NSA wants to buy 10,000-70,000 Clipper PCMCIA cards by March

John Gilmore gnu
Mon Jan 24 14:46:41 PST 1994


John Markoff just broke a story which has been simmering for almost
two months -- large scale deployment of PCMCIA card-based Skipjack
devices.

***  Hastily Scanned.  No authority for redistribution granted ***

U.S. CODE AGENCY IS JOSTLING FOR CIVILIAN TURF

New York Times, Monday, January 24, 1994

By John Markoff

  The National Security agency is trying to establish a standard tor
electronically scrambling computer communications, a move that would go far
beyond the agency's usual military and intelligence domain to include
civilian activities like electronic tax returns and computerized medical
payments.
The plan by the N.S.A., which may be announced as early as today, worries
business executives, who fear a Government encroachment on privacy. And
some officials in the Clinton Administration believe that the N.S.A. is
overstepping its bounds.
  The N.S.A. is the Federal agency responsible for electronic surveillance
of global communications, though usually not civilian communlcations,
within the United States.
  But in an era when everyday business is increasingly conducted over
computer networks, and when much of that electronic commerce is transmitted
in scrambled form to prevent eavesdropping or theft of information, the
agency is intent on having Government and civilian computer users employ a
standard approach to scrambling.
  That way, after-obtaining a court's permission, law-enforcement officials
would have a way of cracking codes.

Bidding Process

  The agency will seek bids from companies to produce circuit cards based
on its technology, which would be used to scramble electronic messages for
Government agencies and, eventually, private companies. Agency employees
confirmed the plan late Friday, though no agency officials could be reached
over the weekend for further details.
  The Internal Revenue Service, the Government agency that has the most
electronic communication with the public, has already started testing the
system. "We need to know what the administrative issues are with this
technology," said Henry Philcox, the tax agency's chief information
officer.
Many computer industry executives oppose the National Security Agency's
effort, saying there is no way for industry experts and outsiders to
determine the reliability and security of the underlying scrambling
technology, which the agency intends to keep secret.
  Privacy-rights advocates, meanwhile, are wary of the system because of
the electronic "back door" it contains, permitting Government
eavesdropping. And some other Administration officials say the agency is
going too far by pushing the standard into civilian computing
  "What these guys are trying to do is run ahead of the blocking," an
Administration official who spoke on the condition of anonymity said.
"Trying to sell this as the wave of the future is premature as
Administration policy.
The circuit card, which is designed to fit into a personal computer and
which the agency calls Tessera, is based on technology similar to a device
known as the Clipper Chip, a telephone voice-scrambling chip that provides
a back-door means for letting law-enforcement officials eavesdrop.
  The Clipper plan, developed by the National Security Agency in
cooperation with the National Insatute for Standards and Technology, a
Commerce Department agency, was announced in April by the Clinton
Administration. It has been almost universally opposed by computer and
telecommunications executives and by public policy groups.
  In a letter to be sent to President Clinton today, which was released on
Friday to The New York Times, a group of 38 of the nation's leading
computer scientists, computer-security specialists and privacy experts have
urged that the Clipper program be stopped.
  "The current proposal was developed in secret by Federal agencies
primarily concerned about electronic surveillance, not privacy protection,"
the letter states. "Critical aspects of the plan remain classified and thus
beyond public review."
  The letter was signed by most of the civilian pioneers of modern
cryptography, including Whitfield Diffie of Sun Microsystems, Ralph C
Merkle of the Xerox Corporation, Martin Hellman of Stanford University and
Ronald Rivest of the Massachusetts Institute of Technology.
  While there has been no other indication so far that the Government wants
to torce private industry to use Clipper or Tessera technologies, their
adoption as Government and military standards could go a long way toward
making them de facto standards. The Federal and military markets are some
of the largest for the computer and communications industrles, and the
Government has the power to determine what sorts of advanced technology can
be exported.
  Moreover, the Government could insure widespread use of the Clipper and
Tessera technologies by insisting that they be used by businesses and
individuals when communicating electronically with Federal agencies.

