The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 14 Issue 51

Wednesday 21 April 1993

Contents

o CLIPPER CHIP
NIST
NIST
NIST
Padgett Peterson
Paul Johnson
Ralph Moonen
Lance J. Hoffman
o Info on RISKS (comp.risks)

text of White House announcement and Q&As on clipper chip encryption

Clipper Chip Announcement <clipper@csrc.ncsl.nist.gov>
Fri, 16 Apr 93 11:07:20 EDT [RISKS-14.51]
Note:  This file will also be available via anonymous file
transfer from csrc.ncsl.nist.gov in directory /pub/nistnews and
via the NIST Computer Security BBS at 301-948-5717.

          ---------------------------------------------------

                         THE WHITE HOUSE

                  Office of the Press Secretary

     _________________________________________________________________

For Immediate Release                           April 16, 1993

                STATEMENT BY THE PRESS SECRETARY

The President today announced a new initiative that will bring the Federal
Government together with industry in a voluntary program to improve the
security and privacy of telephone communications while meeting the legitimate
needs of law enforcement.

The initiative will involve the creation of new products to accelerate the
development and use of advanced and secure telecommunications networks and
wireless communications links.

For too long there has been little or no dialogue between our private sector
and the law enforcement community to resolve the tension between economic
vitality and the real challenges of protecting Americans.  Rather than use
technology to accommodate the sometimes competing interests of economic
growth, privacy and law enforcement, previous policies have pitted government
against industry and the rights of privacy against law enforcement.

Sophisticated encryption technology has been used for years to protect
electronic funds transfer.  It is now being used to protect electronic mail
and computer files.  While encryption technology can help Americans protect
business secrets and the unauthorized release of personal information, it also
can be used by terrorists, drug dealers, and other criminals.

A state-of-the-art microcircuit called the "Clipper Chip" has been developed
by government engineers.  The chip represents a new approach to encryption
technology.  It can be used in new, relatively inexpensive encryption devices
that can be attached to an ordinary telephone.  It scrambles telephone
communications using an encryption algorithm that is more powerful than many
in commercial use today.

This new technology will help companies protect proprietary information,
protect the privacy of personal phone conversations and prevent unauthorized
release of data transmitted electronically.  At the same time this technology
preserves the ability of federal, state and local law enforcement agencies to
intercept lawfully the phone conversations of criminals.

A "key-escrow" system will be established to ensure that the "Clipper Chip" is
used to protect the privacy of law-abiding Americans.  Each device containing
the chip will have two unique "keys," numbers that will be needed by
authorized government agencies to decode messages encoded by the device.  When
the device is manufactured, the two keys will be deposited separately in two
"key-escrow" data bases that will be established by the Attorney General.
Access to these keys will be limited to government officials with legal
authorization to conduct a wiretap.

The "Clipper Chip" technology provides law enforcement with no new authorities
to access the content of the private conversations of Americans.

To demonstrate the effectiveness of this new technology, the Attorney General
will soon purchase several thousand of the new devices.  In addition,
respected experts from outside the government will be offered access to the
confidential details of the algorithm to assess its capabilities and publicly
report their findings.

The chip is an important step in addressing the problem of encryption's
dual-edge sword: encryption helps to protect the privacy of individuals and
industry, but it also can shield criminals and terrorists.  We need the
"Clipper Chip" and other approaches that can both provide law-abiding citizens
with access to the encryption they need and prevent criminals from using it to
hide their illegal activities.  In order to assess technology trends and
explore new approaches (like the key-escrow system), the President has
directed government agencies to develop a comprehensive policy on encryption
that accommodates:

     --   the privacy of our citizens, including the need to
          employ voice or data encryption for business purposes;

     --   the ability of authorized officials to access telephone
          calls and data, under proper court or other legal
          order, when necessary to protect our citizens;

     --   the effective and timely use of the most modern
          technology to build the National Information
          Infrastructure needed to promote economic growth and
          the competitiveness of American industry in the global
          marketplace; and

     --   the need of U.S. companies to manufacture and export
          high technology products.

The President has directed early and frequent consultations with
affected industries, the Congress and groups that advocate the
privacy rights of individuals as policy options are developed.

The Administration is committed to working with the private sector to spur the
development of a National Information Infrastructure which will use new
telecommunications and computer technologies to give Americans unprecedented
access to information.  This infrastructure of high-speed networks
("information superhighways") will transmit video, images, HDTV programming,
and huge data files as easily as today's telephone system transmits voice.

