By popular request: A non-techy Clipper blurb

Valerie Lambert valerie at valis.biocad.com
Sun Apr 25 20:00:37 PDT 1993



Well, I received more than a dozen requests for this since I mentioned it
here, and two people said I should post it.  You have probably seen it
all in one form or another already, but this is a handy package to send
to other people who need an introduction to the issue.  Embellish the intro,
snip/forward at will.

----- begin blurb -----

INFORMATION ABOUT THE CLIPPER WIRETAP CHIP.  DISTRIBUTE FREELY.


The Clipper chip has been designed and introduced by the Federal government
to standardize encryption technology so that law enforcement agencies can
listen in on "private" conversations in electronic media.  The device will
initially be installed in government phones, and AT&T will also sell it for
individual and business use.  It is clear that the government would very
much like the Clipper to become the standard for all future domestic
electronic "private" communication.  Many respected professionals in
telecommunications and related industries fear that the government may
soon make moves to outlaw or otherwise kill other encryption technology
that could compete with the Clipper.

This is not unlike the government demanding that you give them a sealed
copy of all your future phone conversations and other computer-facilitated
communications, just in case they ever want to open and examine them later.

A pertinent quote from John Perry Barlow of the Electronic Frontier
Foundation:

     The legal right to express oneself is meaningless if there is no
     secure medium through which that expression may travel. By the same
     token, the right to hold certain unpopular opinions is forfeit unless
     one can discuss those opinions with others of like mind without the
     government listening in.

     ...there is a kind of corrupting power in the ability to create
     public policy in secret while assuring that the public will have
     little secrecy of its own...

This message contains announcements from the White House, AT&T, the
Electronic Frontier Foundation, the Computer Professionals for Social
Responsibility, and various news articles.  Technical details and darker,
deeper, evaluations of the Clipper project are available; see the usenet
newsgroup sci.crypt for current info and pointers.
_______________________________________________________________________________

FROM THE WHITE HOUSE

From: clipper at csrc.ncsl.nist.gov (Clipper Chip Announcement)
Subject: White House Public Encryption Management Fact Sheet
Organization: National Institute of Standards & Technology
Date: Fri, 16 Apr 1993 20:44:58 GMT


Note:     The following was released by the White House today in
          conjunction with the announcement of the Clipper Chip
          encryption technology.

                           FACT SHEET

                  PUBLIC ENCRYPTION MANAGEMENT

The President has approved a directive on "Public Encryption
Management."  The directive provides for the following:

Advanced telecommunications and commercially available encryption
are part of a wave of new computer and communications technology. 
Encryption products scramble information to protect the privacy of
communications and data by preventing unauthorized access. 
Advanced telecommunications systems use digital technology to
rapidly and precisely handle a high volume of communications. 
These advanced telecommunications systems are integral to the
infrastructure needed to ensure economic competitiveness in the
information age.

Despite its benefits, new communications technology can also
frustrate lawful government electronic surveillance.  Sophisticated
encryption can have this effect in the United States.  When
exported abroad, it can be used to thwart foreign intelligence
activities critical to our national interests.  In the past, it has
been possible to preserve a government capability to conduct
electronic surveillance in furtherance of legitimate law
enforcement and national security interests, while at the same time
protecting the privacy and civil liberties of all citizens.  As
encryption technology improves, doing so will require new,
innovative approaches.

In the area of communications encryption, the U. S. Government has
developed a microcircuit that not only provides privacy through
encryption that is substantially more robust than the current
government standard, but also permits escrowing of the keys needed
to unlock the encryption.  The system for the escrowing of keys
will allow the government to gain access to encrypted information
only with appropriate legal authorization.

To assist law enforcement and other government agencies to collect
and decrypt, under legal authority, electronically transmitted
information, I hereby direct the following action to be taken:

INSTALLATION OF GOVERNMENT-DEVELOPED MICROCIRCUITS

The Attorney General of the United States, or her representative,
shall request manufacturers of communications hardware which
incorporates encryption to install the U.S. government-developed
key-escrow microcircuits in their products.  The fact of law
enforcement access to the escrowed keys will not be concealed from
the American public.  All appropriate steps shall be taken to
ensure that any existing or future versions of the key-escrow
microcircuit are made widely available to U.S. communications
hardware manufacturers, consistent with the need to ensure the
security of the key-escrow system.  In making this decision, I do
not intend to prevent the private sector from developing, or the
government from approving, other microcircuits or algorithms that
are equally effective in assuring both privacy and a secure key-
escrow system.

KEY-ESCROW

The Attorney General shall make all arrangements with appropriate
entities to hold the keys for the key-escrow microcircuits
installed in communications equipment.  In each case, the key
holder must agree to strict security procedures to prevent
unauthorized release of the keys.  The keys shall be released only
to government agencies that have established their authority to
acquire the content of those communications that have been
encrypted by devices containing the microcircuits.  The Attorney
General shall review for legal sufficiency the procedures by which
an agency establishes its authority to acquire the content of such
communications.

