9. Policy, Clipper, Key Escrow, and Digital Telephony


THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666, 1994-09-10, Copyright Timothy C. May. All rights reserved. See the detailed disclaimer. Use short sections under "fair use" provisions, with appropriate credit, but don't put your name on my words.

9.2. SUMMARY: Policy: Clipper,Key Escrow, and Digital Telephony

9.2.1. Main Points

9.2.2. Connections to Other Sections

9.2.3. Where to Find Additional Information

9.2.4. Miscellaneous Comments

9.3. Introduction

9.3.1. What is Clipper?

9.3.2. Why do most Cypherpunks oppose Clipper?

9.3.3. Why does Clipper rate its own section?

9.3.4. "Is stopping Clipper the main goal of Cypherpunks?"

9.4. Crypto Policy Issues

9.4.1. Peter Denning on crypto policy:

9.4.2. Will government and NSA in particular attempt to acquire some kind of control over crypto companies?

9.4.3. NIST and DSS

9.4.4. Export restrictions, Munitions List, ITAR

9.4.5. old crypto machines sold to Third World governments, cheaply

9.4.6. 4/28/97 The first of several P-K and RSA patents expires

9.4.7. encryption will be needed inside computer systems

9.5. Motivations for Crypto Laws

9.5.1. "What are the law enforcement and FBI worries?"

9.5.2. "What motivated Clipper? What did the Feds hope to gain?" - ostensibly to stop terrorists (only the unsophisticated ones, if alternatives are allowed)

9.5.3. Steve Witham has an interesting take on why folks like Dorothy Denning and Donn Parker support key escrow so ardently:

9.5.4. Who would want to use key escrow?

9.5.5. "Will strong crypto really thwart government plans?"

9.5.6. "Why does the government want short keys?"

9.6. Current Crypto Laws

9.6.1. "Has crypto been restricted in countries other than the U.S.?"

9.7. Crypto Laws Outside the U.S.

9.7.1. "International Escrow, and Other Nation's Crypto Policies?" - The focus throughout this document on U.S. policy should not lull non-Americans into complacency. Many nations already have more Draconian policies on the private use of encryption than the U.S. is even contemplating (publically). France outlaws private crypto, though enforcement is said to be problematic (but I would not want the DGSE to be on my tail, that's for sure). Third World countries often have bans on crypto, and mere possession of random-looking bits may mean a spying conviction and a trip to the gallows.

9.7.2. "Will foreign countries use a U.S.-based key escrow system?"

9.7.3. "Is Europe Considering Key Escrow?"

9.7.4. "What laws do various countries have on encryption and the use of encryption for international traffic?"

9.7.5. France planning Big Brother smart card?

9.7.6. PTTs, local rules about modem use

9.7.7. "What are the European laws on "Data Privacy" and why are they such a terrible idea?"

9.7.8. on the situation in Australia

9.7.9. "For those interested, NIST have a short document for FTP, 'Identification & Analysis of Foreign Laws & Regulations Pertaining to the Use of Commercial Encryption Products for Voice & Data Communications'. Dated Jan 1994." [Owen Lewis, Re: France Bans Encryption, alt.security.pgp, 1### 9.4-07-07]

9.8. Digital Telephony

9.8.1. "What is Digital Telephony?"

9.8.2. "What are the dangers of the Digital Telephony Bill?"

9.8.3. "What is the Digital Telephony proposal/bill?

9.9. Clipper, Escrowed Encyption Standard

9.9.1. The Clipper Proposal

9.9.2. "How long has the government been planning key escrow?"

9.9.3. Technically, the "Escrowed Encryption Standard," or EES. But early everyone still calls it "Clipper, " even if NSA belatedly realized Intergraph's won product has been called this for many years, a la the Fairchild processor chip of the same name. And the database product of the same name. I pointed this out within minutes of hearing about this on April 16th, 1993, and posted a comment to this effect on sci.crypt. How clueless can they be to not have seen in many months of work what many of us saw within seconds?

9.9.4. Need for Clipper

9.9.5. Further "justifications" for key escrow

9.9.6. Why did the government develop Clipper?

9.9.7. "Who are the designated escrow agents?"

9.9.8. Whit Diffie

9.9.9. What are related programs?

9.9.10. "Where do the names "Clipper" and "Skipjack" come from?

9.10. Technical Details of Clipper, Skipjack, Tessera, and EES

9.10.1. Clipper chip fabrication details

9.10.2. "Why is the Clipper algorithm classified?"

9.10.3. If Clipper is flawed (the Blaze LEAF Blower), how can it still be useful to the NSA?

9.10.4. What about weaknesses of Clipper?

9.10.5. "What are some of the weaknesses in Clipper?"

9.10.6. Mykotronx

9.10.7. Attacks on EES

9.10.8. Why is the algorithm secret?

9.10.9. Skipjack is 80 bits, which is 24 bits longer than the 56 bits of DES. so

9.10.10. "What are the implications of the bug in Tessera found by Matt Blaze?"

9.11. Products, Versions -- Tessera, Skipjack, etc.

9.11.1. "What are the various versions and products associated with EES?"

