Brainstorm results from today's meeting
We brainstormed questions and issues resulting from Clinton's crypto policy review and `Clipper' proposal. Here's the raw results. Cypherpunks, please read it over; clarify your own questions if they didn't get transcribed correctly, and send me the updates (as Unix diffs or context diffs) at: gnu@toad.com. I'll collate the changes, and repost this document to cypherpunks. When we're happy with it, the group can disseminate it to sci.crypt, news media, or whoever else. John Gilmore Cypherpunks brainstorm question list (copy to tenney@netcom.com) Why is ATT the only one to find out early about this chip? Why was it developed in secret? Why not a competitive bid? How much will it cost the taxpayers and the government to maintain these two escrow agencies? How much will escrow cost? Who will pay for escrow? what's the smallest number of people who could compromise this system (in various configurations)? What are the court, legislative, execute and wartime excuses for the control of crypto? Is emulation of clipper illegal? Is reverse engineering illegal? Is revealing algorithm (reverse engineered etc) illegal? Consequences to the public if the algorithm or family key is revealed? Does key escrow violate ED trade rules (the data protection aspects, too)? What's the protocol for generating keys? How to regain privacy once a wiretap has been done? Does a subpoena reveal earlier, recorded conversations? How many people will know the family key? Why hand out keys during a wiretap rather than give the cyphertext to the escrow agency for decode? What sort of escrow agencies have been considered? Is it constitutional to delegate escrow to a private agency? Is there a "separation of powers" issue? How many people have access to the secret keys during generation? Will smaller groups be able to establish their own escrow agencies? How about privileged conversations (lawyer, doctor, clergy, client)? Will the NSA claim that there is no alternative way to read messages without the key(s)? (How) will U.S. escrow rules have an affect on other crypto systems like DigiCash? Will US take subpoenas from foreign countries? What protects US citizens fro foreign governments with violative laws? What effect occurs for multinational companies? Impact on intelligence gathering? Can traffic analysis be done with serial number? Will traffic analysis be done with serial number? Will keys be shared with foreign intelligence organizations? How many systems will there be to that can be used to decrypt? Who will control them? Would knowing the algorithms compromise security? If not, why not publish them? If yes, what would be the effect of their discovery? What protections do we have against blackmailing by escrow agents? What about steaganography? Will escrowed keys be shared with foreign intelligence organizations? Will the make chips available now for reverse engineering? Will it be illegal to encrypt before using clipper? How to enforce? Will intelligence agencies be able to listen to the conversations they are legally allowed to? Will any decryption devices be made available to foreign intelligence organizations? What's the lifetime flow of keys from manufacturer, to escrow, to wiretap agencies? What protects the keys at each stage? Why the hurry? Why no public evaluation before deployment? Where will all the decryption devices be kept? What was the policy-making procedure that was followed in producing this plan? Who owns/controls Mykotronix? Is the key escrow process online of offline? Where will all the decryption devices be? Since Skipjack was developed with government funds, how much is Mykotronix compensating the government for their monopoly? How are keys generated? Where are keys generated? How many key generation places/devices will there be? Who gave the government the right to listen in? How to citizens supply input to the crypto process? How to find out the status? How much will it cost to get a registered key? Does the government believe citizens have the right to use/sell crypto systems of our own choice? Is the review process classified? Do we have access to the outcome? Why? First and Fifth Amendment issues? Why was the Legislature not involved? Why was industry not involved? What evidence supports the governments claimed need to break into our conversations? What is it worth, breaking into our conversations? How much cost should we bear? What are the costs today of wiretaps? Will we have to register to buy secure devices? Will there be restriction on who can buy or sell them? Are the escrowed keys tied to hardware or people? Can we sell our clipper devices without re-registration? Will Clipper be exportable? Will individuals be able to take them overseas for personal use? How long has this process been underway? Which agencies have been involved? How long each? Is Clipper only for voice, or data and other applications too? Does it make sense to use Clipper for data storage? Is Clipper intended to replace DES in all applications? What scenarios dive the design of crypto policy? What scenarios drive the design of Clipper? What alternatives to Clipper have been considered? How many successfully prosecuted terrorist cases have included wiretap evidence? What is the expected useful lifetime of the Clipper technology? During the useful life what percent of keys is expected to be revealed? What other "family" members will be differentiated by different family keys? Have they filed an EIR on this? Will it be possible to reuse a device which has been compromised? What is the impact on society if the Clipper