Official Reasoning

  Law-enforcement officials say the technologies are intended to resolve a
longstanding problem of the information age: how to preserve the right of
businesses and citizens to use codes to protect all sorts of digltal
communications without letting criminals and terrorists conspire beyond the
law's reach. Businesses and individuals who often communicate over computer
networks already make use of a variety of scrambling systems-either of
their own devising or those commercially available.
  Many of these scrambling systems are unbreakable by anyone who does not
hold the electronic keys to the code, something generally known only by the
sender and the recipient of scrambled messages.
  That is a problem for the National Security Agency, which routinely
listens to many of the world~s telephone and computer conversations -
although it has no jurisdiction for moni toring non-Government
conversations within the United States. The N.S.A.'s Tessera and Clipper
systems would have an independent agency hold master keys to the codes,
which could be obtained with a court's permission for surveillance by
law-enforcement officials.
  The agency plans initially to purchase 10,000 to 70,000 of the Tessera
cards for its use and that of the Pentagon. In an industry briefin8 held
earlier this month, however, N.S.A. officials proposed the eventual use of
the secure communications card in a vast range of civilian and Government
applications including some by the Internal Revenue Service, the
Departments of Health and Hurnan Services, Justice and State and in the
Senate and the House.
  The agency also suggested that the card could be used for civilian
functions like electronic mail and in the scrambling systems employed in
cable television.
The National Security Agency's new standard-setting effort is being
introduced a couple of weeks before the Clinton Administration completes a
classified review of the Clipper proposal, and several industry executives
said the announcement had been timed to apply pressure to the
Administration's decision making.
  The proposal angers industry executives who believe that the agency is
rushing to establish a de facto standard that will undercut efforts to
adopt a competing commercial standard without a built-in back door. That
standard, being developed by RSA Data Security, a Redwood City, Calif.,
software company, has been endorsed by the nation's leading computer
makers, software developers and telecommunications companies.

Secret Formula

  These companies are particularly troubled by the National Security
Agency~s refusal to disclose the mathematical formula, or algorithm, on
which-its scrambling technology is based.
  "The issue here is: Should a secret algorithm developed by the
intelligence community be used for unclassified civilian uses?" said
Stephen Walker, a computer security industry executive and a member of the
Government's Computer System Security and Privacy Advisory Board.  l think
the answer is it should not.
  The agency has increasingly come into conflict with industry and public !
policy groups who argue that independent and public coding technology is
essential if the nation is to develop a viable electronic commerce system. 
  "These Government surveillance plans focus on limiting public privacy at
a time when everyone is calling for more privacy," said Marc Rotenberg, .
Washington director of Computer Professionals for Social Responsibility, a
public interest group that organized the letter that will be sent to
President Clinton today. "Privacy is a key part of the national information
infrastructure, and the decisions the Administration is making are leaning
l in the wrong direction."
  The new security standard is being proposed at a time the National
Security Agency is trying to redefine its role after the cold war, and it
raises questions in critics' minds about whether the agency is overstepping
its authority. The 1988 Computer Security Act limited the N.S.A.'s computer
security role to military and intelligence agencies.
  "These guys are fighting for job secyrity," said William Ferguson, vice
president of Semaphore Inc., a , Santa Clara, Calif., computer network
security firm. "Now that the K.G.B. has gone commercial, the N.S.A. is
trying to start its own initiatives that say, 'all we're trying to do i is
keep up with the K.G.B.' "
  White House officials said the agency's actions would not necessarily
force the Administration to authorize, an unpopular coding technology.
One official said the Administration policy review was likely to establish
a permanent working group that, would limit the National Security, Agency's
role in policy making.
  The N.S.A. originally planned to announce its request for proposals on
Friday. But the notice was delayed because the Government shut down
Thursday in response to the frigid weather that disrupted the supply of
electricity in Washington and other parts of the East. The agency
tentatively plans to award contracts for the Tessera card by March 25.

	-30-






More information about the cypherpunks-legacy mailing list