Clipper Q&A (fwd)

L. Detweiler ld231782 at longs.lance.colostate.edu
Sun Oct 10 23:39:47 PDT 1993


from

PRIVACY Forum Digest       Sunday, 10 October 1993       Volume 02 : Issue 32

          Moderated by Lauren Weinstein (lauren at vortex.com)
            Vortex Technology, Woodland Hills, CA, U.S.A.

===cut=here===

Date:    Thu, 30 Sep 93 14:31:41 EST
From:    "Tom Zmudzinski" <zmudzint at cc.ims.disa.mil>
Subject: Key Escrow Panel at 16th NCSC

21 Sep 93; 14:00-15:30; Room 317 of the Baltimore Convention Center
Track "E" (Tutorials & Presentations) -- KEY ESCROWING ISSUES

{ This is an incomplete "transcribble" of what was said, a personal
  precis if you will, not a court-ordered wiretap. ;{D }

Cast: Mr. Len McNulty (National Security Standards & Technology),
Dr. Clinton Brooks (Advisor to the Director, NSA),
Mr. Al MacDonald (Special Assistant to the Assistant Director of
                  Technical Services, FBI),
Dr. Dorothy Denning (Georgetown University),
Mr. Miles Schmidt (Manager of Security Advisory Group, NIST),
Mr. Daniel Weitzner (Senior Staff Council, Electronic Frontier Foundation)

{ Transcribbler's Note: I've done the best I can with what I heard,
  but cross-checking against the Preliminary Participants List proved
  to be useless so there may be some misheard/spelled names & titles. }

McNulty chaired the panel and gave a background briefing on the "Clipper
Chip/Skipjack Algorithm" broughaha.  Bottom line: NIST saw a requirement
for high grade encryption for voice and data throughout the private sector
but also saw the need to retain the ability to wiretap under court order.

{ Transcribbler's Note: Anyone needing background details (1) hasn't been
  paying attention to the media or fora and (2) can get them there. }

Brooks gave the NSA side -- NIST came to NSA in search of help with the
encryption.  The policy folks wrangled long and hard over installing a
backdoor, but concluded that any such weakening would be self-defeating.
Brooks went into detail about the workings of the key escrow process.
Bottom line: The algorithm HAS to be kept secret other wise someone could
reverse-engineer a box that would interoperate with an escrowed Clipper.
This box could then "lie" in the LEAF (Law Enforcement Access Field) and
thus be invulnerable to court-ordered breakback.

MacDonald gave the FBI's version -- Wiretap is a rarely used, last ditch
technique necessary to protect the country and the private individual.
MacDonald cited the use of wiretap in a "kiddy porn" kidnap/murder case.
Unfortunately, he presented NO hard data on the pros & cons, just opinion.
Bottom line: Wiretap is too useful a tool for Law Enforcement to give up
without a fight, so they're fighting.

Denning gave a synopsis of the work to date on breaking Skipjack.  (The
interim report is available on the Internet.)  Bottom line:  Recognizing
that the analysis was done under considerable time pressure, it bears out
NSA's claim that Skipjack is high quality (comparable to military grade)
encryption.

Weitzner presented the EFF position -- The EFF Electronic Privacy Working
Group shares the Government's goal of providing the users with choice as
to how (or if) they would protect their privacy.  A truly voluntary, well
functioning escrow system is appropriate to look at and test as one of the
many alternatives that people who need security and privacy have to work
with.  They are not taking the position that no escrow system should be
implemented at all (although there is an EFF faction that doubts that the
government is the appropriate escrow agent).  For the EFF, the critical
test will be whether or not the US export restrictions on cryptography
are relaxed.  Bottom line: EFF wants to make certain that it is a truly
voluntary system, not mandated by law.

( Various questions from the floor to the panel )

(Someone questioned the academic rigor of the Skipjack Analysis.)
A: Analysis was as good as could be done in the time available.

(Cliford Ockersmith, Intel, wanted to know why Intel had been excluded
from manufacturing the Clipper chip.) A: They haven't been.  (There IS an
issue because Clipper is a hardware standard, and Intel doesn't want to
retool to meet this standard.)

(It appears that the only time Clipper is vulnerable is when it is being
keyed.) A: The various parts of the Skipjack keys are NEVER in the clear
outside of the box that does the keying, even during a legal breakback.

(What happens to a chip once it's been brokenback?) A: The wiretap process
includes notifying the chip owner that it has been wiretapped. (What about
a gift certificate for a new chip in the letter?) A: [ laughter ]

(Someone asked again about making the algorithm public.) A: [ see above ]
Also, this is a voluntary standard, you don't have to use it.

(Question about terrorists voluntarily using other high grade encryption.)
A: No change from today.

(Question about identifying with whom one is securely conversing.)
A: Not part of Clipper.  (Phone companies market Caller-Id.)

(Unidentified person handed out "A Scientific Statement on Clipper Chip
Technology and Alternatives" at the exits.) A: Thank you. [ adjourn ]

                          -----------

The preceding has the legal status of hearsay, so don't quote anybody.






More information about the cypherpunks-legacy mailing list