I'd long noted a lot of confusion on the part of net.folk on what the difference between Clipper, Skipjack, Tessera, etc. is, and so forth so I cobbled this together. Any comments? If you think something needs to be added, removed, changed, clarified, etc., please let me know. Stanton McCandlish * mech@eff.org * Electronic Frontier Found. OnlineActivist clipper.glossary 1.02 This is a short, probably over-simplified, glossary of terms relevant to the Clipper debate. Cantwell bill - HR3627, a House bill to remove or reduce export restrictions on cryptography. Not a *directly* anti-Clipper bill, but if approved, would render Clipper rather useless. Stiff opposition is expected, however, as the Administration appears to wish to tie key escrow to exportability, having already pre-approved EES-based products for export, while denying such approval to other encryption methods, despite the fact that most if not all are already widely availble outside of the US, many of them being developed in foreign countries and imported to the US in the first place. The bill is sponsored by Rep. Maria Cantwell, and supported by EFF. The bill was introduced in 1994, and failed to pass. Capstone - Clipper-like chip, also based on the Skipjack algorithm, for use in encrypting computer data. Probably the chip in Tessera cards. As with Clipper, all cryptographic keys are slated for key escrow treatment. Clipper - microchip that performs encryption on voice (telephone) data using the Skipjack algorithm, intended for use in phones. AKA "the wiretap chip". All Clipper encryption keys are to be held in "key escrow" for law enforcement peace of mind. Digital Telephony bill - aka "the wiretap bill", a proposed piece of legislation that would mandate that all telecommunications technology, present and future, be made "wiretap friendly"; also calls for law enforcement access to electronic traffic analysis information, without a warrant, in sufficient detail to track who calls whom where and for how long, even to the extent of being able to track the physical location of wireless phone users. Not part of the Clipper scheme, but a related measure, sponsored by the FBI. EFF is strongly opposed to any and all versions of the Digital Telephony bill. In 1994, we were asked by Sens. Leahy and Edwards to help them strip FBI demands from the legislation, and replace them with new privacy protections. The resulting version of bill passed, as the Communications Assistance to Law Enformcement Act of 1994. Though it, for the first time, affords privacy protection to transactional records, and has other pro-privacy features, much of the FBI's wishlist was passed as well, and EFF and other civil liberties groups continue to oppose the implementation of the wiretapping provisions of the bill. EES - Escrowed Encryption Standard, a FIPS that includes the Clipper chip as an official US goverment standard. FBI - Federal Bureau of Investigation, the "federal cops"; concerns about their future ability to wiretap (despite the fact that less that 1000 legal wiretaps are performed each year, leading to only a handful of convictions) has led the FBI to propose, 3 times, and eventually get passage of, their Digital Telephony Bill. In an extreme case of doublethink, the FBI named the latest version of their bill the Digital Telephony and Privacy Improvement Act. FIPS - Federal Information Processing Standard. A generic term for US govt. standards related to data, information, and telecommunications, including encryption. ITAR - International Traffic in Arms Regulations which, illogical as it sounds, classify cryptographic products as "munitions" alongside M16s and ICB missles. The ITAR restrictions are preventing US software and hardware manufacturers from effectively competing in the burgeoning international market for encryption products. Besides being based on outdated Cold War mentality, the ITARs are almost completely unenforceable, as any encryption software products can be "exported" via any number of electronic means, all over the world, within moments of their creation. EFF is sponsoring a lawsuit (Bernstein v. Dept of State, NSA, et al.), challenging the constitutionality of the ITAR. Key Escrow - keeping a copy of a user's encryption keys. In actually secure cryptography, no one but the individual users have copies of their secret keys for decryption. Under this scheme, however, an outside entity (currently the plan calls for goverment entities, incidentally 2 with very close ties to intelligence and law enforcement) will keep copies of all cryptographic keys, to allow for police and spy decryption of messages captured via "legally authorized" wiretapping. Legal authorization is as yet undefined. Key escrow, by it's very nature is antithet- ical to the concept of cryptography, since it compromises security by definition. This does not prevent the government from referring to it as a privacy enhancement, of course. The entire Skipjack encryption system depends