Date: Tue, 8 Feb 1994 08:25:16 -0800
From: Phil Agre <[p--g--e] at [weber.ucsd.edu]>
To: [r--e] at [weber.ucsd.edu]
Subject: start the revolution (1000 lines)

Here are several messages about the latest cryptography-and-civil-liberties
action in Washington.  Parental discretion advised.  Folks in the US are
called on to take several political actions.  Please distribute widely.

Date: 4 Feb 1994 18:21:05 -0600
From: [m--h] at [eff.org] (Stanton McCandlish)
To: [alt politics datahighway list] at [eff.org]
Subject: Alert--Admin. names escrow agents, no compromise on Clipper - 7 files

EFF Press Release            04/04/94             * DISTRIBUTE WIDELY *

At two briefings, Feb. 4, 1994, the Clinton Administration and various
agencies gave statements before a Congressional committee, and later
representatives of civil liberties organizations, industry spokespersons
and privacy advocates.  The Electronic Frontier Foundation's position,
based on what we have seen and heard from the Administration today, is
that the White House is set on a course that pursues Cold War national
security and law enforcement interests to the detriment of individual
privacy and civil liberties.

The news is grim.  The Administration is:

 * not backing down on Clipper
 * not backing down on key escrow
 * not backing down on selection of escrow agents
 * already adamant on escrowed key access procedures
 * not willing to elminate ITAR restrictions
 * hiding behind exaggerated threats of "drug dealers" and "terrorists"

The material released to the industry and advocacy version of the briefing
have been placed online at ftp.eff.org (long before their online
availability from goverment access sites, one might add).  See below for
specific details.

No information regarding the Congressional committee version of the briefing
has been announced.  EFF Director Jerry Berman, who attended the private
sector meeting, reported the following:

"The White House and other officials briefed industry on its Clipper chip
and encryption review. While the review is not yet complete, they have
reached several policy conclusions.  First, Clipper will be proposed as
a new Federal Information Processing Standard (FIPS) next Wednesday. [Feb.
9]  It will be "vountary" for government agencies and the private sector
to use. They are actively asking other vendors to jump in to make the
market a Clipper market. Export licensing processes will be speeded up but
export restrictions will not be lifted in the interests of national
security. The reason was stated bluntly at the briefing : to frustrate
competition with clipper by other powerful encryption schemes by making
them  difficult to market, and to "prevent" strong encryption from leaving
the country thus supposedly making the job of law enforcement and
intelligence more difficult.  Again in the interest of national security. Of
course, Clipper will be exportable but they would not comment on how other
governments will view this.  Treasury and NIST will be the escrow agents
and Justice asserted that there was no necessity for legislation to
implement the escrow procedures.

"I asked if there would be a report to explain the rationale for choosing
these results - we have no explanation of the Administration's thinking, or
any brief in support of the results. They replied that there would be no
report because they have been unable to write one, due to the complexity of
the issue.

"One Administation spokesperson said this was the Bosnia of
Telecommunications. I asked, if this was so, how, in the absense of some
policy explanation, could we know if our policy here will be as successful
as our policy in Bosnia?"

The announcements, authorization procedures for release of escrowed keys,
and q-and-a documents from the private sector briefing are online at EFF.

They are:

"Statement of the [White House] Press Secretary" [White House]
file://ftp.eff.org/pub/EFF/Policy/Crypto/wh_press_secy.statement

"Statement of the Vice President" [very short - WH]
file://ftp.eff.org/pub/EFF/Policy/Crypto/gore_crypto.statement

"Attorney General Makes Key Escrow Encryption Announcements" [Dept. of Just.]
file://ftp.eff.org/pub/EFF/Policy/Crypto/reno_key_escrow.statement

"Authorization Procedures for Release pf Emcryption Key Components in
Conjunction with Intercepts Pursuant to Title III/State Statutes/FISA"
[3 docs. in one file - DoJ]
file://ftp.eff.org/pub/EFF/Policy/Crypto/doj_escrow_intercept.rules

"Working Group on Data Security" [WH]
file://ftp.eff.org/pub/EFF/Policy/Crypto/interagency_workgroup.announce

"Statement of Dr. Martha Harris Dep. Asst. Secy. of State for Polit.-Mil.
Affairs: Encryption - Export Control Reform" [Dept. of State]
file://ftp.eff.org/pub/EFF/Policy/Crypto/harris_export.statement

"Questions and Answers about the Clinton Administration's Encryption 
Policy" [WH]
file://ftp.eff.org/pub/EFF/Policy/Crypto/wh_crypto.q-a

These files are available via anonymous ftp, or via WWW at:
http://www.eff.org/ in the "EFF ftp site" menu off the front page.

Gopher access:
gopher://gopher.eff.org/
Look in "EFF Files"/"Papers and Testimony"/"Crypto"

All 7 of these documents will be posted widely on the net immediately
following this notice. 