PROCUREMENT AND USE OF ENCRYPTION DEVICES

The Secretary of Commerce, in consultation with other appropriate
U.S. agencies, shall initiate a process to write standards to
facilitate the procurement and use of encryption devices fitted
with key-escrow microcircuits in federal communications systems
that process sensitive but unclassified information.  I expect this
process to proceed on a schedule that will permit promulgation of
a final standard within six months of this directive. 

The Attorney General will procure and utilize encryption devices to
the extent needed to preserve the government's ability to conduct
lawful electronic surveillance and to fulfill the need for secure
law enforcement communications.  Further, the Attorney General
shall utilize funds from the Department of Justice Asset Forfeiture
Super Surplus Fund to effect this purchase.
_______________________________________________________________________________

FROM AT&T

 AT&T TO INCORPORATE NEW 'CLIPPER' CHIP INTO SECURE COMMUNICATIONS
PRODUCT LINE

GREENSBORO, N.C., April 16


    AT&T (NYSE: T) said today it is moving to improve the security and privacy
of telephone communications by incorporating a just-announced new U.S.
government technology for voice  encryption  into its secure communications
product line.

   AT&T will use the Clipper chip, announced today by President Clinton as a 
new technology for voice  encryption,  in all of its secure telephone products
except those specially designed for government classified customers.  The
Commerce Department has announced a six-month timetable for the final
certification of Clipper.

   "AT&T is pleased to be the first company to publicly commit to adoption of
the Clipper chip," said Ed Hickey, AT&T vice president, Secure Communications
Systems.  "We believe it will give our customers far greater protection in
defeating hackers or eavesdroppers attempting to intercept a call.

   "And now all commercially available AT&T voice  encryption  products will 
be compatible with each other, a major step forward in bringing secure
communications capabilities to the business community."

   In standardizing AT&T voice  encryption  products on the Clipper chip, AT&T
will include the algorithm in the Telephone Security Device as well as in the
Secure Voice/Data Terminal.

   The AT&T Telephone Security Device is a compact, lightweight unit that 
brings advance  encryption  technology to conventional land-line and cellular
telephones.  It provides a powerful, convenient and reliable way to protect 
the most sensitive telephone conversations.

   The device works with a conventional land-line or transportable/mobile
cellular phone.  It turns the phone's signal into a digital stream of 
encrypted information that is decrypted by a Telephone Security Device 
attached to the phone at the receiving end of the call.

   The AT&T Telephone Security Device connects easily to desk telephones or
tranportable or mobile phones.  It weighs 1.5 pounds and is 7 inches long, 4.5
inches wide and 1.5 inches high.  And it's as easy to use as it is portable.

   The AT&T Secure Voice/Data Terminals are desktop telephones that provide
 encryption  for both telephone calls and data transmissions.

   These AT&T secure communications products use an enhanced voice  
encryption  technique that provides very high voice quality.  This technology 
allows calls placed with these products to approach the voice quality of 
normal calls.

   To further enhance interoperability, AT&T will consider licensing to other
manufacturers its enabling technologies for interoperability. Interoperability
of  encryption  devices requires common technology beyond the use of a common
 encryption  algorithm, specifically common methods of digital voice encoding
and signaling.

   AT&T has already performed integration tests with Clipper chips 
manufactured by the government's supplier, Mykotronx Inc., of Torrence, 
Calif., and is preparing to integrate the chip into the manufacturing of its 
secure products.   AT&T's Clipper-equipped telephone security devices will be 
available to customers by the end of the second quarter.

    The federal government intends to adopt the Clipper chip as the
standard for voice  encryption  to help protect proprietary information,
protect the privacy of personal phone conversations and prevent
unauthorized release of data transmitted electonically.  At the same
time, use of the Clipper chip will preserve the ability of federal,
state and local law enforcement agencies to intercept lawfully the phone
conversations of criminals.
    "Adoption of Clipper will support both the government's efforts to
protect the public and the public's right to privacy," Hickey said.
    AT&T Secure Communication Systems provides products to protect
voice, data, fax, cellular and video communications.  It also engineers
and integrates secure communications applications.  Its customers
include the governments of the United States and other nations as well
as major corporations around the world.
    AT&T Secure Communications Systems is headquartered in Greensboro.
    For more information about the AT&T Telephone Security Device 3600
and other AT&T Secure Communications Products, call David Arneke at
919-279-7680.
     CONTACT: David Arneke of AT&T Secure Communications Systems, 919-279-
7680,or after hours, 919-273-5687, or Herb Linnen of AT&T Media Relations,
202-457-3933, or after hours, 202-333-9162
_______________________________________________________________________________

FROM THE ELECTRONIC FRONTIER FOUNDATION

Date: Fri, 16 Apr 1993 15:17:02 -0400
From: Cliff Figallo <fig at eff.org>
Subject: EFFector Online 5.06
To: eff-news at eff.org (eff-news mailing list)

******************************************************************
           //////////////     //////////////     //////////////
         ///                ///                ///
       ///////            ///////            ///////
     ///                ///                ///
   //////////////     ///                ///
******************************************************************
EFFector Online Volume 5 No. 6       4/16/1993       editors at eff.org
A Publication of the Electronic Frontier Foundation   ISSN 1062-9424

...

