[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Who is clipper spying on?



>From:  Bill Stewart
...
>Subject: Comments on Proposed FIPS for Escrowed Encryption Standard
...
>USAGE AND RISK ANALYSIS
...
>While some proprietary protocols are weak, the strengths of DES and
>variants such as Triple-DES are relatively well-known,
>and DES implementations can be performed in software at substantially
>lower cost than the customized hardware required for compliance with
>this proposed FIPS - because the FIPS specifies that it is only
>applicable to low-speed data, e.g. less than ISDN's 64000 bits/second,
>software implementation requires minimal computational effort,
>even for Triple-DES.

From the Federal Register:

   This proposed standard adopts encryption technology
developed by the Federal government to provide strong
protection for unclassified information and to enable
the keys used in the encryption and decryption processes
to be escrowed. This latter feature will assist law
enforcement and other government agencies, under the
proper legal authority, in the collection and decryption
of electronically transmitted information.
...
From the proposed FIPS Escrow Encryption Standard:

   Data, for purposes of this standard, includes voice,
facsimile and computer information communicated in a
telephone system. Telephone system, for purposes of this
standard, is limited to systems circuit-switched up to
no more than 14.4 kbs or which use basic-rate ISDN, or
to a similar grade wireless service.

-------
I would be willing to believe the baud rate limit is entirely artificial
and predicated on the equipment the NSA is providing for LE use. 

Then again it is pointed directly at telecommunications (voice, data),
and appears to discourage the use of link encryption, perhaps for 
traffic flow analysis reasons.  It would appear that someone is very
interested in who uses cryptography and who they talk to with it.

I wonder what Capstone will bring.

-------

From the proposed FIPS Escrow Encryption Standard:

   The encryption/decryption algorithm has been approved
for government applications requiring encryption of
sensitive unclassified telecommunications of data as
defined herein.

---

You don't suppose all this is to simply allow one part of the government
to spy on another, do you?  Is this really some disguised power play?

I mean really, less than a 1000 authorized wiretaps in 1992?  Someone is
spending some big bucks here.