home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Danny Amor's Online Library
/
Danny Amor's Online Library - Volume 1.iso
/
html
/
faqs
/
faq
/
net-privacy
/
part2
< prev
next >
Wrap
Text File
|
1995-07-25
|
51KB
|
1,184 lines
Subject: Privacy & Anonymity on the Internet FAQ (2 of 3)
Newsgroups: sci.crypt,comp.society.privacy,alt.privacy,sci.answers,comp.answers,alt.answers,news.answers
From: ld231782@longs.lance.colostate.edu (L. Detweiler)
Date: 21 May 1994 10:06:36 GMT
Archive-name: net-privacy/part2
Last-modified: 1993/10/11
Version: 3.2
IDENTITY, PRIVACY, and ANONYMITY on the INTERNET
================================================
(c) Copyright 1993 L. Detweiler. Not for commercial use except by
permission from author, otherwise may be freely copied. Not to be
altered. Please credit if quoted.
SUMMARY
=======
Information on email and account privacy, anonymous mailing and
posting, encryption, and other privacy and rights issues associated
with use of the Internet and global networks in general.
(Search for <#.#> for exact section. Search for '_' (underline) for
next section.)
PART 2
====== (this file)
Issues
------
<4.1> What is the Electronic Frontier Foundation (EFF)?
<4.2> Who are Computer Professionals for Social Responsibility (CPSR)?
<4.3> What was `Operation Sundevil' and the Steve Jackson Game case?
<4.4> What is Integrated Services Digital Network (ISDN)?
<4.5> What is the National Research and Education Network (NREN)?
<4.6> What is the FBI's proposed Digital Telephony Act?
<4.7> What is U.S. policy on freedom/restriction of strong encryption?
<4.8> What other U.S. legislation is related to privacy?
<4.9> What are references on rights in cyberspace?
<4.10> What is the Computers and Academic Freedom (CAF) archive?
<4.11> What is the Conference on Freedom and Privacy (CFP)?
<4.12> What is the NIST computer security bulletin board?
Clipper
-------
<5.1> What is the Clipper Chip Initiative?
<5.2> How does Clipper blunt `cryptography's dual-edge sword'?
<5.3> Why are technical details of the Clipper chip being kept secret?
<5.4> Who was consulted in the development of the Clipper chip?
<5.5> How is commerical use/export of Clipper chips regulated?
<5.6> What are references on the Clipper Chip?
<5.7> What are compliments/criticisms of the Clipper chip?
<5.8> What are compliments/criticisms of the Clipper Initiative?
<5.9> What are compliments/criticisms of the Clipper announcement?
<5.10> Where does Clipper fit in U.S. cryptographic technology policy?
ISSUES
======
_____
<4.1> What is the Electronic Frontier Foundation (EFF)?
From ftp.eff.org:/pub/EFF/mission_statement:
> A new world is arising in the vast web of digital, electronic
> media which connect us. Computer-based communication media like
> electronic mail and computer conferencing are becoming the basis
> of new forms of community. These communities without a single,
> fixed geographical location comprise the first settlements on an
> electronic frontier.
>
> While well-established legal principles and cultural norms give
> structure and coherence to uses of conventional media like
> newspapers, books, and telephones, the new digital media do not
> so easily fit into existing frameworks. Conflicts come about as
> the law struggles to define its application in a context where
> fundamental notions of speech, property, and place take
> profoundly new forms. People sense both the promise and the
> threat inherent in new computer and communications technologies,
> even as they struggle to master or simply cope with them in the
> workplace and the home.
>
> The Electronic Frontier Foundation has been established to help
> civilize the electronic frontier; to make it truly useful and
> beneficial not just to a technical elite, but to everyone; and to
> do this in a way which is in keeping with our society's highest
> traditions of the free and open flow of information and
> communication.
EFF was started by the multimillionaire Mitchell Kapor, founder of
Lotus software, and John Barlow, lyricist for the Grateful Dead
rock band. A highly publicized endeavor of the organization
involved the legal defense of Steve Jackson Games after an FBI
raid and an accompanying civil suit (see section on ``Steve
Jackson Games''). The foundation publishes EFF News (EFFector
Online) electronically, send requests to effnews-request@eff.org.
