Well, I received more than a dozen requests for this since I mentioned it here, and two people said I should post it. You have probably seen it all in one form or another already, but this is a handy package to send to other people who need an introduction to the issue. Embellish the intro, snip/forward at will. ----- begin blurb ----- INFORMATION ABOUT THE CLIPPER WIRETAP CHIP. DISTRIBUTE FREELY. The Clipper chip has been designed and introduced by the Federal government to standardize encryption technology so that law enforcement agencies can listen in on "private" conversations in electronic media. The device will initially be installed in government phones, and AT&T will also sell it for individual and business use. It is clear that the government would very much like the Clipper to become the standard for all future domestic electronic "private" communication. Many respected professionals in telecommunications and related industries fear that the government may soon make moves to outlaw or otherwise kill other encryption technology that could compete with the Clipper. This is not unlike the government demanding that you give them a sealed copy of all your future phone conversations and other computer-facilitated communications, just in case they ever want to open and examine them later. A pertinent quote from John Perry Barlow of the Electronic Frontier Foundation: The legal right to express oneself is meaningless if there is no secure medium through which that expression may travel. By the same token, the right to hold certain unpopular opinions is forfeit unless one can discuss those opinions with others of like mind without the government listening in. ...there is a kind of corrupting power in the ability to create public policy in secret while assuring that the public will have little secrecy of its own... This message contains announcements from the White House, AT&T, the Electronic Frontier Foundation, the Computer Professionals for Social Responsibility, and various news articles. Technical details and darker, deeper, evaluations of the Clipper project are available; see the usenet newsgroup sci.crypt for current info and pointers. _______________________________________________________________________________ FROM THE WHITE HOUSE From: clipper@csrc.ncsl.nist.gov (Clipper Chip Announcement) Subject: White House Public Encryption Management Fact Sheet Organization: National Institute of Standards & Technology Date: Fri, 16 Apr 1993 20:44:58 GMT Note: The following was released by the White House today in conjunction with the announcement of the Clipper Chip encryption technology. FACT SHEET PUBLIC ENCRYPTION MANAGEMENT The President has approved a directive on "Public Encryption Management." The directive provides for the following: Advanced telecommunications and commercially available encryption are part of a wave of new computer and communications technology. Encryption products scramble information to protect the privacy of communications and data by preventing unauthorized access. Advanced telecommunications systems use digital technology to rapidly and precisely handle a high volume of communications. These advanced telecommunications systems are integral to the infrastructure needed to ensure economic competitiveness in the information age. Despite its benefits, new communications technology can also frustrate lawful government electronic surveillance. Sophisticated encryption can have this effect in the United States. When exported abroad, it can be used to thwart foreign intelligence activities critical to our national interests. In the past, it has been possible to preserve a government capability to conduct electronic surveillance in furtherance of legitimate law enforcement and national security interests, while at the same time protecting the privacy and civil liberties of all citizens. As encryption technology improves, doing so will require new, innovative approaches. In the area of communications encryption, the U. S. Government has developed a microcircuit that not only provides privacy through encryption that is substantially more robust than the current government standard, but also permits escrowing of the keys needed to unlock the encryption. The system for the escrowing of keys will allow the government to gain access to encrypted information only with appropriate legal authorization. To assist law enforcement and other government agencies to collect and decrypt, under legal authority, electronically transmitted information, I hereby direct the following action to be taken: INSTALLATION OF GOVERNMENT-DEVELOPED MICROCIRCUITS The Attorney General of the United States, or her representative, shall request manufacturers of communications hardware which incorporates encryption to install the U.S. government-developed key-escrow microcircuits in their products. The fact of law enforcement access to the escrowed keys will not be concealed from the American public. All appropriate steps shall be taken to ensure that any existing or future versions of the key-escrow microcircuit are made widely available to U.S. communications hardware manufacturers, consistent with the need to ensure the security of the key-escrow system. In making this decision, I do not intend to prevent the private sector from developing, or the government from approving, other microcircuits or algorithms that are equally effective in assuring both privacy and a secure key- escrow system. KEY-ESCROW The Attorney General shall make all arrangements with appropriate entities to hold the keys for the key-escrow microcircuits installed in communications equipment. In each case, the key holder must agree to strict security procedures to prevent unauthorized release of the keys. The keys shall be released only to government agencies that have established their authority to acquire the content of those communications that have been encrypted by devices containing the microcircuits. The Attorney General shall review for legal sufficiency the procedures by which an agency establishes its authority to acquire the content of such communications. PROCUREMENT AND USE OF ENCRYPTION DEVICES The Secretary of Commerce, in consultation with other