computer security, as required by the Computer Security Act of 1987? 4. What efforts are underway to improve the government's ability to decrypt non-Clipper algorithms which are likely to be used by criminals? Can the government decrypt all commercially available hardware sold domestically and abroad? If not, wouldn't it be a better policy to direct U.S. resources in that direction instead of the Clipper approach? 5. What percentage of the 800 to 900 annual Title III interceptions encounter encrypted communications? What percentage of law enforcement encountered encryption is estimated to be Clipper as opposed to the other encryption schemes? Is this a solution in search of a problem? 6. Did the government consider commercially-available encryption schemes and reject them? If so, why were they rejected, and is that analysis available? If not, why not? 7. Capstone is the successor to Clipper with the addition of public key exchange and digital signature capabilities. Is Clipper just an intermediate step before Capstone is released? Why did the White House press release not mention Capstone? 8. How will this relate to the FBI's Digital Telephony Proposal? Has the Administration committed to supporting, discarding or reintroducing the proposal in a new form? 9. What is the history of the proposal? How long has this been under consideration? 10. How long has the Clipper Chip and escrow concept been in development? Which agency originated these concepts? B. Secrecy of the Algorithm 11. Will the Clipper proposal have the same degree of public review that other NIST standards, such as DSS have gone through? 12. How can the public trust the security and reliability of an algorithm that is kept classified? 13. If American firms are not able to have their encryption experts examine the algorithm, how can they be sure that there is no "trap door" that would allow any Clipper Chip security system to be overridden? Dr. Kammer of NIST has said that "respected experts from outside the government will be offered access" to the algorithm. How do interested parties go about obtaining this access to the classified material about the Clipper algorithm and participate in the analysis of the design to search for trap doors and other weaknesses? What specific reports from this process will serve to reassure users regarding the integrity of the Clipper Chip? 14. What will be the consequence if the algorithm is published? Will it become less secure? If publication (i.e., de-classification) would make it less secure, how secure can it be? 15. If the Clipper Chip is too weak to protect classified government communications, why should it be used for sensitive proprietary private sector communications? 16. Executive Order 12356 has procedures on classification and declassification of information. Is the algorithm being classified under the framework of this order? What agency is in charge of classification/ declassification? 17. How much effort has the government put into the design and cryptoanalysis of the Clipper Chip as compared to the public analysis of the Data Encryption Standard during the last 16 years? 18. Is the Skipjack algorithm being used by the Clipper Chip derived from codes used in the management of our nuclear arsenal? Is this why the algorithm is being kept secret? If this is so, why are we using this secret system for a dubious commercial standard? If there is a national security justification to avoid having this encryption technique revealed, why risk compromising it by integrating it into publicly distributed products? 19. If the algorithm is classified, how will it be legal to distribute the chips to users not qualified to handle classified encryption equipment? This seems contrary to Facility Security Clearance procedures and the Personal Security Clearance requirements of DoD 5220.222-M, Industrial Security Manual for Safeguarding Classified Information. 20. Is it illegal to reverse engineer the Clipper Chip? If it were reverse engineered, would it then be illegal to reveal the algorithm? C. Voluntariness of Clipper System 21. Will this system be truly voluntary? If so, won't criminals and terrorists just use some other type of encryption? 22. If the use of the Clipper Chip is "voluntary," why would any party desiring privacy or secrecy of communications use it, knowing that the US. government has a process to allow decryption? If the Administration's ultimate goal is to ban other forms of encryption for use domestically, what is the legal basis for such an approach? 23. Isn't the Administration doing more than "encouraging" use of Clipper? (E.g., discontinuing DES at the end of the current certification cycle, directing NIST to adopt Clipper as a Federal standard, and maintaining export restrictions on hardware/software using different algorithms?) 24. Does the government have any plans to campaign for the implementation of the Clipper Chip as a standard for data cryptography? 25. What impact will the introduction of Clipper have on the market for other encryption technologies? Will the government otherwise try to discourage other cryptographic mechanisms from being marketed domestically and abroad? 26. Isn't the government dictating the design of technology into commercial products rather than allowing market demand to dictate? 