ComputerWorld article on Clipper/Capstone
ComputerWorld June 7, 1993 Vol. 27, No. 23 page 21 Fed officials pan ban of old encryption specs by Gary H. Anthes Gaithersburg, MD Federal officials responsible for shaping information security policy said last week that legislation mandating use of the government's recently proposed encryption technology -- and banning the use of older but popular techniques -- is neither wise nor legal. In April, the White House said it intended to establish as a federal standard an approach to encryption called "key-escrow." This method would require that the keys needed to unlock a coded conversation be kept by government-approved agencies and retrieved only for court-ordered wiretaps. Dubbed "Clipper" for voice communications and "Capstone" for data, the approach is intended to balance the conflicting objectives of users -- who demand absolute security and privacy -- and law enforcement agencies, which are looking for a legal "backdoor" into coded criminal communications. Protecting rights to privacy But the idea has been challenged by civil libertarians who fear abuses by a technologically empowered Big Brother, and by some users, especially those such as banks that have made large investments in cryptography based on the older Data Encryption Standard (DES), which some fear could be banned by the government. Protesters so far include the Computer and Business Equipment Manufacturers Association, Information Technology Association of America, Computer Professionals for Social Responsibility, Electronic Frontier Foundation, Business Software Alliance, Software Publishers Association and Information Systems Security Association. Raymond Kammer, acting director of the National Institute of Standards and Technology (NIST), acknowledged that a ban on existing techniques would be considered. "But my personal opinion is, I can't see doing anything that would take away any freedoms we now enjoy," Kammer said. "We tried to come up with a technique that would not require legislation," said Clint Brooks, advisor to the director of the National Security Agency, which developed and now strongly supports the key-escrow approach. Brooks predicted it would be years before criminal use of DES would be wide-spread enough to present obstacles to law enforcement agencies, which cannot crack DES codes. "Let's wait and see if legislation is needed," he said. While the majority of those attending a public hearing at the NIST last week spoke out against the government's proposal, a few strongly defended it saying criticisms are either misdirected or deal with fixable flaws. Donald Alvarez, national defense science and engineering graduate fellow at Princeton University, outlined six ways that Clipper could be breached but finished by saying, "I definitely believe it is possible to address the needs of both [users and law enforcers], even with the Clipper and Capstone chip sets." 8<---------- End of Article ------------- In a small, corner-page, footnote box on the same page -- "Keyed up In a statement filed with the Computer System and Privacy Advisory Board, Citicorp raised the following concerns about Clipper: o The private sector was not adequately consulted. o The algorithm used in Clipper/Capstone is not compatible with other commonly used encryption methods and will only cause costly disruptions for businesses. o The algorithm -- which is to be secret but will be examined by a handful of government-chosen experts -- "will undergo inadequate scrutiny and hurried review." o The databases and access systems associated with Clipper may be flawed and insecure." Paul Ferguson | The future is now. Network Integrator | History will tell the tale; Centreville, Virginia USA | We must endure and struggle fergp@sytex.com | to shape it. Stop the Wiretap (Clipper/Capstone) Chip.
[ComputerWorld]
"We tried to come up with a technique that would not require legislation," said Clint Brooks, advisor to the director of the National Security Agency, which developed and now strongly supports the key-escrow approach.
Another ominous, foreboding quote.
Federal officials responsible for shaping information security policy said last week that legislation mandating use of the government's recently proposed encryption technology -- and banning the use of older but popular techniques -- is neither wise nor legal.
This article, nor any other alluding to `bans on cryptographic methods', is not sufficiently disturbing or alarmist. An such law would be blatantly, egregiously, grotesquely unconstitutional under protections of free speech. All hell would break lose if any such attempt reared its hideously monstrous face--imagine the Clipper `flap' multiplied by a gigabyte. Please, regarding cryptography, don't say that `the genie is out of the bottle' or `the laws would be unenforceable' -- these are tantamount to saying, `go ahead, we DARE you to try!' I fear more and more the reply will soon be, `try THIS!'
"We tried to come up with a technique that would not require legislation," said Clint Brooks, advisor to the director of the National Security Agency,
Another ominous, foreboding quote.