appropriate U.S. agencies, shall initiate a process to write standards to facilitate the procurement and use of encryption devices fitted with key-escrow microcircuits in federal communications systems that process sensitive but unclassified information. I expect this process to proceed on a schedule that will permit promulgation of a final standard within six months of this directive. The Attorney General will procure and utilize encryption devices to the extent needed to preserve the government's ability to conduct lawful electronic surveillance and to fulfill the need for secure law enforcement communications. Further, the Attorney General shall utilize funds from the Department of Justice Asset Forfeiture Super Surplus Fund to effect this purchase. _______________________________________________________________________________ FROM AT&T AT&T TO INCORPORATE NEW 'CLIPPER' CHIP INTO SECURE COMMUNICATIONS PRODUCT LINE GREENSBORO, N.C., April 16 AT&T (NYSE: T) said today it is moving to improve the security and privacy of telephone communications by incorporating a just-announced new U.S. government technology for voice encryption into its secure communications product line. AT&T will use the Clipper chip, announced today by President Clinton as a new technology for voice encryption, in all of its secure telephone products except those specially designed for government classified customers. The Commerce Department has announced a six-month timetable for the final certification of Clipper. "AT&T is pleased to be the first company to publicly commit to adoption of the Clipper chip," said Ed Hickey, AT&T vice president, Secure Communications Systems. "We believe it will give our customers far greater protection in defeating hackers or eavesdroppers attempting to intercept a call. "And now all commercially available AT&T voice encryption products will be compatible with each other, a major step forward in bringing secure communications capabilities to the business community." In standardizing AT&T voice encryption products on the Clipper chip, AT&T will include the algorithm in the Telephone Security Device as well as in the Secure Voice/Data Terminal. The AT&T Telephone Security Device is a compact, lightweight unit that brings advance encryption technology to conventional land-line and cellular telephones. It provides a powerful, convenient and reliable way to protect the most sensitive telephone conversations. The device works with a conventional land-line or transportable/mobile cellular phone. It turns the phone's signal into a digital stream of encrypted information that is decrypted by a Telephone Security Device attached to the phone at the receiving end of the call. The AT&T Telephone Security Device connects easily to desk telephones or tranportable or mobile phones. It weighs 1.5 pounds and is 7 inches long, 4.5 inches wide and 1.5 inches high. And it's as easy to use as it is portable. The AT&T Secure Voice/Data Terminals are desktop telephones that provide encryption for both telephone calls and data transmissions. These AT&T secure communications products use an enhanced voice encryption technique that provides very high voice quality. This technology allows calls placed with these products to approach the voice quality of normal calls. To further enhance interoperability, AT&T will consider licensing to other manufacturers its enabling technologies for interoperability. Interoperability of encryption devices requires common technology beyond the use of a common encryption algorithm, specifically common methods of digital voice encoding and signaling. AT&T has already performed integration tests with Clipper chips manufactured by the government's supplier, Mykotronx Inc., of Torrence, Calif., and is preparing to integrate the chip into the manufacturing of its secure products. AT&T's Clipper-equipped telephone security devices will be available to customers by the end of the second quarter. The federal government intends to adopt the Clipper chip as the standard for voice encryption to help protect proprietary information, protect the privacy of personal phone conversations and prevent unauthorized release of data transmitted electonically. At the same time, use of the Clipper chip will preserve the ability of federal, state and local law enforcement agencies to intercept lawfully the phone conversations of criminals. "Adoption of Clipper will support both the government's efforts to protect the public and the public's right to privacy," Hickey said. AT&T Secure Communication Systems provides products to protect voice, data, fax, cellular and video communications. It also engineers and integrates secure communications applications. Its customers include the governments of the United States and other nations as well as major corporations around the world. AT&T Secure Communications Systems is headquartered in Greensboro. For more information about the AT&T Telephone Security Device 3600 and other AT&T Secure Communications Products, call David Arneke at 919-279-7680. CONTACT: David Arneke of AT&T Secure Communications Systems, 919-279- 7680,or after hours, 919-273-5687, or Herb Linnen of AT&T Media Relations, 202-457-3933, or after hours, 202-333-9162 _______________________________________________________________________________ FROM THE ELECTRONIC FRONTIER FOUNDATION Date: Fri, 16 Apr 1993 15:17:02 -0400 From: Cliff Figallo <fig@eff.org> Subject: EFFector Online 5.06 To: eff-news@eff.org (eff-news mailing list) ****************************************************************** ////////////// ////////////// ////////////// /// /// /// /////// /////// /////// /// /// /// ////////////// /// /// ****************************************************************** EFFector Online Volume 5 No. 6 4/16/1993 editors@eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 ... April 16, 1993 INITIAL EFF ANALYSIS OF CLINTON PRIVACY AND SECURITY PROPOSAL The Clinton Administration today made a major announcement on cryptography policy which will effect the privacy and security of millions of Americans. The first part of the plan is to begin a comprehensive inquiry into major communications privacy issues such as export controls