Clipper III questions
The recent CDT policy post sez of Clipper III:
* Access to keys internationally "would be provided in accordance with destination country policies and bilateral understandings."
This reminds me of the understanding between CIA/NSA and their counterparts in British Intelligence. Both sides are prohibited from spying within their own countries borders but are encouraged to spy in other countries. Both would very much like to spy on their own citizens (for legitimate law encorcement/national security reasons only, of course). So, they have a simple system in place. The British spy on the American citizens that the Americans want spied on and then turn over the intercepts. The Americans do the same for the British in Britain(*). Sometimes they lie to each other or withhold material, but that's what spy organizations do all the time. If Clipper III passes and the OECD gets their member nations in line with what the American miliary wants, I predict a similar system will evolve. "Destination country policies" will allow decryption of incoming GAKked messages from non-citizens. After all, they have no rights, do they? Cooperating intelligence agencies will then exchange intercepts. Presto Chango, pesky privacy rules vanish right before your eyes! Of course this is in our best intrest, we must fight against terrorisim with all methods possible. The ends justify the means. A question: What happens if a company decided not to go along with Clipper III? Can they still ship the "old" 40-bit-style GAKware unimpeded? Or will there be a slow tightening of the rules to force compliance? The existing way of doing things depends to a large degree on a set of "common practice" which the NSA doesn't have written down. For example you won't find the 40 bit limit written anywhere in ITAR, and if you want to export something that's already been approved elsewhere (i.e. another implementation of SSL) you still have to go through the approval process. (*) this comes from "The War Aginst the Jews" which is worth reading. Sorry I can't find my copy at the moment, maybe someone who's got it handy will provide authors/ISBN. Capsule review: covers government dirty dealing from the early 1900s on, mostly British and American. Concentrates on Jews and Israel of course but they seem to have been the brunt (sometimes the instigator) of a lot of the dirty pool that governments have played. -- Eric Murray ericm@lne.com ericm@motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF
The recent CDT policy post sez of Clipper III:
* Access to keys internationally "would be provided in accordance with destination country policies and bilateral understandings."
This reminds me of the understanding between CIA/NSA and their counterparts in British Intelligence. [...]
From a law-enforcement point of view international communications gives
While I am not sure that this oft-made claim can actually be proven, it does raise an interesting point: a large amount of communications traffic crosses international boundaries, which country's laws and procedures are to be followed when a "legitimate law enforcement need" is perceived? While Americans have become somewhat disenchanted with protections given to American suspects via our Fourth Amendment, a possible line of attack upon Clipper III might be that those who want to monitor communications will select the jurisdiction in which it is easiest for them to get a court order. While "coddling criminals" and "throwing out evidence based upon technicalities" has a negative PR value, Americans are a cheuvanistic lot who tend to go completely ballistic when told that they must be subject to the laws of another country, and given the nature of internet communications this might be something which could be used to our advantage. Something like "Clipper III is giving away your First Amendment rights in cyberspace and replacing them with the restrictive expresion laws of Country X, is that what you really want?" The international angle may be a good card to play in the American debate. them little to work with: there are already numerous articles which can be quoted pointing out that terrorists [insert optional horseman] already have access to strong crypto so Clipper III will not catch them, the only thing it is good for is spying on honest Americans... :) jim p.s. On the commercial side, the known economic espionage cases of the French and Japanese governements may also be points to raise.
At 11:40 PM -0800 10/3/96, Jim McCoy wrote:
The recent CDT policy post sez of Clipper III:
This reminds me of the understanding between CIA/NSA and their counterparts in British Intelligence. [...]
While I am not sure that this oft-made claim can actually be proven,
Actually, Bamford documents it in detail in "The Puzzle Palace," 1982. See the sections on the "UKUSA" or "UK-USA" agreement. More recent reports have described how the actual sharing is done in a room at Fort Meade between GCHQ and NSA intercept analysts. The GCHQ guys monitor the U.S. traffic, and then "summarize it" (as per the UK-USA arrangement) for their American counterparts. All strictly according to the letter of the law, such as it is. The practical effect is obvious. (I also heard a report that the telephone Long Lines, built some decades ago, were deliberately routed across Indian reservations in several states--for the purposes of the domestic surveillance laws, Indian reservations have "sovereign nation" status! Same reason the CIA used the Cabazon Band of Indians lands for illegal work.)
it does raise an interesting point: a large amount of communications traffic crosses international boundaries, which country's laws and procedures are to be followed when a "legitimate law enforcement need" is perceived? While Americans have become somewhat disenchanted with
This is a very important point, I think. Given that users have little control over packet routing, mightn't packets get deliberately routed to jurisdictions where the "Global GAK" policies might be interpreted favorably? Suppose encrypted traffic between two American sites actually went by way of a Canadian hop, and Canadian authorities (possibly working for/with NSA) went to the "Trusted Key Authorities" with a _Canadian_ warrant? And so on, including some nations whose notions of "search warrants" bear no resemblance even to our somewhat tattered notions. So much for U.S. Constitutional protections, even in the post-GAK age. --Tim May "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
participants (3)
-
Eric Murray -
Jim McCoy -
Timothy C. May