Contacts:

Digital Privacy: Jerry Berman, Exec. Director <[j--r--n] at [eff.org]>
                 Daniel J. Weitzner, Sr. Staff Counsel <[d j w] at [eff.org]>
Archives: Stanton McCandlish, Online Activist <[m--h] at [eff.org]>
General EFF Information: [i--o] at [eff.org]
 
-- 
Stanton McCandlish * [m--h] at [eff.org] * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O


-- 
Stanton McCandlish * [m--h] at [eff.org] * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O





Date: 4 Feb 1994 18:55:39 -0600
From: [m--h] at [eff.org] (Stanton McCandlish)
To: [alt politics datahighway list] at [eff.org]
Subject: CRYPTO: "Q & A" about Admin.'s encryption policy

______ begin file ______

>From the White House   

*****************************************************************

Embargoed until 3:00 p.m. EST Feb. 4, 1994

QUESTIONS AND ANSWERS ABOUT THE
CLINTON ADMINISTRATION'S ENCRYPTION POLICY

Q. 	What were the findings of the encryption technology review?

A. 	The review confirmed that sound encryption technology is 
needed to help ensure that digital information in both computer 
and telecommunications systems is protected against unauthorized 
disclosure or tampering. It also verified the importance of 
preserving the ability of law enforcement to understand encrypted 
communications when conducting authorized wiretaps. Key escrow 
technology meets these objectives.

Specific decisions were made to enable federal agencies and the 
private sector to use the key escrow technology on a voluntary 
basis and to allow the export of key escrow encryption products.

In addition, the Department of State will streamline export 
licensing procedures for products that can be exported under 
current regulations in order to help U.S. companies to sell their 
products abroad.

To meet the critical need for ways to verify the author and sender 
of an electronic message -- something that is crucial to business 
applications for the National Information Infrastructure -- the 
federal government is committed to ensuring the availability of a 
royalty-free, public-domain Digital Signature Standard.

Finally, an interagency working group has been established to 
continue to address these issues and to maintain a dialogue with 
industry and public interest groups.

Q. 	 Who has been consulted during this review? The Congress? 
Industry? What mechanism is there for continuing consultation?

A.	 Following the President's directive announced on April 16, 
1993, extensive discussions have been held with Congress, 
industry, and privacy rights groups on encryption issues. Formal 
public comment was solicited on the Escrowed Encryption Standard 
and on a wide variety of issues related to the review through the 
Computer System Security and Privacy Advisory Board.

The White House Office of Science and Technology Policy and the 
National Security Council will chair the interagency working 
group. The group will seek input from the private sector both 
informally and through several existing advisory committees. It 
also will work closely with the Information Policy Committee of 
the Information Infrastructure Task Force, which is responsible 
for coordinating Administration telecommunications and information 
policy.

Q. 	If national security and law enforcement interests require 
continued export controls of encryption, what specific benefits 
can U.S. encryption manufacturers expect?

A.	The reforms will simplify encryption product export licensing 
and speed the review of encryption product exports. Among other 
benefits, manufacturers should see expedited delivery of products, 
reduced shipping and reporting costs, and fewer individual license 
requests -- especially for small businesses that cannot afford 
international distributors. A personal exemption for business 
travellers using encryption products will eliminate delays and 
inconvenience when they want to take encryption products out of 
the U.S. temporarily.

Q.	Why is the key escrow standard being adopted?

A.	The key escrow mechanism will provide Americans and 
government agencies with encryption products that are more secure, 
more convenient, and less expensive than others readily available 
today -- while at the same time meeting the legitimate needs of 
law enforcement.

Q. 	Will the standard be mandatory?

A. 	No. The Administration has repeatedly stressed that the key 
escrow technology, and this standard, is for voluntary use by 
federal and other government agencies and by the private sector. 
The standard that is being issued only applies to federal agencies 
-- and it is voluntary.

Does this approach expand the authority of government agencies to 
listen in on phone conversations?

No Key escrow technology provides government agencies with no 
[sic] new authorities to access the content of the private 
conversations of Americans.

Q.	Will the devices be exportable? Will other devices that use 
the government hardware?

A.	Yes. After an initial review of the product, the State 
Department will permit the export of devices incorporating key 
escrow technology to most end users. One of the attractions of 
this technology is the protection it can give to U.S. companies 
operating at home and abroad.

Q.	Suppose a law enforcement agency is conducting a wiretap on a 
drug smuggling ring and intercepts a conversation encrypted using 
the device. What would they have to do to decipher the message?

A.	They would have to obtain legal authorization, normally a 
court order, to do the wiretap in the first place. They would then 
present documentation, including a certification of this 
authorization, to the two entities responsible for safeguarding 
the keys. (The key is split into component parts, which are stored 
separately in order to ensure the security of the key escrow 
system.) They then obtain the components for the keys for the 
device being used by the drug smugglers. The components are then 
combined and the message can be read.