initiative doesn't succeed? How can a citizen tell if a Clipper-equipped product has been compromised by a prior tap? Can the chips be built overseas? Can they be imported? Have any Clipper chips been introduced to use yet? Where are those keys escrowed now? What challenge process have the Clipper chips survived? What's an appropriate challenge process for crypto systems? Who are the people with access to all the work products to build the chips -- masks, net lists, wafers, half-built wafers, reject wafers? What are the mechanisms for destroying the work products? What is the procedure when the family key is revealed? How can the public be sure keys will only be revealed upon proper warrant? How does a company qualify to manufacture Clipper chips? What does it cost? What environmental conditions will cause the chips programmed data to be lost? How does this (crypto) policy/process impact companies with existing or future business in crypto? How will backups of escrow agents be protected? How many single points of failure are in the system? Have war planners blessed the plan as acceptable risks during wartime? What agencies have approved this plan? What agencies have DISapproved this plan? Given a single point of failure, what are the implications to national security? What about Clipper chip second-source in case of inability to manufacture? What impact on the economy would a temporary or permanent problem in Mykotronix have? Is this system immune to spoofing? Are Clipper-encrypted devices more susceptible to jamming than other systems or plaintext? Does escrow release allow spoofing that user? Does family key allow any user to be spoofed? To hear both sides of a conversation, do you need two keys and two warrants? What kinds of protection is the government trying to encourage? Traffic analysis, Authenticity privacy, anonymity? What is the question for which Clipper is the answer? What was it's design goals? How will leaks in the registration process or escrow process be detected? (viz. leaks by SSA employees?) How long will use remain voluntary? Do citizens have the right to use any encryption system? Do citizens have the right to research any encryption system? Do non-citizens have the right to use/research encryption systems? What agency will be responsible for auditing the escrow process or use of revealed keys? Is there civil or other liability for escrow agents who reveal keys illegally? Will we get specifications of the Clipper interface so that we can build our own encryption chips? Will the chip transmit identifying info in the clear? As part of the standard protocol? As an option? Are users required to use the protocols as specified if they use the chip in their products? What does the government see as it's role in setting standards for domestic cryptography? How to restore security after a wiretap? What is the numerical risk of the system being cracked within a year? 5 years? 10 years? What is the risk of it's being cracked without the knowledge of the public? Will government feel that it is legal to record encrypted conversations without violated the subjects rights? (Because it is secure.) What measures will the government use to promulgate this proposal? Has government offered incentives to companies to encourage them to adopt it? How long will it take from warrant to obtain keys? (Fast response for terrorists?) How will the number of revealed keys be limited? By law? Currently less than 1000 wiretaps/year.) Will Clipper chips be allowed or required in pay phones? Is this proposed to be accompanied by changes to the phone systems as the Digital Telephony proposal suggested? Who bought Dorothy Denning and for how much? Where does Dorothy Denning's funding come from? If wiretappers record conversations how long will the be able to save them? Is Clipper suitable for use in a national health care information system? What are the national security implications of the availability of unavailability of encryption? What is the cost of alternative involving direct interception of voice using microphones? How will the other (non-search-warranted) person involved in a wiretap be protected? How does the government feel about a foreign company doing business in the US and talking to their own governments? How will encrypted cellular phone standards be determined? In a public process? How will end-to-end encryption standards for phones be determined? How will these be made interoperable? What is the legal process required to tap a persons communications? Then what further process is needed to decrypt intercepted communication? How will this scheme prevent criminals from circumventing the system? (Buy a phone, use it only once, etc) Does Clipper reveal the chip phone number it's receiving from, in normal operation, like caller ID? Can law enforcement ask for it's own keys (eg. in a sting operation?) Can citizens query the escrow database for their own keys? Can users determine their own chip number? How does this interface with ISDN? Does a warrant give access to all phones in the house (or other warranted site)? How will this jeopardize citizen's rights to anonymity in voting (and electronic voting)? Does this technology enable the same invasions as caller ID? What is the procedure if a phone is stolen? Why don't we develop a privacy policy rather than a policy on cryptography? What is the governments policy on privacy with respect to cryptography? What is the reaction from Data Protection Boards in other countries? Can an individual ask whether or not that are being wiretapped? What changes are recommended in those