Interesting People mailing list archives
from Privacy newsgroup re: Key Escrow Panel at 16th NCSC
From: David Farber <farber () central cis upenn edu>
Date: Mon, 11 Oct 1993 08:10:59 -0400
Date: Thu, 30 Sep 93 14:31:41 EST From: "Tom Zmudzinski" <zmudzint () cc ims disa mil> Subject: Key Escrow Panel at 16th NCSC 21 Sep 93; 14:00-15:30; Room 317 of the Baltimore Convention Center Track "E" (Tutorials & Presentations) -- KEY ESCROWING ISSUES { This is an incomplete "transcribble" of what was said, a personal precis if you will, not a court-ordered wiretap. ;{D } Cast: Mr. Len McNulty (National Security Standards & Technology), Dr. Clinton Brooks (Advisor to the Director, NSA), Mr. Al MacDonald (Special Assistant to the Assistant Director of Technical Services, FBI), Dr. Dorothy Denning (Georgetown University), Mr. Miles Schmidt (Manager of Security Advisory Group, NIST), Mr. Daniel Weitzner (Senior Staff Council, Electronic Frontier Foundation) { Transcribbler's Note: I've done the best I can with what I heard, but cross-checking against the Preliminary Participants List proved to be useless so there may be some misheard/spelled names & titles. } McNulty chaired the panel and gave a background briefing on the "Clipper Chip/Skipjack Algorithm" broughaha. Bottom line: NIST saw a requirement for high grade encryption for voice and data throughout the private sector but also saw the need to retain the ability to wiretap under court order. { Transcribbler's Note: Anyone needing background details (1) hasn't been paying attention to the media or fora and (2) can get them there. } Brooks gave the NSA side -- NIST came to NSA in search of help with the encryption. The policy folks wrangled long and hard over installing a backdoor, but concluded that any such weakening would be self-defeating. Brooks went into detail about the workings of the key escrow process. Bottom line: The algorithm HAS to be kept secret other wise someone could reverse-engineer a box that would interoperate with an escrowed Clipper. This box could then "lie" in the LEAF (Law Enforcement Access Field) and thus be invulnerable to court-ordered breakback. MacDonald gave the FBI's version -- Wiretap is a rarely used, last ditch technique necessary to protect the country and the private individual. MacDonald cited the use of wiretap in a "kiddy porn" kidnap/murder case. Unfortunately, he presented NO hard data on the pros & cons, just opinion. Bottom line: Wiretap is too useful a tool for Law Enforcement to give up without a fight, so they're fighting. Denning gave a synopsis of the work to date on breaking Skipjack. (The interim report is available on the Internet.) Bottom line: Recognizing that the analysis was done under considerable time pressure, it bears out NSA's claim that Skipjack is high quality (comparable to military grade) encryption. Weitzner presented the EFF position -- The EFF Electronic Privacy Working Group shares the Government's goal of providing the users with choice as to how (or if) they would protect their privacy. A truly voluntary, well functioning escrow system is appropriate to look at and test as one of the many alternatives that people who need security and privacy have to work with. They are not taking the position that no escrow system should be implemented at all (although there is an EFF faction that doubts that the government is the appropriate escrow agent). For the EFF, the critical test will be whether or not the US export restrictions on cryptography are relaxed. Bottom line: EFF wants to make certain that it is a truly voluntary system, not mandated by law. ( Various questions from the floor to the panel ) (Someone questioned the academic rigor of the Skipjack Analysis.) A: Analysis was as good as could be done in the time available. (Cliford Ockersmith, Intel, wanted to know why Intel had been excluded from manufacturing the Clipper chip.) A: They haven't been. (There IS an issue because Clipper is a hardware standard, and Intel doesn't want to retool to meet this standard.) (It appears that the only time Clipper is vulnerable is when it is being keyed.) A: The various parts of the Skipjack keys are NEVER in the clear outside of the box that does the keying, even during a legal breakback. (What happens to a chip once it's been brokenback?) A: The wiretap process includes notifying the chip owner that it has been wiretapped. (What about a gift certificate for a new chip in the letter?) A: [ laughter ] (Someone asked again about making the algorithm public.) A: [ see above ] Also, this is a voluntary standard, you don't have to use it. (Question about terrorists voluntarily using other high grade encryption.) A: No change from today. (Question about identifying with whom one is securely conversing.) A: Not part of Clipper. (Phone companies market Caller-Id.) (Unidentified person handed out "A Scientific Statement on Clipper Chip Technology and Alternatives" at the exits.) A: Thank you. [ adjourn ] ----------- The preceding has the legal status of hearsay, so don't quote anybody.
Current thread:
- from Privacy newsgroup re: Key Escrow Panel at 16th NCSC David Farber (Oct 11)