In a letter to Mitchell Kapor from the Chairman of the Subcommittee
with primary jurisdiction over telecommunications policy dated
November 5, 1991, Representative Edward J. Markey complemented
Mitchell Kapor on his ``insights on the development of a national
public information infrastructure'' which ``were appreciated greatly
by myself and the Members of the Subcommittee'' (complete text in
ftp.eff.com:/pub/pub-infra/1991-12):
> ...we need to pursue policies that encourage the Bell companies to
> work with other sectors of the communications industry to create
> a consumer-oriented, public information network. Please let me or
> my staff know what policies you and others in the computer
> industry believe would best serve the public interest in creating
> a reasonably priced, widely available network in which
> competition is open and innovation rewarded. I also want to
> learn what lessons from the computer industry over the past ten
> to fifteen years should apply to the current debate on
> structuring the information and communications networks of the
> future....I ask your help in gaining input from the computer
> industry so that the Subcommittee can shape policies that will
> bring this spirit of innovation and entrepreneurship to the
> information services industry.
ftp.eff.org
===========
/pub/EFF/about-eff
---
A file of basic information about EFF including goals, mission,
achievements, and current projects. Contains a membership form.
/pub/EFF/historical/founding-announcement
---
EFF founding press release.
/pub/EFF/historical/eff-history
---
John Perry Barlow's ``Not Terribly Brief History of the EFF'' (July
10, 1990). How EFF was conceived and founded, major legal cases,
and the organizational directions.
/pub/EFF/historical/legal-case-summary
---
EFF legal case summary.
_____
<4.2> Who are Computer Professionals for Social Responsibility (CPSR)?
The Computer Professionals for Social Responsibility have been
working to protect and promote electronic civil liberties issues
since ~1982. The group has three offices (Palo Alto, Cambridge,
Washington, DC) and 20 chapters. It is involved in litigation
against the FBI, The NSA, NIST, the Secret Service and other other
U.S. government agencies to declassify and provide documentation
on issues such as Operation Sundevil, the FBI wiretap proposal,
NSA's interference in crypography, the breakup of the 2600 raid in
Arlington, Va in Nov 1992. Members speak frequently in front on
Congress, state legislators and public utility commissions to
testify on privacy, information policy, computer security, and
caller identification.
CPSR has created an extensive Internet Privacy library available
via FTP, Gopher, WAIS, and email at cpsr.org, currently comprising
the largest collection of privacy documents on the internet. For
more information, anonymous FTP to cpsr.org:/cpsr/cpsr_info.
(Thanks to Dave Banisar <banisar@washofc.cpsr.org> for contributions
here.)
_____
<4.3> What was `Operation Sundevil' and the Steve Jackson Game case?
In the early 1990's a fear spread among U.S. law enforcement
agencies on the illicit activities of `hackers' and `phreakers'
involved in such activities as computer tampering via modem, credit
card fraud, and long-distance call thievery. (Descriptions of real
`hacking' exploits can be found in the book Cyberpunk by J. Markoff
and K. Hafner.)
See ftp.eff.org:/pub/SJG/General_Information/EFFector1.04:
> `Operation Sundevil,' the Phoenix-inspired crackdown of May
> 8,1990, concentrated on telephone code-fraud and credit-card
> abuse, and followed this seizure plan with some success.
> [Bulletin Board Systems] went down all over America, terrifying
> the underground and swiftly depriving them of at least some of
> their criminal instruments. It also saddled analysts with some
> 24,000 floppy disks, and confronted harried Justice Department
> prosecutors with the daunting challenge of a gigantic nationwide
> hacker show-trial involving highly technical issues in dozens of
> jurisdictions.
Massive `show-trials' never materialized, although isolated
instances of prosecution were pursued. The movement reached a
crescendo in Texas with the highly publicized case of illegal
search and seizure involving the Steve Jackson Games company of
Austin Texas on March 1, 1990. From the column GURPS' LABOUR LOST
by Bruce Sterling <bruces@well.sf.ca.us> in Fantasy and Science
Fiction Magazine:
> In an early morning raid with an unlawful and unconstitutional
> warrant, agents of the Secret Service conducted a search of the
> SJG office. When they left they took a manuscript being prepared
> for publication, private electronic mail, and several computers,
> including the hardware and software of the SJG Computer Bulletin
> Board System. Yet Jackson and his business were not only
> innocent of any crime, but never suspects in the first place.
