reaction to Infoworld NIST/NSA queries
This is very interesting information, because it is extremely current and represents the first direct reactions by the behind-the-scenes authorities on some crucial aspects of Clipper and its scalding reception.
It should also be understood that the use of products implementing the key escrow encryption microcircuit is voluntary. There has been no attempt to either mandate its use or to deny the entry of other encryption technologies into the marketplace.
Note in the answer to `has acrimony lessened the government commitment' the feeble whimpering ultimately falls back on the aspect that it is voluntary. Ah, the last refuge of these scoundrels! If there are any plans to restrict or limit domestic cryptography, the policy-makers (and I use the term loosely) are painting themselves into a corner. If the only redeeming feature of Clipper is that it is voluntary, then anything less is wholly unredeeming! But again, the text conspicuously does not rule out that option.
Finally, the system will be designed to ensure that law enforcement destroys the keys it receives when its authority to conduct the electronic surveillance has expired.
Correct me if I'm wrong, but this is the first time I've seen any official indication of this requirement to `destroy keys after surveillance' -- this *is* clearly an extremely serious weakness with the scheme, and I don't use past tense there because this lip service doesn't remedy it in the least. However, we can take consolation: it appears there have been direct responses to the criticisms of the key escrow aspects. In fact, they appear to have the key-escrow issues thought out to the least (hence my very uneasy suspicions), were surprised by the focused critical analysis, and have been consistently attempting to strengthen the `baroque activities in a vault' (as one esteemed cypherpunk put it). The attempts look a little bit like desperate scramblings to me. They still don't have a clue on the escrow agencies!
Should a broader export policy be adopted, we believe products implementing the key escrow technology will find favor among consumers who desire the superb encryption security offered.
`superb'? hee, hee. First claim of security outside of the `superior to many other schemes on the market' weasel quote in the announcement. This sounds like vintage Sternlight.
Q. If Clipper would be the standard, would the use of non-Clipper encryption devices be outlawed? If so, how would you find out who was using these non-Clipper devices?
A. No. Use of key-escrowed products by the private sector would be entirely voluntary.
here they appear to be directly suggesting that they will *not* attempt domestic cryptographic restriction. (?)
Federal agencies will have the option of using this technology once it becomes a Federal Information Processing Standard.
This little FIPS thing (Federal Information Processing Standard) is clearly very important to all the Clipper conspirators right now (Bidzos is plugging it too, and it was in the PKP-NSA-DSA patent agreement announcement). Is there some way to sabotage the FIPS process? Cypherpunks, this is a critical window.
A. NIST will recommend that DES be renewed for another five years as a Federal Information Processing Standard.
wow, I don't recall seeing that before.
A. Again, we must emphasize that use of this technology is voluntary. Software containing other cryptosystems is still available to consumers.
they plug the `voluntary' bit so much here you'd think they're talking about Bush's Thousand Points of Light.
A. We expect the key escrow microcircuits will be enhanced to keep pace with future data requirements.
hee, hee. They can't even keep up with *current* requirements. The chips last for an astonishingly durable 2 days. (Actually, with Clipper this is a very attractive feature!)
That does not mean, however, that a government-imposed security policy is appropriate. Government must be actively involved in setting computer security standards for its own use and making its technology, expertise and guidance available to the private sector when requested and appropriate.
wow. At first I thought this was a typo and the statement was supposed to be `does not mean it is *in*appropriate'. `when requested and appropriate'? Good lord, is this the NSA talking or did they have the day off? Maybe they actually understand they have no domestic legal regulatory standing whatsoever.
participants (1)
-
L. Detweiler