27. What prevents a sender of information from encrypting with secure, easy to obtain software using DES or RSA algorithms before sending data through a channel encrypted with the Clipper system? 28. Would the Administration ever consider making the Clipper Chip or other key escrow system mandatory? D. Key Escrow System 29. How can the government assure us that the keys held in escrow are not compromised? What public or private agencies have sufficient integrity and public trust to serve as escrow agents? 30. How can the public be sure that keys will only be revealed upon proper warrant? Will there be clerks who actually operate the equipment who could get anyone's keys? Or will judges have personal keys, which would be directly authenticated to the escrow agents' equipment that protects the users' keys? 31. Once the keys are obtained from the escrow holders, is it envisioned that electronic surveillance can be done "real-time," or will recording and post-processing be required? 32. To hear both sides of a conversation, does law enforcement need the keys of both participants? 33. After law enforcement has properly obtained a pair of unit keys from the escrow agents and conducted a wiretap, will the keys be "returned" to the agents? What safeguards exist to prevent law enforcement from re-using the keys without authorization in the future? 34. Once in possession of the unit keys, can the government pretend to be ("spoof") the original unit owner? 35. What is the smallest number of people who would be in a position to compromise the security of the system? 36. Can an escrow agent exercise discretion in the release of key information? E.g., can they refuse an inappropriate request? (Phone companies ensure that court orders are facially valid.) Can they publicize an inappropriate request? Can they tell the person whose communications were intended to be violated? 37. Who will be responsible for auditing the escrow process and the use of revealed keys? 38. How will the government ensure that unanticipated uses of the escrow database are prevented in the long term? (E.g., the Census database was supposed to stay confidential for 75 years, but was released during World War Two to allow Japanese-Americans to be imprisoned without cause. What protections are in place to make sure that this never happens again? 39. What happens when one discovers that the keys have been captured through theft? How difficult would it be to change keys? What is done in the meanwhile? How difficult is it to reprogram the chip, or do you need a replacement? 40. If the chip can be reprogrammed, how do you prevent covert changes that will not be discovered until authorization to tap is received and execution of the warrant is forestalled? 41. It appears that once a given chip has been compromised due to use of the escrowed keys, the chip and the equipment it is used in are vulnerable forever. Is there any mechanism or program to re-key or replace compromised hardware? Is there any method for a potential acquiring party to verify whether the keys on a given chip have been compromised? Who should bear the cost of replacement or re-keying of compromised hardware? 42. What safeguards will be used when transporting the escrow keys? 43. What are the national security implications of widespread deployment of Clipper? Does it make our communications more susceptible to disruption or jamming? 44. Doesn't the two-escrowee approach make these locations targets of opportunity for any party or foreign government that wants to gain access to sensitive US. information? If an escrow location is compromised, all chip data contained there is compromised. Wouldn't these locations also become targets of opportunity for any criminal or terrorist organization that wanted to disrupt US. law enforcement? What back-up or physical security measures are envisioned? If multiple copies are kept, doesn't this increase the threat of compromise? E. Choice of Agents for the Keys 45. Who will be the agents for the keys? How secure will they be from the outside and from the inside? What is the cost of maintaining the escrow system? Who will pay? Who will profit? 46. When will the escrow agents be announced? Will there be a process to allow input into the selection of these individuals/agencies? 47. Although it has been reported that the escrow holders will not be the FBI, DoD, CIA or NSA, is it envisioned that one or both of the escrow locations will be non-government entities? Can one or both be private parties? What will the process be to determine what private party will be awarded the contract for key holder? 48. Can the set of escrow agents be changed after the initial selection? How can the government be prevented from moving the escrow contract to a more pliable escrow agent, if one of the agents stands up against the government for the rights of the people whose keys they are protecting? 49. Will escrow agents be immune from prosecution during their term of office, like Members of Congress, the President, and Justices of the Supreme Court? If not, what will prevent the government from harassing the agents during a dispute with the Justice Department? 