> The raid had been staged on the unfounded suspicion that
> somewhere in Jackson's office there `might be' a document
> compromising the security of the 911 telephone system.
(A detailed and vivid account of the seizure is documented in the
book ``The Hacker Crackdown'' by Bruce Sterling.) FBI agents
involved in the seizure were named in a civil suit filed on behalf
of Steve Jackson Games by The Electronic Frontier Foundation. See
information on EFF below. From an article by Joe Abernathy in the
Houston Chronicle ~Feb 1, 1993:
> AUSTIN -- An electronic civil rights case against the Secret
> Service closed Thursday with a clear statement by federal
> District Judge Sam Sparks that the Service failed to conduct a
> proper investigation in a notorious computer crime crackdown,
> and went too far in retaining custody of seized equipment.
>
> Secret Service Special Agent Timothy Foley of Chicago, who was in
> charge of three Austin computer search-and-seizures on March 1,
> 1990, that led to the lawsuit, stoically endured Spark's rebuke
> over the Service's poor investigation and abusive computer
> seizure policies. While the Service has seized dozens of
> computers since the crackdown began in 1990, this is the first
> case to challenge the practice.
>
> Sparks grew visibly angry when it was established that the Austin
> science fiction magazine and game book publisher was never
> suspected of a crime, and that agents did not do even marginal
> research to establish a criminal connection between the firm and
> the suspected illegal activities of an employee, or to determine
> that the company was a publisher. Indeed, agents testified that
> they were not even trained in the Privacy Protection Act at the
> special Secret Service school on computer crime.
>
> "How long would it have taken you, Mr. Foley, to find out what
> Steve Jackson Games did, what it was?" asked Sparks. "An hour?
>
> "Was there any reason why, on March 2, you could not return to
> Steve Jackson Games a copy, in floppy disk form, of everything
> taken?
>
> "Did you read the article in Business Week magazine where it had
> a picture of Steve Jackson -- a law-abiding, tax-paying citizen
> -- saying he was a computer crime suspect?
>
> "Did it ever occur to you, Mr. Foley, that seizing this material
> could harm Steve Jackson economically?"
>
> Foley replied, "No, sir," but the judge offered his own answer.
>
> "You actually did, you just had no idea anybody would actually go
> out and hire a lawyer and sue you."
>
> More than $200,000 has been spent by the Electronic Frontier
> Foundation in bringing the case to trial. The EFF was founded by
> Mitchell Kapor amid a civil liberties movement sparked in large
> part by the Secret Service computer crime crackdown.
The trial is now recognized as a legal precedent explicitly
guaranteeing protection of electronically stored information under
the Privacy Protection Act, and safeguarding bulletin boards and
electronic mail by federal wiretap laws limiting government
surveillance powers. See the Wall Street Journal, 3/18/93, p. B1,
``Ruling Gives Privacy a High-Tech Edge''
ftp.eff.org
===========
/pub/cud/papers/sundevil
---
A collection of information on Operation SunDevil by the Epic
nonprofit publishing project. Everything you wanted to know but
could never find.
/pub/cud/papers/sj-resp
---
Steve Jackson's response to the charges against him.
_____
<4.4> What is Integrated Services Digital Network (ISDN)?
ISDN is a high-speed data communications standard that utilizes
existing copper telephone lines, and is a possible inexpensive and
intermediate alternative to laying fiber optic cable for phone
networks. The speeds involved may be sufficient for audio and
video transmission applications. G. V. der Leun in the file
ftp.eff.org: /pub/pub-infra/1991-11:
> Telecommunications in the United States is at a crossroads. With
> the Regional Bell Operating Companies now free to provide
> content, the shape of the information networking is about to be
> irrevocably altered. But will that network be the open,
> accessible, affordable network that the American public needs?
> You can help decide this question.
>
> The Electronic Frontier Foundation recently presented a plan to
> Congress calling for the immediate deployment of a national
> network based on existing ISDN technology, accessible to anyone
> with a telephone connection, and priced like local voice service.