9.11.2. AT&T Surety Communications

9.11.3. Tessera cards

9.12. Current Status of EES, Clipper, etc.

9.12.1. "Did the Administration really back off on Clipper? I heard that Al Gore wrote a letter to Rep. Cantwell, backing off."

9.13. National Information Infrastructure, Digital Superhighway

9.13.1. Hype on the Information Superhighway

9.13.2. "Why is the National Information Infrastructure a bad idea?"

9.13.3. NII, Video Dialtone

9.13.4. The prospects and dangers of Net subsidies

9.13.5. NII, Superhighway, I-way

9.14. Government Interest in Gaining Control of Cyberspace

9.14.1. Besides Clipper, Digital Telephony, and the National Information Infrastructure, the government is interested in other areas, such as e-mail delivery (US Postal Service proposal) and maintenance of network systems in general.

9.14.2. Digital Telephony, ATM networks, and deals being cut

9.14.3. The USPS plans for mail, authentication, effects on competition, etc.

9.15. Software Key Escrow

9.15.1. (This section needs a lot more)

9.15.2. things are happening fast...

9.15.3. TIS, Carl Ellison, Karlsruhe

9.15.4. objections to key escrow

9.15.5. Micali's "Fair Escrow"

9.16. Politics, Opposition

9.16.1. "What should Cypherpunks say about Clipper?"

9.16.2. What do most Americans think about Clipper and privacy?" - insights into what we face

9.16.3. Does anyone actually support Clipper?

9.16.4. "Who is opposed to Clipper?"

9.16.5. "What's so bad about key escrow?"

9.16.6. Why governments should not have keys

9.16.7. "How might the Clipper chip be foiled or defeated?"

9.16.8. How can Clipper be defeated, politically?

9.16.9. How can Clipper be defeated, in the market?

9.16.10. How can Clipper be defeated, technologically?

9.16.11. Questions

  1. the people you want to communicate with won't have hardware to decrypt your data, statistically speaking. The beauty of clipper from the NSA point of view is that they are leveraging the installed base (they hope) of telephones and making it impossible (again, statistically) for a large fraction of the traffic to be untappable.
  2. They won't license bad people like you to make equipment like the system you describe. I'll wager that the chip distribution will be done in a way to prevent significant numbers of such systems from being built, assuring that (1) remains true." [Tom Knight, sci.crypt, 6-5-93]
    • What are the implications of mandatory key escrow?
      • "escrow" is misleading...
        • wrong use of the term
        • implies a voluntary, and returnable, situation
    • "If key escrow is "voluntary," what's the big deal?"
      • Taxes are supposedly "voluntary," too.

9.16.12. "Why is Clipper worse than what we have now?"

9.16.13. on trusting the government

9.17.1. As John Gilmore put it in a guest editorial in the "San Francisco Examiner," "...we want the public to see a serious debate about why the Constitution should be burned in order to save the country." [J.G., 19.4-06-26, quoted by S.

Sandfort]

9.17.2. "I don't see how Clipper gives the government any powers or capabilities it doesn't already have. Comments?"

9.17.3. Is Clipper really voluntary?

9.17.4. If Clipper is voluntary, who will use it?

9.17.5. Restrictions on Civilian Use of Crypto

9.17.6. "Has crypto been restricted in the U.S.?"

9.17.8. reports that Department of Justice has a compliance enforcement role in the EES [heard by someone from Dorothy Denning, 19.4-07], probably involving checking the law enforcement agencies...

9.17.9. Status

9.17.10. "Will Clipper be voluntary?"

9.18. Concerns

9.18.1. Constitutional Issues

9.18.2. "What are some dangers of Clipper, if it is widely adopted?" + sender/receiver ID are accessible without going to the key escrow

9.18.3. Market Isssues

9.18.4. "What are the weaknesses in Clipper?"

9.18.5. What it Means for the Future

9.18.6. Skipjack

9.18.7. National security exceptions

9.18.8. In my view, any focus on the details of Clipper instead of the overall concept of key escrow plays into their hands.

This is not to say that the work of Blaze and others is misguided...in fact, it's very fine work. But a general focus on the details of Skipjack does nothing to allay my concerns about the principle of government-mandated crypto. If it were "house key escrow" and there were missing details about the number of teeth allowed on the keys, would be then all breathe a sigh of relief if the details of the teeth were clarified? Of course not. Me, I will never use a key escrow system, even if a blue ribbon panel of hackers and Cypherpunks studies the design and declares it to be cryptographically sound.

9.18.9. Concern about Clipper

9.18.10. Some wags have suggested that the new escrow agencies be chosen from groups like Amnesty International and the ACLU. Most of us are opposed to the "very idea" of key escrow

(think of being told to escrow family photos, diaries, or house keys) and hence even these kinds of skeptical groups are unacceptable as escrow agents.

9.19. Loose Ends

9.19.1. "Are trapdoors--or some form of escrowed encryption-justified in some cases?"

9.19.2. DSS

9.19.3. The U.S. is often hypocritical about basic rights

9.19.4. "is-a-person" and RSA-style credentials


Revision #1
Created 23 June 2022 03:51:30 by c0mmando
Updated 23 June 2022 03:52:10 by c0mmando