[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Wiretap Chip and Key Escrow Abuses
- To: [email protected]
- Subject: Wiretap Chip and Key Escrow Abuses
- From: [email protected] (Paul Ferguson)
- Date: Wed, 28 Apr 93 11:17:49 EDT
- Organization: Sytex Communications, Inc
I've been following the discussions on several newsgroups and
mailing lists (RISKS, PRIVACY and Cypherpunks) concerning the
Wiretap Chip (Clipper/Capstone) and the proposed key escrow
system.
Here's my $.02, as well.
In RISK 14.55, <[email protected]> Jim Bidzos wrote -
JB> Since Clipper, as currently defined, cannot be implemented in
JB> software, what options are available to those who can benefit
JB> from cryptography in software? Was a study of the impact on
JB> these vendors or of the potential cost to the software industry
JB> conducted? (Much of the use of cryptography by software
JB> companies, particularly those in the entertainment industry, is
JB> for the protection of their intellectual property. Using hardware
JB> is not economically feasible for most of them.)
Jim raises a valid concern. Although a hardware based system is
ideal for voice encryption, the idea of registered key systems,
where government and/or LE agencies have involvement, is not a
popular one. The key escrow scheme in this proposal reeks of Big
Brother. (As in, "Trust me. I'm from the government and I'm your
friend.") In some circles, it is not even a consideration.
Software encryption systems employed to protect intellectual and
commercial data and electronic mail are much more flexible and
desirable, especially when they are not governmentally proposed,
imposed, designed and sanctioned by spook organizations such as
the NSA.
The real sore spot with the Clipper proposal is that private
industry and citizenry were blind-sided by this entire process.
The possibility that Uncle Sam will try to make this a de-facto
standard and subsequently place restrictions on other forms of
crypto (eg. software based) is real.
Also in RISKS 14.55, <[email protected]> Bill Campbell
wrotes -
BC> There are dozens, perhaps hundreds, of commercial, criminal and
BC> governmental entities with access to government resources who
BC> would not hesitate for a moment to violate my rights if they
BC> found it expedient to do so. These individuals and organizations
BC> have demonstrated beyond question that they are not constrained
BC> by legal or ethical considerations, and as has been suggested
BC> in a number of other postings, the technology employed by Clipper
BC> (including the dual escrow sham) will probably not even pose so
BC> much as an inconvenience to a determined adversary. To suggest
BC> otherwise is, at best, profoundly naive.
I have a tendency to agree with Bill. In fact, California is
currently embroiled in a scandal involving the release of
confidential data (DMV addresses), by employees of the Anaheim
Police Department, to third party interests. This is clearly in
violation of their employer's policies, their own terms of
employment, state criminal law, and civil law. What's to
stop the same blatant, unethical breech of confidentiality with
regards to the Clipper key escrow implementation? Nothing, that's
what. In the future, information will be the most powerful possession
and in the spirit of SNEAKERS, s/he who has control of and access to
the information is the most powerful. Power corrupts, but absolute
power corrupts absolutely. I think that Clipper offers maximum abuse
in this scenario.
Also in RISK 14.55, <[email protected]> Robert Firth wrote -
RF> You see, friends, if the Clipper becomes the normal, standard, or
RF> accepted means of encryption, then *the use of any other encryption
RF> scheme can of itself be considered "probable cause" for search and
RF> seizure*. And thereby could be lost in the courts what was won at
RF> such great cost.
This is perhaps my greatest concern in all of the Clipper/Capstone
hoopla. Personally, I don't have much faith in the law enforcment
agencies to act responsibly. The Secret Service and FBI have, in the
past, clearly demonstrated that do not grasp the scope of the
problems technically challenging modern society. The Steve Jackson
Games case is one instance that immediately springs to mind. Some
parts of the country are demographically more at risk than others.
For example, the criteria which may be deemed as "probable cause"
for search and seizure in Jackson, Mississippi could very well be
reason for the ACLU to file a suit against the LEA in New York City.
Also in RISKS 14.55, <[email protected]> A. PADGETT
PETERSON writes -
PP> Like I said, both the government and corporate America *need*
PP> Clipper, the designers are some of the best in the world, and
PP> the administration has more to lose than we do. Given that,
PP> Clipper will work as advertised.
The only way that I can imagine the government actually *needing*
Clipper is where Clipper is forced upon the country as the de-facto
standard and other forms of cryptography are restricted. Uncle Sam
tends to forget that what is desirable for the government, is not
always acceptable to the public at large.
Cynically,
Paul Ferguson | Uncle Sam wants to read
Network Integrator | your e-mail...
Centreville, Virginia USA | Just say "NO" to the Clipper
[email protected] | Chip...
-------------------------------+------------------------------
I love my country, but I fear it's government.