Q.	Who will hold the escrowed keys?

A.	The Attorney General has selected two U.S. agencies to hold 
the escrowed key components: the Treasury Department's Automated 
Systems Division and the Commerce Department's National Institute 
of Standards and Technology.

Q.	How strong is the security in the device? How can I be sure 
how strong the security is?

A.	This system is more secure than many other voice encryption 
system readily available today. While the algorithm upon which the 
Escrowed Encryption Standard is based will remain classified to 
protect the security of the system, an independent panel of 
cryptography experts found that the algorithm provides significant 
protection. In fact, the panel concluded that it will be 36 years 
until the cost of breaking the algorithm will be equal to the cost 
of breaking the current Data Encryption Standard now being used.

Q.	Is there a "trap door" that would allow unauthorized access 
to the keys?

A.	No. There is no trapdoor.

Q.	Whose decision was it to propose this product?

A.	The National Security Council, the Justice Department, the 
Commerce Department, and other key agencies were involved in this 
decision. The approach has been endorsed by the President, the 
Vice President, and appropriate Cabinet officials.

______ end file ________

-- 
Stanton McCandlish * [m--h] at [eff.org] * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O





Date: 4 Feb 1994 18:58:24 -0600
From: [m--h] at [eff.org] (Stanton McCandlish)
To: [alt politics datahighway list] at [eff.org]
Subject: CRYPTO: W. House Press Sec'y statements on Admin's crypto policy

____ begin file ____

THE WHITE HOUSE                                 CONTACT: 202 156-7035
OFFlCE OF THE PRESS SECRETARY

EMBARGOED UNTIL 3 PM (EST) FRIDAY, February 4, 1994


STATEMENT OF THE PRESS SECRETARY


Last April, the Administration announced a comprehensive 
interagency review of encryption technology, to be overseen by the 
National Security Council. Today, the Administration is taking a 
number of steps to implement the recommendations resulting from 
that review.

Advanced encryption technology offers individuals and businesses 
an inexpensive and easy way to encode data and telephone 
conversations. Unfortunately, the same encryption technology that 
can help Americans protect business secrets and personal privacy 
can also be used by terrorists, drug dealers, and other criminals.

In the past, Federal policies on encryption have reflected primarily 
the needs of law enforcement and national security. The Clinton 
Administration has sought to balance these needs with the needs of 
businesses and individuals for security and privacy. That is why, 
today the National Institute of Standards ant Technology (NIST) is 
committing to ensure a royalty-free, public-domain Digital Signature 
Standard. Over many years, NIST has been developing digital 
signature technology that would provide a way to verify the author 
and sender of an electronic message. Such technology will be critical 
for a wide range of business applications for the National 
Information Infrastructure. A digital signature standard will enable 
individuals to transact business electronically rather than having to 
exchange signed paper contracts. The Administration has determined 
that such technology should not be subject to private royalty 
payments, and it will be taking steps to ensure that royalties are not 
required for use of a digital signature. Had digital signatures been in 
widespread use, the recent security problems with the Intemet 
would have been avoided.

Last April, the Administration released the Key Escrow chip (also 
known as the "Clipper Chip") that would provide Americans with 
secure telecommunications without compromising the ability of law 
enforcement agencies to carry out legally authorized wiretaps. Today, 
the Department of Commerce and the Department of Justice are 
taking steps to enable the use of such technology both in the U.S. and 
overseas. At the same time, the Administration is announcing its 
intent to work with industry to develop other key escrow products 
that might better meet the needs of individuals and industry, 
particularly the American computer and telecommunications 
industry. Specific steps being announced today include:

-  Approval by the Commerce Secretary of the Escrowed Encryption     
   Standard (EES) as a voluntary Federal Informahon Processing    
   Standard, which will enable govemment gencies to purchase the  
   Key Escrow chip for use with telephones nd modems. The 
   department's National Institute of Standards and Technology   
   (NIST) will publish the standard.

-  Publication by the Department of Justice of procedurs for the     
   release of escrowed keys and the announcement of NIST and the 
   Automated Services Division of the Treasury Department as the 
   escrow agents that will store the keys needed for decryption of 
   communications using the Key Escrow chip. Nothing in these 
   procedures will diminish tne existing legal and procedural 
   requirements that protect Americans from unauthorized wiretaps.

-  New procedures to allow export of products containing the Key 
   Escrow chip to most countries.

In addition, the Department of State will streamline export licensing 
procedures for encryption products that can be exported under 
current export regulations in order to help American companies sell 
their products overseas. In the past, it could take weeks for a 
company to obtain an export license for encryption products, and 
each shipment might require a separate license. The new procedures 
announced today will substantially reduce administrative delays and 
paperwork for encryption exports.

