I've been following the discussions on several newsgroups and mailing lists (RISKS, PRIVACY and Cypherpunks) concerning the Wiretap Chip (Clipper/Capstone) and the proposed key escrow system. Here's my $.02, as well. In RISK 14.55, <jim@RSA.COM> Jim Bidzos wrote - JB> Since Clipper, as currently defined, cannot be implemented in JB> software, what options are available to those who can benefit JB> from cryptography in software? Was a study of the impact on JB> these vendors or of the potential cost to the software industry JB> conducted? (Much of the use of cryptography by software JB> companies, particularly those in the entertainment industry, is JB> for the protection of their intellectual property. Using hardware JB> is not economically feasible for most of them.) Jim raises a valid concern. Although a hardware based system is ideal for voice encryption, the idea of registered key systems, where government and/or LE agencies have involvement, is not a popular one. The key escrow scheme in this proposal reeks of Big Brother. (As in, "Trust me. I'm from the government and I'm your friend.") In some circles, it is not even a consideration. Software encryption systems employed to protect intellectual and commercial data and electronic mail are much more flexible and desirable, especially when they are not governmentally proposed, imposed, designed and sanctioned by spook organizations such as the NSA. The real sore spot with the Clipper proposal is that private industry and citizenry were blind-sided by this entire process. The possibility that Uncle Sam will try to make this a de-facto standard and subsequently place restrictions on other forms of crypto (eg. software based) is real. Also in RISKS 14.55, <billc@glacier.sierra.com> Bill Campbell wrotes - BC> There are dozens, perhaps hundreds, of commercial, criminal and BC> governmental entities with access to government resources who BC> would not hesitate for a moment to violate my rights if they BC> found it expedient to do so. These individuals and organizations BC> have demonstrated beyond question that they are not constrained BC> by legal or ethical considerations, and as has been suggested BC> in a number of other postings, the technology employed by Clipper BC> (including the dual escrow sham) will probably not even pose so BC> much as an inconvenience to a determined adversary. To suggest BC> otherwise is, at best, profoundly naive. I have a tendency to agree with Bill. In fact, California is currently embroiled in a scandal involving the release of confidential data (DMV addresses), by employees of the Anaheim Police Department, to third party interests. This is clearly in violation of their employer's policies, their own terms of employment, state criminal law, and civil law. What's to stop the same blatant, unethical breech of confidentiality with regards to the Clipper key escrow implementation? Nothing, that's what. In the future, information will be the most powerful possession and in the spirit of SNEAKERS, s/he who has control of and access to the information is the most powerful. Power corrupts, but absolute power corrupts absolutely. I think that Clipper offers maximum abuse in this scenario. Also in RISK 14.55, <firth@SEI.CMU.EDU> Robert Firth wrote - RF> You see, friends, if the Clipper becomes the normal, standard, or RF> accepted means of encryption, then *the use of any other encryption RF> scheme can of itself be considered "probable cause" for search and RF> seizure*. And thereby could be lost in the courts what was won at RF> such great cost. This is perhaps my greatest concern in all of the Clipper/Capstone hoopla. Personally, I don't have much faith in the law enforcment agencies to act responsibly. The Secret Service and FBI have, in the past, clearly demonstrated that do not grasp the scope of the problems technically challenging modern society. The Steve Jackson Games case is one instance that immediately springs to mind. Some parts of the country are demographically more at risk than others. For example, the criteria which may be deemed as "probable cause" for search and seizure in Jackson, Mississippi could very well be reason for the ACLU to file a suit against the LEA in New York City. Also in RISKS 14.55, <padgett@tccslr.dnet.mmc.com> A. PADGETT PETERSON writes - PP> Like I said, both the government and corporate America *need* PP> Clipper, the designers are some of the best in the world, and PP> the administration has more to lose than we do. Given that, PP> Clipper will work as advertised. The only way that I can imagine the government actually *needing* Clipper is where Clipper is forced upon the country as the de-facto standard and other forms of cryptography are restricted. Uncle Sam tends to forget that what is desirable for the government, is not always acceptable to the public at large. Cynically, Paul Ferguson | Uncle Sam wants to read Network Integrator | your e-mail... Centreville, Virginia USA | Just say "NO" to the Clipper fergp@sytex.com | Chip... -------------------------------+------------------------------ I love my country, but I fear it's government.