Why the Clipper Clip is Bad (v1) by Russell Brand wuthel!bj-4@reasoning.com Copyright (C) 1993 All Rights Reserved Permission is given to freely redistribute this document without modification. The analysis presented has not been endorsed by any third party. It incorporates only UNCLASSIFIED information made by 31 April 1993. On or about 15 April 1993, The US Government has announced a encryption chip set called `Clipper' whose primary stated application is to encrypt VOICE telephone communication in such a way that law officers with a lawful warrant would be able to tap and decode the communication while no other unauthorized person would be able to do so. Law enforcement officials would present their warrant to two `escrow' agencies in order to get a halfs of a special key that they would use with a special device to decrypt the message. The algorithm is to remain classified. The number of objections to this, technical, legal and moral are numerous. First, a secret design is violation of the open design principle and hides from public view future hazards. Further there may be trap doors in the system that allow decryption WITHOUT the warrant or escrow key. Second, all of the agencies that have any experience with managing secrets like the Key Escrow process have declined to become involved or have been disqualified. Considering the value of the escrow data to corporate spies, one must fear corruption including blackmail of a commercial nature. Third, the cryptographic protocol as described is weak in a number of ways such that the escrow keys are seemingly unneeded for decryption by the federal government. This combined with a recent house of representative votes to allow the FBI to among other things conduct phone taps without a warrant when international terrorism is suspected as well as long well documented history of BLANK warrants being signed and issued is rather scary. Fourth, it seems to be a mis-use of government funds to subsidize the development of this chip to the advantage of certain companies over others without so much a public comment period. In addition to the development costs, there are many other large costs including the key escrow agencies themselves. Fifth, it will damage US competitiveness for companies to need to build both the insecure CLIPPER chip for government regulated markets and real protection circuitry for people that care. Sixth, the clipper proposal will not help against organized crime; they are bright enough to buy real encryption devices and certain details of CLIPPER will make it easier for them to accomplish this. Of course wire tapping itself has been shown *NOT* to be cost effective in detecting/preventing/prosecuting crimes. There is no way in the system to mark a `privileged conversation' (for example doctor-patient, lawyer-client' and hence these can and will be captured. Please write to your elected officials, media, etc. to oppose this.
participants (1)
-
wuthel!brand@drums.reasoning.com