50. Will there be a mechanism for particular people to keep their keys out of the key escrow database, or to obtain Clipper Chips with keys that have not been escrowed? (E.g. Judges, law enforcement officers, NSA officials, the President, etc.) F. Level of Security of Clipper Chip Encryption 51. How will the government assure American businesses that their proprietary information is not compromised? Given the extremely competitive nature of the high-tech industries, and the importance of intellectual property, how can American firms be adequately protected? 52. How will the government assure American citizens that the privacy of their electronic communications and the security of personal information that is transmitted in electronic form will all be secure under the Clipper Chip? 53. f the Administration is so confident about the level of security of the Clipper Chip scheme, why will classified information not be encrypted with it? 54. What warranty is the US. government prepared to make regarding the security of the Clipper Chip compared to other algorithms, and indemnity for failures for breaches of the algorithm, chips that are compromised due to failures in the security of the escrow system, or other failures in the Clipper approach? 55. What effect does Clipper have on other NSA and DOD programs aimed at encryption and authentication of unclassified messages (e.g., MOSAIC)? 56. If Clipper is not approved for classified traffic, what government agencies will be utilizing Clipper, and for what applications? 57. Normal security procedures involve changing cryptography keys periodically, in case one has been compromised. But the family and unit keys cannot be changed by the user. If these keys are compromised, it won't matter how frequently the user changed their session keys. Doesn't the long use of the same family and unit keys increase the likelihood that these keys will be compromised while they are still in use? Doesn't this also eliminate a significant degree of the user's control of the level of security that their his or her system provides? 58. If the government discovered that the algorithm or family key had been discovered by a foreign government or private individuals, would it tell the public that the system had been compromised? Are there plans to restore privacy and authentication if the algorithm is compromised? 59. How secure is the Clipper algorithm if it is attacked by a person with half the key? G. Level of Privacy Protection 60. Given the dramatic growth in transmission and storage of personal information in electronic form, does the Administration recognize that private individuals, as well as large organizations, need access to affordable, robust encryption systems? 61. Is law enforcement permitted to identify the specific piece of communications equipment without obtaining a warrant? If encrypted communications include the serial number ("chip family key"), will law enforcement be able to keep track of communications traffic and track private citizens without even securing the keys from the escrow agents? 62. Does the Administration believe that all household phones are going to be replaced with secure versions over some period of time? At what cost? 63. It has been impossible to keep any large collection of information completely private, including Social Security records, tax information, police files, motor vehicle records, medical records, video rentals, highly classified military information, and information on abuses of power. How will users be able to tell when this happens to the key escrow information? H. Constitutional/Legal Implications 64. Has the Administration fully considered the constitutional implications of the Clipper Chip and other key escrow systems? 65. Does forcing someone to disclose a key for future law enforcement access infringe the fundamental right against self incrimination embodied in the Fifth Amendment? 66. Does requiring key disclosure in conjunction with a particular technology violate users' right to free speech under the First Amendment? Courts frown most severely on any government attempts to compel a particular form of speech. 67. Does the escrow system violate the letter or the spirit of the Fourth Amendment protections which safeguard citizens against intrusive law enforcement practices? 68. When the Administration says "nor is the U.S. saying that 'every American, as a matter of right, is entitled to an unbreakable commercial encryption product,'" are they therefore saying the inverse, that every American is not allowed to have an unbreakable commercial encryption product? 69. Does the Administration see the need for any new legislation to implement its Clipper Chip proposal? If so, specifically identify. 70. In the event that one or more escrow keys are obtained through unauthorized means, what liability, if any, might the equipment manufacturer have to bear? 71. What will be the relationship between Federal and state law enforcement? Will the policy pre-empt state law? How will state law enforcement access the "key" system? 72. What is the statutory authority for regulation of domestic encryption? Are any of these statutes cold war relics? Should the efficacy of all statutes that effect civilian encryption be reviewed? 73. What protections do we have against blackmailing by escrow agents, or by others who have gained possession of escrowed keys? Is there civil or criminal liability for escrow agents who reveal keys illegally? 74. What is the impact on society if the right to hold a truly private conversation is withdrawn? 