To implement the Administration's encryption policy, an interagency 
Working Group on Encryption and Telecommunications has been 
established. It will be chaired by the White House Office of Science 
and Technology Policy and the National Security Council and will 
include representatives of the Departments of Commerce, Justice, 
State, and Treasury as well as the FBI, the National Security Agency, 
the Office of Management and Budget, and the National Economic 
Council. This group will work with industry and public-interest 
groups to develop new encryption technologies and to review and 
refine Administration policies regarding encryption, as needed.

The Administration is expanding its efforts to work with industry to 
improve on the Key Escrow chip, to develop key-escrow software, 
and to examine alternatives to the Key Escrow chip. NIST will lead 
these efforts and will request additional staff and resources for this 
purpose.

We understand that many in industry would like to see all 
encryption products exportable. However, if encryption technology is 
made freely available worldwide, it would no doubt be usod 
extensively by terrorists, drug dealers, and other criminals to harm 
Americans both in the U.S. and abroad. For this reason, the 
Administration will continue to restrict export of the most 
sophisticated encryption devices, both to preserve our own foreign 
intelligence gathering capability and because of the concerns of our 
allies who fear that strong encryption technology would inhibit their 
law enforcement capabilities.

At the same time, the Administration understands the benefits that 
encryption and related technologies can provide to users of 
computers and telecommunications networks. Indeed, many of the 
applications of the evolving National Information Infrastructure will 
require some form of encryption. That is why the Administration 
plans to work more closely with the private sector to develop new 
forms of encryption that can protect privacy and corporate secrets 
without undermining the ability of law-enforcement agencies to 
conduct legally authorized wiretaps. That is also why the 
Administration is committed to make available free of charge a 
Digital Signature Standard.

The Administration believes that the steps being announced today 
will help provide Americans with the telecommunications security 
they need without compromising the capability of law enforcement 
agencies and national intelligence agencies. Today, any American can 
purchase and use any type of encryption product. The 
Administration does not intend to change that policy. Nor do we have 
any intention of restrictiog domestic encryption or mandating the use 
of a particular technology.

____ end file ______

-- 
Stanton McCandlish * [m--h] at [eff.org] * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O





Date: Sat, 5 Feb 1994 00:58:22 -0800
From: "Brock N. Meeks" <[b--o--k] at [well.sf.ca.us]>
To: [com priv] at [psi.com]
Subject: R.I.P -- Privacy '94

Copyright (c) 1994
CyberWire
Brock N. Meeks


 
Jacking in from a Non-Government Approved Encryption Port:
 
Washington, DC --  The Clinton Administration today gang raped your
privacy.
 
The White House Friday announced its endorsement of a sweeping new
security and privacy initiative.  Privacy, as we know it, will
never be the same. All the rules have changed.  Forever.  The catch
is that the government gets to write all the rules;  you get no
vote.  None.  Worse, you can't even read the fucking rule book
because it's classified.
 
The initiative involves the creation of "new products to accelerate
the development and use of advanced and secure telecommunications
networks and wireless telecommunications links," the White House
said.  In English:  Law enforcement and intelligence agencies now
have an easy way to fuck with any and all forms of spoken or
electronically transmitted communications.
 
The policy is voluntary, of course.  You don't have to sign on to
it.  You don't have to use government approved encryption devices.
But if you plan to do any business with the government, you'll have
to use them.  And if the government gets its way, well, you'll end
using them whether you want to or not.  You'll have no choice (are
you sensing a trend here?). All telephones, computers, fax
machines, modems, etc. will come "wiretap ready."  It will be the
de facto standard.
 
If you don't use the government standard, you'll be branding
yourself a CryptoRebel.  Big fucking deal?  Maybe, maybe not.  But
think for a second. Perhaps some agency will be able to check your
"crypto-approval rating." Perhaps those favorable bank loans,
mortgage rates or low insurance premiums will only go to those with
high crypto-approval ratings.
 
But the White House is adamant about making sure you understand
this whole damn thing is voluntary.  And don't let anything sway
you from believing that, not even the White House backgrounder
materials that say no U.S. citizen "as a matter of right, is
entitled to an unbreakable commercial encryption product."
 
Just use the "balanced" approach of the government system, where in
this case the "breakability" of the encryption belongs only with
them. Everything will work out fine.  Just listen:  "Encryption is
a law and order issue since it can be use by criminals to thwart
wiretaps and avoid detection and prosecution," said Vice President
Gore.  "Our policy is designed to provide better encryption to
individuals and businesses while ensuring that the needs of law
enforcement and national security are met."
 
The Administration won't tell you exactly why they expect you
simply hand over all your privacy safeguards to them.  "Listen, if
you knew what we knew about criminal activity, this issue wouldn't
even be debated," said Mike Nelson with the Office of Science and
Technology Policy and co-chair of the Working Group on Data
Security, a newly created interagency task force.
 
