[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

a quick non-technical writeup on the Clipper chip...



The following is something I wrote for "What's Out There?", a column I
write about what's available on the net.  It's more for pointing out where
to find out more information and such, but also includes a few of the
concerns about the announcement.

Feel free to send me comments.  I'll be posting this to various USENET
newsgroups in the near future, as the column won't be in hardcopy until
about June, 1993.

FYI...

			-jeff

Jeff Kellem
Internet: [email protected]

p.s. This is excerpted with permission, of course, since I am the author. ;-)

===CUT HERE===
[ NOTE: Please see the COPYRIGHT/LICENSE notice at the end of this
  document before ANY redistribution. ]

The following is a portion of Volume 1, Issue 03 of "What's Out There?"
written by Jeff Kellem <[email protected]>.  This is expected
to appear in the May/June 1993 issue of the USENIX Association's
hardcopy newsletter, ";login:".

Excerpted from "What's Out There?", Volume 1, Issue 03...

White House and NSA (Encryption) Clipper Chip Announcement
----------------------------------------------------------

On April 16, 1993, the White House announced the development of an
encryption chip for voice communications developed in conjunction
with the National Security Agency (NSA) called the Clipper Chip, along
with an initiative regarding telecommunications and privacy which
could literally affect almost every citizen in the United States.
On the same day, AT&T announced a "secure" phone which incorporated
this chip.  

Some important things to point out:

    o the encryption algorithm is remaining classified

      [ In the cryptography community, an encryption algorithm is only
	considered secure after it has been examined extensively and
	independently by a wide array of experts around the world.  With an
	algorithm which is kept secret, there is no guarantee that it is
	secure and that the encryption method has no "back door" (allowing
	easy decryption for those, such as the NSA, that know the "back
	door"). ]

    o though the government has announced plans to use the chip in their
      own phones, they do NOT plan to use it for CLASSIFIED information,
      only for unclassified information.

    o this chip has been in the making for 4 years; it would seem that
      the Clinton Administration has already made plans to use the chip,
      without public comment or discussion on a matter which is so
      important to the privacy of that same public.

    o it would seem that the Government might be granting a monopoly to
      Mykotronx, Inc. and VLSI Technology.  It's unclear whether each
      company makes the entire chip or just parts thereof.

    o the key, which allows the information encrypted with this chip to
      be decrypted, is embedded in the chip

      [ This means that once the key is known, the chip needs to be
	replaced to maintain private communications.  In other words, a new
	encryption device, if the key is ever divulged, which could just
	mean a wire-tap. ]

    o the 80-bit key is split into two (2) 40-bit pieces and kept in
      databases at two different escrow agencies

      [ It's not clear how the key databases will be kept secure.  It
	is also unknown if the classified encryption algorithm is any
	less secure to brute-force attacks, once half the key is known. ]

    o a successor chip has already been announced, called the Capstone
      chip.  The Capstone chip is supposed to be a "superset" of the
      Clipper chip and will include the "digital signature standard" (DSS),
      which many in the cyprotgraphy community seem to consider insecure,
      as I recall.  The NSA also developed DSS, which wasn't disclosed
      until CPSR filed a FOIA request with NIST (the National Institute of
      Standards & Technology).

This announcement, in one way, is a step in the right direction -- privacy
and encryption technology are important to the general public and for
international economic competitiveness.  An inquiry on whether export
restrictions on encryption technology is good or bad is also a good thing.
Currently, companies that want to include encryption as part of their
products need to make two versions -- one for domestic distribution and one
for international distribution.

On the other hand, there are too many things about the announcement which
are bothersome and need to be discussed publicly.  Some of these items
have been mentioned above.  I recommend talking with your local
congressman, writing letters, and discussing this with friends.

Both the Electronic Frontier Foundation (EFF) and the Computer
Professionals for Social Responsibility (CPSR) have made public statements
against the announcement.  The CPSR has filed Freedom of Information Act
(FOIA) requests regarding the plan.

Online discussions of the announcement have been occurring all over the
Net in various USENET newsgroups and mailing lists.  Here's a sample of
where you might find discussions of the Clipper Chip:

    USENET newsgroups:
	alt.privacy.clipper
	sci.crypt
	alt.security
	alt.privacy
	comp.org.eff.talk
	comp.security.misc
	comp.society.cu-digest
	comp.risks
    Mailing lists:
	[email protected]

Also, check the archives for the various groups listed above, as things
may have changed by the time this comes to print in hardcopy come June 1993.

The official White House press release of the Clipper Chip can be found via
anonymous ftp from:

	csrc.ncsl.nist.gov
in the
	/pub/nistnews

directory, or via the NIST Computer Security BBS at +1 301 948 5717.  It
should also be available with the rest of the White House press release
archives mentioned above.

The EFF comments were first published in the EFFector Online Issue 5.06,
which is available via anonymous ftp from:

	ftp.eff.org
in the
	/pub/EFF/newsletters

directory.

Information from CPSR is available online via anonymous ftp from:

	ftp.cpsr.org
in the
	/cpsr

directory.

The cypherpunks mailing list also maintains an archive.  Information
on the Clipper Chip can be found via anonymous ftp from:

	soda.berkeley.edu
in the
	/pub/cypherpunks/clipper
directory.

Please do read the announcement of the Clipper Chip encryption technology,
think about and discuss the implications of this with your friends,
congressmen, and anyone else.

...End of excerpt.

COPYRIGHT/LICENSE:
    This document is Copyright (c) 1993 Jeff Kellem/Beyond Dreams,
    [email protected].  This copyright notice must be
    kept with each document.

    You have permission to freely redistribute this for non-commercial
    and non-profit purposes.  It would be nice if you let the author
    know about any redistributions that are expected to reach more
    than a single person. :-)  (This would include mirroring ftp
    sites, etc.)

    Please contact the author if you wish to use this document in ANY
    other fashion.  Most likely, there won't be a problem.

    If you wish to redistribute this document for commercial purposes,
    you MUST contact the author for permission.  Thank you.

Jeff Kellem
Composer of Dreams
Beyond Dreams
Internet: [email protected]