> We believe deployment of such a platform will spur the
> development of innovative new information services, and maximize
> freedom, competitiveness, and civil liberties throughout the
> nation.
>
> The EFF is testifying before Congress and the FCC; making
> presentations to public utility commisions from Massachusetts to
> California; and meeting with representatives from telephone
> companies, publishers, consumer advocates, and other stakeholders
> in the telecommunications policy debate.
>
> The EFF believes that participants on the Internet, as pioneers on
> the electronic frontier, need to have their voices heard at this
> critical moment.
To automatically receive a description of the platform and details,
send mail to archive-server@eff.org, with the following line:
send documents open-platform-overview
or send mail to eff@eff.org. See also the Introduction to the EFF
Open Platform Proposal in ftp.eff.org:/pub/pub-infra/1991-02.
References
==========
``Digital Data On Demand.'' MacWorld, 2/82 (page 224).
---
56Kbps vs. ISDN services and products. See comments by J. Powers
in ftp.eff.org:pub/pub-infra/1992-02.
``Telephone Service That Rings of the Future.'' By Joshua Quittner.
Newsday, Tue, Jan 7 1992.
---
Implications of ISDN for the masses, written in popular science
style. John Perry Barlow (cofounder EFF). Regional telephone
companies (Ohio Bell). ISDN as ``Technological Rorschach Test.''
Anecdotes about McDonald's, Barbara Bush teleconferencing. See
complete text in ftp.eff.org:/pub/pub-infra/1992-01.
ftp.eff.org:/pub/pub-infra/
---
Files 1991-11 through 1992-05 containing email from the EFF public
infrastructure group organized by month. Opinions and facts on
the pros and cons of ISDN, Integrated Services Digital Network.
Uses of ISDN (phone video, audio, etc.) Japanese model.
Alternatives to ISDN (HDSL, ADSL, fiber optics). Technical
specifications of ISDN, implementation details, cost issues,
political obstacles, (RBOC, Regional Bell Operating Companies or
`Baby Bells', e.g. NET, New England Telephone). Influencing
development of future networks (e.g. ISDN and NREN, National
Research and Education Network), encouraging competition (cable
TV systems). Press releases and news articles. Letter from Rep.
E. J. Markey to M. Kapor.
_____
<4.5> What is the National Research and Education Network (NREN)?
The Nation Research and Education Network was introduced in
legislation cosponsored by Sen. A. Gore to promote high-speed data
network infrastructure augmenting the internet with up to 50 times
faster transmission rates. The bill passed the House on November
20, 1991, the Senate on November 22, 1991, and was signed by the
President on December 9, 1991.
ftp.eff.org
===========
/pub/internet-info/gore.bill
---
102nd congress 1st Session. Text of high performance computing
bill cosponsored by Sen. A. Gore.
/pub/EFF/legislation/gore-infrastructure-bill
---
The text of S.2937, the Information Infrastructure and Technology
Act of 1992 introduced by Senator Gore to expand Federal efforts
to develop technologies for applications of high-performance
computing and high-speed networking, and to provide for a
coordinated Federal program to accelerate development and
deployment of an advanced information infrastructure.
U.S. SAID TO PLAY FAVORITES IN PROMOTING NATIONWIDE COMPUTER NETWORK
By John Markoff, N.Y. Times (~18 Dec 91).
---
President Bush's legislation for natiowide computer data
`superhighway.' IBM-MCI venture as monopoly destructive to fair
competition and innovation? National Science Foundation NSFnet.
complete text in /pub/pub-infra/1991-12.
Commentary
==========
/pub/academic/statements/nren.privacy.cpsr
---
``Proposed Privacy Guidelines for the NREN'' -- Statement of Marc
Rotenberg, Washington Director Computer Professionals for Social
Responsibility (CPSR).
/pub/internet-info/cisler.nren
---
The National Research and Education Network: Two meetings Steve
Cisler, Senior Scientist Apple Computer Library December 17, 1990
Summary of meetings exploring educational issues of NREN by
diverse members of academia and industry.
/pub/internet-info/privatized.nren
---
Feb. 14 1991 essay by M. Kapor advocating advantages of a private
National Public Network, and specific recommendations for open
NREN policies encouraging competition.
_____
<4.6> What is the FBI's proposed Digital Telephony Act?