Chicken or the Egg?
==================
 
The new policy was hatched in the super-secret recesses of the
National Security Agency (NSA).  And while Clinton was still trying
to find the instruction manual for his White House telephone
system, the NSA, FBI and other assorted agencies shoved their ideas
onto the National Security Council table.  Before the
Administration could blink, it found itself in the unenviable
position of having backed a severely flawed security policy that
has compromised the privacy of every U.S. citizen and drawn the ire
of every civil liberties in the country.
 
But the White House quickly put the breaks on, calling for a full
scale, government wide "review" of its security and privacy
policies. It gave privacy advocacy groups some breathing room. 
Surely the Administration, once it had a chance to actually study
this damn thing, would see it through it.
 
But the White House punted.  The review was a smoke screen. 
Instead, it provided momentum inside the Administration.  It was
from this review, ordered last April, that this new initiative
springs.
 
And when all was said and done, the White House screwed the pooch.
 
Clipper Sails On
================
 
The one trick pony here is the Clipper Chip, a device that can be
installed in virtually any communications device. The chip
scrambles all conversations.  No one can crack the code, expect the
government, of course.  The Feds hold all the keys. Rather, they
hold the only keys that count.
 
Each Clipper chip is made with 3 unique keys.  All three are needed
to descramble the encrypted messages streaming through them.  But
only the government's keys matter.  The key you get with your
Clipper Chip is essentially the chip's social security number. 
You'll never actually see this key, have any idea what its number
is or get your hands on it. If you try to sneak a peak at it, the
damn thing self destructs. Honest.
 
The other two keys will be held in electronic vaults;  fraternal
twins, separated by mandate.  Each of these keys will be held by
government agencies, called "escrow agents."  One will be held by
the National Institute for Standards and Technology, the other by
the Automated Systems Division of the Dept. of Treasury.
 
When a law enforcement agency, which could be your local sheriff's
department, wants to wiretap a conversation that's been encrypted
by Clipper they apply to each of the escrow agents.  The agents
send their respective key, electronically, to a "black box"
operated by the law enforcement agency.  As encrypted conversations
stream into the box, they come out the back side in nice, neat
sounding vowels and consonants, or in the case of electronic mail,
in plain ol' ASCII.
 
Yes, all law enforcement agencies need a court approved wiretap
before they can pull this whole scheme off.  This, the
Administration says, is where you're privacy is protected.  "We're
not going to use Clipper to listen in on the American public," said
Raymond Kammer of NIST deputy director.  It will only be used to
catch criminals.  Honest.
 
We Don't Need No Stinkin' Warrant
=================================
 
Maybe now would be a good time to mention the National Security
Agency. You know these guys.  Super-secret, spook agency.  Their
mission?  To monitor and intercept foreign communications.  Did you
catch that word FOREIGN?  I hope so, it's crucial.
 
The NSA is only allowed to intercept foreign communications --
spying on U.S. citizens is a crime.  They can't even pry into a
U.S. citizen's business a court ordered wiretap.  A judge would
never allow it.  Yet it was the NSA that cooked up this whole
Clipper Chip scheme.  Why you ask? Good question. But the
Administration refuses to discuss the issue.
 
Here's another they can't answer.  Suppose the NSA intercepts a
message from Iraq and finds it's Clipper encrypted (that damn
little black box is specially made to sniff out the Clipper's
algorithm and descramble it's social security number).  What does
the NSA do with this encrypted Iraqi message? How does it decrypt
the message? There's a classic Catch-22 running here.
 
Agencies need the Clipper keys from the escrow agents to read the
message or listen in on the conversation.  But to get the keys you
need proof that you have a warrant.  The NSA is *never* issued a
warrant.  You see, the NSA doesn't need a warrant to spy on FOREIGN
communications.
 
So, this begs the $64,000 question is:  How does the NSA get the
escrow agents to give them the keys to decrypt the message if they
can't show a warrant?
 
Answer:  They don't have to show a warrant;  they don't have to
cause; they don't have to show spit.
 
What's wrong with this picture?
 
"We have appropriate procedures and safeguards built into the
system for the NSA," Nelson said.  "I can't tell you what those
are, of course, that would divulging too much about the NSA's
operation."
 
Fox Guarding the Chickens
=========================
 
There will be absolutely no abuse of the system.  This is what the
Administration would like you to believe.  They also would like you
to believe that President's don't approve Watergate break-ins, that
arms are never traded for hostages, that the FBI never secretly
records civil rights leaders in the heat of infidelity and that FBI
directors have never shown a proclivity for red sequined dresses
and shiny high-heeled cruel shoes.
 
Representatives from four government organizations stood before the
press and outlined all the careful thinking and rigorous safeguards
that have gone into this system.  There are at least 9 different
steps that must be followed to get these Clipper keys transferred
from the escrow agents to the agency authorized to do the wiretap.
 