I think this neither ominous nor foreboding. This statement was apparent within a week or so of the original announcement. The only thing new about it is that it confirms what I've thought for over a month: that the executive branch is trying to do an end run around the legislature. I was quite happy to see this, since now we can argue from this position not on the basis of surmise, but of quotation. This single quotation will be enormously useful in getting the legislature to take specific and bill-oriented action about the wiretap chips. In the checks and balance system, the legislature makes laws; the executive makes them happen. The executive is not supposed to go charging off and making de facto legislation. I would recommend that this quotation be spread far and wide. Put it in .signature blocks. Call for a return of the checks and balances system of government. Eric
[E.H. & L.D.]
"We tried to come up with a technique that would not require legislation," said Clint Brooks, advisor to the director of the National Security Agency,
Another ominous, foreboding quote.
I think this neither ominous nor foreboding. This statement was apparent within a week or so of the original announcement.
I've analyzed this elsewhere. You are taking this at face value. First of all, the person (apparently a very high-ranking advisor, probably the highest and closest to the project to appear in the media) is already talking in the past tense. If they were confident and not rattled it would be `we've come up with a technique that doesn't require legislation'. So far so good. But at this late date, and the quote is presumably fresh, it has that vague hint that they are now *considering* the legislative approach given the `nice guy' approach failed. Cypherpunks, beware! I think it could really happen. *No one* in the government has ruled out domestic cryptographic regulation. We have nothing but the spineless whimperings of Kammer saying `I can't see what it would accomplish'. Everybody has this strange mindset that such a thing is conceivable. WHAT? As I was telling someone on the list, that would be like waking up *into* a nightmare. Here's the likely scenario: they come up with a way of `certifying' or `licensing' cryptographic equipment with penalties that have some teeth (like ability to confiscate on `suspicion'!) and intimidate cryptographic developers. Why? Well, to protect the public from inferior cryptography, of course. We have to make sure there's no problems with the hardware, isn't that obvious? I hope CPSR and EFF have their lawyers revved up, because this is Supreme Court material. Legislation of cryptography is the most obnoxious, foul-smelling decomposition I've ever considered. Doesn't anyone get it? Clipper represents a startling shift from NSA policy to tinkering with *domestic* cryptography on the *large-scale* by intent, despite, as CPSR points out, no legal foundation whatsoever (and in fact, I'd buy a jackhammer or bulldozer before I see anybody erecting one). A startling shift from a passive to an *active* role in ensuring wiretapping. The seriousness of this kind of infraction only comes around once every few decades. Don't be fooled by the recent suggestions that Clipper will be put on hold! The root of the conflict is still untouched!
This single quotation will be enormously useful in getting the legislature to take specific and bill-oriented action about the wiretap chips. In the checks and balance system, the legislature makes laws; the executive makes them happen.
You seem to favor a legislative approach to protecting cryptography. Well, all I can say is that there are a lot of pitfalls. In my opinion a 200 year old scrap of paper is all the verbiage we need. There is nothing extremely unusual about cryptography from a legal standpoint. Its just another medium of data transmission.
The executive is not supposed to go charging off and making de facto legislation. The only thing new about it is that it confirms what I've thought for over a month: that the executive branch is trying to do an end run around the legislature.
I'm glad you came to this epiphany on the original, true treachery of the `initiative', but I'm sorry to say I don't share it. If by `executive' you are alluding to Clinton, clearly he had very little to do with it, and as I've said elsewhere on sci.crypt, his support is convenient but not necessary. Even Bush's involvement was surely extremely marginal at best. The *true* problem is that there is a massive entrenchment of inbred bureacrats at a site that has the initials F.M. that is completely insulated from the periodic cleansings of elections, devoid of overhead accountability and the venerable mechanisms for `checks and balances' and `division of power' in our government you cite, and paid tens of billions of dollars a year by *us* to find ways of *evading* protections on privacy and spying on the neighbors (friend and foe alike). They will not go away quietly. Ah, but as everyone knows, neither will I. BTW, could anyone give a reference on the FEAL politics history? It's just like deja vu all over again.
This single quotation will be enormously useful in getting the legislature to take specific and bill-oriented action about the wiretap chips.
You seem to favor a legislative approach to protecting cryptography. [...] In my opinion a 200 year old scrap of paper is all the verbiage we need.
Protecting cryptography must be fought on all fronts. If we disregard the legislature, we will lose. Period. The Constitution is the highest law of the land. As you may recall, it was ratified by state legislatures. Eric
participants (3)
-
Eric Hughes
-
fergp@sytex.com
-
L. Detweiler