Critics Belittle Data Security Probe A bit late but ... from sci.crypt

[David Farber <farber () central cis upenn edu>]

San Lose Mercury News - July 16, 1993

Critics Belittle Data Security Probe
By Lee Gomes

A federal effort to answer complaints about a controversial government
data security plan apparently has fallen short of its goal, with
critics saying the effort isn't dealing with all of their concerns.

On Thursday, the National Institute of Standards and Technology, or
NIST, an agency of the Comerce Department, named five outside computer
researchers to evaluate software being used in the "Clipper" program, a
proposed federal standard to encode computer messages in order to keep
them secret.

Clipper, which uses both software and a special chip, has been
criticized by some cryptography experts for being an inferior
technology, and for potentially having a hidden "trap door" that might
allow law enforcement agencies to surreptitiously peek at computer
messages.

While the program would directly apply to only federal agencies, many
predict the standard would also come to dominate the commercial
market.

In an effort to convince people no such trap door exists, the five
experts working with NIST will evaluate the classified software used in
Clipper and then report publicly on their findings.

But Jim Bidzos, of RSA Data Security in Redwood City, a company that
sells a private encryption plan and which is one of the government's
main critics in the controversy, said the work of the five outsiders
will be of limited value, since they will only be looking at a protion
of Clipper software.

"There are a million other places where you can do some funny business
to grab messages," he said, including by copying or tampering with
Cliper hardware.

NIST has always maintained there is no trap door and that including one
would be superfluous because law enforcement agencies would be able to
get the "keys" to Clipper with a court order.

NIST spokeswoman Janice E. Kosko said the agency had invited 11 experts
to examine the actual encryption software, called Skipjack, provided
they would agree to obtain a security clearance and to speak publicly
about their findings without revealing the detailed workings of the
software. Six declined.

The five who accepted are Ernest Brickell of Sandia National
Laboritories, Dorothy Denning of the computer science department of
Georgetown University, Stephen T. Kent of BBN Communications Corp.,
David P. Maher of AT&T, and Walter Tuchman of Amperif Corp.

The five outsiders have been asked to submit individual findings by the
end of the month.  Because Clipper software is secret, the work of the
five will take place at a classified government laboratory in Bowie,
MD.


---