                       April 16, 1993

      INITIAL EFF ANALYSIS OF CLINTON PRIVACY AND SECURITY  
                           PROPOSAL

       The Clinton Administration today made a major announcement 
on cryptography policy which will effect the privacy and security of 
millions of Americans.  The first part of the plan is to begin a 
comprehensive inquiry into major communications privacy issues 
such as export controls which have effectively denied most people 
easy access to robust encryption as well as law enforcement issues 
posed by new technology.

       However, EFF is very concerned that the Administration has 
already reached a conclusion on one critical part of the inquiry, before 
any public comment or discussion has been allowed.  Apparently, the 
Administration is going to use its leverage to get all telephone 
equipment vendors to adopt a voice encryption standard developed 
by the National Security Agency. The so-called "Clipper Chip" is an 
80-bit, split key escrowed encryption scheme which will be built into 
chips manufactured by a military contractor.  Two separate escrow 
agents would store users' keys, and be required to turn them over 
law enforcement upon presentation of a valid warrant.  The 
encryption scheme used is to be classified, but they chips will be 
available to any manufacturer for incorporation into their 
communications products.

       This proposal raises a number of serious concerns .

       First, the Administration appears to be adopting a solution 
before conducting an inquiry.  The NSA-developed Clipper chip may 
not be the most secure product. Other vendors or developers may 
have better schemes. Furthermore, we should not rely on the 
government as the sole source for Clipper or any other chips.  Rather,
independent chip manufacturers should be able to produce chipsets 
based on open standards.

       Second, an algorithm can not be trusted unless it can be tested. 
Yet the Administration proposes to keep the chip algorithm 
classified.  EFF believes that any standard adopted ought to be public 
and open.  The public will only have confidence in the security of a 
standard that is open to independent, expert scrutiny.  

       Third, while the use of the split-key, dual-escrowed 
system may prove to be a reasonable balance between privacy and 
law enforcement needs, the details of this scheme must be explored 
publicly before it is adopted.  What will give people confidence in the 
safety of their keys?  Does disclosure of keys to a third party waive 
individual's fifth amendment rights in subsequent criminal 
inquiries?  

       In sum, the Administration has shown great sensitivity to the 
importance of these issues by planning a comprehensive inquiry into 
digital privacy and security.  However, the "Clipper chip" solution 
ought to be considered as part of the inquiry, not be adopted before 
the discussion even begins.

DETAILS OF THE PROPOSAL:

ESCROW

The 80-bit key will be divided between two escrow agents, each of 
whom hold 40 bits of each key.  Upon presentation of a valid 
warrant, the two escrow agents would have to turn the key parts 
over to law enforcement agents.  Most likely the Attorney General 
will be asked to identify appropriate escrow agents.  Some in the 
Administration have suggested one non-law enforcement federal 
agency, perhaps the Federal Reserve, and one non-governmental 
organization.  But, there is no agreement on the identity of the agents 
yet.

Key registration would be done by the manufacturer of the 
communications device.  A key is tied to the device, not to the person 
using it.

CLASSIFIED ALGORITHM AND THE POSSIBILITY OF BACK DOORS

The Administration claims that there are no back door means by 
which the government or others could break the code without 
securing keys from the escrow agents and that the President will 
be told there are no back doors to this classified algorithm.  In order 
to prove this, Administration sources are interested in arranging for 
an all-star crypto cracker team to come in, under a security 
arrangement, and examine the algorithm for trap doors.  The results 
of the investigation would then be made public.

GOVERNMENT AS MARKET DRIVER


In order to get a market moving, and to show that the government 
believes in the security of this system, the feds will be the first big 
customers for this product.  Users will include the FBI, Secret Service, 
VP Al Gore, and maybe even the President. 

FROM MORE INFORMATION CONTACT:

Jerry Berman, Executive Director
Daniel J. Weitzner, Senior Staff Counsel

...

=============================================================

     EFFector Online is published by
     The Electronic Frontier Foundation
     666 Pennsylvania Ave., Washington, DC 20003
     Phone: +1 202 544-9237 FAX: +1 202 547 5481
     Internet Address: eff at eff.org
     Coordination, production and shipping by Cliff Figallo, EFF 
     Online Communications Coordinator (fig at eff.org)
 Reproduction of this publication in electronic media is encouraged.
 Signed articles do not necessarily represent the view of the EFF.
 To reproduce signed articles individually, please contact the authors
 for their express permission.

      *This newsletter is printed on 100% recycled electrons*
_______________________________________________________________________________

FROM THE COMPUTER PROFESSIONALS FOR SOCIAL RESPONSIBILITY

April 16, 1993
Washington, DC

               COMPUTER PROFESSIONALS CALL FOR PUBLIC
           DEBATE ON NEW GOVERNMENT ENCRYPTION INITIATIVE

        Computer Professionals for Social Responsibility (CPSR)
today called for the public disclosure of technical data
underlying the government's newly-announced "Public Encryption
Management" initiative.  The new cryptography scheme was
announced today by the White House and the National Institute
for Standards and Technology (NIST), which will implement the
technical specifications of the plan.  A NIST spokesman
acknowledged that the National Security Agency (NSA), the super-
secret military intelligence agency, had actually developed the
encryption technology around which the new initiative is built.