which have effectively denied most people easy access to robust encryption as well as law enforcement issues posed by new technology. However, EFF is very concerned that the Administration has already reached a conclusion on one critical part of the inquiry, before any public comment or discussion has been allowed. Apparently, the Administration is going to use its leverage to get all telephone equipment vendors to adopt a voice encryption standard developed by the National Security Agency. The so-called "Clipper Chip" is an 80-bit, split key escrowed encryption scheme which will be built into chips manufactured by a military contractor. Two separate escrow agents would store users' keys, and be required to turn them over law enforcement upon presentation of a valid warrant. The encryption scheme used is to be classified, but they chips will be available to any manufacturer for incorporation into their communications products. This proposal raises a number of serious concerns . First, the Administration appears to be adopting a solution before conducting an inquiry. The NSA-developed Clipper chip may not be the most secure product. Other vendors or developers may have better schemes. Furthermore, we should not rely on the government as the sole source for Clipper or any other chips. Rather, independent chip manufacturers should be able to produce chipsets based on open standards. Second, an algorithm can not be trusted unless it can be tested. Yet the Administration proposes to keep the chip algorithm classified. EFF believes that any standard adopted ought to be public and open. The public will only have confidence in the security of a standard that is open to independent, expert scrutiny. Third, while the use of the split-key, dual-escrowed system may prove to be a reasonable balance between privacy and law enforcement needs, the details of this scheme must be explored publicly before it is adopted. What will give people confidence in the safety of their keys? Does disclosure of keys to a third party waive individual's fifth amendment rights in subsequent criminal inquiries? In sum, the Administration has shown great sensitivity to the importance of these issues by planning a comprehensive inquiry into digital privacy and security. However, the "Clipper chip" solution ought to be considered as part of the inquiry, not be adopted before the discussion even begins. DETAILS OF THE PROPOSAL: ESCROW The 80-bit key will be divided between two escrow agents, each of whom hold 40 bits of each key. Upon presentation of a valid warrant, the two escrow agents would have to turn the key parts over to law enforcement agents. Most likely the Attorney General will be asked to identify appropriate escrow agents. Some in the Administration have suggested one non-law enforcement federal agency, perhaps the Federal Reserve, and one non-governmental organization. But, there is no agreement on the identity of the agents yet. Key registration would be done by the manufacturer of the communications device. A key is tied to the device, not to the person using it. CLASSIFIED ALGORITHM AND THE POSSIBILITY OF BACK DOORS The Administration claims that there are no back door means by which the government or others could break the code without securing keys from the escrow agents and that the President will be told there are no back doors to this classified algorithm. In order to prove this, Administration sources are interested in arranging for an all-star crypto cracker team to come in, under a security arrangement, and examine the algorithm for trap doors. The results of the investigation would then be made public. GOVERNMENT AS MARKET DRIVER In order to get a market moving, and to show that the government believes in the security of this system, the feds will be the first big customers for this product. Users will include the FBI, Secret Service, VP Al Gore, and maybe even the President. FROM MORE INFORMATION CONTACT: Jerry Berman, Executive Director Daniel J. Weitzner, Senior Staff Counsel ... ============================================================= EFFector Online is published by The Electronic Frontier Foundation 666 Pennsylvania Ave., Washington, DC 20003 Phone: +1 202 544-9237 FAX: +1 202 547 5481 Internet Address: eff@eff.org Coordination, production and shipping by Cliff Figallo, EFF Online Communications Coordinator (fig@eff.org) Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the view of the EFF. To reproduce signed articles individually, please contact the authors for their express permission. *This newsletter is printed on 100% recycled electrons* _______________________________________________________________________________ FROM THE COMPUTER PROFESSIONALS FOR SOCIAL RESPONSIBILITY April 16, 1993 Washington, DC COMPUTER PROFESSIONALS CALL FOR PUBLIC DEBATE ON NEW GOVERNMENT ENCRYPTION INITIATIVE Computer Professionals for Social Responsibility (CPSR) today called for the public disclosure of technical data underlying the government's newly-announced "Public Encryption Management" initiative. The new cryptography scheme was announced today by the White House and the National Institute for Standards and Technology (NIST), which will implement the technical specifications of the plan. A NIST spokesman acknowledged that the National Security Agency (NSA), the super- secret military intelligence agency, had actually developed the encryption technology around which the new initiative is built. According to NIST, the technical specifications and the Presidential directive establishing the plan are classified. To open the initiative to public review and debate, CPSR today filed a series of Freedom of Information Act (FOIA) requests with key agencies, including NSA, NIST, the National Security Council and the FBI for information relating to the encryption plan. The CPSR requests are in keeping with the spirit of the Computer Security Act, which Congress passed in 1987 in order to open the development of non-military computer security standards to public scrutiny and to limit NSA's role in the creation of such standards. CPSR previously has questioned the role of NSA in developing the so-called "digital signature standard" (DSS), a