Since encryption technology will play an increasingly important role in that
infrastructure, the Federal Government must act quickly to develop consistent,
comprehensive policies regarding its use.  The Administration is committed to
policies that protect all Americans' right to privacy while also protecting
them from those who break the law.

Further information is provided in an accompanying fact sheet.  The provisions
of the President's directive to acquire the new encryption technology are also
available.

For additional details, call Mat Heyman, National Institute of
Standards and Technology, (301) 975-2758.

                   ---------------------------------

QUESTIONS AND ANSWERS ABOUT THE CLINTON ADMINISTRATION'S
TELECOMMUNICATIONS INITIATIVE

Q:   Does this approach expand the authority of government
     agencies to listen in on phone conversations?

A:   No.  "Clipper Chip" technology provides law enforcement with
     no new authorities to access the content of the private
     conversations of Americans.

Q:   Suppose a law enforcement agency is conducting a wiretap on
     a drug smuggling ring and intercepts a conversation
     encrypted using the device.  What would they have to do to
     decipher the message?

A:   They would have to obtain legal authorization, normally a
     court order, to do the wiretap in the first place.  They
     would then present documentation of this authorization to
     the two entities responsible for safeguarding the keys and
     obtain the keys for the device being used by the drug
     smugglers.  The key is split into two parts, which are
     stored separately in order to ensure the security of the key
     escrow system.

Q:   Who will run the key-escrow data banks?

A:   The two key-escrow data banks will be run by two independent
     entities.  At this point, the Department of Justice and the
     Administration have yet to determine which agencies will
     oversee the key-escrow data banks.

Q:   How strong is the security in the device?  How can I be sure
     how strong the security is?

A:   This system is more secure than many other voice encryption
     systems readily available today.  While the algorithm will
     remain classified to protect the security of the key escrow
     system, we are willing to invite an independent panel of
     cryptography experts to evaluate the algorithm to assure all
     potential users that there are no unrecognized
     vulnerabilities.

Q:   Whose decision was it to propose this product?

A:   The National Security Council, the Justice Department, the
     Commerce Department, and other key agencies were involved in
     this decision.  This approach has been endorsed by the
     President, the Vice President, and appropriate Cabinet
     officials.

Q:   Who was consulted?  The Congress?  Industry?

A:   We have on-going discussions with Congress and industry on
     encryption issues, and expect those discussions to intensify
     as we carry out our review of encryption policy.  We have
     briefed members of Congress and industry leaders on the
     decisions related to this initiative.

Q:   Will the government provide the hardware to manufacturers?

A:   The government designed and developed the key access
     encryption microcircuits, but it is not providing the
     microcircuits to product manufacturers.  Product
     manufacturers can acquire the microcircuits from the chip
     manufacturer that produces them.

Q:   Who provides the "Clipper Chip"?

A:   Mykotronx programs it at their facility in Torrance,
     California, and will sell the chip to encryption device
     manufacturers.  The programming function could be licensed
     to other vendors in the future.

Q:   How do I buy one of these encryption devices?

A:   We expect several manufacturers to consider incorporating
     the "Clipper Chip" into their devices.

Q:   If the Administration were unable to find a technological
     solution like the one proposed, would the Administration be
     willing to use legal remedies to restrict access to more
     powerful encryption devices?

A:   This is a fundamental policy question which will be
     considered during the broad policy review.  The key escrow
     mechanism will provide Americans with an encryption product
     that is more secure, more convenient, and less expensive
     than others readily available today, but it is just one
     piece of what must be the comprehensive approach to
     encryption technology, which the Administration is
     developing.

     The Administration is not saying, "since encryption
     threatens the public safety and effective law enforcement,
     we will prohibit it outright" (as some countries have
     effectively done); nor is the U.S. saying that "every
     American, as a matter of right, is entitled to an
     unbreakable commercial encryption product."  There is a
     false "tension" created in the assessment that this issue is
     an "either-or" proposition.  Rather, both concerns can be,
     and in fact are, harmoniously balanced through a reasoned,
     balanced approach such as is proposed with the "Clipper
     Chip" and similar encryption techniques.

Q:   What does this decision indicate about how the Clinton
     Administration's policy toward encryption will differ from
     that of the Bush Administration?

