[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Anti-Clipper Article in "THe Computer Applications Journal"
FYI the following is scanned, not stirred (or forwarded) from "The Computer
Applications Journal", July 1994, issue #48 (a 'zine with a refreshingly
technical mix of software, hardware info for board-level integration with
current popular operating systems e.g. DOS etc.)
By John Iovine
Cryptology is a science of enciphering and deciphering messages
and information. The word conjures up images of espionage, spies,
hostile government action, and top secret information. We don't
usually associate this word with privacy--your privacy--but it
is this facet of cryptology that is being argued today in our
courts and among government agencies.
ENCRYPTED PRIVACY?
The arena where electronic bits of information are transmitted
through data conduits is loosely termed "cyberspace." Currently, in
cyberspace there's no guarantee of privacy. Transmitted messages
may be intercepted and read indiscriminately. This possible invasion of
privacy is not just limited to Email on your local BBS or on
Internet. Our national telephone network, which handles voice and
fax as well as computer telecommunication, is vulnerable.
Additional data conduits like cable television systems and satellite
feeds are becoming more commonplace all across the country. These
newer networks are vulnerable to interception as well.
To better grasp the threat, imagine a company that
routinely transmits bids or promotional information to
field agents through one of these networks. The company can be put
at a severe disadvantage if a competitor gains access to
this information.
The dark side of our information age is that technically skilled
crooks--sometimes romantically referred to as phreakers and crackers
can create havoc in your life.
For a while, crackers were making national news by breaking into
secured government databases.
Intercepting various unprotected data communications makes most
people easy targets for others to gain access to confidential
material.
Anyone who has been electronically mugged has very little
sympathy for these criminals. By stealing credit card numbers,
they are capable of making purchases, charging telephone calls to
your phone number, reading your Email, and listening to cellular
phone conversations.
The problem is growing. Our national data network increases in size
and complexity daily. It is changing and defining the methods by
which people communicate, information is transferred, and business is
conducted.
It is therefore becoming increasingly important to secure the
privacy of the networks and reduce their vulnerability to
interception. Business has been less than responsive to this threat.
For instance, credit card companies justify their exorbitant +19%
interest rates because they are needed to compensate for the
tremendous amount of credit card (read "electronic") fraud and
thievery. These companies should be doing
much more to prevent electronic fraud instead of just passing the
cost on to honest consumers in the way of high interest rates.
Rep. Edward J. Markey (D-Mass), the chairman of the House Telecom-
munication and Finance Subcommittee, had this to say about privacy:
"Whether it's a cellular phone conversation, computer data, a fax
transmission, a satellite feed, cable programming, or other
electronic
services, encryption is the key to protecting privacy and security."
He stated further that "developing a national policy
for encryption and its uses is therefore a process of fundamental
importance for the future of our national networks and our
competitive position internationally."
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
--------- ENTER THE CYPHERPUNKS
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
That's cypher, not cyber. Let's not confuse these similar sounding
monikers. The cypherpunks want to see widespread public use
of cryptotechnology. They see the individual's privacy protected
through cryptography. However, they face powerful governmental and
political obstacles.
The end of the cold war hasn't eliminated the need for cryptography
and secret codes used by our government. But it should
have alleviated some of the regulations concerning private use of
cryptotechnology. The government still classifies cryptotechnology
with hard military weapons such as tanks. The U.S. government agency
in charge of cryptotechnology is the National Security Agency (NSA).
The cypherpunks see the NSA as trying to keep its monopoly on
cryptotechnology intact.
One of the most outspoken and visible members of the cypherpunks is
Iohn Gillmore. Mr. Gillmore has this to say on the subject:
Government investment leads to government control.
Government control is detrimental to the development of the media.
Government seized the control of radio and television in their
infancy. Since then the media has never had full first amendment
rights or protection.
Encryption technology is the key for people and companies to maintain
their privacy over the networks. The government should cease its
involvement .
John has fought legal battles with the NSA on a few fronts. So
far he has been victorious.
BATTLE LINES
The lines are drawn. On one side you have the cypherpunks who feel
that good public cryptographic technology safeguards our privacy. The
NSA feels this is compromising our national security.
The government has threatened private cryptographers with jail. John
Gillmore was threatened by the NSA stating that he was on the
verge of violating the Espionage Act. A conviction would have sent
him to jail for 10 years.
How can the government threaten private citizens7 Easily: as stated
previously, the government classifies cryptographic tools with
military tanks and bomber planes.
THE WASHINGTON CONNECTION
The Administration wants America to encrypt its information to
protect it from unauthorized access. The encryption scheme, con-
tained in the government-sponsored Clipper chip, includes voice as
well as data information sent over communication lines. A major
catch in this plan is that only the government-approved encryption is
allowed in any device used by the government or in government
projects.
Other encryption methods continue to be legal for domestic use, but
only in nongovernment applications.
The second catch is the potential for a trap door in the
encryption chip's program that would allow law enforcement agencies
to decipher any encrypted data. Therefol-e, this method of encryption
doesn't alleviate concerns that the government could abuse its ability
to tap into the privacy of the citizenship.
Of course, organized crime would use its own crytotechnology, anyway.
So a trap door would only be effective for spying on
small incidental crooks and private citizens.
The encryption algorithm touted by the Administration is
contained in an integrated circuit. This chip, designed by Mykotronx
in Torrance, Calif. and manufactured by VLSI in San Jose, Calif., is
nicknamed "Clipper." It is a 12-Mbps encryption coprocessor. The OEM
cost of the chip is $26 when purchased in large quantities, which
trickles down to an increase of $100 in the street price of any
electronic equipment (computer, phone, fax that contains the chip.
SOFTWARE VS. HARDWARE
There are less expensive encryption chips on the market than the
Clipper.
