From owner-eff-activists@eff.org Mon May 9 15:50:00 1994 Received: (from daemon@localhost) by eff.org (8.6.8.1/8.6.6) id PAA00117 for eff-activists-exploder; Mon, 9 May 1994 15:39:11 -0400 From: Stanton McCandlish Message-Id: <199405091938.PAA29993@eff.org> Subject: Clipper: Govt. Monopoly in the Making - Ineffective Law Enforcement Date: Mon, 9 May 1994 15:38:58 -0400 (EDT) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 13420 Precedence: list To: eff-activists@eff.org (eff-activists mailing list) Status: RO Date: Mon, 9 May 1994 10:09:02 -0600 From: clewis@ils.nwu.edu (Charles Lewis) [according to the author, this may be redistributed at will; for print publication, best contact the author.] The Clipper Chip: Government Monopoly in the Making or Ineffective Law Enforcement Charles Lewis 2/26/94 On April 16, 1993, the White House released an official announcement of a new encryption technology called the Clipper Chip. Developed by the National Security Agency (NSA), and implemented by the National Institute for Standards and Technology (NIST), the Clipper initiative was intended to satisfy the private sector's need for secure encryption of data, specifically telephone communications, and at the same time allow law enforcement agencies to tap into these encrypted communications when such actions were approved by the Attorney General. The needs of private industry for secure lines of communication have long been left unfulfilled, primarily because of obsolete legislation that considers encryption algorithms to be a munitions for export purposes. For fear of the potential uses of such algorithms in the wrong hands, the export of technology implementing said algorithms has been virtually impossible. Industry leaders have been reluctant to incorporate encryption into their products because munitions laws would require that the versions made for export would have to be significantly different from the ones sold for domestic use. Meanwhile, industrial espionage remains a significant risk for many private companies. The government maintains that introducing secure encryption for public use could have disastrous effects for law enforcement agencies. "Unfortunately, the same encryption technology that can help Americans protect business secrets and personal privacy can also be used by terrorists, drug dealers, and other criminals," (The White House, Office of the Press Secretary, April 4, 1994). The Clipper initiative was meant to satisfy both the needs of the public sector for privacy, and the needs of law enforcement agencies to conduct legitimate electronic surveillance. To this end, the government proposed the controversial Escrow Encryption Standard (EES), of which Clipper is the first implementation. The concept is simple: Clipper will provide encryption of telephone calls between two Clipper equipped phones. This encryption will be unnoticeable at either end of the connection, but the signal in between will be scrambled to prevent monitoring by unauthorized parties. The scrambled signal can be decoded by using two data 'keys,' each held by a different government agency and released only when the Attorney General approves a request for them. By using this back door in the encryption algorithm, law enforcement agencies will still be able to conduct surveillance. Following the Clinton Administration's announcement of EES, there were concerned responses from many industry leaders and organizations. The primary cause for their anxiety was the power of the government to override the encryption provided by Clipper. This was defended as being a trade-off necessary for the compromise between the availability of encryption to the public and the needs of law enforcement agencies to effectively do their jobs. EES proponents argue that it does not make it any easier to obtain approval for electronic surveillance. The issue of whether the government can be trusted to hold the keys to this system is wide open for debate. Essentially, the government is asking us to trust them in this issue, and many aren't sure that this is wise or necessary. These arguments have far reaching implications for the future of personal privacy in America. It is very important for Americans, both in and out of the government, to consider how these issues affect us all. In the case of the EES, however, there are much more clear cut reasons why this initiative is both ineffective in satisfying the purposes for which it was devised, and damaging to those who would develop or use encryption. Even if we are to trust that the government is acting in our best interests by allowing law enforcement agencies to compromise the encryption standard, and even if we trust that the EES will provide adequate protection of the keys that can be used to bypass this encryption, many have asked just how effective the algorithm implemented in Clipper, called the SKIPJACK algorithm, is in the first place. The answer to this is impossible to ascertain first hand, unless you are one of the privileged few who were responsible for the development or testing of the algorithm. Secrecy is necessary in order to preserve the law enforcement functions ofs the algorithm. According to the NIST approval of EES, this ensures that no one can develop communications devices which use the algorithm without the law enforcement features (NIST, 2/9/94). That is to say that if the algorithm were made public, it would be no problem for a company to produce telephones which were capable of having encrypted communications with Clipper equipped phones, but would be impervious to decryption by law enforcement agencies, defeating the purpose of the algorithm. This secrecy comes at a cost. There is universal concern about the adequacy of an algorithm which cannot be revealed. In order to allay these concerns, the government had SKIPJACK examined by a panel of independent experts, who found it to be secure. Even so, it is difficult for many to simply take the word of this panel rather than to test the algorithm themselves. Dorothy Denning, a member of this panel, has little patience for outsiders who want in: "Nothing can be concluded from a statement questioning the technology by someone who has not seen it regardless of whether that person is an expert in security," (Denning, 2/9/94). By making this claim, she uniformly ignores the questions of the entire cryptography community. The attitude that no one outside of a government agency or government appointed panel is worthy of developing or testing SKIPJACK is echoed by Stuart Baker of the NSA in defending the secrecy