        According to NIST, the technical specifications and the
Presidential directive establishing the plan are classified.  To
open the initiative to public review and debate, CPSR today
filed a series of Freedom of Information Act (FOIA) requests
with key agencies, including NSA, NIST, the National Security
Council and the FBI for information relating to the encryption
plan.  The CPSR requests are in keeping with the spirit of the
Computer Security Act, which Congress passed in 1987 in order to
open the development of non-military computer security standards
to public scrutiny and to limit NSA's role in the creation of
such standards.

        CPSR previously has questioned the role of NSA in
developing the so-called "digital signature standard" (DSS), a
communications authentication technology that NIST proposed for
government-wide use in 1991.  After CPSR sued NIST in a FOIA
lawsuit last year, the civilian agency disclosed for the first
time that NSA had, in fact, developed that security standard.
NSA is due to file papers in federal court next week justifying
the classification of records concerning its creation of the
DSS.

        David Sobel, CPSR Legal Counsel, called the
administration's apparent commitment to the privacy of
electronic communications, as reflected in today's official
statement,  "a step in the right direction."  But he questioned
the propriety of NSA's role in the process and the apparent
secrecy that has thus far shielded the development process from
public scrutiny.  "At a time when we are moving towards the
development of a new information infrastructure, it is vital
that standards designed to protect personal privacy be
established openly and with full public participation.  It is
not appropriate for NSA -- an agency with a long tradition of
secrecy and opposition to effective civilian cryptography -- to
play a leading role in the development process."

        CPSR is a national public-interest alliance of computer
industry professionals dedicated to examining the impact of
technology on society.   CPSR has 21 chapters in the U.S. and
maintains offices in Palo Alto, California, Cambridge,
Massachusetts and Washington, DC.  For additional information on
CPSR, call (415) 322-3778 or e-mail <cpsr at csli.stanford.edu>.
_______________________________________________________________________________

FROM THE CHICAGO TRIBUNE

April 17, 1993

Privacy device leaves cops a key

By Christopher Drew, Chicago Tribune.

As a step toward the development of vast new data "superhighways," the
federal government has designed a powerful device that would protect
the privacy of electronic communications by encoding them but still
allow police to eavesdrop.

Critics say the project, announced Friday by the Clinton
administration, raises serious questions about the protection of civil
liberties as more people use cellular and cordless phones and
computer-based communications.

They also warned that the device is not likely to help law-enforcement
agents foil high-tech criminals unless it becomes the most widely used
commercial encryption system - and drives private competitors out of
the business.

"'A.k.a. Big Brother,' that's what I call it," said Stephen Bryen, a
former Pentagon official who runs a company developing a rival
encryption system.

Bryen said it was "very disturbing" that the government has gone so
far with the previously classified project "without consulting with
experts in the industry" whose investments could be wiped out.

One high-ranking federal official, Raymond Kammer, acknowledged that
such concerns are part of an "appropriate debate" that needs to be
held over the project.

"Maybe it turns out that society, as it debates this, finds it
unacceptable," said Kammer, acting director of the National Institute
for Standards and Technology. "I'm not sure. This is the start of that
debate."

Millions of people who exchange information via computers and make
calls from cordless and cellular phones, which are especially
vulnerable to interception, could be affected. Experts say an era is
dawning in which traveling executives exchange electronic memos and
negotiate sensitive deals via hand-held communicators using vulnerable
wireless transmitters.

In endorsing the plan, the White House described it Friday as an
outgrowth of federal efforts to capitalize on advances in telephone
and computer technology while preventing drug dealers and terrorists
from finding new ways to mask their misdeeds.

In last year's campaign, President Clinton pledged to invest billions
of dollars in faster and more secure data links to enhance the
standing of U.S. firms in the global economy.

But as the computer industry has developed systems to enable
businesses to scramble data transfers and telephone conversations as a
safeguard against industrial espionage, a growing number of criminals
also have begun using them to foil court-authorized wiretaps.

Under the new plan, engineers at the National Security Agency invented
a new coding device, called the " Clipper Chip, " which is said to be
much harder to crack than encoding systems now on the market.

The government licensed two California companies - Mykotronx and VLSI
Technology - to make the computer chips. The chips will form the
"brains" inside small scrambling devices that can be attached to
individual telephones.

To spur the venture, the Justice Department will soon purchase several
thousand of the devices. Military and spy agencies also are expected
to use them.

Private businesses would not be required to use the technology. But
federal officials hope their sponsorship will establish the Clipper
chips as the new industry standard and crowd out competing systems.

Indeed, AT&T announced Friday that it will use the new chips in a
desktop device for encrypting telephone conversations that it expects
to sell for $1,195.

But in return for gaining the extra encoding power built into the new
system, users would have to accept the fact that government code-
breakers would always hold the keys to tap into the information.

In an effort to prevent abuses of civil liberties, federal officials
said, they will set up a system in which they would have to match two
coding keys held by different officials to unscramble any
communications. National- security and law-enforcement officials could
bring the keys together only under court-authorized operations.