heavily on the idea of key escrow, which term is actually another distortion of the truth (true escow is a system in which something is held for the owner's benefit. In this case the "something", the encryption keys, are held by govt. agencies for police and secret agent benefit, to the detriment of the key owners. A more accurate term is "key surrender".) COMMERCIAL KEY ESCROW: A modified govt. plan, as of 1995, that calls for users' keys to be held by businesses (e.g. banks or govt. contractors) rather than by govt. agencies. Neither of these schemes are to be confused with real key escrow, in which a third, trusted, party holds encryption keys *for the user*. Governmental "key escrow" is the holding of citizens keys by the government, for the government. Reall commercial key escrow has legitimate, voluntary, application (e.g. holding an attorney's work-related crypto key so that in the event of the attorney's demise or employment termination, the cases the attorney was working on can continue - the law firm needs to have access to the encrypted material. It would be wholly inappropriate, though, to hold in escrow the attorney's personal-use crypto keys. Leahy hearings - Sen. Patrick Leahy has called for full Senate hearings on the entire Clipper issue, largely at the prompting of EFF. The hearings were held in early May, 1994, and the Administration really suffered a beating. Almost every word of the non-government testimony was opposed to Clipper. NIST - National Institue of Standards and Technology. Despite the name, this is an Executive branch federal agency, not an "institute". In general, NIST is responsible for discussing, proposing, testing, and recommend- ing the approval of a great number of goverment standards, most of them innocuous if not truly useful. In the Clipper debate, NIST appears to be acting as a front or lackey for the NSA, to assist the NSA in using loopholes to meddle in domestic affairs. NIST recommended, counter to the wishes of over 90% of the respondents to a NIST Request for Comments on the issue, that the Clipper EES be approved as a FIPS. It was then subsequently approved. In 1995, NIST held "workshops" on "commercial key escrow" that almost univerally turned off industry players to the idea - NIST attempted to control the entire agenda, and took approval of the commercial escrow idea for granted. They were in for a surprise. NSA - National Security Agency (AKA "No Such Agency") - super-secretive spy ring of the Defense Dept., entrusted with national security. Designers and primary advocates of the Skipjack/Clipper encryption system. Legislatively barred from interfering in domestic affairs, the NSA does so anyway, and habitually violates the provisions of the Freedom of Information Act. Skipjack - NSA-classified mathematical algorithm for encrypting (enciphering, encoding) data so that it cannot be read by anyone but those with the decryption "key". It is speculated that the algorithm is classified because the NSA has built in a "backdoor" to allow NSA decryption without having to go through the already slim legal user protections of a key-escrow system that requires warrants. EFF is opposed to all current proposals for deploying this algorithm in various encryption products, because the system depends upon so-called key escrow, and because until the algorithm is declassified and subjected to expert, public scrutiny, there is no means of assuring that the algorithm has not been intention- ally compromised by NSA. Tessera - PCMCIA card for use with laptop computers, already in production for internal NSA use, intended for commercial production as well. Uses Skipjack algorithm to encrypt data. In a spectacular display of patronizing arrogance, NSA apparently assumed no one had a dictionary. Definition of tesser[e]a (pl. tesser[e]ae) from _Oxford_Unabridged_Dictionary_ and Starr's _History_of_the_ _Classical_World_: "An identity chit or marker. Tessereae were forced on conquered peoples and domestic slaves by their Roman occupiers or owners. Slaves or Gauls who refused to accept a tesserea were branded or maimed as a form of identification." Faced with such an attitude, that US citizens are conquered slaves to be tagged and branded, or maimed for their questioning of authority, it is no particular wonder that one of the first names for Clipper/Captone chips coined by those opposed to the scheme was "the Big Brother chip". See the following sites for more detailed information on these subjects: ftp.eff.org, /pub/Privacy/ gopher.eff.org, 1/Privacy gopher.eff.org/11/Privacy/ http://www.eff.org/pub/Privacy/ ADMINISTRIVIA: This file is Copyright 1994, 1995 Stanton McCandlish. It is freeware produced by Stanton McCandlish for the Electronic Frontier Foundation. Distribute at will, provided you do not qualitatively modify it (let me know, and *I* will change it - this way it's updated for EVERYONE), remove this or any other paragraph or plagiarize it, and do not sell it for profit.