Newsgroups: comp.org.usenix,alt.privacy.clipper,sci.crypt,comp.org.eff.talk,alt.security From: [c--po--r] at [Beyond.Dreams.ORG] (Jeff Kellem) Subject: quick non-technical writeup on Clipper Chip announcement Date: Wed, 5 May 1993 19:32:28 GMT Included below is an excerpt regarding the Clipper Chip announcement from a column I write titled "What's Out There?". It's primarily more for pointers on where to find more information, and a quick non-technical sketch of the announcement. [ This excerpt was written over a week ago. ] I'm posting the excerpt now, since the hardcopy won't be available until June, 1993 and some people may find this of interest. This excerpt is posted with permission, of course -- I'm the author. :) FYI... -jeff Jeff Kellem Internet: [c--po--r] at [Beyond.Dreams.ORG] ===CUT HERE=== [ NOTE: Please see the COPYRIGHT/LICENSE notice at the end of this document before any redistribution. ] The following is a portion of Volume 1, Issue 03 of "What's Out There?" written by Jeff Kellem <[c--po--r] at [Beyond.Dreams.ORG]>. This is expected to appear in the May/June 1993 issue of the USENIX Association's hardcopy newsletter, ";login:". Excerpted from "What's Out There?", Volume 1, Issue 03... White House and NSA (Encryption) Clipper Chip Announcement ---------------------------------------------------------- On April 16, 1993, the White House announced the development of an encryption chip for voice communications developed in conjunction with the National Security Agency (NSA) called the Clipper Chip, along with an initiative regarding telecommunications and privacy which could literally affect almost every citizen in the United States. On the same day, AT&T announced a "secure" phone which incorporated this chip. Some important things to point out: o the encryption algorithm is remaining classified [ In the cryptography community, an encryption algorithm is only considered secure after it has been examined extensively and independently by a wide array of experts around the world. With an algorithm which is kept secret, there is no guarantee that it is secure and that the encryption method has no "back door" (allowing easy decryption for those, such as the NSA, that know the "back door"). ] o though the government has announced plans to use the chip in their own phones, they do NOT plan to use it for CLASSIFIED information, only for unclassified information. o this chip has been in the making for 4 years; it would seem that the Clinton Administration has already made plans to use the chip, without public comment or discussion on a matter which is so important to the privacy of that same public. o it would seem that the Government might be granting a monopoly to Mykotronx, Inc. and VLSI Technology. As far as I know, VLSI fabricates the chip and Mykotronx programs the keys into it. o the key, which allows the information encrypted with this chip to be decrypted, is embedded in the chip [ This means that once the key is known, the chip needs to be replaced to maintain private communications. This would usually mean replacing the entire device (e.g. telephone), anytime that the key was divulged, whether legally or not. The key is also transmitted along with your encrypted data, so that law enforcement can obtain it, which would allow them to decrypt your data without your knowledge. ] o the 80-bit key is made from the xor of two (2) 80-bit keys, which are kept in databases at two different escrow agencies [ It's not clear how the key databases will be kept secure. It is also unknown if the classified encryption algorithm is any less secure to brute-force attacks, once half the key is known. ] o a successor chip has already been announced, called the Capstone chip. The Capstone chip is supposed to be a "superset" of the Clipper chip and will include the "digital signature standard" (DSS), which many in the cyprotgraphy community seem to consider insecure, as I recall. The NSA also developed DSS, which wasn't disclosed until CPSR filed a FOIA request with NIST (the National Institute of Standards & Technology). This announcement, in one way, is a step in the right direction -- privacy and encryption technology are important to the general public and for international economic competitiveness. An inquiry on whether export restrictions on encryption technology is good or bad is also a good thing. Currently, companies that want to include encryption as part of their products need to make two versions -- one for domestic distribution and one for international distribution. On the other hand, there are too many things about the announcement which are bothersome and need to be discussed publicly. Some of these items have been mentioned above. The Clipper Chip basically seems like it might provide privacy from some people, but not from the government. I recommend talking with your local congressman, writing letters, and discussing this with friends. Both the Electronic Frontier Foundation (EFF) and the Computer Professionals for Social Responsibility (CPSR) have made public statements against the announcement. The EFF supports the idea of reviewing cryptographic and privacy policies, but believes that the Clipper Chip announcement was premature and should be delayed until after the overall review and discussion. The CPSR has filed Freedom of Information Act (FOIA) requests regarding the plan. Online discussions of the announcement have been occurring all over the Net in various USENET newsgroups and mailing lists. Here's a sample of where you might find discussions of the Clipper Chip: USENET newsgroups: alt.privacy.clipper sci.crypt alt.security alt.privacy comp.org.eff.talk comp.security.misc comp.society.cu-digest comp.risks Mailing lists: [cypherpunks request] at [toad.com] Also, check the archives for the various groups listed above, as things may have changed by the time this comes to print in hardcopy come June 1993. The official White House press release of the Clipper Chip can be found via anonymous ftp from: csrc.ncsl.nist.gov in the /pub/nistnews directory, or via the NIST Computer Security BBS at +1 301 948 5717. It should also be available with the rest of the White House press release archives mentioned above. The EFF comments were first published in the EFFector Online Issue 5.06, which is available via anonymous ftp from: ftp.eff.org in the /pub/EFF/newsletters directory. Information from CPSR is available online via anonymous ftp from: ftp.cpsr.org in the /cpsr directory. The cypherpunks mailing list also maintains an archive. Information on the Clipper Chip can be found via anonymous ftp from: soda.berkeley.edu in the /pub/cypherpunks/clipper directory. Please do read the announcement of the Clipper Chip encryption technology, think about and discuss the implications of this with your friends, congressmen, and anyone else. ...End of excerpt. COPYRIGHT/LICENSE: This document is Copyright (c) 1993 Jeff Kellem/Beyond Dreams, [c--po--r] at [Beyond.Dreams.ORG.] This copyright notice must be kept with each document. You have permission to freely redistribute this for non-commercial and non-profit purposes. It would be nice if you let the author know about any redistributions that are expected to reach more than a single person. :-) (This would include mirroring ftp sites, etc.) Please contact the author if you wish to use this document in ANY other fashion. Most likely, there won't be a problem. If you wish to redistribute this document for commercial purposes, you MUST contact the author for permission. Thank you. Jeff Kellem Composer of Dreams Beyond Dreams Internet: [c--po--r] at [Beyond.Dreams.ORG]