Jacking in from the SNAFU Port:

[David Farber <farber () central cis upenn edu>]

CyberWire Dispatch // Copyright (c) 1994 //


Jacking in from the SNAFU Port:


Washington, DC -- Matthew Blaze never intended to make the front
page of the New York Times.  He was just doing his job:  Nose
around inside the government's most secret, most revered encryption
code to see if he could "break it."


Blaze, a researcher for AT&T Bell Labs, was good at this particular
job. Maybe a bit too good.  Although he didn't actually "break" the
code, he did bend the fuck out of it.  That feat landed him a front
page story in the June 9 issue of the New York Times.


What Blaze found -- and quietly distributed among colleagues and
federal agencies in a draft paper -- was that design bugs in
Skipjack, the computer code that underlies the Clipper Chip
encryption scheme, can be jacked around, and re-scrambled so that
not even the Feds can crack it.  This of course defeats the whole
purpose of the Clipper Chip, which is to allow ONLY the government
the ability to eavesdrop on Clipper encoded conversations, faxes,
data transmissions, etc.


What Blaze's research attacks is something called the LEAF, short for "Law
Enforcement Access Field."  The LEAF contains the secret access code needed
by law enforcement agents to decode the scrambled messages.  Blaze
discovered that the LEAF uses only a 16- bit checksum, which is a kind of
self-checking mathematical equation.  When the checksum equations match up,
the code is valid and everything's golden.  The cops get to unscramble the
conversations and another kiddie porn ring is brought to justice.  (This is
what the FBI will tell you... again and again and again and... )


But you can generate a valid 16-bit checksum in about 20 minutes,
according to those crypto-rebels that traffic the Internet's Cypherpunks
mailing list.  "A 16-bit checksum is fucking joke," one cryptographic
expert from the list told Dispatch.  "If it weren't so laughable, I'd be
insulted that all this tax payer money has gone into the R&D of something
so flawed."


But the New York Times got the story *wrong* or at least it gave only part
of the story.  "What the New York Times story didn't say was that the
findings... had nothing to do with the Government standard, which covers
voice, facsimile and low-speed data transmission," said an AT&T spokesman.
AT&T was the first company to publicly support the Clipper Chip.  A stance
that was essentially bought and paid for by the U.S. government with the
promise it would get big government contracts to sell Clipper equipped
phones to Uncle Sam, according to documents previously obtained by
Dispatch.


The AT&T spokesman said the "frailty" that Blaze discovered doesn't
actually exist in the Clipper Chip applications.  "Our scientists,
working with National Security Agency (NSA) scientists, were
conducting research on proposed future extensions of the standard,"
he said.


Those "future extensions" are the so-called Tessera chip, intended to be
embedded in a PCMCIA credit card sized device that fits into a slot in your
computer.


When the NSA trotted out its Tessera card, it invited Blaze, among others,
to review the technology, essentially becoming a beta-tester for the NSA.
No formal contract was signed, no money changed hands.  Blaze took on the
job in a volunteer role.  Using a prototype Tessera chip installed on a
PCMCIA card, he broke the damn thing.


AT&T claims the whole scenario is different from the Clipper because the
LEAF generated by Clipper "is a real time application... with Tessera it's
static," the spokesman said.  He said Tessera would be used to encrypt
stored communications or Email.  "And with Tessera, the user has the
ability to get at the LEAF," he said, "with Clipper, you don't."


Blaze will deliver his paper, titled "Protocol Failure in the Escrowed
Encryption Standard," this fall during the Fairfax Conference.  His
findings "should be helpful" to the government "as it explores future
applications," of its new encryption technology the AT&T spokesman said.
"In our view, it's better to learn a technology's limitations while there's
time to make revisions before the Government spends large sums to fund
development programs."


This is an important, if subtle statement.  The Clipper Chip never
underwent this type of "beta-testing," a fact that's drawn the ire of
groups such as Computer Professionals for Social Responsibility (CPSR) and
the Electronic Frontier Foundation (EFF).  When the White House began to
take hits over this ugly situation, it agreed to have an independent panel
of experts review the classified code to check for any trapdoors.


Those experts claim they found nothing fishy, but their report -- alas
--has also been classified, leading to further demands for openness and
accountability.  The White House is stalling, naturally.


But in an apparent about face, the NSA allowed an "open" beta- testing for
Tess and -- surprise -- we find out there are bugs in the design.


Okay, Pop Quiz time: Does the existence of "Blaze Bug" make you feel:  (A)
More secure about the government's claim that Clipper will only be used to
catch criminals and not spy on the citizenry. (B) Less secure about
everything you've ever been told about privacy and encryption by the
Clinton Administration.  (C)  Like this entire episode is really an
extended "Stupid Pet Tricks" gag being pulled by David Letterman.


If you're still unsure about Clipper, check this quote from the AT&T
spokesman:  "It's worth noting that Clipper Chip wasn't subjected to this
type of testing."  Ah-huh... any questions?


The NSA is trying to downplay the news.  "Anyone interested in
circumventing law enforcement access would most likely choose simpler
alternatives," said Michael Smith, the agency's planning director, as
quoted by the New York Times.  "More difficult and time-consuming efforts,
like those discussed in the Blaze paper, are very unlikely to be employed."


He's right.  Those "simpler alternatives" include everything from private
encryption methods to not using a Clipper equipped phone or fax in the
first place.  (Of course, the FBI keeps insisting that criminals won't use
any of this "simpler" knowledge because they are "dumb.")


Despite the NSA's attempt to blow off these findings, the agency is
grinding its gears.  One NSA source told Dispatch that the Blaze
paper is "a major embarrassment for the program."  But the
situation is "containable" he said.  "There will be a fix."


Dispatch asked if there would be a similar review of the Clipper protocols
to see if it could be jacked around like Tess.  "No comment," was all he
said.


Meeks out...