But Bryen said it is hard to see how the Clipper chips project will
provide much help to the FBI.

Even if the new coding devices drove others off the U.S. market, Bryen
said, sophisticated criminals would simply buy encoding devices
overseas, as many already do.

Multinational and foreign-based companies also could prove leery of a
system that has a built-in point of entry for U.S. authorities.

The FBI separately is seeking legislation that would force telephone
companies to modify their equipment to keep other advances in
technology from hampering its ability to perform wiretaps.

AT&T and other phone companies have opposed this idea.
_______________________________________________________________________________

FROM THE WASHINGTON TIMES

April 17, 1993

Government picks affordable chip to scramble phone calls

Frank J. Murray; THE WASHINGTON TIMES

President Clinton gave a major boost yesterday to one telephone-
scrambler technology in a decision its delighted manufacturer likens
to the choice of VHS over Beta for videotape machines.

Mr. Clinton's action could allow the use of relatively cheap
scramblers on almost every cellular, business and government phone and
make scramblers common even on ordinary home telephones.

An administration official said consideration will be given to banning
more sophisticated systems investigators cannot crack, thereby
creating a balance between banning private encryption and declaring a
public right to unbreakably coded conversations.

"We've got a balance we've got to strike between the public's
important need for privacy and the public's need to be assured it's
safe from crime," said Raymond G. Kammer, acting director of the
National Institute of Standards and Technology, which developed the
system with the National Security Agency.

In an unusual decision he said was examined by the National Security
Council, Mr. Clinton directed the Commerce and Justice departments to
encourage the development of the high-tech system, which includes
electronic master keys to enable law enforcement officials to decode
transmissions if they obtain court orders.

"This technology preserves the ability of federal, state and local law
enforcement agencies to intercept lawfully the phone conversations of
criminals," Mr. Clinton said, citing the fear that encrypted phones
could aid terrorists and drug dealers.

The system is designed to protect from unauthorized interception the
electronic transmission of conversations, computer data and video
images at a cost per telephone that could be under $30, said Ted
Bettwy, executive vice president of the manufacturer, Mykotronx Inc.
of Torrance, Calif.

He said the chip announced yesterday, internally referred to as
MYK-78, costs about $40 and uses an algorithm 16 million times more
complex than that used by chips now on the market. Computer hackers
have penetrated the current chips.

The new chip uses an 80-bit code instead of the 56-bit code that is
the digital encryption standard (DES).

The chip eventually could sell in lots of 10,000 for about $25 each,
Mr.  Kammer said, with later versions priced around $10 each.

Government engineers at NSA and the Commerce Department's NIST
designed and developed the chip, which was then produced by privately
owned Mykotronx and a publicly traded subcontractor, VLSI Technology.

A Silver Spring competitor cried foul, particularly because the
commercial device was developed without notice or competitive bids in
a classified laboratory that does work for the National Security
Agency.

"If the purpose of this chip is to catch bad guys, then no bad guy
will use it," said Stephen Bryen of Secure Communications Technology
in Silver Spring, which produces a competitive chip he said could sell
for $10.

"The answer is to invest more money into breaking codes," Mr. Bryen
said in an interview after yesterday's announcement. "They're trying
to put us out of business."

Mr. Kammer said the secrecy was justified.

"The technology we're using was actually developed in a classified
environment in the first place and then transferred to a sole-source
supplier. I don't know that there was any way around it," he said in
an interview.

The Justice Department will buy several thousand of the Mykotronx
devices, which use a " clipper chip. " They are being incorporated
into other systems by Motorola and American Telephone & Telegraph Co.,
Mr. Bettwy said.

Other sophisticated encryption systems do not allow ready access for
authorized law enforcement purposes, said Mr. Bryen, who predicted
that an elaborate security plan for the electronic master key would
not prevent misuse.

Mike Newman, a spokesman for the National Institute of Standards and
Technology, said, "The key is split into two parts and stored
Separately to ensure security of the key system."

Access would be provided to the two parts for an agency that produced
legitimate authority or a court order, he said. The Justice Department
will determine whether the two parts will be held by separate federal
agencies or a federal agency and a private agency.

"This chip is going to do something that we, the citizens, really
need, and that is to allow us the privacy we want as common citizens,"
Mr. Bettwy said in a telephone interview from California yesterday.

He said the vital part of yesterday's decision is the government's
declaration that it intends to use the device. Mr. Bettwy says that
use will establish his device as the new standard and will require
private facilities to use the same system to communicate with the
government.

He said the decision's impact is "exactly" like the adoption of VHS
standards, making most private use of Beta video systems obsolete.

"I hope that's true," he said of the business implications for
Mykotronx.  "We're hoping this will become the new standard."

Only compatible phones can receive secure communications from a phone
using a clipper chip.

"To me the real significance is if everybody uses this, everybody can
talk to anybody else," Mr. Bettwy said.

"It creates a false hope," Mr. Bryen said.

"The secret key could fall into other people's hands. When you create
a system that has a back door, other people will find the back door."
______________________________________________________________________________

FROM THE NEW YORK TIMES

April 16, 1993

Electronics Plan Aims to Balance Government Access With Privacy

By JOHN MARKOFF, Special to The New York Times

The Clinton Administration plans a new system of encoding electronic
communications that is intended to preserve the Government's ability
to eavesdrop for law enforcement and national security reasons while
increasing privacy for businesses and individuals.

