Interesting People mailing list archives
From Brock N. Meeks R.I.P -- Privacy '94
From: David Farber <farber () central cis upenn edu>
Date: Sat, 5 Feb 1994 05:28:21 -0500
copyright 1994 CyberWire Brock N. Meeks Jacking in from a Non-Government Approved Encryption Port: Washington, DC -- The Clinton Administration today gang raped your privacy. The White House Friday announced its endorsement of a sweeping new security and privacy initiative. Privacy, as we know it, will never be the same. All the rules have changed. Forever. The catch is that the government gets to write all the rules; you get no vote. None. Worse, you can't even read the fucking rule book because it's classified. The initiative involves the creation of "new products to accelerate the development and use of advanced and secure telecommunications networks and wireless telecommunications links," the White House said. In English: Law enforcement and intelligence agencies now have an easy way to fuck with any and all forms of spoken or electronically transmitted communications. The policy is voluntary, of course. You don't have to sign on to it. You don't have to use government approved encryption devices. But if you plan to do any business with the government, you'll have to use them. And if the government gets its way, well, you'll end using them whether you want to or not. You'll have no choice (are you sensing a trend here?). All telephones, computers, fax machines, modems, etc. will come "wiretap ready." It will be the de facto standard. If you don't use the government standard, you'll be branding yourself a CryptoRebel. Big fucking deal? Maybe, maybe not. But think for a second. Perhaps some agency will be able to check your "crypto-approval rating." Perhaps those favorable bank loans, mortgage rates or low insurance premiums will only go to those with high crypto-approval ratings. But the White House is adamant about making sure you understand this whole damn thing is voluntary. And don't let anything sway you from believing that, not even the White House backgrounder materials that say no U.S. citizen "as a matter of right, is entitled to an unbreakable commercial encryption product." Just use the "balanced" approach of the government system, where in this case the "breakability" of the encryption belongs only with them. Everything will work out fine. Just listen: "Encryption is a law and order issue since it can be use by criminals to thwart wiretaps and avoid detection and prosecution," said Vice President Gore. "Our policy is designed to provide better encryption to individuals and businesses while ensuring that the needs of law enforcement and national security are met." The Administration won't tell you exactly why they expect you simply hand over all your privacy safeguards to them. "Listen, if you knew what we knew about criminal activity, this issue wouldn't even be debated," said Mike Nelson with the Office of Science and Technology Policy and co-chair of the Working Group on Data Security, a newly created interagency task force. Chicken or the Egg? ================== The new policy was hatched in the super-secret recesses of the National Security Agency (NSA). And while Clinton was still trying to find the instruction manual for his White House telephone system, the NSA, FBI and other assorted agencies shoved their ideas onto the National Security Council table. Before the Administration could blink, it found itself in the unenviable position of having backed a severely flawed security policy that has compromised the privacy of every U.S. citizen and drawn the ire of every civil liberties in the country. But the White House quickly put the breaks on, calling for a full scale, government wide "review" of its security and privacy policies. It gave privacy advocacy groups some breathing room. Surely the Administration, once it had a chance to actually study this damn thing, would see it through it. But the White House punted. The review was a smoke screen. Instead, it provided momentum inside the Administration. It was from this review, ordered last April, that this new initiative springs. And when all was said and done, the White House screwed the pooch. Clipper Sails On ================ The one trick pony here is the Clipper Chip, a device that can be installed in virtually any communications device. The chip scrambles all conversations. No one can crack the code, expect the government, of course. The Feds hold all the keys. Rather, they hold the only keys that count. Each Clipper chip is made with 3 unique keys. All three are needed to descramble the encrypted messages streaming through them. But only the government's keys matter. The key you get with your Clipper Chip is essentially the chip's social security number. You'll never actually see this key, have any idea what its number is or get your hands on it. If you try to sneak a peak at it, the damn thing self destructs. Honest. The other two keys will be held in electronic vaults; fraternal twins, separated by mandate. Each of these keys will be held by government agencies, called "escrow agents." One will be held by the National Institute for Standards and Technology, the other by the Automated Systems Division of the Dept. of Treasury. When a law enforcement agency, which could be your local sheriff's department, wants to wiretap a conversation that's been encrypted by Clipper they apply to each of the escrow agents. The agents send their respective key, electronically, to a "black box" operated by the law enforcement agency. As encrypted conversations stream into the box, they come out the back side in nice, neat sounding vowels and consonants, or in the case of electronic mail, in plain ol' ASCII. Yes, all law enforcement agencies need a court approved wiretap before they can pull this whole scheme off. This, the Administration says, is where you're privacy is protected. "We're not going to use Clipper to listen in on the American public," said Raymond Kammer of NIST deputy director. It will only be used to catch criminals. Honest. We Don't Need No Stinkin' Warrant ================================= Maybe now would be a good time to mention the National Security Agency. You know these guys. Super-secret, spook agency. Their mission? To monitor and intercept foreign communications. Did you catch that word FOREIGN? I hope so, it's crucial. The NSA is only allowed to intercept foreign