``Providers of electronic communication services and private branch
exchange operators shall provide within the United States
capability and capacity for the government to intercept wire and
electronic communications when authorized by law...''
From `BBS Legislative Watch: FBIs Wiretapping Proposal Thwarted' by
S. Steele in Boardwatch Magazine, Feb. 1993, p. 19-22:
> In a move that worried privacy experts, software manufacturers and
> telephone companies, the FBI proposed legislation to amend the
> Communications Act of 1934 to make it easier for the Bureau to
> perform electronic wiretapping. The proposed legislation,
> entitled 'Digital Telephony,' would have required communications
> service providers and hardware manufacturers to make their
> systems 'tappable' by providing 'back doors' through which law
> enforcement officers could intercept communications. Furthermore,
> this capability would have been provided undetectably, while the
> communications was in progress, exclusive of any communications
> between other parties, regardless of the mobility of the target
> of the FBI's investigation, and without degradation of service.
>
> ... under the proposal, the Department of Justice (DOJ) can keep
> communications products off the market if it determines that
> these products do not meet the DOJ's own ... guidelines. This
> [could] result in increased costs and reduced competitiveness for
> service providers and equipment manufacturers, since they will be
> unlikely to add any features that may result in a DOJ rejection
> of their entire product. ... the FBI proposal suggests that the
> cost of this wiretapping 'service' to the Bureau would have to be
> borne by the service provider itself ...
>
> The Electronic Frontier Foundation organized a broad coalition of
> public interest and industry groups, from Computer Professionals
> for Social Responsibilty (CPSR) and the ACLU to AT&T and Sun
> Microsystems, to oppose the legislation. A white paper produced
> by the EFF and ratified by the coalition, entitled, `An Analysis
> of the FBI Digital Telephony Proposal,' was widely distributed
> throughout the Congress. ... The Justice Department lobbied hard
> in the final days to get Congress to take up the bill before
> Congress adjourned, but the bill never ... found a Congressional
> sponsor (and was therefore never officially introduced). The FBI
> [may] reintroduce "Digital Telephony" when the 103rd Congress
> convenes in January.
See also the section on the Clipper chip.
ftp.eff.org
===========
/pub/EFF/legislation/fbi-wiretap-bill
/pub/EFF/legislation/new-fbi-wiretap-bill
---
A bill to ensure the continuing access of law enforcement to the
content of wire and electronic communications when authorized by
law and for other purposes. Version 2 of the bill after FBI
changes in response to public response.
/pub/EFF/papers/decrypting-puzzle-palace
---
Analysis of the NSA and FBI role in future wiretapping and
cryptographic regulation roles, by J. Barlow, cofounder of the
EFF (May 1992).
/pub/EFF/legal-issues/eff-fbi-analysis
---
The EFF-sponsored analysis of the FBI's Digital Telephony proposal.
_____
<4.7> What is U.S. policy on freedom/restriction of strong encryption?
The Clipper announcement says ``we [the Clinton Administration]
understand the importance of encryption technology in
telecommunications and computing'' and specifically addresses the
question, ``would the Administration be willing to use legal
remedies to restrict access to more powerful encryption devices?''
It states that ``The U.S. [is not] saying that `every American, as
a matter of right, is entitled to an unbreakable commercial
encryption product' '' although currently ``the Administration is
not saying, `since [strong] encryption threatens the public safety
and effective law enforcement, we will prohibit it outright' as
some countries have effectively done.'' However, currently no
U.S. laws regulate domestic cryptography use, although the U.S.
International Traffic in Arms Regulations classify cryptographic
devices as `munitions' and regulate export. Some argue that
regulation of domestic cryptographic techniques would be
unconstitutional under guarantees of freedom of speech.
_____
<4.8> What other U.S. legislation is related to privacy?
ftp.eff.org
===========
/pub/cud/law/<state>
---
State computer crime laws:
AL, AK, AZ, CA, CO, CT, DE, FL, GA,
HI, IA, ID, IL, IN, MD, MN, NC, NJ,
NM, NY, OR, TX, VT, VA, WA, WI, WV.
/pub/cud/law/<country>
---
Current computer crime laws for: The United States (federal
code), Canada, Ghana, and Great Britain.