laws? What are they going to do about RSA patents on which they are infringing? Will a search warrant cover a phone, a line, a person, or device, or place? What is going to be done about "Clipper" trademark conflict? Can you find the unit key of your own device? What will be done about other patents being infringed? What are the implications of swapping chips between devices? How to government and private need for privacy differ? Is it worth risking the privacy of 240 million citizens for 1000 wiretaps a year? In what other areas can this technology be used (camcorders, FAX, etc) How will clipper keep up with current advances in semiconductor speed, given restrictions on who can build them? Who is Clipper for? Who benefits? Is chip packaging part of security of the device, or is it all in the fab? (eg. can it fit in any desirable package.) How does technology and fab requirements affect yield and price? How will chips and devices be tested? Are there "undocumented" test modes that might reveal properties of the algorithm or programming? How does current Clipper design relate to the designers previous designs? (personal design style, libraries used, etc) Could Clipper be integrated economically with a general purpose CPU? What statistics will the chip main on-board? Who will get specs? What info will Clipper subliminally transmit in messages? How does the strength of Clipper compare to DES, RSA, or IDEA? How does the efficiency compare? Do you plan to monitor peoples movie choices selected via "video dialtone" services? Will there be a mechanism for particular people to keep their IDs out of the database? (judges, law enforcement, etc) Will the NSA or law enforcement use Clipper themselves? Will their keys be escrowed in the same way? If Clipper is not good enough for law enforcement etc why is it good enough for private individuals? What secondary uses (without serial numbers) will be made of the escrow database? (ie. counts of families, where families were sold/shipped, etc) Will chip numbers be correlated with personal ID (soc sec number, etc)? How will they ensure that further uses of the escrow data base be prevented? (see census database misuses) What happens if a (the?) Global Crypto Review policy says Clipper is a bad design? What if it says that the government shouldn't be setting crypto policy? What is the implication of another company/country produces a competing device? Why is DES still not exportable? What is the cost to commerce of export controls on crypto? Cost to privacy? Cost to civil liberties? Cost to trust in government? Cost to programs where crypto is ancillary (Prokey, Aldus Freehand, PKZIP, etc) "Not for export outside US or Canada" How would a non-escrowed-key crypto policy work? How does export control of a work of art or literary work survive a First Amendment challenge? Can crypto source code be exported on paper, in a book, in human readable form? Can the same code be exported as bits? As bar code? Printed? What cryptographic systems can currently be cracked by the NSA? At what cost? How much has been spent on crypto research in the last 50 years? How many fundamental mathematical breakthroughs have been made and revealed? How many are still secret? What is the cost to society of the secrecy? Would disclosure of the Skipjack/Clipper process/method/algorithm compromise it? How will we find reputable independent cryptographers who are willing to live within the limits imposed by getting a security clearance? What tangible results have benefited society from the intelligence community? Were they worth the cost? Has the intelligence community ever prevented a nuclear war? A terrorist attack affecting N (100,000?) people? How does the security of ClipperPhones compare to STU-35's? The cost? How many patent secrecy orders on crypto exist? Communications secrecy? Total number of patent secrecy orders are now in effect? What is the expected incidence of finding encrypted material in wiretaps without Clipper? How many crypto documents been declassified and reclassified? Why? By what authority did the NSA stop the phone encryption standard? What is the proper role in NSA setting domestic cryptography standards? ...policy? How can NIST be made independent of the NSA influence in setting domestic policy? How does secrecy detract from America's global competitiveness? What would be the international equivalent of "Clipper", allowing international business and wiretapping by all the governments? How many Clipper chips does the government expect one person to own? Can a free society be founded upon a societal model that assumes no ability to have truly private conversations? Can strong cryptography be outlawed while keeping freedom of inquiry and expression? How does Clipper interrelate with ISDN? Should the Federal government be allowed to accomplish with it's commercial and publicity activities what is prohibited from doing with it's enumerated powers? Will Clipper allow banks to stop using DES? If stored data can be encrypted with Clipper, can a warrant be obtained to decrypt stored information? What procedural safeguard will exist, like special requirements for wiretap requirements? Under what conditions or protections can a person be forced to reveal your keys? ...an escrow agency...? How can freedom of conscience be preserved when there is no privacy? Can Clipper be used for authentication? Can the government circumvent this if so? Are there different levels of protection for different types of data? Why is Capstone chip just made known to the public? -- THAT'S ALL FOLKS!!
participants (1)
-
gnu@cygnus.com