[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(fwd) If Crippler is a Done Deal, What Next?



Cypherpunk friends,

Here's a long article I just posted to talk.politics.crypto and two
other groups (with 6500 newsgroups days, you've got to post to more
than one group just to ensure reasonable coverage of your target
audience).

I make a few points I've been itching to make for a while.

--Tim

Newsgroups: talk.politics.crypto,comp.org.eff.talk,alt.privacy.clipper
Path: netcom.com!tcmay
From: [email protected] (Timothy C. May)
Subject: If Crippler is a Done Deal, What Next?
Message-ID: <[email protected]>
Organization: NETCOM On-line Communication Services (408 241-9760 guest)
Date: Wed, 13 Apr 1994 20:13:26 GMT
Lines: 184

Many of us believe the Crippler/Clipper/Skipjack/Tessera/Capstone/etc.
"Escrowed Encryption" system is basically a "done deal," to use David
Sternlight's words in alt.privacy.clipper.

(Sorry for using so many different names for the "Clipper" program. It
was announced as Clipper, last April 16th, and it took most of us only
a few minutes to realize what the government folks had apparently not
realized in _years_ of work (or at least _months_ with the "Clipper"
name), namely, that Clipper is the well-known name of the
Fairchild/Intergraph Clipper chip (Fairchild developed this 32-bit
chip, then sold the line to Intergraph when National acquired
Fairchild) and also is the name of a well-known database compiler.
Jeeshh! Anyway, the other names associated with the project: Skipjack,
Capstone, Tessera, and probably some I've forgotten here. We who scoff
at it also call it: Cripple, Crippler, Flapjack, Clipjack, etc. And
with no disrespect to my former employer Intel, with whom I spent 12
invigorating and profitable years, I came up with the "Big Brother
Inside" slogan....someone else got the decals printed and I am
certainly *not* advocating that cypherhooligans afix these stickers on
Clipper phones and Capstone-compliant computers!)

Clipper will happen, _is_ happening this very moment.

I've believed this for the past year, though this has not lessened by
distaste for it in any way. I just see the inertia of the bureaucracy
and the ass-covering that is natural to places like Washington (having
lived in Langley, Virginia). It was clear when Clipper was announced
as an _Executive_ action (reminds me of a movie I saw...) that few if
any changes would be made in the proposed system. A few minor
alteration of the escrow agent selection, perhaps, but nothing
central to the idea that one's private keys are to be held "in escrow"
(as Eric Hughes has noted, a gross abuse of the term "escrow").

Clipper is like a requirement that house keys be "escrowed" with the
local police, or that all photos processed at the local drugstore be
double-printed, with copies sent to the local "Photo Escrow Center."
After all, how else can we catch child pornographers and other "bad
guys"?

And what about those curtains that "encrypt" the visible contents of
houses under surveillance? Surely drawing the curtains when one is
under police surveillance is equivalent to encrypting one's traffic
when the authorities are lawfully surveilling one's computers? Perhaps
we need "approved curtains."

And what about the many crimes people confess in their diaries? Plans
to kill themselves, plans to hide their money from the tax collectors,
even plans to develop things like PGP! Surely many crimes could be
stopped if diaries, journals, and personal letters could be
"escrowed"--with suitable safeguards, of course, to ensure that only
legitimate inspections were done (for example, J. Edgar Hoover's need
to inspect diaries to find salacious sexual material).

Some may call me "shrill" for citing the above points. I don't think
so. We are at a kind of cusp in history, where privacy can either be
secured through strong crypto--despite the crimes that may go
undetected or unpunished because of this--or privacy can be handed
over to others to protect or not protect as they see fit.

Consider the current signs:

- that contractors like Mykotronx, VLSI Technology, Inc., National,
and MIPS were already well along in building the chips. (There have
been delays reported, and the SecurePhone 3600 is not available in
places I've looked, and the MYK78A is reportedly a pig in various
ways...)

- that the NSA and NIST had too much at stake to back down because a
bunch of the rabble (EFF, CPSR, Cypherpunks, 700 Club watchers, Rush
Limbaugh fans, and similar pond scum) objected to it. Being an
executive action, legislative approval is not needed (I'm not
completely convinced there's no way for Congress to block it, as there
must be enabling legislations that impinges on the Crippler project).