/pub/cud/law/bill.s.618
---
Senate bill 618, addressing registration of encryption keys with
the government.
/pub/cud/law/monitoring
---
Senate bill 516; concerning abuses of electronic monitoring in the
workplace.
/pub/cud/law/us.e-privacy
---
Title 18, relating to computer crime & email privacy.
_____
<4.9> What are references on rights in cyberspace?
ftp.eff.org
===========
/pub/cud/papers/const.in.cyberspace
---
Laurence Tribe's keynote address at the first Conference on
Computers, Freedom, & Privacy. `The Constitution in Cyberspace'
/pub/cud/papers/denning
---
Paper presented to 13th Nat'l Comp Security Conf ``Concerning
Hackers Who Break into Computer Systems'' by Dorothy E Denning.
/pub/cud/papers/privacy
---
``Computer Privacy vs First and Fourth Amendment Rights'' by
Michael S. Borella
/pub/cud/papers/rights-of-expr
---
Rights of Expression in Cyberspace by R. E. Baird
_____
<4.10> What is the Computers and Academic Freedom (CAF) archive?
The CAF Archive is an electronic library of information about
computers and academic freedom. run by the Computers and Academic
Freedom group on the Electronic Frontier Foundation FTP site.
> If you have gopher, the archive is browsable with the command:
> gopher -p academic gopher.eff.org
>
> It is available via anonymous ftp to ftp.eff.org (192.88.144.4) in
> directory `pub/academic'. It is also available via email. For
> information on email access send email to archive-server@eff.org.
> In the body of your note include the lines `help' and `index'.
>
> For more information, to make contributions, or to report typos
> contact J.S. Greenfield (greeny@eff.org).
ftp.eff.org
===========
/pub/academic/statements/caf-statement
---
Codifies the application of academic freedom to academic
computers, reflecting seven months of on-line discussion about
computers and academic freedom. Covers free expression, due
process, privacy, and user participation.
/pub/academic/books
---
Directory of book references related to Computers and Academic
Freedom or mentioned in the CAF discussion. The file books/README
is a bibliography.
/pub/academic/faq/archive
---
List of files available on the Computers and Academic Freedom
archive.
/pub/academic/news
---
Directory of all issues of the Computers and Academic Freedom
News. A full list of abstracts is available in file `abstracts'.
The special best-of-the-month issues are named with their month,
for example, `June'.
_____
<4.11> What is the Conference on Freedom and Privacy (CFP)?
CFP is a yearly conference covering issues such as data security,
hacking, viruses, law enforcment, etc. The written proceedings
and the electronic written proceedings of the Second Conference on
Computers, Freedom, and Privacy, sponsored by the Association for
Computing Machinery and held March 18-20, 1992 in Washington, D. C.
are available.
To obtain the written proceedings, contact the ACM Order Department,
P. O. Box 64145, Baltimore MD 21264, 1-800-342-6626 or
1-410-528-4261 (MD, AK, and outside US).
To obtain the electronic proceedings, make an ftp connnection
to ftp.gwu.edu and login as "anonymous". Get file CFP2S00, which
has a table of contents describing the other files CFP2S01,
CFP2S02, ..., CFP2S11.
Thanks to Lance J. Hoffman <hoffman@seas.gwu.edu> for contributions
here.
_____
<4.12> What is the NIST computer security bulletin board?
> NIST maintains a computer security bulletin board system (BBS)
> and Internet-accessible site for computer security information
> open to the public at all times. These resources provide
> information on computer security publications, CSL Bulletins,
> alert notices, information about viruses and anti-virus tools, a
> security events calendar, and sources for more information.
>
> To access the BBS, you need a computer with communications
> capability and a modem. For modems at 2400 bits per second (BPS)
> or less, dial (301) 948-5717. For 9600 BPS, dial (301) 948-5140.
> Modem settings for all speeds are 8 data bits, no parity, 1 stop
> bit.
>
> Internet users with telnet or ftp capability may telnet to the
> BBS at cs-bbs.nist.gov (129.6.54.30). To download files, users
> need to use ftp as follows: ftp to csrc.nist.gov (129.6.54.11),
> log into account anonymous, use your Internet address as the
> password, and locate files in directory pub; an index of all
> files is available for download.