New technology will be installed in some Government communications
networks within weeks or months and could be available for business
and even household use before the end of the year. It will use a new
system of encoding voice and computer transmissions, including phone
calls and electronic mail, to prevent unauthorized listening.

The move is intended to resolve a long-standing dilemma of the
information age: how to preserve the legitimate right for businesses
and citizens to use codes to protect all sorts of digital
communications -- be it a doctor's cellular phone call to a patient or
a company's electronic transfer of a million dollars to an overseas
client -- without letting criminals and terrorists conspire beyond the
reach of the law.

"There is a trade-off between individual privacy and society's safety
from crime," one Government official said. "Our society needs to
decide where to draw the line."

But at least some communications experts, when told of the plan by a
reporter, did not like what they heard.

"I think the Government is creating a monster," said a former Pentagon
official, Stephen D. Bryen, who is now president of Secured
Communications Technologies Inc. in Silver Spring, Md., which makes
data-security equipment. "People won't be able to trust these devices
because there is a high risk that the Government is going to have
complete access to anything they are going to do."

Modern communications are becoming increasingly vulnerable to illegal
listening. For example, cellular phone calls can be monitored by
anyone with an inexpensive scanner.

At the same time, computer chips and special software make it possible
to code phone conversations and computer data, effectively garbling
them so they cannot be deciphered by even the National Security
Agency's most powerful code-breaking computers.

Although computer encoding is now used in only a small portion of
electronic communications, computer experts expect that volume to grow
rapidly as more of the nation's commerce begins to flow over data
networks -- especially wireless networks.

The Government has proposed in the past to require the use of a hidden
key in the coding hardware or software -- a way to crack the code, in
other words -- to let police security agents decipher messages after
obtaining court authorization to do so. Civil liberty concerns aside,
computer experts have argued that any such key, no matter how
sophisticated, might be figured out by any savvy computer hacker.

The Administration's solution: require two separate keys, each to be
held by different agencies or organizations.

The new coding devices, which will be called Clipper Chips, have been
designed by engineers at the National Institute for Standards and
Technology and at the National Security Agency. They will be
manufactured by Mycotronx, a military contractor based in Torrance,
Calif., and VLSI Technology Inc., a Silicon Valley semiconductor
manufacturer. The devices will be built into Government telephones and
eventually into commercial telephones and computers.

The new security plan has been a classified secret of several
Government agencies, including the National Institute for Standards
and Technology and the National Security Agency, and several law
enforcement agencies, including the Federal Bureau of Investigation.
The official said the Government planned to announce the technology,
possibly within a week, and to propose it as a Government-wide
standard later this year.

Broad Review Ordered

A White House official said today that President Clinton had ordered
the National Security Council to conduct a formal review of the new
plan as well as all Government cryptography policies. The review,
which will take three to four months, will begin within weeks, and
will consider both the domestic use and export of advanced
cryptography systems.

Several Administration officials said the security devices would be
deployed first by law enforcement and intelligence agencies and also
civilian agencies, like the Internal Revenue Service, that handle
confidential information. But the new system is also viewed as a data
security standard that the Clinton Administration believes will
eventually be widely used in the nation's commercial telephone and
computer networks.

While the Administration currently has no plan to try imposing the
technology on private industry, officials hope it will become a
standard.  Any communications or computer company doing business with
the Federal Government, from A.T.& T. to I.B.M., would presumably have
to incorporate the technology into their products. Moreover, the
Government can authorize or deny the export of American-made computer
and communications devices on the basis of whether it approves of any
coding that may be used in the hardware and software.

The new security standard, technically a set of computer algorithms,
was developed by National Security Agency scientists. The
Administration officials said they viewed the approach as a candidate
for replacing the 15-year-old Data Encryption Standard that is now
used to secure much of the nation's computer data. There is no known
hidden key in this standard, although many industry experts believe
that the agency can crack the code with its high-powered computers.
______________________________________________________________________________

FROM THE KNIGHT-RIDDER NEWS SERVICE (1)

Knight-Ridder/Tribune Business News 

Computer Group, Libertarians Question Clinton Phone Privacy Stance
By Rory J. O'Connor, San Jose Mercury News, Calif. 

SAN JOSE, Calif.--Apr. 17--Civil libertarians and a major computer industry
group raised concerns Friday about how much protection a Clinton
administration plan would afford private electronic communications, from
cellular telephone calls to computer data. 

The administration Friday said it would begin using technology developed by
the government's National Institute of Standards and Technology to balance
two competing interests: the desire of citizens to keep their conversations
private and the need for law enforcement agencies to monitor those
conversations after getting a court order. 

The technology that enables this is a computer chip called the Clipper Chip
that scrambles a telephone call or computer message using a secret
algorithm, or formula. 

But each chip also comes with a pair of electronic "keys" that could be
used by law enforcement agencies to decipher the secret messages generated
by the chip. 