communications authentication technology that NIST proposed for government-wide use in 1991. After CPSR sued NIST in a FOIA lawsuit last year, the civilian agency disclosed for the first time that NSA had, in fact, developed that security standard. NSA is due to file papers in federal court next week justifying the classification of records concerning its creation of the DSS. David Sobel, CPSR Legal Counsel, called the administration's apparent commitment to the privacy of electronic communications, as reflected in today's official statement, "a step in the right direction." But he questioned the propriety of NSA's role in the process and the apparent secrecy that has thus far shielded the development process from public scrutiny. "At a time when we are moving towards the development of a new information infrastructure, it is vital that standards designed to protect personal privacy be established openly and with full public participation. It is not appropriate for NSA -- an agency with a long tradition of secrecy and opposition to effective civilian cryptography -- to play a leading role in the development process." CPSR is a national public-interest alliance of computer industry professionals dedicated to examining the impact of technology on society. CPSR has 21 chapters in the U.S. and maintains offices in Palo Alto, California, Cambridge, Massachusetts and Washington, DC. For additional information on CPSR, call (415) 322-3778 or e-mail <cpsr@csli.stanford.edu>. _______________________________________________________________________________ FROM THE CHICAGO TRIBUNE April 17, 1993 Privacy device leaves cops a key By Christopher Drew, Chicago Tribune. As a step toward the development of vast new data "superhighways," the federal government has designed a powerful device that would protect the privacy of electronic communications by encoding them but still allow police to eavesdrop. Critics say the project, announced Friday by the Clinton administration, raises serious questions about the protection of civil liberties as more people use cellular and cordless phones and computer-based communications. They also warned that the device is not likely to help law-enforcement agents foil high-tech criminals unless it becomes the most widely used commercial encryption system - and drives private competitors out of the business. "'A.k.a. Big Brother,' that's what I call it," said Stephen Bryen, a former Pentagon official who runs a company developing a rival encryption system. Bryen said it was "very disturbing" that the government has gone so far with the previously classified project "without consulting with experts in the industry" whose investments could be wiped out. One high-ranking federal official, Raymond Kammer, acknowledged that such concerns are part of an "appropriate debate" that needs to be held over the project. "Maybe it turns out that society, as it debates this, finds it unacceptable," said Kammer, acting director of the National Institute for Standards and Technology. "I'm not sure. This is the start of that debate." Millions of people who exchange information via computers and make calls from cordless and cellular phones, which are especially vulnerable to interception, could be affected. Experts say an era is dawning in which traveling executives exchange electronic memos and negotiate sensitive deals via hand-held communicators using vulnerable wireless transmitters. In endorsing the plan, the White House described it Friday as an outgrowth of federal efforts to capitalize on advances in telephone and computer technology while preventing drug dealers and terrorists from finding new ways to mask their misdeeds. In last year's campaign, President Clinton pledged to invest billions of dollars in faster and more secure data links to enhance the standing of U.S. firms in the global economy. But as the computer industry has developed systems to enable businesses to scramble data transfers and telephone conversations as a safeguard against industrial espionage, a growing number of criminals also have begun using them to foil court-authorized wiretaps. Under the new plan, engineers at the National Security Agency invented a new coding device, called the " Clipper Chip, " which is said to be much harder to crack than encoding systems now on the market. The government licensed two California companies - Mykotronx and VLSI Technology - to make the computer chips. The chips will form the "brains" inside small scrambling devices that can be attached to individual telephones. To spur the venture, the Justice Department will soon purchase several thousand of the devices. Military and spy agencies also are expected to use them. Private businesses would not be required to use the technology. But federal officials hope their sponsorship will establish the Clipper chips as the new industry standard and crowd out competing systems. Indeed, AT&T announced Friday that it will use the new chips in a desktop device for encrypting telephone conversations that it expects to sell for $1,195. But in return for gaining the extra encoding power built into the new system, users would have to accept the fact that government code- breakers would always hold the keys to tap into the information. In an effort to prevent abuses of civil liberties, federal officials said, they will set up a system in which they would have to match two coding keys held by different officials to unscramble any communications. National- security and law-enforcement officials could bring the keys together only under court-authorized operations. But Bryen said it is hard to see how the Clipper chips project will provide much help to the FBI. Even if the new coding devices drove others off the U.S. market, Bryen said, sophisticated criminals would simply buy encoding devices overseas, as many already do. Multinational and foreign-based companies also could prove leery of a system that has a built-in point of entry for U.S. authorities. The FBI separately is seeking legislation that would force telephone companies to modify their equipment to keep other advances in technology from hampering its ability to perform wiretaps. AT&T and other phone companies have opposed