A:   It indicates that we understand the importance of encryption
     technology in telecommunications and computing and are
     committed to working with industry and public-interest
     groups to find innovative ways to protect Americans'
     privacy, help businesses to compete, and ensure that law
     enforcement agencies have the tools they need to fight crime
     and terrorism.

Q:   Will the devices be exportable?  Will other devices that use
     the government hardware?

A:   Voice encryption devices are subject to export control
     requirements.  Case-by-case review for each export is
     required to ensure appropriate use of these devices.  The
     same is true for other encryption devices.  One of the
     attractions of this technology is the protection it can give
     to U.S. companies operating at home and abroad.  With this
     in mind, we expect export licenses will be granted on a
     case-by-case basis for U.S. companies seeking to use these
     devices to secure their own communications abroad.  We plan
     to review the possibility of permitting wider exportability
     of these products.


White House Public Encryption Management Fact Sheet

Clipper Chip Announcement <clipper@first.org>
Fri, 16 Apr 93 16:41:05 EDT [RISKS-14.51]
Note:     The following was released by the White House today in
          conjunction with the announcement of the Clipper Chip
          encryption technology.

                           FACT SHEET
                  PUBLIC ENCRYPTION MANAGEMENT

The President has approved a directive on "Public Encryption Management."  The
directive provides for the following:

Advanced telecommunications and commercially available encryption are part of
a wave of new computer and communications technology.  Encryption products
scramble information to protect the privacy of communications and data by
preventing unauthorized access.  Advanced telecommunications systems use
digital technology to rapidly and precisely handle a high volume of
communications.  These advanced telecommunications systems are integral to the
infrastructure needed to ensure economic competitiveness in the information
age.

Despite its benefits, new communications technology can also frustrate lawful
government electronic surveillance.  Sophisticated encryption can have this
effect in the United States.  When exported abroad, it can be used to thwart
foreign intelligence activities critical to our national interests.  In the
past, it has been possible to preserve a government capability to conduct
electronic surveillance in furtherance of legitimate law enforcement and
national security interests, while at the same time protecting the privacy and
civil liberties of all citizens.  As encryption technology improves, doing so
will require new, innovative approaches.

In the area of communications encryption, the U. S. Government has developed a
microcircuit that not only provides privacy through encryption that is
substantially more robust than the current government standard, but also
permits escrowing of the keys needed to unlock the encryption.  The system for
the escrowing of keys will allow the government to gain access to encrypted
information only with appropriate legal authorization.

To assist law enforcement and other government agencies to collect and
decrypt, under legal authority, electronically transmitted information, I
hereby direct the following action to be taken:

INSTALLATION OF GOVERNMENT-DEVELOPED MICROCIRCUITS

The Attorney General of the United States, or her representative, shall
request manufacturers of communications hardware which incorporates encryption
to install the U.S. government-developed key-escrow microcircuits in their
products.  The fact of law enforcement access to the escrowed keys will not be
concealed from the American public.  All appropriate steps shall be taken to
ensure that any existing or future versions of the key-escrow microcircuit are
made widely available to U.S. communications hardware manufacturers,
consistent with the need to ensure the security of the key-escrow system.  In
making this decision, I do not intend to prevent the private sector from
developing, or the government from approving, other microcircuits or
algorithms that are equally effective in assuring both privacy and a secure
key-escrow system.

KEY-ESCROW

The Attorney General shall make all arrangements with appropriate
entities to hold the keys for the key-escrow microcircuits
installed in communications equipment.  In each case, the key
holder must agree to strict security procedures to prevent
unauthorized release of the keys.  The keys shall be released only
to government agencies that have established their authority to
acquire the content of those communications that have been
encrypted by devices containing the microcircuits.  The Attorney
General shall review for legal sufficiency the procedures by which
an agency establishes its authority to acquire the content of such
communications.

PROCUREMENT AND USE OF ENCRYPTION DEVICES

The Secretary of Commerce, in consultation with other appropriate
U.S. agencies, shall initiate a process to write standards to
facilitate the procurement and use of encryption devices fitted
with key-escrow microcircuits in federal communications systems
that process sensitive but unclassified information.  I expect this
process to proceed on a schedule that will permit promulgation of
a final standard within six months of this directive.