The Clinton proposal calls for one key to be held by each of two separate
"trusted" third parties, who would release them to law enforcement agencies
that obtained legal authority to intercept the communications. Both keys
would be needed to decipher a message. 

The Electronic Frontier Foundation, a not-for-profit civil liberties group, 
praised the administration for considering the issue. But it criticized the
lack of public input into the plan. 

"They've announced a big inquiry with public input, but they've reached a
conclusion before they started," said Daniel J. Weitzner, staff counsel for
the Washington-based foundation. 

Although the administration's plan calls only for equipping government
telephones with the security devices, some groups are concerned the plan
might become a standard for all manner of electronic communication before
the public has a chance to debate its merits. 

"I don't want to sound too stridently opposed to this," said Ken Wasch,
executive director of the Software Publishers Association (SPA) in
Washington. "But...we feel blindsided." 

The SPA was discussing data security issues with Clinton administration
officials but had not expected any White House action until August, said
Ilene Rosenthal, general counsel. 

Besides the lack of initial hearings, both groups said they had two major
concerns about the Clinton plan: 

- Because the algorithm itself is secret, the groups say it is impossible
for the public to discern if it is truly secure. Users can't be certain
government spy agencies have not hidden a "back door" in the software that
will allow them to read anything they want. 

"So far there hasn't been a credible explanation about why the algorithm
has to be secret," Weitzner said. 

- The administration hasn't decided who will be the escrow agents, and it
seems unlikely any government agency, corporate entity or other
organization would be deemed trustworthy by every user. 

Even assuming all concerned can agree on who will hold them, civil
libertarians are concerned that the keys, by giving law enforcement
agencies access to individuals' private communications, might pose a threat
to constitutional protections against self-incrimination. 

Washington sources who requested anonymity suggested the White House might
have drafted its plan quickly because of concern over sales of an AT&T
device that encrypts phone calls using an older standard, Data Encryption
Standard. The sources said law enforcement officials feared the device
would create an explosion in secured telephone traffic that would severely
hamper their efforts to wiretap calls. 

American Telephone & Telegraph Co. announced Friday it would adapt the
$1,200 product, called the Telephone Security Device, to use the Clipper
Chip by the end of this fiscal quarter. AT&T makes a related device, which
encrypts voice and computer data transmissions, that could be converted to
the Clipper technology, said spokesman Bill Jones. 

Jones said he wasn't aware of any concern by the government over the
current model of the Telephone Security Device, which has been sold to
government and business customers. 

At least one company was quite pleased with the plan: San Jose chip maker
VLSI Technology, which will manufacture the Clipper chips for a Torrance
company that is selling them to the government and to AT&T. 

VLSI, which invented a manufacturing method the company said makes it
difficult to "reverse engineer" the chip or discern the encryption scheme, 

expects to make $50 million in the next three years selling the device,
said Jeff Hendy, director of new product marketing for the company.
_______________________________________________________________________________

FROM THE KNIGHT-RIDDER NEWS SERVICE (2)

New Scrambler Designed to Protect Privacy, But Allow Police Monitoring By
Christopher Drew, Chicago Tribune 
Knight-Ridder/Tribune Business News 

WASHINGTON--Apr. 19--As a step toward the development of vast new data
"superhighways," the federal government has designed a powerful device that
would protect the privacy of electronic communications by encoding them but
still allow police to eavesdrop. 

Critics say the project, announced Friday by the Clinton administration,
raises serious questions about the protection of civil liberties as more
people use cellular and cordless phones and computer-based communications. 

They also warned that the device is not likely to help law-enforcement
agents foil high-tech criminals unless it becomes the most widely used
commercial encryption system - and drives private competitors out of the
business. 

"'A.k.a. Big Brother,' that's what I call it," said Stephen Bryen, a former
Pentagon official who runs a company developing a rival encryption system. 

Bryen said it was "very disturbing" that the government has gone so far
with the previously classified project "without consulting with experts in
the industry" whose investments could be wiped out. 

One high-ranking federal official, Raymond Kammer, acknowledged that such
concerns are part of an "appropriate debate" that needs to be held over the
project. 

"Maybe it turns out that society, as it debates this, finds it
unacceptable," said Kammer, acting director of the National Institute for
Standards and Technology. "I'm not sure. This is the start of that debate."

Millions of people who exchange information via computers and make calls
from cordless and cellular phones, which are especially vulnerable to
interception, could be affected. Experts say an era is dawning in which
traveling executives exchange electronic memos and negotiate sensitive
deals via hand-held communicators using vulnerable wireless transmitters. 

In endorsing the plan, the White House described it Friday as an outgrowth
of federal efforts to capitalize on advances in telephone and computer
technology while preventing drug dealers and terrorists from finding new
ways to mask their misdeeds. 

In last year's campaign, President Clinton pledged to invest billions of
dollars in faster and more secure data links to enhance the standing of
U.S. firms in the global economy. 

But as the computer industry has developed systems to enable businesses to
scramble data transfers and telephone conversations as a safeguard against
industrial espionage, a growing number of criminals also have begun using
them to foil court-authorized wiretaps. 

Under the new plan, engineers at the National Security Agency invented a
new coding device, called the "Clipper Chip," which is said to be much
harder to crack than encoding systems now on the market. 