this idea. _______________________________________________________________________________ FROM THE WASHINGTON TIMES April 17, 1993 Government picks affordable chip to scramble phone calls Frank J. Murray; THE WASHINGTON TIMES President Clinton gave a major boost yesterday to one telephone- scrambler technology in a decision its delighted manufacturer likens to the choice of VHS over Beta for videotape machines. Mr. Clinton's action could allow the use of relatively cheap scramblers on almost every cellular, business and government phone and make scramblers common even on ordinary home telephones. An administration official said consideration will be given to banning more sophisticated systems investigators cannot crack, thereby creating a balance between banning private encryption and declaring a public right to unbreakably coded conversations. "We've got a balance we've got to strike between the public's important need for privacy and the public's need to be assured it's safe from crime," said Raymond G. Kammer, acting director of the National Institute of Standards and Technology, which developed the system with the National Security Agency. In an unusual decision he said was examined by the National Security Council, Mr. Clinton directed the Commerce and Justice departments to encourage the development of the high-tech system, which includes electronic master keys to enable law enforcement officials to decode transmissions if they obtain court orders. "This technology preserves the ability of federal, state and local law enforcement agencies to intercept lawfully the phone conversations of criminals," Mr. Clinton said, citing the fear that encrypted phones could aid terrorists and drug dealers. The system is designed to protect from unauthorized interception the electronic transmission of conversations, computer data and video images at a cost per telephone that could be under $30, said Ted Bettwy, executive vice president of the manufacturer, Mykotronx Inc. of Torrance, Calif. He said the chip announced yesterday, internally referred to as MYK-78, costs about $40 and uses an algorithm 16 million times more complex than that used by chips now on the market. Computer hackers have penetrated the current chips. The new chip uses an 80-bit code instead of the 56-bit code that is the digital encryption standard (DES). The chip eventually could sell in lots of 10,000 for about $25 each, Mr. Kammer said, with later versions priced around $10 each. Government engineers at NSA and the Commerce Department's NIST designed and developed the chip, which was then produced by privately owned Mykotronx and a publicly traded subcontractor, VLSI Technology. A Silver Spring competitor cried foul, particularly because the commercial device was developed without notice or competitive bids in a classified laboratory that does work for the National Security Agency. "If the purpose of this chip is to catch bad guys, then no bad guy will use it," said Stephen Bryen of Secure Communications Technology in Silver Spring, which produces a competitive chip he said could sell for $10. "The answer is to invest more money into breaking codes," Mr. Bryen said in an interview after yesterday's announcement. "They're trying to put us out of business." Mr. Kammer said the secrecy was justified. "The technology we're using was actually developed in a classified environment in the first place and then transferred to a sole-source supplier. I don't know that there was any way around it," he said in an interview. The Justice Department will buy several thousand of the Mykotronx devices, which use a " clipper chip. " They are being incorporated into other systems by Motorola and American Telephone & Telegraph Co., Mr. Bettwy said. Other sophisticated encryption systems do not allow ready access for authorized law enforcement purposes, said Mr. Bryen, who predicted that an elaborate security plan for the electronic master key would not prevent misuse. Mike Newman, a spokesman for the National Institute of Standards and Technology, said, "The key is split into two parts and stored Separately to ensure security of the key system." Access would be provided to the two parts for an agency that produced legitimate authority or a court order, he said. The Justice Department will determine whether the two parts will be held by separate federal agencies or a federal agency and a private agency. "This chip is going to do something that we, the citizens, really need, and that is to allow us the privacy we want as common citizens," Mr. Bettwy said in a telephone interview from California yesterday. He said the vital part of yesterday's decision is the government's declaration that it intends to use the device. Mr. Bettwy says that use will establish his device as the new standard and will require private facilities to use the same system to communicate with the government. He said the decision's impact is "exactly" like the adoption of VHS standards, making most private use of Beta video systems obsolete. "I hope that's true," he said of the business implications for Mykotronx. "We're hoping this will become the new standard." Only compatible phones can receive secure communications from a phone using a clipper chip. "To me the real significance is if everybody uses this, everybody can talk to anybody else," Mr. Bettwy said. "It creates a false hope," Mr. Bryen said. "The secret key could fall into other people's hands. When you create a system that has a back door, other people will find the back door." ______________________________________________________________________________ FROM THE NEW YORK TIMES April 16, 1993 Electronics Plan Aims to Balance Government Access With Privacy By JOHN MARKOFF, Special to The New York Times The Clinton Administration plans a new system of encoding electronic communications that is intended to preserve the Government's ability to eavesdrop for law enforcement and national security reasons while increasing privacy for businesses and individuals. New technology will be installed in some Government communications networks within weeks or months and could be available for business and even household use before the end of the year. It will