- "suitable incentivization" is being used to induce manufacturers to
adopt Crippler. Subsidies are given. Export controls (ITAR-related)
are relaxed for Crippler systems, tightened for "noncomplying" crypto
systems. Foreign governments have _apparently_ been approached (we on
the Cypherpunks list have collected many inputs from non-U.S. sources
pointing to this) to deploy their own versions of EES, possibly with
variations, and presumably with their own family keys. A true
conspiracy buff might call this the Crypto World Order.

- reports that cable box makers are signing up to put Clipper
technology in every set top (though RSA has a competing, non-escrowed
system, which I seem to recall some cable box users were planning to
use....could be we'll be seeing the "battle of the crypto systems"
coming to a cable system soon! I know which of the two alternatives
I'll lobby for: the RSA system (even if I have minor differences of
opinion about the advisability of software patents in general and
public key patents in particular).

Lots of action underway. Turbulent waters can run deep, too.

So, if deployment of Crippler is coming, regardless of our
protestations and clamorings, what next?

I've always felt the big danger was the *outlawing of non-escrowed
encryption*. My article, "A Trial Balloon to Ban Encryption," October
1992, sci.crypt and elsewhere, correctly spotted the move toward some
form of key escrow. The 1000 responses and messages in related threads
indicated that nearly everyone else saw the same thing, too, once the
Denning paper on key escrow was pointed out to them.

As difficult as outlawing alternatives to escrowed encryption may be
(so many avenues for skirting Clipper---too many to go into here), and
with the likely public reaction against it (the Time-CNN poll), I
strongly suspect this is the intended goal.

Without some degree of exclusivity, will Clipper be used by the very
folks the advocates want to catch--the drug dealers, the terrorists,
the child pornographers, the tax cheats, and the other "bad guys"? Of
course not. To be sure, some fraction of them will use Clipper--after
all, Pablo Escobar was caught after using a plain old cellular
telephone. But in the time frame envisaged, several years from now,
wider use of encryption is expected. Absent a ban on non-Clipper
technology (or an _attempted_ ban, to be more precise), many will be
using cellphones with VoicePGP or similar approaches (I know of half a
dozen groups busily developing cheap voice encryption products--and of
course some systems are already available). Pity the stupid terrorist
who buys an expensive Clipper phone and then uses it to discuss his
plans!

How might a ban on non-escrowed encryption happen and then be enforced?

Whit Diffie has suggested what I think is the most likely--and most
chilling--scenario for the outlawing of non-escrowed encryption: use
the civil forfeiture laws to to implement a "Zero Tolerance" system
for unauthorized, outlawed crypto. Analogous to the "War on Drugs,"
where corporations are enlisted in the War by threatening them with
loss of their assests, or with shut down of their operations, if drugs
are found on their premises or if they fail to maintain a "Drug-Free
Workplace."

The casual user of outlawed crypto may not be caught, but the
widespread use of alternatives to key escrow crypto will be thwarted.
Corporations will audit personal computers for signs of PGP, RSA, and
other "contraband," networks will be Clipjacked for all inter-site
(and perhaps intra-site LANs) networks, and the threat of civil
forfeiture will be used to terrorize corporations and small businesses
into compliance.

Needless to say, I am opposed to this in nearly every way imaginable. I
don't necessarily impute evil motives to those who advocate today's
Clipper and tomorrow's likely mandatory key escrow. I just consider it
a dangerous and even unconstitutional step...something like requiring
permits for writing articles and for speaking in non-English
languages.

(By the way, the comparison of crypto to speech is a natural, and
accurate, one. If I speak to my friend Alice in a language that
wiretappers and eavesdroppers cannot understand, am I "illegally
encrypting"? What difference does it make whether this undecipherable
speech is Latvian, Elihiuish, or a computer-based translation?)

For the past 18 months, since the Digital Telephony Bill and the
initial appearance of the key escrow idea, I have targeted my efforts
not at short-term things like Clipper, but instead at doing things to
make sure that our ability to communicate freely with whomever and in
whatever form we choose is not restricted.

My favored approach is technological, not political. 

The real battle is coming, I suspect.

--Tim May

If you've read this far, thanks! If this outlook interests you,
consider joining the Cypherpunks mailing list (the name was jokingly
suggested by an editor at "Mondo 2000," as a pun on cipher/cypher and
"cyberpunks"). Send a "help" message in the body to
"[email protected]" for instructions. Or, you can bypass the
instructions--if you dare--with just a "subscribe cypherpunks" message
(in the body) to [email protected]. Don't join merely to disrupt our
mailing list, and be prepared for 30-50 mail messages a day, sometimes
more.



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
[email protected]       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."