75. Is strong encryption technology important for protecting intellectual property in a digital network environment? I. Logistics of Chip Development and Manufacture 76. Why weren't other Chip manufacturers given the chance to bid on the chip production process? Why was the choice made to have only one manufacturer? 77. Since the Clipper Chip design data will need to be released to manufacturers, how will we be assured that this information, in itself, will not allow the user systems to be compromised? 78. What assurances will there be that the manufacturer is not keeping a record of all keys issued? 79. We have read Dorothy Denning's explanation of how the two 80-bit keys will be created in the SCIF. Is this description accurate? If not, how would this process occur? If so, is the system feasible? What will the cost be for this process and for the increased security of the involved government agents? 80. The chips will be programmed in a Secure Compartmented Information Facility (SCIF). Does this suggest that the chips should at some point be classified Secret or Top Secret? What is the classification of the Clipper and Capstone chips and the Skipjack algorithm? How will these chips be declassified once leaving the SCIF? 81. Some of the press reports imply that AT&T has had access to this information in order to incorporate Clipper into some of its equipment designs. Is that implication accurate? 82. Can this scheme be implemented in software? If so, why haven't we seen information on that software? If not, were issues of how this hardware solution would affect continued use of software encryption adequately evaluated? Were the comparative costs of software and hardware encryption schemes evaluated? Is this evaluation available for analysis? 83. Current high speed DES processors have encryption rates of approximately 200 megabits per second, while the Clipper Chip has a throughput of 12.5 megabits per second. Within two to five years, 100 Mbs+ technologies, such as Fast Ethernet, FDDI and ATM, will become commonplace. How will the Clipper technology be used in environments where data is sent at 100 Mbs or faster? J. Feasibility/Implementation 84. What testing has been done to verify the ability of Clipper to work across the panoply of new emerging technologies? If the underlying digital transport protocol drops a bit or two, will that interfere with Clipper operation? How critical is synchronization of the bit stream for Clipper operation? Has this technology been tested with ISDN, TDMA, Cellular, CDMA Cellular, ATM, SONET, SMDS, etc. and other emerging technologies? What effect does Clipper have on the Cellular Authentication and Voice Encryption (CAVE) algorithm? Are these differences for key generation, authentication, or voice privacy? 85. Does the Administration seek to extend the Clipper Chip proposal to the TDMA and CDMA digital cellular standards? 86. When will the government publish the various Modes of Operation and other documents for Clipper, together with a physical implementation standard (similar to the old FS-1027)? 87. Will the government consider the development of alternate sources for the chip or will vendors be limited to a single, monopoly supplier? 88. Initially, the Clipper Chip is being proposed for telephone technology, but the White House specifically mentions that the technology will be used for electronic data transmission. What is the timetable for implementing this? 89. What is the scope that the Administration envisions for the Clipper Chip's algorithm use? What about Capstone? Is it limited to choice, or does it encompass electronic mail, network encryption, security modems, long-haul bulk encryptors, video applications, computer password protection, Intelligent Vehicle Highway Systems ("IVHS"), satellite communications -- both transport and control, electronic funds transfers, etc.? 90. What is the Administration's policy on other security mechanisms beyond privacy, such as message authentication codes for banking and EFT, and for integrity and digital signatures for sender authentication and non-repudiation? What is the impact on international standards such as X.500 and X.509? 91. Since Clipper, as currently defined, cannot be implemented in software, what options are available to those who can benefit from cryptography in software? Was a study of the impact on these vendors or of the potential cost to the software industry conducted? 92. What is are the success criterion for the Clipper initiative? Would the government abandon its initiative if the Clipper is shown to be unsuccessful beyond government use? 93. What is the expected useful lifetime of the Clipper technology? What do you expect will render it useless at some point? 94. Is it true that the name "Clipper Chip" is the intellectual property of another company? K. Impact on American Competitiveness 95. As the key-escrow approach is designed to ensure the ability of the American government to access confidential data, do NIST and NSA expect overseas customers (who do not have the protection of due process) to purchase the chip for data protection? 96. In testimony before the House Telecommunications Subcommittee, Mr. Kammer of NIST indicated that if he were a foreign customer, he would not purchase devices that included the Clipper Chip. Doesn't this raise serious balance-of-trade problems? 