Fair enough, isn't it?  Well, it would be except for the fact that
the Justice Department intentionally wrote a giant fucking loop-
hole into the law.
 
Buried in the Justice Department briefing papers, outlining the
authorization procedures for release of the escrow keys, is this
gem: "These procedures do not create, and are not intended to
create, any substantive rights for individuals intercepted through
electronic surveillance, and noncompliance with these procedures
shall not provide the basis for any motion to suppress or other
objection to the introduction of electronic surveillance evidence
lawfully acquired."
 
So, if somebody screws up, like for instance, asks for the keys to
be sent before they actually have a wiretap in hand, or has no
wiretap authority at all! there is no recourse provision.
 
Criminals As Dumb Shits
=======================
 
But what about that wily criminal element?  Once they get wind of
this, won't they seek out another type of encryption?  The FBI
doesn't think so. In fact, the FBI thinks criminals are such dumb
shits that they'll forget all about the fact that Clipper even
exists.
 
"I predict that few criminals will remember years from now what
they've read in the Wall Street Journal" about how these devices
were installed in telephones, said FBI's James Kallestrom.  (Of
course, if criminals are so stupid, why are they perusing the Wall
St. Journal... maybe he really meant the New York Times...)
 
So let's get this right.  The FBI is sure that criminals will "just
forget" that Clipper is installed in their phones and use them
anyway.  These are the criminals that also would be forgetting that
their multi-million dollar drug deals, not to mention their own
sweet ass, could be in jeopardy every time they make a call.  Yes,
the government really thinks so.
 
It's more likely that some bright, enterprising criminal mind will
create a worldwide black market that deals in "non-Clipper
Installed" encryption devices.  Damn, talk about an industry with
some growth potential.
 
Getting To the Data Stream
==========================
 
The whole damn program goes into the crapper, however, if the
government can't get access to source, to the digital data stream,
as it comes out of the telephone switch.  In order to do this you
have to tap the digital conversation.  That's right, you guessed
it: Digital Wiretap Access.
 
The FBI failed on its own last year to generate any support in
Congress for this digital wiretap proposal.   Hell, the FBI
couldn't even get a single member of Congress to introduce the
thing.  So the FBI broke the chain of command: They got the
President and Vice President to sign off on the idea.
 
The Administration will soon announce its decision on how it will
give the FBI the right to easily wiretap even your unencrypted
conversations. "Within a few months at most we should have
something decided," said Barry Smith of the FBI's Congressional
Affairs office.  The FBI's Kallestrom said it was "all but a done
deal."
 
This isn't a question of whether or not the Administration will
line up behind the FBI on this.  It already has.  It's only a
matter of paperwork, and the nagging little issue of how to pay for
making the telephone companies comply with the new rules.  But
these are small details, compared to the heat the Administration
already knows it'll take when they finally unwrap this puppy.
 
Private No More
===============
 
OSTP's Nelson quipped that these security and privacy issues are
the Cyberspace version of the Administration's muddied Bosnia
policy.
 
Like Bosnia, the White House expects the American public to "trust
us" on this issue.  After all, the Administration says, they know
a hell of a lot more than we do about what kind criminal activity
is really going down.
 
Trusting these law enforcement and intelligence agencies is one
thing; tempting them by putting all-powerful tools right into their
hip pockets is something that should generate a hue and cry loud
enough for all of Washington to hear.
 
So, if you're really pissed off, just pick up the phone can call
your neighbor.  Somebody in Washington is bound to hear it.
 
Meeks out....
 
 

Date: Mon, 7 Feb 1994 10:41:44 -0800
From: "Brock N. Meeks" <[b--o--k] at [well.sf.ca.us]>
Subject: Congress Wades In

Jacking in from the Congressional Port:
 
Washington, DC -- White House's slippery plan to salt information
highway with its home-grown encryption technology has irked at
least two members of Congress, prompting a call for congressional
hearings.
 
Senator Patrick Leahy (D-Vt.), chairman of the Technology and Law
Subcommittee said he would likely hold hearings "on the serious
issues raised" by Administration's announcement that it would
urge private sector to voluntarily adopt its Clipper Chip
technology.  "Basically, what this means is that the United
States Government will hold the two keys to unlock any private
communication coded with this program," Leahy said.  Citizens and
potential foreign customers aren't likely to see Clipper "as the
solution to privacy and security concerns," he said.
 
White House plan was called "disappointing," by Rep. Don Edwards
(D-Cal.).  "I was hoping for a more realistic policy from the
Administration," said Edwards, a former FBI agent.  "Competitors
all over the world can sell the strongest encryption technology,
but U.S. companies cannot," he said.
 
Leahy waded in on Administration and law enforcement claims that
Clipper would help thwart terrorist and criminal activity, saying
it was "obvious" these groups would shun Clipper enabled devices.
"Why would any sophisticated criminal or terrorist decide to use
Clipper Chip to keep their communications secret when this is the
one encryption method to which the government holds the keys?" he
asked.
 