The Attorney General will procure and utilize encryption devices to
the extent needed to preserve the government's ability to conduct
lawful electronic surveillance and to fulfill the need for secure
law enforcement communications.  Further, the Attorney General
shall utilize funds from the Department of Justice Asset Forfeiture
Super Surplus Fund to effect this purchase.


Slide presented at White House briefing on Clipper Chip

Clipper Chip Announcement <clipper@first.org>
Mon, 19 Apr 93 9:21:53 EDT [RISKS-14.51]
Note:     The following material was handed out a press briefing on the
          Clipper Chip on 4/16.

                              Chip Operation

                         Microchip
User's Message      +----------------------+
 -----------------> |                      |      1.  Message encrypted
                    | Encryption Algorithm |          with user's key
                    |                      |
                    | Serial #             |      2.  User's key encrypted
                    |                      |-->       with chip unique key
                    | Chip Unique Key      |
User's Encryption   |                      |      3.  Serial # encrypted
Key                 | Chip Family Key      |          with chip family key
 -----------------> |                      |
                    |                      |
                    +----------------------+


              For Law Enforcement to Read a Suspect's Message

1.  Need to obtain court authorized warrant to tap the suspect's telephone.

2.  Record encrypted message

3.  Use chip family key to decrypt chip serial number

4.  Take this serial number *and* court order to custodians
    of disks A and B

5.  Add the A and B components for that serial number = the chip
    unique key for the suspect user

6.  Use this key to decrypt the user's message key for
    this recorded message

7.  Finally, use this message key to decrypt the recorded message.


"Clipper Chip"

A. Padgett Peterson <padgett@tccslr.dnet.mmc.com>
Sat, 17 Apr 93 09:12:57 -0400 [RISKS-14.51]
I suppose we should have expected something after all of the sound and
fury of the last few years. The announcement does not really give
enough information though.

My first thought involves conventional compromise: what happens if the
keys are captured through theft *and you know about it* - how difficult
is it to change the keys ? What do you do between the time the loss is
detected and the time a new key set is approved. How difficult is it
to program the chip or do you need a new one ? (and if the chip can
be reprogrammed, how do you prevent covert changes that will not be
discovered until authorization to tap is received and the agency finds
out that it cannot ?). Potentially this must occur every time a trusted
employee leaves.

For some time, I have been playing with dynamic access cards ("tokens")
as seeds for full session encryption rather than just for password devices.
Since the encryption requires three parts (PIN, challenge, and token)
which are only physically together at the secure system, and since only
the challenge passes on the net, and since once encryption starts you
have not only provided protection to the session, you have also authenticated
both ends simultaneously (by the fact that you can communicate), it seems
ideal. *And everything necessary already exists*. From several US companies.
It just has not been put together as a commercial product (FUD at work 8*(.

Since key generation is on-the-fly at the onset of the session, obviously
what the gov needs is not the key but the "key to the key" (of course
computers, even a PC, are really good at this.

The real question is "Why a new chip ?"  The technology to do this has been
around for years and several DES chips are available commercially today.
The BCC laptop (I like Beaver better 8*) 007 provides this internally
today with (I believe) the LSI-Logic chip and Enigma-Logic's PC-SAFE (plugs)
does the same with software alone. As indicated in the announcement,
financial institutions have been using encrypted transmissions for years
without any great outcry.

IMHO the real hold-up has been $$$ - cheap error-correcting modem
technology to prevent synch losses rather than a lack of good crypto
algorithms. Today this is a done deal (actually we have known how to keep
in synch since the sixties but you couldn't buy 56kb for under $300.00 at
BizMart - now part of K-Mart ! - then).

True, there are a lot of questions yet to be answered, but again IMHO
most center on the exception cases and not the encryption technology itself.

Padgett


The Clipper Chip

paj <paj@gec-mrc.co.uk>
20 Apr 1993 09:41:21-BST [RISKS-14.51]
I have just read with considerable interest the "White House Crypto
Statement" posted to comp.society.

Briefly, it announces a "Clipper Chip" that will provide voice and data
encryption.  Every chip will have two keys kept in two separate "key escrow"
banks.  Law enforcement officers needing to conduct a wire tap will get a
court order, go to the key escrow banks, and then decrypt the messages.

The encryption algorithm is secret, but a panel of cryptologists could be
invited to inspect it.