communications -- spying on U.S. citizens is a crime. They can't even pry into a U.S. citizen's business a court ordered wiretap. A judge would never allow it. Yet it was the NSA that cooked up this whole Clipper Chip scheme. Why you ask? Good question. But the Administration refuses to discuss the issue. Here's another they can't answer. Suppose the NSA intercepts a message from Iraq and finds it's Clipper encrypted (that damn little black box is specially made to sniff out the Clipper's algorithm and descramble it's social security number). What does the NSA do with this encrypted Iraqi message? How does it decrypt the message? There's a classic Catch-22 running here. Agencies need the Clipper keys from the escrow agents to read the message or listen in on the conversation. But to get the keys you need proof that you have a warrant. The NSA is *never* issued a warrant. You see, the NSA doesn't need a warrant to spy on FOREIGN communications. So, this begs the $64,000 question is: How does the NSA get the escrow agents to give them the keys to decrypt the message if they can't show a warrant? Answer: They don't have to show a warrant; they don't have to cause; they don't have to show spit. What's wrong with this picture? "We have appropriate procedures and safeguards built into the system for the NSA," Nelson said. "I can't tell you what those are, of course, that would divulging too much about the NSA's operation." Fox Guarding the Chickens ========================= There will be absolutely no abuse of the system. This is what the Administration would like you to believe. They also would like you to believe that President's don't approve Watergate break-ins, that arms are never traded for hostages, that the FBI never secretly records civil rights leaders in the heat of infidelity and that FBI directors have never shown a proclivity for red sequined dresses and shiny high-heeled cruel shoes. Representatives from four government organizations stood before the press and outlined all the careful thinking and rigorous safeguards that have gone into this system. There are at least 9 different steps that must be followed to get these Clipper keys transferred from the escrow agents to the agency authorized to do the wiretap. Fair enough, isn't it? Well, it would be except for the fact that the Justice Department intentionally wrote a giant fucking loop- hole into the law. Buried in the Justice Department briefing papers, outlining the authorization procedures for release of the escrow keys, is this gem: "These procedures do not create, and are not intended to create, any substantive rights for individuals intercepted through electronic surveillance, and noncompliance with these procedures shall not provide the basis for any motion to suppress or other objection to the introduction of electronic surveillance evidence lawfully acquired." So, if somebody screws up, like for instance, asks for the keys to be sent before they actually have a wiretap in hand, or has no wiretap authority at all! there is no recourse provision. Criminals As Dumb Shits ======================= But what about that wily criminal element? Once they get wind of this, won't they seek out another type of encryption? The FBI doesn't think so. In fact, the FBI thinks criminals are such dumb shits that they'll forget all about the fact that Clipper even exists. "I predict that few criminals will remember years from now what they've read in the Wall Street Journal" about how these devices were installed in telephones, said FBI's James Kallestrom. (Of course, if criminals are so stupid, why are they perusing the Wall St. Journal... maybe he really meant the New York Times...) So let's get this right. The FBI is sure that criminals will "just forget" that Clipper is installed in their phones and use them anyway. These are the criminals that also would be forgetting that their multi-million dollar drug deals, not to mention their own sweet ass, could be in jeopardy every time they make a call. Yes, the government really thinks so. It's more likely that some bright, enterprising criminal mind will create a worldwide black market that deals in "non-Clipper Installed" encryption devices. Damn, talk about an industry with some growth potential. Getting To the Data Stream ========================== The whole damn program goes into the crapper, however, if the government can't get access to source, to the digital data stream, as it comes out of the telephone switch. In order to do this you have to tap the digital conversation. That's right, you guessed it: Digital Wiretap Access. The FBI failed on its own last year to generate any support in Congress for this digital wiretap proposal. Hell, the FBI couldn't even get a single member of Congress to introduce the thing. So the FBI broke the chain of command: They got the President and Vice President to sign off on the idea. The Administration will soon announce its decision on how it will give the FBI the right to easily wiretap even your unencrypted conversations. "Within a few months at most we should have something decided," said Barry Smith of the FBI's Congressional Affairs office. The FBI's Kallestrom said it was "all but a done deal." This isn't a question of whether or not the Administration will line up behind the FBI on this. It already has. It's only a matter of paperwork, and the nagging little issue of how to pay for making the telephone companies comply with the new rules. But these are small details, compared to the heat the Administration already knows it'll take when they finally unwrap this puppy. Private No More =============== OSTP's Nelson quipped that these security and privacy issues are the Cyberspace version of the Administration's muddied Bosnia policy. Like Bosnia, the White House expects the American public to "trust us" on this issue. After all, the Administration says, they know a hell of a lot more than we do about what kind criminal activity is really going down. Trusting these law enforcement and intelligence agencies is one thing; tempting them by putting all-powerful tools right into their hip pockets is something that should generate a hue and cry loud enough for all of Washington to hear. So, if you're really pissed off, just pick up the phone can call your neighbor. Somebody in Washington is bound to hear it. Meeks out....
Current thread:
- From Brock N. Meeks R.I.P -- Privacy '94 David Farber (Feb 05)