Usually anyone interested in encryption takes a software
approach. It may be a little slower than hardware, but the
recurring cost is much less. Speed only becomes a critical
consideration when it's necessary to secure fast communication
such as video or voice communication.
RECENT EVENTS
On February 4, 1994, the U.S. Government officially endorsed the
Clipper chip and directed the Commerce Department's National
Institute of Standards and Technology (NIST) and the Treasury
Department to hold in escrow the keys used to unlock the Clipper
codes. It also establishes new procedures for exporting products
using Clipper to most countries.
The government has formed an interagency group whose job it is to
develop encryption technologies that could serve as alternatives to
Clipper.
The Clipper endorsement contains three flaws according to a
policy paper released in January 1994 by the Institute of Electrical
and Electronic Engineers: a classified algorithm, the key-escrow
system, and an encryption standard developed for public use without
public scrutiny.
The Clipper chip has developed many industrial and congressional
opponents. So far, Novell, AT&T, Citicorp, Computer Associates,
Hughes Aircraft, Motorola, and other major corporations openly
oppose the Clipper encryption standard. The failure of recent
administrations lies in
the fact that they did not seek greater industry participation
before proposing the Clipper chip. Further, they ignored protests
from industry and Congress.
THE BIG BROTHER ISSUE
The Clipper chip can provide government agencies with
unprecedented wiretapping ability.
Ideally, the Clipper chip encrypts (scrambles) communication to
everyone except the intended recipient. The key code to unscramble
communication is held by two separate government agencies. The
government has the option of using a joining key code to unscramble
communications with court-approved legal authorization.
However, there is a strong possibility that a trap door exists in the
Clipper chip that would allow agencies unauthorized tapping. The
government wouldn't allow the algorithm used in the Clipper, called
"SkipJack," to be studied publicly, so no one knows for sure.
When the Administration endorsed the Clipper as a Federal Data
Processing Standard on February 4, it was backed up with an immediate
order for 50,000 Clipper chips. Meanwhile, a forced export
embargo keeps all other encryption schemes expensive. U.S.manu-
facturers must "dumb down" their data encryption programs by
keeping the key lengths to 40 bits or fewer for legal export. The
Clipper uses an 80-bit code.
ENCRYPTION BASICS
The following is a list of some of the basic terms that are used in
encryption. Plaintext is the original unaltered message or file.
Ciphertext is the encrypted message or file. An encryption
algorithm is the function that maps plaintext into ciphertext.
Keys are used to determine mapping. Keyspace describes the size
of the key; it determines
the number of all possible keys. For instance, an 8-bit key has a
keyspace of 256 (256 possible values), where a 16-bit key has a
keyspace of 65,536. Keys are usually alphanumeric.
There are three main types of ciphers: substitution, transposition,
and product. Substitution ciphers substitute each character in the
plaintext with another, determined by the key. Transposition ciphers
rearrange the characters in plaintext, again, determined by the key.
Product ciphers combine the substitution and transposition
algorithms.
A substitution cipher simply substitutes each plaintext character
with another character determined by the key. For instance, we could
easily displace the alphabet by one character to generate a simple
substitution. For example, ABC...XYZ could become BCD...YZA, and the
phrase "HELLO WORLD" would become "IFMMP XPSME."
Substitution ciphers are also called Caesar ciphers, because Julius
Caesar used this simple method of encoding messages.
The transposition cipher system rearranges the characters in
plaintext. A simple system rearranges every two characters, so "ab"
becomes "ba." With this kind of cipher, "HELLO WORLD" becomes
"EHLLW ORODL."
GENERATING MORE COMPLEX CIPHER SYSTEMS
Blaise de Vigenere, a French cryptographer in the sixteenth century,
complicated the simple Caesar code. He proposed that the key be
used to change the plaintext in a periodic manner. When a message is
encoded by this method, you change a plaintext letter for each
successive letter in the key, always running through the same
sequence of key letters. A simple example should clear any confusion.
Suppose the name "John" was selected for the key code. This corre-
sponds to the number sequence 9, 14, 7, 13. To encode a message
using this key sequence, divide the letters of the plaintext message
into groups of four. This corresponds to the four letters used in the
key.
To each letter group, add 9 to the number value of the
first letter of each group, 14 to the second letter, 7 to the third
letter, and 13 to the fourth letter. The example below illustrates
the Vigenere code:
Key Code: JohnJohnJohnJohn
Plaintext message: helloworld
Ciphertext message: qssy xlvf m
As you can see, the coding algorithms are becoming more
complex. Even this code pales to the more sophisticated programs
available.
THE DEBATE CONTINUES
I've only scratched the surface in the great encryption debate.
There are a number of on-line newsletters carried on the Circuit
Cellar BBS that follow the issue closely Computer Underground Digest
[CuD] and Electronic Frontier Foundation [EFF]. If you are
interested in following along, check them out.
So what do you think? Write and let me nkwo (pun intended)
John Iovine is a free-lance writer living in Staten Island, N.Y.
He has published numerous books on electronics and science-related
topics. He may be reached at [email protected].
For those who wish to pursue data encryption, Images Company
offers an encryption program titled Cipher 1.0 for $9.95. Images
Company, P.O. Box 140742, Staten Island, NY 10314, l 718 698-8305.
New York residents must add the appropriate sales tax. Add $5.00
postage and handling to all orders.
-NetSurfer
#include standard.disclaimer
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
== = = |James D. Wilson |V.PGP 2.4: 512/E12FCD 1994/03/17 >
" " " |P. O. Box 15432 | finger for full PGP key >
" " /\ " |Honolulu, HI 96830 |====================================>
\" "/ \" |Serendipitous Solutions| Also [email protected] >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>