For more details, call Mat Heyman, NIST, (301) 975-2758

In the "Questions and Answers" section of the statement, the following
text appears:

> Q:   If the Administration were unable to find a technological
>      solution like the one proposed, would the Administration be
>      willing to use legal remedies to restrict access to more
>      powerful encryption devices?
>
> A:   This is a fundamental policy question which will be
>      considered during the broad policy review.   [...]
>      ... Rather, both concerns can be,
>      and in fact are, harmoniously balanced through a reasoned,
>      balanced approach such as is proposed with the "Clipper
>      Chip" and similar encryption techniques.

This is not entirely clear.  Does it mean that the Administration might
ban all encryption except for the Clipper Chip?  If not, how would
they stop criminals and terrorists from using something else?

The Administration might sell these chips abroad.  How will the Key
Escrow system work then?

How will the Administration handle free-trade issues?  How can a non-US
manufacturer export Clipper devices to the US without getting a look at the
algorithm (which is secret).  How would key escrow work with a non-US
manufacturer?

How will the algorithm be kept secret?  What is to stop someone prying the
device apart and examining the chip circuitry?

*Why* is the algorithm secret?  RSA is public and seems unbreakable.  Ditto
DES apart from a few known weaknesses.  This smells of a hidden agenda.  Could
it be trade?  Could it be part of a strategy to ban "bootleg" Clipper
technology where foreign chips conform to the standard but do not have the
keys in escrow.

How will law enforcers match keys to chips?  They won't have access to the
chip serial number.  Maybe the chip transmits its serial number every few
seconds of transmission.  If so then we have a nice way of doing traffic
analysis and tracking on suspects (or anyone else) without needing the keys.

Paul Johnson (paj@gec-mrc.co.uk).       | Tel: +44 245 73331 ext 3245


Clinton's Clipper Chip Chaos

<rmoonen@ihlpl.att.com>
Tue, 20 Apr 93 10:45 GMT [RISKS-14.51]
As soon as the official press release on the Clipper chip was posted a barrage
of posts concerned with the safety and RISKS of said chip smothered the net.
Nearly all of them were negative. For those of you who missed it, the Clipper
Chip is purported to be the 'Officially Sanctioned' cryptographic cypher chip.
The feature that everyone is getting upset about is that the FBI will have the
only general de-cypher box. Furthermore, the algorithm for encryption is
secret.

My concern about this whole scheme is greater than I can express here.  I'm
sure the next couple of RISKS forums will be filled with messages concerning
the Clipper Chip, but for what it's worth, here's my $0.02:

I am concerned that this is the first step towards banning any other
encryption device that does not use the CC.  I am concerned that if there
*exists* a general de-cypher box, it can be stolen/hacked/duplicated/captured
by aliens.  I am concerned about the fact that the encryption algorithm is
secret. There is no way we can be sure the algorithm is sufficiently secure.
Key length is not the only factor in telling how secure an algorithm is. An
encryption scheme should be secure even if the algorithm is known.  I am
concerned that if this thing takes off in the States, other countries will not
follow, making international communications no more secure. And is other
countries do follow, there will be more than one decrypt-box, which in turn
will multiply the risks of one of these boxes being stolen hacked/corrupted in
any other way. This box will be become a *hot* item for organised crime. (Why
do I keep seeing scenes from 'Sneakers'?)

In short: I think this whole CC thing is an ungood idea, and I hope for
everyone who values his privacy that it will never lift-off.

--Ralph Moonen


Clipper and Who Holds Crypto Keys

"Lance J. Hoffman" <hoffman@seas.gwu.edu>
Wed, 21 Apr 93 16:54:14 EDT [RISKS-14.51]
In the light of the recent Clipper announcement, forum readers may wish
to revisit the discussions of "Who Holds the Keys?".  A good place to
start, in addition to some of the material in CACM of March 1993 (which
relates mainly to the FBI's digital telephony initiative), is Proceedings
of the 2nd Conference on Computers, Freedom, and Privacy (order no. 533921
from ACM Press, 1515 Broadway, New York NY 10036.  The same discussion is
available on audiotape from Audio Archives International, 800 747-8069 and
on videotape from Sweet Pea Productions, 800 235-4922 (cfpvideo@well.sf.ca.us).

Professor Lance J. Hoffman, Electrical Engineering and Computer Science,
The George Washington University, Washington, D. C. 20052

(202) 994-4955   fax: (202) 994-0227   hoffman@seas.gwu.edu

Please report problems with the web pages to the maintainer

Top