Anti-Clipper Article in "THe Computer Applications Journal"
FYI the following is scanned, not stirred (or forwarded) from "The Computer Applications Journal", July 1994, issue #48 (a 'zine with a refreshingly technical mix of software, hardware info for board-level integration with current popular operating systems e.g. DOS etc.) By John Iovine Cryptology is a science of enciphering and deciphering messages and information. The word conjures up images of espionage, spies, hostile government action, and top secret information. We don't usually associate this word with privacy--your privacy--but it is this facet of cryptology that is being argued today in our courts and among government agencies. ENCRYPTED PRIVACY? The arena where electronic bits of information are transmitted through data conduits is loosely termed "cyberspace." Currently, in cyberspace there's no guarantee of privacy. Transmitted messages may be intercepted and read indiscriminately. This possible invasion of privacy is not just limited to Email on your local BBS or on Internet. Our national telephone network, which handles voice and fax as well as computer telecommunication, is vulnerable. Additional data conduits like cable television systems and satellite feeds are becoming more commonplace all across the country. These newer networks are vulnerable to interception as well. To better grasp the threat, imagine a company that routinely transmits bids or promotional information to field agents through one of these networks. The company can be put at a severe disadvantage if a competitor gains access to this information. The dark side of our information age is that technically skilled crooks--sometimes romantically referred to as phreakers and crackers can create havoc in your life. For a while, crackers were making national news by breaking into secured government databases. Intercepting various unprotected data communications makes most people easy targets for others to gain access to confidential material. Anyone who has been electronically mugged has very little sympathy for these criminals. By stealing credit card numbers, they are capable of making purchases, charging telephone calls to your phone number, reading your Email, and listening to cellular phone conversations. The problem is growing. Our national data network increases in size and complexity daily. It is changing and defining the methods by which people communicate, information is transferred, and business is conducted. It is therefore becoming increasingly important to secure the privacy of the networks and reduce their vulnerability to interception. Business has been less than responsive to this threat. For instance, credit card companies justify their exorbitant +19% interest rates because they are needed to compensate for the tremendous amount of credit card (read "electronic") fraud and thievery. These companies should be doing much more to prevent electronic fraud instead of just passing the cost on to honest consumers in the way of high interest rates. Rep. Edward J. Markey (D-Mass), the chairman of the House Telecom- munication and Finance Subcommittee, had this to say about privacy: "Whether it's a cellular phone conversation, computer data, a fax transmission, a satellite feed, cable programming, or other electronic services, encryption is the key to protecting privacy and security." He stated further that "developing a national policy for encryption and its uses is therefore a process of fundamental importance for the future of our national networks and our competitive position internationally."
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
--------- ENTER THE CYPHERPUNKS
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
That's cypher, not cyber. Let's not confuse these similar sounding monikers. The cypherpunks want to see widespread public use of cryptotechnology. They see the individual's privacy protected through cryptography. However, they face powerful governmental and political obstacles. The end of the cold war hasn't eliminated the need for cryptography and secret codes used by our government. But it should have alleviated some of the regulations concerning private use of cryptotechnology. The government still classifies cryptotechnology with hard military weapons such as tanks. The U.S. government agency in charge of cryptotechnology is the National Security Agency (NSA). The cypherpunks see the NSA as trying to keep its monopoly on cryptotechnology intact. One of the most outspoken and visible members of the cypherpunks is Iohn Gillmore. Mr. Gillmore has this to say on the subject: Government investment leads to government control. Government control is detrimental to the development of the media. Government seized the control of radio and television in their infancy. Since then the media has never had full first amendment rights or protection. Encryption technology is the key for people and companies to maintain their privacy over the networks. The government should cease its involvement . John has fought legal battles with the NSA on a few fronts. So far he has been victorious. BATTLE LINES The lines are drawn. On one side you have the cypherpunks who feel that good public cryptographic technology safeguards our privacy. The NSA feels this is compromising our national security. The government has threatened private cryptographers with jail. John Gillmore was threatened by the NSA stating that he was on the verge of violating the Espionage Act. A conviction would have sent him to jail for 10 years. How can the government threaten private citizens7 Easily: as stated previously, the government classifies cryptographic tools with military tanks and bomber planes. THE WASHINGTON CONNECTION The Administration wants America to encrypt its information to protect it from unauthorized access. The encryption scheme, con- tained in the government-sponsored Clipper chip, includes voice as well as data information sent over communication lines. A major catch in this plan is that only the government-approved encryption is allowed in any device used by the government or in government projects. Other encryption methods continue to be legal for domestic use, but only in nongovernment applications. The second catch is the potential for a trap door in the encryption chip's program that would allow law enforcement agencies to decipher any encrypted data. Therefol-e, this method of encryption doesn't alleviate concerns that the government could abuse its ability to tap into the privacy of the citizenship. Of course, organized crime would use its own crytotechnology, anyway. So a trap door would only be effective for spying on small incidental crooks and private citizens. The encryption algorithm touted by the Administration is contained in an integrated circuit. This chip, designed by Mykotronx in Torrance, Calif. and manufactured by VLSI in San Jose, Calif., is nicknamed "Clipper." It is a 12-Mbps encryption coprocessor. The OEM cost of the chip is $26 when purchased in large quantities, which trickles down to an increase