surrounding the algorithm: "There are very few institutions other than government that are willing to devote both the kind of energy and resources that it takes to eliminate the last few bugs in encryption software or machinery," (Fourth Conference on Computers, Freedom, and Privacy, 3/24/94). Denning and Baker would have us believe that there is nothing useful to be had from consulting with the many industry and academic experts doing research in this field. In truth, it has often been the case that innovations in cryptography have come from non-government sources. There are many private companies providing encryption services professionally, as well as computer scientists doing important research in the field. Ignoring the opinions of these professionals not only damages the study of cryptography, but potentially hurts the EES by not taking advantage of what these experts have to offer. Even the sacrifice of a publicly available algorithm for the sake of law enforcement is in vain. Whitfield Diffie of Sun Microsystems, a veteran researcher in cryptography, tells us that "the Clipper system, as it has been described, is not difficult to bypass," (Diffie, 5/11/93). If Clipper chips do become as widely available as the government suggests, it will be possible for them to be used in such a manner as to defeat the law enforcement features of the chip. Also, what is to stop one from simply using a different sort of encryption that does not have the back door that Clipper does? According to official press releases, nothing. Government spokespeople repeatedly state that the use of the Clipper chip is entirely voluntary. But there are some drawbacks to not using it. For one thing, it is expected that the first big customer of Clipper equipped devices will be the government itself. Not only will this create many users of the EES right off, but it will also force companies that do business with the government to fall in line with the initiative. Another drawback to not using the government standard will be the old munitions laws restricting the export of encrypting devices. While the government is planning on loosening these restrictions for products using Clipper, "...the Administration will continue to restrict export of the most sophisticated encryption devices," (White House, Office of the Press Secretary, 2/4/94). It appears that the government hopes to simply squeeze out Clipper competitors economically. There are two possible results of the Clipper initiative. In the first scenario, competing encryption standards will arise. Without the government stepping in to make sure that the Clipper chip is the only form of telecommunications encryption available, this is inevitable. Alternate encryption standards will sell to the segment of consumers who would rather not trust the government to listen in on their phone calls. If this happens, Clipper will become completely ineffective for law enforcement because of the people using encryption that doesn't conform to the EES. At best, Clipper will fail. The only possible way that Clipper can not fail is if U.S. government successfully eliminates competitors selling encryption without a back door. Again, the government has repeatedly stated that this is not part of their game plan. If we are to believe that they will not try to create a Clipper monopoly, the first scenario is the only one possible. On the other hand, if the government does in fact force competitors out of the market using economic and legislative pressures, it would be extremely damaging both for the agencies outside of the government which work in the cryptography field, and for individuals using cryptography. The NSA would become the only agency in America with access to the workings of the system which the entire industry would be dependent upon. Additionally, only the NSA would have a say in keeping the EES competitive by incorporating new advances in encryption. Because of this choke hold, private research and innovation in this field would be brought to a halt. Either the U.S. government is prepared to take draconian measures to ensure that the EES is used universally, or the Clipper chip will be unable to keep the phone tapping business alive in the Information Age. The fact that these are the only possible outcomes is reason enough to oppose the Clipper initiative. Glossary Escrow Encryption Standard (EES): The encryption standard proposed by NIST, which has a back door accessible by keys held in escrow by government agencies. Clipper: The first implementation of the EES. This chip will be used in telecommunications devices. SKIPJACK: The encryption algorithm used in the EES. NIST: National Institute of Standards and Technology. Part of the Commerce Department. NSA: National Security Agency CPSR: Computer Professionals for Social Responsibility EFF: Electronic Frontier Foundation Sources Computer Professionals for Social Responsibility (CPSR). Computer Professionals Call For Public Debate on New Governement Encryption Initiative, April 16, 1993. Denning, D. Re:Campaign and Petition Against Clipper, (open letter on the Internet) February 9, 1994. Department of Commerce (DOC) National Institure of Standards and Technology (NIST). Approval of Federal Information Processing Standards Publication 185, Escrowed Encryption Standard (EES), February 9, 1994 Diffie, W. The Impact of a Secret Cryptographic Standard on Encryption, Privacy, Law Enforcement and Technology (congressional testimony), May 11, 1993. Electronic Frontier Foundation (EFF). "Initial EFF Analysis of Clinton Privacy and Security Proposal", EFFector Online, April 16, 1993. Fourth Conference on Computers, Freedom and Privacy. Data Encryption: Who Holds the Keys? (panel), March 24, 1994. Jackson, D. and S. Ratan. "Who Should Keep the Keys", Time, March 14, 1994. Markov, J. "Electronics Plan Aims to Balance Governement Access With Privacy", The New York Times, April 16, 1993. Murray, F. "Government picks affordable chip to scramble phone calls", The Washington Times, April 17, 1993. White House Office of the Press Secretary, Statement of the Press Secretary, February 4, 1994. Note: the great bulk of this information came from the following FTP sites: ftp.cpsr.org /cypherpunks/clipper ftp.eff.org /pub/EFF/Issues/Clipper ---- Charles Lewis Every normal man must be tempted clewis@ils.nwu.edu at times to spit on his hands, Institute forthe Learning Sciences hoist the black flag, Northwestern University and begin slitting throats. - H.L.Mencken -- Stanton McCandlish * mech@eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994