[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Call for Clipper Comments

>* The potential risks of the proposal have not been assessed and 
>many questions about the implementation remain unanswered.  The 
>NIST notice states that the current proposal "does not include 
>identification of key escrow agents who will hold the keys for the 
>key escrow microcircuits or the procedures for access to the 
>keys."  The key escrow configuration may also create a dangerous 
>vulnerability in a communications network.  The risks of misuse of 
>this feature should be weighed against any perceived benefit.

o Escrow agents will certainly be subject to attacks, especially
  by other foreign powers with national-level budgets (for example,
  Britain, France, Israel, Japan, Russia, etc., or multi-nationals),
  *and/or* by talented crackers, or cracker-consortia, such as might
  found be on the cypher-punks mailing list :) :) .  At best, publishing
  the results of successful attacks (say, on alt.whistleblowers) might
  have the positive benefit of eventually dooming the system as a bad idea
  from the start, at the expense of those who chose to use the system
  (evolution in action, I guess), and the taxpayers (who pay for
  implentation & deployment).  That's doing it the hard way, though.
o Social/political-change organizations using the Clipper system for
  their internal communications would be especially vulnerable to
  COINTELPRO-style attacks.

>* The NIST proposal states that the escrow agents will provide the 
>key components to a government agency that "properly demonstrates 
>legal authorization to conduct electronic surveillance of 
>communications which are encrypted."  The crucial term "legal 
>authorization" has not been defined.  The vagueness of the term 
>"legal authorization" leaves open the possibility that court-
>issued warrants may not be required in some circumstances.  This 
>issue must be squarely addressed and clarified. 

o Typically, "legal authorizations" operate over a constrained period
  of time.  Once that time period is over, the authorization is supposed
  to go away.  However, there's no provision for the released key components
  to go away.  In effect, once key components are released, the corresponding
  user hardware is *permanently* compromised.  It's pretty likely that
  released key components would find their way to such private cop-agencies
  as Wackenhut, or LEIU (Law Enforcement Intelligence Unit), which has
  branches right in the police departments of most major cities.  [typically,
  when "red squads" are ordered to "destroy" their accumulated files,
  the files generally get transferred to LEIU].
o What guarantees the "duopoly" of the 2 escrow agencies?
  It's almost certain that somebody will attempt to "mirror" them,
  whether "legitimately" (CIA, say) or illegitimately, overtly or covertly.
  Again, look for LEIU here.

>* Adoption of the proposed key escrow standard may have an adverse 
>impact upon the ability of U.S. manufacturers to market 
>cryptographic products abroad.  It is unlikely that non-U.S. users 
>would purchase communication security products to which the U.S. 
>government holds keys.

Maybe they can get the UN in on the deal:
UNESCROW-A and UNESCROW-B!  hee, hee

[email protected] (Kurt Cockrum)