use a new system of encoding voice and computer transmissions, including phone calls and electronic mail, to prevent unauthorized listening. The move is intended to resolve a long-standing dilemma of the information age: how to preserve the legitimate right for businesses and citizens to use codes to protect all sorts of digital communications -- be it a doctor's cellular phone call to a patient or a company's electronic transfer of a million dollars to an overseas client -- without letting criminals and terrorists conspire beyond the reach of the law. "There is a trade-off between individual privacy and society's safety from crime," one Government official said. "Our society needs to decide where to draw the line." But at least some communications experts, when told of the plan by a reporter, did not like what they heard. "I think the Government is creating a monster," said a former Pentagon official, Stephen D. Bryen, who is now president of Secured Communications Technologies Inc. in Silver Spring, Md., which makes data-security equipment. "People won't be able to trust these devices because there is a high risk that the Government is going to have complete access to anything they are going to do." Modern communications are becoming increasingly vulnerable to illegal listening. For example, cellular phone calls can be monitored by anyone with an inexpensive scanner. At the same time, computer chips and special software make it possible to code phone conversations and computer data, effectively garbling them so they cannot be deciphered by even the National Security Agency's most powerful code-breaking computers. Although computer encoding is now used in only a small portion of electronic communications, computer experts expect that volume to grow rapidly as more of the nation's commerce begins to flow over data networks -- especially wireless networks. The Government has proposed in the past to require the use of a hidden key in the coding hardware or software -- a way to crack the code, in other words -- to let police security agents decipher messages after obtaining court authorization to do so. Civil liberty concerns aside, computer experts have argued that any such key, no matter how sophisticated, might be figured out by any savvy computer hacker. The Administration's solution: require two separate keys, each to be held by different agencies or organizations. The new coding devices, which will be called Clipper Chips, have been designed by engineers at the National Institute for Standards and Technology and at the National Security Agency. They will be manufactured by Mycotronx, a military contractor based in Torrance, Calif., and VLSI Technology Inc., a Silicon Valley semiconductor manufacturer. The devices will be built into Government telephones and eventually into commercial telephones and computers. The new security plan has been a classified secret of several Government agencies, including the National Institute for Standards and Technology and the National Security Agency, and several law enforcement agencies, including the Federal Bureau of Investigation. The official said the Government planned to announce the technology, possibly within a week, and to propose it as a Government-wide standard later this year. Broad Review Ordered A White House official said today that President Clinton had ordered the National Security Council to conduct a formal review of the new plan as well as all Government cryptography policies. The review, which will take three to four months, will begin within weeks, and will consider both the domestic use and export of advanced cryptography systems. Several Administration officials said the security devices would be deployed first by law enforcement and intelligence agencies and also civilian agencies, like the Internal Revenue Service, that handle confidential information. But the new system is also viewed as a data security standard that the Clinton Administration believes will eventually be widely used in the nation's commercial telephone and computer networks. While the Administration currently has no plan to try imposing the technology on private industry, officials hope it will become a standard. Any communications or computer company doing business with the Federal Government, from A.T.& T. to I.B.M., would presumably have to incorporate the technology into their products. Moreover, the Government can authorize or deny the export of American-made computer and communications devices on the basis of whether it approves of any coding that may be used in the hardware and software. The new security standard, technically a set of computer algorithms, was developed by National Security Agency scientists. The Administration officials said they viewed the approach as a candidate for replacing the 15-year-old Data Encryption Standard that is now used to secure much of the nation's computer data. There is no known hidden key in this standard, although many industry experts believe that the agency can crack the code with its high-powered computers. ______________________________________________________________________________ FROM THE KNIGHT-RIDDER NEWS SERVICE (1) Knight-Ridder/Tribune Business News Computer Group, Libertarians Question Clinton Phone Privacy Stance By Rory J. O'Connor, San Jose Mercury News, Calif. SAN JOSE, Calif.