[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Be afraid! (some Clipper details)



As Ms. Dorothy Denning explained, this is the intended
"interface" between the Clipper and Law Enforcement
(taken from her posting to "comp.risks"):

1. Family Key.

	F is embedded in every Clipper Chip,  but like other chip keys,
	unknown to the people who use them.  Only law enforcement will
	have a decoder box that allows the law enforcement field to be
	decrypted. Initially, there will be just one box,  and it will
	be operated by the FBI.

	Read - FBI will have the Family Key (and thus will be able to
	get all the chip serial numbers, do traffic analysis etc).

   And later she "corrected" herself, adding:

	For the same reason as above, it is imperative that law
	enforcement be able to decode the law enforcement field
	in order to obtain E[K; U] and then decrypt this to get
	K. It is completely impractical to go the escrow agents
	for each conversation.

	Read - Law Enforcement (local, "global" - whatever) will
	have that Family Key as well,  not only that "one box at
	FBI"... But it was obvious, wasn't it?

2) Unit Key.

	It is imperative  that law enforcement get U.  If they are tapping
	a line, there may be dozens of calls on that line per day.It would
	be totally impractical to have  to go to the  escrow agents to get
	the session key for each call. It would be impossible to do
	real-time decryption under that constraint.

	Read -  a) Law Enforcement indeed will have your Unit key
		   (and thus be able to decrypt whetever was sent
		    through your chip, from the day one, till you
		    throw your chip away).

		b) It's indeed  physically possible thus  for some
		   corrupted Law Enforcement officials to "collect"
		   the Unit Keys and to do all the bad things with
		   them.

		c) Nobody seems to be concerned about it.

3) Question about agencies capable of decrypting all the future
   traffic of once-suspected individual:

	After a tap has been completed, government attorneys are
	required to notify the subjects of the electronic surveillance.
	At that point, the subjects are certainly free to purchase a
	new device with a new chip, or perhaps the vendors could simply
	replace the chip.

	Read - if they won't forget to notify you,  that your phone
	was tapped, feel free to shell another $XXX bucks for a new
	chip/phone... Keep doing that until either they, or you get
	tired...

4) Question about whether there's time component in the cipher.
   Reasons for it - since wiretaps are authorized ONLY for
   certain time periods with both start and end dates
   specified, it should not be possible to be able
   to decrypt the traffic outside of this frame.

	I am unaware of any time component.  Current wiretap laws protect
	against this.  Evidence collected  after the warrant  has expired
	can be thrown out in court.  In addition,  it is illegal  for the
	service provider  to implement an intercept  after  a warrant has
	expired.With the new technologies,law enforcers will be incapable
	of executing a tap without the assistance of the service provider.

	Read - just as we assumed, once your key is compromised (ouch! I
	mean - disclosed :-), whatever "they" bothered to record, is now
	open...  Well,  of course it won't be legal,  but then there are
	many things beyond the law (:-)...

5) Question about potential weakness, which may be lurking
   behind the "classified" stamp of the algorithm, known
   thus only to those "cleared" to know.

	The NSA has a long record of success with crypto, far better
	than any individual or organization in the public community.
	In addition, there are plans to bring in expert cryptographers
	to assess the algorithm.

	Read - she's ignorant of academia/industry crypto successes? (:-)

That's all folks! [For now :-]

Regards,
Uri.
------------
<Disclaimer>