>
> For users with Internet-accessible e-mail capability, send
> e-mail to docserver@csrc.nist.gov with the following message:
> send filename, where filename is the name of the file you wish
> to retrieve. send index will return an index of available
> files.
CLIPPER
=======
_____
<5.1> What is the Clipper Chip Initiative?
On April 16, 1993 the Clinton Administration announced the Clipper
Chip Directive in a saturated publicity effort (including postings
to Usenet newsgroups by NIST) that introduced the technology and
`proposal' that had been developed in strict secrecy prior to that
date. The `initiative' introduced the Clipper Chip, a high-speed
and `high-security' encryption device with applications in
telephones and other network devices, and the government commitment
to installing it in future select government telephones with
potentially much more widespread penetration (e.g. NREN, commercial
telephones, computers, etc.). The voluntary program seeks to unite
the federal government and private industry ``to improve the
security and privacy of telephone communications while meeting the
legitimate needs of law enforcement'' by use of the chip. Critical
aspects of the directive:
- ``A state-of-the-art microcircuit called the `Clipper Chip' has
been developed by government engineers'', for use in phones with
more power than many commercial encryption devices currently
available. ``The key escrow mechanism will provide Americans with
an encryption product that is more secure, more convenient, and
less expensive than others readily available today.''
- The technology seeks to ``help companies protect proprietary
information, protect the privacy of personal phone conversations
and prevent unauthorized release of data transmitted
electronically'' while preserving ``the ability of federal, state
and local law enforcement agencies to intercept lawfully the
phone conversations of criminals''.
- ``A "key-escrow" system will be established to ensure that the
"Clipper Chip" is used to protect the privacy of law-abiding
Americans.'' Keys are released from the escrow agencies to
``government officials with legal authorization to conduct a
wiretap.''
- ``The two key-escrow data banks will be run by two independent
entities. At this point, the Department of Justice and the
Administration have yet to determine which agencies will oversee
the key-escrow data banks.''
- ``The Attorney General will soon purchase several thousand of the
new devices.'' to ``demonstrate the effectiveness of this new
technology.''
- `Clipper Chip' technology provides law enforcement with ``no new
authorities to access the content of the private conversations of
Americans''.
- The Clipper decision was developed and sanctioned by The National
Security Council, the Justice Department, the Commerce
Department, and ``other key agencies''. ``This approach has
been endorsed by the President, the Vice President, and
appropriate Cabinet officials.''
_____
<5.2> How does Clipper blunt `cryptography's dual-edge sword'?
The Clipper wiretapping initiative refers to `tension between
economic vitality and the real challenges of protecting Americans'
and `previous policies [that] have pitted government against
industry and the rights of privacy against law enforcement.' The
Clipper Initiative attempts to find a compromise in encryption's
``dual-edge sword'' wherein it ``helps to protect the privacy of
individuals and industry, but it also can shield criminals and
terrorists.'' ``The Administration is committed to policies that
protect all Americans' right to privacy while also protecting them
from those who break the law.''
The statement notes that sophisticated encryption technology is
increasingly being used by Americans to ``protect business secrets
and the unauthorized release of personal information'' but also
``by terrorists, drug dealers, and other criminals.'' and declares
that ``We need the "Clipper Chip" and other approaches that can
both provide law-abiding citizens with access to the encryption
they need and prevent criminals from using it to hide their illegal
activities.''
Regarding privacy via encryption vs. wiretapping, the Clipper
announces: ``There is a false `tension' created in the assessment
that this issue is an "either-or" proposition. Rather, both
concerns can be, and in fact are, harmoniously balanced through a
reasoned, balanced approach such as is proposed with the "Clipper
Chip" and similar encryption techniques.''
_____
<5.3> Why are technical details of the Clipper chip being kept secret?
- The algorithm will ``remain classified'' to ``protect the
security of the key escrow system.''
- ``Respected experts from outside the government will be offered
access to the confidential details of the algorithm to assess its
capabilities and publicly report their findings.''
- ``We are willing to invite an independent panel of cryptography
experts to evaluate the algorithm to assure all potential users
that there are no unrecognized vulnerabilities.''
_____
<5.4> Who was consulted in the development of the Clipper chip?
- ``The President has directed early and frequent consultations
with affected industries, the Congress and groups that advocate
the privacy rights of individuals.''