--Apr. 17--Civil libertarians and a major computer industry group raised concerns Friday about how much protection a Clinton administration plan would afford private electronic communications, from cellular telephone calls to computer data. The administration Friday said it would begin using technology developed by the government's National Institute of Standards and Technology to balance two competing interests: the desire of citizens to keep their conversations private and the need for law enforcement agencies to monitor those conversations after getting a court order. The technology that enables this is a computer chip called the Clipper Chip that scrambles a telephone call or computer message using a secret algorithm, or formula. But each chip also comes with a pair of electronic "keys" that could be used by law enforcement agencies to decipher the secret messages generated by the chip. The Clinton proposal calls for one key to be held by each of two separate "trusted" third parties, who would release them to law enforcement agencies that obtained legal authority to intercept the communications. Both keys would be needed to decipher a message. The Electronic Frontier Foundation, a not-for-profit civil liberties group, praised the administration for considering the issue. But it criticized the lack of public input into the plan. "They've announced a big inquiry with public input, but they've reached a conclusion before they started," said Daniel J. Weitzner, staff counsel for the Washington-based foundation. Although the administration's plan calls only for equipping government telephones with the security devices, some groups are concerned the plan might become a standard for all manner of electronic communication before the public has a chance to debate its merits. "I don't want to sound too stridently opposed to this," said Ken Wasch, executive director of the Software Publishers Association (SPA) in Washington. "But...we feel blindsided." The SPA was discussing data security issues with Clinton administration officials but had not expected any White House action until August, said Ilene Rosenthal, general counsel. Besides the lack of initial hearings, both groups said they had two major concerns about the Clinton plan: - Because the algorithm itself is secret, the groups say it is impossible for the public to discern if it is truly secure. Users can't be certain government spy agencies have not hidden a "back door" in the software that will allow them to read anything they want. "So far there hasn't been a credible explanation about why the algorithm has to be secret," Weitzner said. - The administration hasn't decided who will be the escrow agents, and it seems unlikely any government agency, corporate entity or other organization would be deemed trustworthy by every user. Even assuming all concerned can agree on who will hold them, civil libertarians are concerned that the keys, by giving law enforcement agencies access to individuals' private communications, might pose a threat to constitutional protections against self-incrimination. Washington sources who requested anonymity suggested the White House might have drafted its plan quickly because of concern over sales of an AT&T device that encrypts phone calls using an older standard, Data Encryption Standard. The sources said law enforcement officials feared the device would create an explosion in secured telephone traffic that would severely hamper their efforts to wiretap calls. American Telephone & Telegraph Co. announced Friday it would adapt the $1,200 product, called the Telephone Security Device, to use the Clipper Chip by the end of this fiscal quarter. AT&T makes a related device, which encrypts voice and computer data transmissions, that could be converted to the Clipper technology, said spokesman Bill Jones. Jones said he wasn't aware of any concern by the government over the current model of the Telephone Security Device, which has been sold to government and business customers. At least one company was quite pleased with the plan: San Jose chip maker VLSI Technology, which will manufacture the Clipper chips for a Torrance company that is selling them to the government and to AT&T. VLSI, which invented a manufacturing method the company said makes it difficult to "reverse engineer" the chip or discern the encryption scheme, expects to make $50 million in the next three years selling the device, said Jeff Hendy, director of new product marketing for the company. _______________________________________________________________________________ FROM THE KNIGHT-RIDDER NEWS SERVICE (2) New Scrambler Designed to Protect Privacy, But Allow Police Monitoring By Christopher Drew, Chicago Tribune Knight-Ridder/Tribune Business News WASHINGTON--Apr. 19--As a step toward the development of vast new data "superhighways," the federal government has designed a powerful device that would protect the privacy of electronic communications by encoding them but still allow police to eavesdrop. Critics say the project, announced Friday by the Clinton administration, raises serious questions about the protection of civil liberties as more people use cellular and cordless phones and computer-based communications. They also warned that the device is not likely to help law-enforcement agents foil high-tech criminals unless it becomes the most widely used commercial encryption system - and drives private competitors out of the business. "'A.k.a. Big Brother,' that's what I call it," said Stephen Bryen, a former Pentagon official who runs a company developing a rival encryption system. Bryen said it was "very disturbing" that the government has gone so far with the previously classified project "without consulting with experts in the industry" whose investments could be wiped out. One high-ranking federal official, Raymond Kammer, acknowledged that such concerns are part of an "appropriate debate" that needs to be held over the project. "Maybe it turns out that society, as it debates this, finds it unacceptable," said Kammer, acting director of the National Institute for Standards and Technology. "I'm not sure. This is the start of that debate." Millions of people who exchange information via computers and make calls from cordless and cellular phones, which are especially vulnerable to interception, could be affected. Experts say an era is dawning in which traveling executives exchange electronic memos and negotiate sensitive deals via hand-held communicators using vulnerable wireless transmitters. In endorsing the plan, the White House described it Friday as an outgrowth of federal efforts to capitalize on advances in telephone and computer technology while preventing drug dealers and terrorists from finding new ways to mask their misdeeds. In last year's campaign, President Clinton pledged to invest billions of dollars in faster and more secure data links to enhance the standing of U.S. firms in the global economy. But as the computer industry has developed systems to enable businesses to scramble data transfers and telephone