Despite Leahy's misgivings, the Administration and law
enforcement agencies continue to bank on the success of Clipper
because most criminals are "just dumb," the FBI has stated
repeatedly.
 
The Administration's decision to keep the handcuffs on export
controls of privately developed encryption schemes also worried
the congressmen.  Leahy called it "a misstep... Why would any
foreign government want to buy American software or
telecommunications equipment containing Clipper Chip when the
U.S. government has the keys to eavesdrop on any private
communications?"
 
Edwards said the new policy "won't stop terrorists and drug
traffickers from acquiring encryption technology," adding he
hoped President Clinton would "look at this policy again."
 
The government shouldn't be in the business of mandating
particular technologies, Leahy said.  "Whatever confidence I
might have that the U.S. government will limit its use of the
decoding keys to specific and justifiable law enforcement
objectives, I doubt my confidence will be universally shared," he
said.
 
Meeks out...
 
Well, almost... Leahy's office said he *wants* to hear from the
public on the matter of holding hearings.  Any and all comments
on the viability of the program, any concerns the public has,
should be sent to Leahy immediately, a staffer said.  Leahy can
be reached at:  Committee on the Judiciary, Washington, DC 20510;
his phone number is 202-224-3406.
 
 
 

Date: Mon, 7 Feb 1994 22:28:08 EST    
From: Dave Banisar <[b--i--r] at [washofc.cpsr.org]>
To: CPSR Civil Liberties Group <[c p sr civilliberties] at [Pa.dec.com]>
Subject: Campaign Against Clipper 

  Campaign Against Clipper

CPSR ANNOUNCES CAMPAIGN TO OPPOSE CLIPPER PROPOSAL

Embargoed until 2 pm, Monday, February 7, 1994

contact: [r--n--g] at [washofc.cpsr.org]  (202 544 9240)


Washington, DC -- Following the White House decision on Friday to
endorse a secret surveillance standard for the information highway,
Computer Professionals for Social Responsibility (CPSR) today announced
a national campaign to oppose the government plan.

The Clipper proposal, developed in secret by the National Security
Agency, is a technical standard that will make it easier for government
agents to wiretap the emerging data highway.

Industry groups, professional associations and civil liberties
organizations have expressed almost unanimous opposition to the plan
since it was first proposed in April 1993.

According to Marc Rotenberg, CPSR Washington director, the
Administration made a major blunder with Clipper.  "The public does not
like Clipper and will not accept it. This proposal is fatally flawed."

CPSR cited several problems with the Clipper plan:

o The technical standard is subject to misuse and compromise. It would
provide government agents with copies of the keys that protect
electronic communications.  "It is a nightmare for computer security,"
said CPSR Policy Analyst Dave Banisar.

o The underlying technology was developed in secret by the NSA, an
intelligence agency responsible for electronic eavesdropping, not
privacy protection. Congressional investigations in the 1970s disclosed
widespread NSA abuses, including the illegal interception of millions of
cables sent by American citizens.

o Computer security experts question the integrity of the technology.
Clipper was developed in secret and its specifications are classified.
CPSR has sued the government seeking public disclosure of the Clipper
scheme.

o NSA overstepped its legal authority in developing the standard.  A
1987 law explicitly limits the intelligence agency's power to set
standards for the nation's communications network.

o There is no evidence to support law enforcement's claims that new
technologies are hampering criminal investigations. CPSR recently forced
the release of FBI documents that show no such problems.

o The Administration ignored the overwhelming opposition of the general
public. When the Commerce Department solicited public comments on the
proposal last fall, hundreds of people opposed the plan while only a few
expressed support.

CPSR today announced four goals for its campaign to oppose the Clipper
initiative:

o First, to educate the public about the implications of the Clipper
proposal.

o Second, to encourage people to express their views on the Clipper
proposal, particularly through the computer network.

Toward that goal, CPSR has already begun an electronic petition on the
Internet computer network urging the President to withdraw the Clipper
proposal. In less than one week, the CPSR campaign has drawn thousands
of electronic mail messages expressing concern about Clipper. To sign
on, email [clipper petition] at [cpsr.org] with the message "I oppose clipper"
in the body of the text.

o Third, to pursue litigation to force the public disclosure of
documents concerning the Clipper proposal and to test the legality of
the Department of Commerce's decision to endorse the plan.

o Fourth, to examine alternative approaches to Clipper.

Mr. Rotenberg said "We want the public to understand the full
implications of this plan.  Today it is only a few experts and industry
groups that understand the proposal.  But the consequences of Clipper
will touch everyone.  It will affect medical payments, cable television
service, and everything in between.

CPSR is a membership-based public interest organization.  For more
information about CPSR, send email to [c p sr] at [cpsr.org] or call 415 322
3778.  For more information about Clipper, check the CPSR Internet
library CPSR.ORG. FTP/WAIS/Gopher and listserv access are available.