of $100 in the street price of any electronic equipment (computer, phone, fax that contains the chip. SOFTWARE VS. HARDWARE There are less expensive encryption chips on the market than the Clipper. Usually anyone interested in encryption takes a software approach. It may be a little slower than hardware, but the recurring cost is much less. Speed only becomes a critical consideration when it's necessary to secure fast communication such as video or voice communication. RECENT EVENTS On February 4, 1994, the U.S. Government officially endorsed the Clipper chip and directed the Commerce Department's National Institute of Standards and Technology (NIST) and the Treasury Department to hold in escrow the keys used to unlock the Clipper codes. It also establishes new procedures for exporting products using Clipper to most countries. The government has formed an interagency group whose job it is to develop encryption technologies that could serve as alternatives to Clipper. The Clipper endorsement contains three flaws according to a policy paper released in January 1994 by the Institute of Electrical and Electronic Engineers: a classified algorithm, the key-escrow system, and an encryption standard developed for public use without public scrutiny. The Clipper chip has developed many industrial and congressional opponents. So far, Novell, AT&T, Citicorp, Computer Associates, Hughes Aircraft, Motorola, and other major corporations openly oppose the Clipper encryption standard. The failure of recent administrations lies in the fact that they did not seek greater industry participation before proposing the Clipper chip. Further, they ignored protests from industry and Congress. THE BIG BROTHER ISSUE The Clipper chip can provide government agencies with unprecedented wiretapping ability. Ideally, the Clipper chip encrypts (scrambles) communication to everyone except the intended recipient. The key code to unscramble communication is held by two separate government agencies. The government has the option of using a joining key code to unscramble communications with court-approved legal authorization. However, there is a strong possibility that a trap door exists in the Clipper chip that would allow agencies unauthorized tapping. The government wouldn't allow the algorithm used in the Clipper, called "SkipJack," to be studied publicly, so no one knows for sure. When the Administration endorsed the Clipper as a Federal Data Processing Standard on February 4, it was backed up with an immediate order for 50,000 Clipper chips. Meanwhile, a forced export embargo keeps all other encryption schemes expensive. U.S.manu- facturers must "dumb down" their data encryption programs by keeping the key lengths to 40 bits or fewer for legal export. The Clipper uses an 80-bit code. ENCRYPTION BASICS The following is a list of some of the basic terms that are used in encryption. Plaintext is the original unaltered message or file. Ciphertext is the encrypted message or file. An encryption algorithm is the function that maps plaintext into ciphertext. Keys are used to determine mapping. Keyspace describes the size of the key; it determines the number of all possible keys. For instance, an 8-bit key has a keyspace of 256 (256 possible values), where a 16-bit key has a keyspace of 65,536. Keys are usually alphanumeric. There are three main types of ciphers: substitution, transposition, and product. Substitution ciphers substitute each character in the plaintext with another, determined by the key. Transposition ciphers rearrange the characters in plaintext, again, determined by the key. Product ciphers combine the substitution and transposition algorithms. A substitution cipher simply substitutes each plaintext character with another character determined by the key. For instance, we could easily displace the alphabet by one character to generate a simple substitution. For example, ABC...XYZ could become BCD...YZA, and the phrase "HELLO WORLD" would become "IFMMP XPSME." Substitution ciphers are also called Caesar ciphers, because Julius Caesar used this simple method of encoding messages. The transposition cipher system rearranges the characters in plaintext. A simple system rearranges every two characters, so "ab" becomes "ba." With this kind of cipher, "HELLO WORLD" becomes "EHLLW ORODL." GENERATING MORE COMPLEX CIPHER SYSTEMS Blaise de Vigenere, a French cryptographer in the sixteenth century, complicated the simple Caesar code. He proposed that the key be used to change the plaintext in a periodic manner. When a message is encoded by this method, you change a plaintext letter for each successive letter in the key, always running through the same sequence of key letters. A simple example should clear any confusion. Suppose the name "John" was selected for the key code. This corre- sponds to the number sequence 9, 14, 7, 13. To encode a message using this key sequence, divide the letters of the plaintext message into groups of four. This corresponds to the four letters used in the key. To each letter group, add 9 to the number value of the first letter of each group, 14 to the second letter, 7 to the third letter, and 13 to the fourth letter. The example below illustrates the Vigenere code: Key Code: JohnJohnJohnJohn Plaintext message: helloworld Ciphertext message: qssy xlvf m As you can see, the coding algorithms are becoming more complex. Even this code pales to the more sophisticated programs available. THE DEBATE CONTINUES I've only scratched the surface in the great encryption debate. There are a number of on-line newsletters carried on the Circuit Cellar BBS that follow the issue closely Computer Underground Digest [CuD] and Electronic Frontier Foundation [EFF]. If you are interested in following along, check them out. So what do you think? Write and let me nkwo (pun intended) John Iovine is a free-lance writer living in Staten Island, N.Y. He has published numerous books on electronics and science-related topics. He may be reached at 75425.673@compuserve.com. For those who wish to pursue data encryption, Images Company offers an encryption program titled Cipher 1.0 for $9.95. Images Company, P.O. Box 140742, Staten Island, NY 10314, l 718 698-8305. New York residents must add the appropriate sales tax. Add $5.00 postage and handling to all orders. -NetSurfer #include standard.disclaimer
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> == = = |James D. Wilson |V.PGP 2.4: 512/E12FCD 1994/03/17 > " " " |P. O. Box 15432 | finger for full PGP key > " " /\ " |Honolulu, HI 96830 |====================================> \" "/ \" |Serendipitous Solutions| Also NetSurfer@sersol.com > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Thank you for posting this article. While it contained materials we are all aware of, I'm sure the Newbies on this list will appreciate it. I've saved it incase someone who isn't too familiar with crypto asks me to give him/her some info. Your service to this list is well worth while. Keep up the good work. :-)
participants (2)
-
Arsen Ray Arachelian -
NetSurfer