Clipper article in Cu Digest, #9.10, Wed 20 Feb 97
CUD is available at URL: http://www.soci.niu.edu/~cudigest/ Here are some excerpts:
From -- Fight Censorship <FIGHT-CENSORSHIP@vorlon.mit.edu> Federal Computer Week DOD sinks the Clipper .. The Defense Department plans to remove the government key escrow software from its Fortezza cards used on the Defense Message System, a move that signals the death of the Clinton administration's controversial Clipper initiative and one that should encourage civilian use of the cryptographic cards.
A DOD spokeswoman confirmed the decision to remove the key escrow but would not provide further details.
The DOD decision, which will be formalized in a policy expected out shortly, is in response to the administration's decision last October to support key recovery technology instead of the controversial Clipper initiative. Each agency must decide how it will implement the government's policy internally. A technical advisory committee will develop standards for a federal key management infrastructure. ... DOD has for years pressured civilian agencies to use government escrow technology, but the agencies were wary of the law enforcement access. Stephen Walker, president and chief executive officer of Trusted Information Systems Inc. (TIS), said the policy will remove the last remnants of the Clipper and serve as an official endorsement of key recovery technology.
"This is the end of Clipper,'' Walker said. "This is a very positive move because it puts the Defense Department in a posture of using commercial products instead of Defense Department products. If the Defense Department is moving away from key escrow, no one else is going to feel obligated to have key escrow either." .... Sources said DOD's move was targeted to increase the appeal of the Fortezza card to users outside DOD.
Bruce McConnell, chief of information policy at the Office of Management and Budget, said the move would make Fortezza cards more attractive, but he cited different reasons. "It does encourage people to use it because it moves toward the commercial approach that's being taken," he said.
# Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list, please Cc: me on replies. Thanks.)
At 04:44 AM 2/22/97 -0800, Toto wrote:
Bill Stewart wrote:
DOD has for years pressured civilian agencies to use government escrow technology, but the agencies were wary of the law enforcement access. Stephen Walker, president and chief executive officer of Trusted Information Systems Inc. (TIS), said the policy will remove the last remnants of the Clipper and serve as an official endorsement of key recovery technology. So now civilian agencies should 'not' be wary of key recovery? If the DOD recommended breathing, I'd stop.
It's nice to know that the NSA's own government hasn't trusted Clipper enough to widely adopt it, and I was as impressed as you were with Walker's sleaziness... Either the civilian Feds don't believe the "legitimate needs of law enforcement" apply to them, or they don't trust the spooks to handle their keys carefully, or (more likely) there aren't any Clipper products that really meet their operational needs. Back when the STU-III was still called the "Future Secure Voice System" the DoD was telling manufacturers they'd probably sell 500,000 of them, between the DoD unclassified work, law enforcement users, defense contractors, and similar riff-raff. I don't know how many were actually sold, but I'd be surprised if it's a tenth of that; the government was too cheap to spend $2-3K per box for that many users. "Key Recovery" is a broader and sleazier term than "key escrow"; it doesn't force you to buy a specific espionage-enabled product, as long as you can demonstrate to the government that they can break in. Rot13 and RC4/40 inherently provide key recovery (:-), and DES presumably does (using NSA custom hardware). But PGP also gives you key recovery - just Cc: your Trusted Third Party whenever you encrypt something...... (Hmmm. I don't trust the Democrat or Republican Parties - guess that leaves the Libertarians? :-) P.S. On breathing - that's not DoD jurisdiction; the FDA regulates oxygen ... # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list, please Cc: me on replies. Thanks.)
participants (1)
-
Bill Stewart