Date: Mon, 7 Feb 1994 18:10:03 -0500 (EST)
From: Stanton McCandlish <[m--h] at [eff.org]>
Subject: EFF Wants You (to add your voice to the crypto fight!)

The Electronic Frontier Foundation needs your help to ensure privacy rights!

                     * DISTRIBUTE WIDELY *

Monday, February 7th, 1994

From: Jerry Berman, Executive Director of EFF
      [j--r--n] at [eff.org]


Dear Friends of the Electronic Frontier,

I'm writing a personal letter to you because the time has now come for
action. On Friday, February 4, 1994, the Administration announced that it
plans to proceed on every front to make the Clipper Chip encryption scheme
a national standard, and to discourage the development and sale of
alternative powerful encryption technologies. If the government succeeds
in this effort, the resulting blow to individual freedom and privacy could
be immeasurable.

As you know, over the last three years, we at EFF have worked to ensure
freedom and privacy on the Net. Now I'm writing to let you know about
something *you* can do to support freedom and privacy. *Please take a
moment to send e-mail to U.S. Rep. Maria Cantwell ([c--tw--l] at [eff.org]) to
show your support of H.R. 3627, her bill to liberalize export controls on
encryption software.* I believe this bill is critical to empowering
ordinary citizens to use strong encryption, as well as to ensuring that
the U.S. software industry remains competitive in world markets.

Here are some facts about the bill:

Rep. Cantwell introduced H.R. 3627 in the House of Representatives on
November 22, 1993.  H.R. 3627 would amend the Export Control Act to move
authority over the export of nonmilitary software with encryption
capabilities from the Secretary of State (where the intelligence community
traditionally has stalled such exports) to the Secretary of Commerce. The
bill would also invalidate the current license requirements for
nonmilitary software containing encryption capablities, unless there is
substantial evidence that the software will be diverted, modified or
re-exported to a military or terroristic end-use.

If this bill is passed, it will greatly increase the availability of
secure software for ordinary citizens. Currently, software developers do
not include strong encryption capabilities in their products, because the
State Department refuses to license for export any encryption technology
that the NSA can't decipher. Developing two products, one with less secure
exportable encryption, would lead to costly duplication of effort, so even
software developed for sale in this country doesn't offer maximum
security. There is also a legitimate concern that software companies will
simply set up branches outside of this country to avoid the export
restrictions, costing American jobs.

The lack of widespread commercial encryption products means that it will
be very easy for the federal government to set its own standard--the
Clipper Chip standard. As you may know, the government's Clipper Chip
initiative is designed to set an encryption standard where the government
holds the keys to our private conversations. Together with the Digital
Telephony bill, which is aimed at making our telephone and computer
networks "wiretap-friendly," the Clipper Chip marks a dramatic new effort
on the part of the government to prevent us from being able to engage in
truly private conversations.

We've been fighting Clipper Chip and Digital Telephony in the policy arena
and will continue to do so. But there's another way to fight those
initiatives, and that's to make sure that powerful alternative encryption
technologies are in the hands of any citizen who wants to use them. The
government hopes that, by pushing the Clipper Chip in every way short of
explicitly banning alternative technologies, it can limit your choices for
secure communications.

Here's what you can do: 

I urge you to write to Rep. Cantwell today at [c--tw--l] at [eff.org.] In the
Subject header of your message, type "I support HR 3627." In the body of
your message, express your reasons for supporting the bill. EFF will
deliver printouts of all letters to Rep. Cantwell. With a strong showing
of support from the Net community, Rep. Cantwell can tell her colleagues
on Capitol Hill that encryption is not only an industry concern, but also
a grassroots issue. *Again: remember to put "I support HR 3627" in your
Subject header.*

This is the first step in a larger campaign to counter the efforts of
those who would restrict our ability to speak freely and with privacy.
Please stay tuned--we'll continue to inform you of things you can do to
promote the removal of restrictions on encryption.

In the meantime, you can make your voice heard--it's as easy as e-mail.
Write to [c--tw--l] at [eff.org] today.



Sincerely,

Jerry Berman
Executive Director, EFF
[j--r--n] at [eff.org]



P.S. If you want additional information about the Cantwell bill, send
e-mail to [cantwell info] at [eff.org.] To join EFF, write [m--er--p] at [eff.org.]
For introductory info about EFF, send any message to [i--o] at [eff.org.]

The text of the Cantwell bill can be found on the Internet with the any of
the following URLs (Universal Resource Locaters):

ftp://ftp.eff.org/pub/Policy/Legislation/cantwell.bill
http://www.eff.org/ftp/EFF/Policy/Legislation/cantwell.bill
gopher://gopher.eff.org/00/EFF/legislation/cantwell.bill

It will be available on AOL (keyword EFF) and CIS (go EFFSIG) soon.