Hackers Underworld 2: Forbidden Knowledge

home *** CD-ROM | disk | FTP | other *** search

/ Hackers Underworld 2: Forbidden Knowledge / Hackers Underworld 2: Forbidden Knowledge.iso / LEGAL / EFF601.TXT < prev next >

Wrap

Text File | 1994-07-17 | 55KB | 1,105 lines

****************************************************************** ////////////// ////////////// ////////////// /// /// /// /////// /////// /////// /// /// /// ////////////// /// /// ****************************************************************** EFFector Online Volume 6 No. 1 9/17/1993 editors@eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 1098 lines -==--==--==-<>-==--==--==- In This Issue: Clipper Escrow Agents Chosen Barlow's "A Plain Text on Crypto Policy" Crypto Conference in Austin Virginians Against Censorship -==--==--==-<>-==--==--==- **************************** Clipper Escrow Agents Chosen **************************** In the next several days, the Administration will announce it has chosen at least one escrow agency and has developed procedures for accessing escrow keys pursuant to warrant. Here is an account of an Administration hill staff briefing on September 16, 1993, and the draft procedures for law enforcement, foreign intelligence, and state and local law enforcement wiretapping. We are looking for comments and analysis. Please circulate widely. Jerry Berman, EFF. ================== RE: Clipper Escrow Agent Briefing for Congressional Staff Yesterday, September 15, 1993, a briefing was held for congressional staff regarding the status of the Clipper project. The lead briefers for the Administration were Mark Richard, Deputy Assistant Attorney General, Criminal Division, DOJ; Jim Kallstrom, FBI; Geoff Greiveldinger, Special Counsel, Narcotic and Dangerous Drug Section, DOJ; and John Podesta. Also present were Mary Lawton, Counsel for Intelligence Policy and Review, DOJ; Mike Waguespack, NSC; and Dwight Price, National District Attorneys Association. The Administration has tentatively settled on NIST and a yet to be determined non-law enforcement component of the Department of the Treasury as the "escrow agents." The Administration will finalize the choices in the next few days, according to John Podesta. The Attorney General will make an announcement, in what form has not been determined, but it will probably not be a Federal Register notice. The Attorney General will announce that she has adopted, and the escrows have agreed to follow, the attached procedures. The system will work as follows: (1) A black box (actually a PC) in the possession of a law enforcement agency will be able to read the Law Enforcement Access Field in a Clipper encrypted data stream and extract the identification number specific to the Clipper chip being used by the intercept target. Cost of the black box yet undetermined. How many will be purchased by law enforcement yet undetermined, although if use of Clipper becomes common, the black boxes will be in great demand, by federal as well as state and local agencies. They will be available only to law enforcement, with yet to be specified controls on their sale. Each black box will have a unique identifier. (2) The law enforcement agency will fax the device ID number to each of the escrow agents, along with a certification that the agency has authority to conduct the intercept, the ID number of the intercepting agency's black box, and the time period for which the intercept is authorized (in the case of Title III's, up to thirty days, with extensions). (3) The escrow agents will transmit the key components by encrypted link directly into the black box of the requesting law enforcement agency. The key components will only work with that particular black box, and will only work for the stated duration of the intercept. If the intercept is extended, the law enforcement agency will have to send a new request to the escrow agents to extend the life of the key components. The escrow agents will maintain logs of the requests. Greiveldinger stressed that the system is "replete with recordation of the transactions that will occur." The escrow agents also have a responsibility for maintaining the integrity of the chip manufacturing process. In opening remarks describing the need for the Clipper escrow system, Kallstrom had stressed that the AT&T product posed a unique threat in terms of voice quality, affordability, portability and strength of the encryption. The Administration rejects the argument that voice encryption is readily available. The AT&T product, which isn't available yet, is unique, and competing products, the Administration argues, are yet further in the future. The next voice encryption product in the pipeline is Motorola's, and Motorola has expressed interest in using Clipper in its product. The Administration argued that the need for compatibility would drive a significant share of the market to Clipper or Capstone-based products. Escrow coverage will not be complete, but the bad guys are careless and are expected to use Clipper products. The key criterion used in selecting the escrow agents was whether the agency had experience in and an infrastructure for handling sensitive information. The Administration did not want to use a law enforcement or national security component, for credibility reasons. It did not want to use private entities based on concerns about longevity and not wanting security to be governed by the need to make a profit. The briefers admitted that the proposed system is not really an escrow. The agencies holding the key components will not have any duties or responsibilities to the Clipper users. The escrows' obligation will be to the government, and they will be liable to Clipper users only under the Bivens doctrine, where any failure must be shown to be wilful. Both John Podesta and Mark Richard stated that there is no plan on or over the horizon to outlaw non-escrowed encryption. John and Mark said that the international aspects of the escrow/encryption issue are the thorniest to deal with, and there are no answers yet. Clipper products would be exportable with a license, although other countries may try to keep them out. (Nobody asked questions about changes in the rules governing export of non-Clipper encryption.) Other nations would not participate in the escrow system, nor, presumably, would they be allowed to buy the black boxes. E.G., if the British intercepted an IRA communication that appeared to be encrypted with Clipper, and came to the FBI for help, the anticipated escrow system would not allow the FBI to get the key from the escrow agents. ==================PROPOSED PROCEDURES AUTHORIZATION PROCEDURES FOR RELEASE OF ENCRYPTION KEY COMPONENTS IN CONJUNCTION WITH INTERCEPTS PURSUANT TO TITLE III The following are the procedures for the release of escrowed key components in conjunction with lawfully authorized interception of communications encrypted with a key-escrow encryption method. These procedures cover all electronic surveillance conducted pursuant to Title III of the omnibus Crime Control and Safe Streets Act of 1968, as amended (Title III), Title 18, United States Code, Section 2510 et seq. 1) In each case there shall be a legal authorization for the interception of wire and/or electronic communications. 2) All electronic surveillance court orders under Title III shall contain provisions authorizing after-the-fact minimization, pursuant to 18 U.S.C. 2518(5), permitting the interception and retention of coded communications, including encrypted communications. 3) In the event that federal law enforcement agents discover during the course of any lawfully authorized interception that communications encrypted with a key escrow encryption method are being utilized, they may obtain a certification from the investigative agency conducting th