conversations as a safeguard against industrial espionage, a growing number of criminals also have begun using them to foil court-authorized wiretaps. Under the new plan, engineers at the National Security Agency invented a new coding device, called the "Clipper Chip," which is said to be much harder to crack than encoding systems now on the market. The government licensed two California companies - Mykotronx and VLSI Technology - to make the computer chips. The chips will form the "brains" inside small scrambling devices that can be attached to individual telephones. To spur the venture, the Justice Department will soon purchase several thousand of the devices. Military and spy agencies also are expected to use them. Private businesses would not be required to use the technology. But federal officials hope their sponsorship will establish the Clipper chips as the new industry standard and crowd out competing systems. Indeed, AT&T announced Friday that it will use the new chips in a desktop device for encrypting telephone conversations that it expects to sell for $1,195. But in return for gaining the extra encoding power built into the new system, users would have to accept the fact that government code-breakers would always hold the keys to tap into the information. In an effort to prevent abuses of civil liberties, federal officials said, they will set up a system in which they would have to match two coding keys held by different officials to unscramble any communications. National-security and law-enforcement officials could bring the keys together only under court- authorized operations. But Bryen said it is hard to see how the Clipper chips project will provide much help to the FBI. Even if the new coding devices drove others off the U.S. market, Bryen said, sophisticated criminals would simply buy encoding devices overseas, as many already do. Multinational and foreign-based companies also could prove leery of a system that has a built-in point of entry for U.S. authorities. The FBI separately is seeking legislation that would force telephone companies to modify their equipment to keep other advances in technology from hampering its ability to perform wiretaps. AT&T and other phone companies have opposed this idea. _______________________________________________________________________________ WHAT TO DO ABOUT IT by Philip Zimmermann Date: Sat, 24 Apr 93 01:03:53 PDT From: atfurman@cup.portal.com Newsgroups: comp.dcom.telecom Subject: Phil Zimmerman on the "Clipper initiative" Message-ID: <telecom13.277.2@eecs.nwu.edu> Approved: telecom@eecs.nwu.edu The following was posted on the Usenet newsgroup alt.security.pgp by Philip Zimmermann, author of PGP (a public-key crypto program): --------------- Here are some ideas for those of you who want to oppose the White House Clipper chip crypto initiative. I think this is going to be a tough measure to fight, since the Government has invested a lot of resources in developing this high-profile initiative. They are serious about it now. It won't be as easy as it was defeating Senate Bill 266 in 1991. Possible actions to take in response: 1) Mobilize your friends to to all the things on this list, and more. 2) Work the Press. Talk with your local newspaper's science and technology reporter. Write to your favorite trade rags. Better yet, write some articles yourself for your favorite magazines or newspapers. Explain why the Clipper chip initiative is a bad idea. Remember to tailor it to your audience. The general public may be slow to grasp why it's a bad idea, since it seems so technical and arcane and innocent sounding. Try not to come across as a flaming libertarian paranoid extremist [*Moi?* -- ATF], even if you are one. 3) Lobby Congress. Write letters and make phone calls to your Member of Congress in your own district, as well as your two US Senators. Many Members of Congress have aides that advise them of technology issues. Talk to those aides. 4) Involve your local political parties. The Libertarian party would certainly be interested. There are also libertarian wings of the Democrat and Republican parties. The right to privacy has a surprisingly broad appeal, spanning all parts of the political spectrum. We have many natural allies. The ACLU. The NRA. Other activist groups that may someday find themselves facing a government that can suppress them much more efficiently if these trends play themselves out. But you must articulate our arguments well if you want to draw in people who are not familiar with these issues. 4) Contribute money to the Electronic Frontier Foundation (EFF) and Computer Professionals for Social Responsibility (CPSR), assuming these groups will fight this initiative. They need money for legal expenses and lobbying. 5) Mobilize opposition in industry. Companies that will presumably develop products that will incorporate the Clipper chip should be lobbied against it, from within and from without. If you work for a telecommunications equipment vendor, first enlist the aid of your coworkers and fellow engineers against this initiative, and then present your company's management with a united front of engineering talent against this initiative. Write persuasive memos to your management, with your name and your colleagues' names on it. Hold meetings on it. 6) Publicize, deploy and entrench as much guerrilla techno-monkeywrenching apparatus as you can. That means PGP, anonymous mail forwarding systems based on PGP, PGP key servers, etc. The widespread availability of this kind of technology might also be used as an argument that it can't be effectively suppressed by Government action. I will also be working to develop new useful tools for these purposes. 7) Be prepared to engage in an impending public policy debate on this topic. We don't know yet how tough this fight will be, so we may have to compromise to get most of what we want. If we can't outright defeat it, we may have to live with a modified version of this Clipper chip plan in the end. So we'd better be prepared to analyze the Government's plan, and articulate how we want it modified. Philip Zimmermann Forwarded to the Internet TELECOM Digest by Alan T. Furman, atfurman@cup.portal.com --- end ---