97. Will the technology, or the Chip itself, be shared with other allied governments (e.g., the UK), or will US. producers of data security products, forced by government standards to develop clipper-based products for the US. market, be permanently closed out of the overseas security market? 98. If Clipper won't be commercially accepted abroad, and export controls continue to prohibit the exportation of other encryption schemes, isn't the US. government limiting American companies to a US. market? 99. Given the restrictions on who can build Clipper devices, how will Clipper keep up with advances in semiconductor speed, power, capacity and integration? Openly available devices, such as Intel-compatible microprocessors, have seen dramatic gains, but only because everyone was free to try to build a better version. 100. Will the Clipper Chip be used nationally and internationally? How will multinational operations accommodate this new system? 101. Banking and finance are truly global today. Most European financial institutions use technology described in standards such as ISO 9796. Many innovative new financial products and services will employ the reversible cryptography described in these standards. Clipper does not comply with these standards. Will US. financial institutions be able to export Clipper? If so, will their overseas customers find Clipper acceptable? 102. If overseas companies provide systems based on algorithms that do not have key escrow schemes that encrypt faster and more securely, how will we compete internationally? We are market leaders in applications software and operating systems. our world leadership in operating systems is dependent on integrating security in internationally distributed systems. 103. Internet Privacy Enhanced Mail (PEM) is becoming an internationally recognized system for encrypting Electronic Mail. Would Skipjack encryption become a US. standard for encrypting electronic mail while the rest of the world used PEM? How would E-mail traffic between the US. and other countries be encrypted? L. Effect on Export Control Policy 104. In light of the Clipper initiative, will export restrictions on hardware and software encryption regimes using DES and RSA algorithms (which are widely available abroad) remain in place? 105. Will American firms be allowed to sell devices containing the Clipper Chip abroad? Under which governmental regulatory regime would exports of devices containing the Clipper Chip fall? What conditions would be applied to exports of devices containing the Clipper Chip? (E.g., would American firms be allowed to export devices to non-US. customers without the escrow requirement? If not, who would hold the keys?) 106. What governmental regulations will apply to imports of devices containing the Clipper Chip? Given that most US. companies source most customer premise equipment (e.g., telephones, fax machines, etc.) offshore, how will the logistics be handled for the export of the Clipper Chip as a component, and the subsequent import of the device containing the chip? Will the US. permit non-US. manufacturers to have the Clipper algorithm? If not, how will the Administration justify this trade barrier? 107. If the Clipper Chip cannot be reverse-engineered, and if the US. government is capable of decrypting, why would there be any reason to limit Clipper products from being exported? 108. If Clipper is allowed to be exported, does the US. government foresee a problem with other governments? Would the US. government's access to escrow keys be viewed as an exercise of extraterritorial jurisdiction? M. Implications for Installed-Base/Existing Products 109. What are the implications of NSA/NIST withdrawing the certification of DES? Although it may -- at some point in the future -- no longer be used for government purposes, that is not going to effect commercial or private users' applications of DES. What about the embedded base of DES hardware? 110. Will existing systems need to be replaced? 111. What efforts were spent to make the new encryption approach compatible with the embedded base of equipment? If DES was becoming weak (vulnerable), wouldn't merely extending the DES key length to 80 bits have solved that problem? 112. There are a number of companies that employ non-escrowed cryptography in their products today. These products range from secure voice, data, and fax, to secure e-mail, electronic forms, and software distribution, to name but a few. With over a million such products in use today, what does the Clipper scheme foretell for these products and the many corporations and individuals that are invested in them and use them? Will the investment made by the vendors in encryption-enhanced products be protected? If so, how? Is it envisioned that they will add escrow features to their products or be asked to employ Clipper? N. Process by which Input Will Be Received from Industry/Public Interest Groups 113. If the outcome of the policy review is not pre-ordained, then the process to analyze the issues and arrive at solutions would seem to need a great deal of definition. What roles have been identified for Congress, the private sector, and other interested parties? Who is coordinating the process? 114. Why does the Presidential directive on the review process remain classified? o o o o o ------- End of Forwarded Message