The government licensed two California companies - Mykotronx and VLSI
Technology - to make the computer chips. The chips will form the "brains"
inside small scrambling devices that can be attached to individual
telephones. 

To spur the venture, the Justice Department will soon purchase several
thousand of the devices. Military and spy agencies also are expected to use
them. 

Private businesses would not be required to use the technology. But federal
officials hope their sponsorship will establish the Clipper chips as the
new industry standard and crowd out competing systems. 

Indeed, AT&T announced Friday that it will use the new chips in a desktop
device for encrypting telephone conversations that it expects to sell for
$1,195. 

But in return for gaining the extra encoding power built into the new
system, users would have to accept the fact that government code-breakers
would always hold the keys to tap into the information. 

In an effort to prevent abuses of civil liberties, federal officials said, 

they will set up a system in which they would have to match two coding keys
held by different officials to unscramble any communications.
National-security and law-enforcement officials could bring the keys
together only under court- authorized operations. 

But Bryen said it is hard to see how the Clipper chips project will provide
much help to the FBI. Even if the new coding devices drove others off the
U.S. market, Bryen said, sophisticated criminals would simply buy encoding
devices overseas, as many already do. 

Multinational and foreign-based companies also could prove leery of a
system that has a built-in point of entry for U.S. authorities. 

The FBI separately is seeking legislation that would force telephone
companies to modify their equipment to keep other advances in technology
from hampering its ability to perform wiretaps. AT&T and other phone
companies have opposed this idea. 
_______________________________________________________________________________

WHAT TO DO ABOUT IT    by Philip Zimmermann

Date: Sat, 24 Apr 93 01:03:53 PDT
From: atfurman at cup.portal.com
Newsgroups: comp.dcom.telecom
Subject: Phil Zimmerman on the "Clipper initiative"
Message-ID: <telecom13.277.2 at eecs.nwu.edu>
Approved: telecom at eecs.nwu.edu

The following was posted on the Usenet newsgroup alt.security.pgp
by Philip Zimmermann, author of PGP (a public-key crypto program):

                          ---------------

Here are some ideas for those of you who want to oppose the White
House Clipper chip crypto initiative.  I think this is going to be a
tough measure to fight, since the Government has invested a lot of
resources in developing this high-profile initiative.  They are
serious about it now.  It won't be as easy as it was defeating Senate
Bill 266 in 1991.

Possible actions to take in response:

1) Mobilize your friends to to all the things on this list, and more.

2) Work the Press.  Talk with your local newspaper's science and
technology reporter.  Write to your favorite trade rags.  Better yet,
write some articles yourself for your favorite magazines or
newspapers.  Explain why the Clipper chip initiative is a bad idea.
Remember to tailor it to your audience.  The general public may be
slow to grasp why it's a bad idea, since it seems so technical and
arcane and innocent sounding.  Try not to come across as a flaming
libertarian paranoid extremist [*Moi?* -- ATF], even if you are one.

3) Lobby Congress.  Write letters and make phone calls to your Member
of Congress in your own district, as well as your two US Senators.
Many Members of Congress have aides that advise them of technology
issues.  Talk to those aides.

4) Involve your local political parties.  The Libertarian party would
certainly be interested.  There are also libertarian wings of the
Democrat and Republican parties.  The right to privacy has a
surprisingly broad appeal, spanning all parts of the political
spectrum.  We have many natural allies.  The ACLU.  The NRA.  Other
activist groups that may someday find themselves facing a government
that can suppress them much more efficiently if these trends play
themselves out.  But you must articulate our arguments well if you
want to draw in people who are not familiar with these issues.

4) Contribute money to the Electronic Frontier Foundation (EFF) and
Computer Professionals for Social Responsibility (CPSR), assuming
these groups will fight this initiative.  They need money for legal
expenses and lobbying.

5) Mobilize opposition in industry.  Companies that will presumably
develop products that will incorporate the Clipper chip should be
lobbied against it, from within and from without.  If you work for a
telecommunications equipment vendor, first enlist the aid of your
coworkers and fellow engineers against this initiative, and then
present your company's management with a united front of engineering
talent against this initiative.  Write persuasive memos to your
management, with your name and your colleagues' names on it.  Hold
meetings on it.

6) Publicize, deploy and entrench as much guerrilla
techno-monkeywrenching apparatus as you can.  That means PGP,
anonymous mail forwarding systems based on PGP, PGP key servers, etc.
The widespread availability of this kind of technology might also be
used as an argument that it can't be effectively suppressed by
Government action.  I will also be working to develop new useful tools
for these purposes.

7) Be prepared to engage in an impending public policy debate on this
topic.  We don't know yet how tough this fight will be, so we may have
to compromise to get most of what we want.  If we can't outright
defeat it, we may have to live with a modified version of this Clipper
chip plan in the end.  So we'd better be prepared to analyze the
Government's plan, and articulate how we want it modified.

Philip Zimmermann

Forwarded to the Internet TELECOM Digest by Alan T. Furman,
atfurman at cup.portal.com

--- end ---








More information about the cypherpunks-legacy mailing list