- ``We have briefed members of Congress and industry leaders on the
decisions related to this initiative'' and ``expect those
discussions to intensify''.
_____
<5.5> How is commerical use/export of Clipper chips regulated?
- ``Q. How do I buy one of these encryption devices? A. We expect
several manufacturers to consider incorporating the "Clipper
Chip" into their devices.''
- ``The government designed and developed the key access encryption
microcircuits, but ... product manufacturers ... [buy] the
microcircuits from the chip manufacturer [Mykotronx] that
produces them.''
- The chip's (unspecified) `programming function' ``could be
licensed to other vendors in the future.'' Also, ``We plan to
review the possibility of permitting wider exportability of these
products.''
- ``Case-by-case review for each export is required to ensure
appropriate use of these devices'' fitting in with the existing
program for review of ``other encryption devices.'' ``We expect
export licenses will be granted on a case-by-case basis for U.S.
companies.
_____
<5.6> What are references on the Clipper Chip?
- ``Wrestling over the Key to the Codes.'' J. Markoff. The New
York Times, Sunday May 9, 1993.
> ``Electronic communication will be the fabric of tomorrow's
> society, and we will have daily interaction with intimates we
> can only rarely afford to visit in person,'' said Whitfield
> Diffie, a computer researcher at Sun Mycrosystems and one of
> the nation's leading cryptographers. ``By codifying the
> Government's power to spy invisibly on these contacts, we take
> a giant step toward a world in which privacy belongs only to the
> wealthy, the powerful, and perhaps, the criminals.''
- ``The Code of the Future: Uncle Sam wants you to use ciphers it
can crack.'' S. Begley, M. Liu, J. C. Ramo. Newsweek, June 7
1993.
> For now, no one is forced to use the NSA chip. But
> manufacturers who put a rival chip into, say, their modems
> would likely be denied government contracts, as well as export
> licenses for the NSA-proof products. Even that may not appease
> the spymasters. ``No one rules out a mandatory encryption
> standard,'' says NIST spokesman Mats Heyman. That's industry's
> greatest fear.
- ``Government picks affordable chip to scramble phone calls.'' By
Frank J. Murray. The Washington Times, April 17, 1993 Saturday,
Final Edition.
> President Clinton gave a major boost yesterday to one telephone-
> scrambler technology in a decision its delighted manufacture
> likens to the choice of VHS over Beta for videotape machines.
>
> An administration official said the consideration will be given
> to banning more sophisticated systems investigators cannot
> crack, thereby creating a balance between banning private
> encryption and declaring a public right to unbreakably coded
> conversations.
- ``Computer Group, Libertarians Question Clinton Phone Privacy
Stance.'' By Rory J. O'Connor, San Jose Mercury News, Calif.
Knight-Ridder/Tribune Business News, ~Apr. 17 1993.
> SAN JOSE, Calif.--Apr. 17--Civil libertarians and a major
> computer industry group raised concerns Friday about how much
> protection a Clinton administration plan would afford private
> electronic communications, from cellular telephone calls to
> computer data.
>
> "I don't want to sound too stridently opposed to this," said Ken
> Wasch, executive director of the Software Publishers
> Association (SPA) in Washington. "But...we feel blindsided."
>
> American Telephone & Telegraph Co. announced Friday it would
> adapt the $1,200 product, called the Telephone Security Device,
> to use the Clipper Chip by the end of this fiscal quarter. AT&T
> makes a related device, which encrypts voice and computer data
> transmissions, that could be converted to the Clipper
> technology, said spokesman Bill Jones.
>
> VLSI, which invented a manufacturing method the company said
> makes it difficult to "reverse engineer" the chip or discern
> the encryption scheme, expects to make $50 million in the next
> three years selling the device, said Jeff Hendy, director of
> new product marketing for the company.
- ``New Scrambler Designed to Protect Privacy, But Allow Police
Monitoring.'' By Christopher Drew, Chicago Tribune.
Knight-Ridder/Tribune Business News, ~Apr. 19, 1993.
> WASHINGTON--Apr. 19--As a step toward the development of vast
> new data "superhighways," the federal government has designed a
> powerful device that would protect the privacy of electronic
> communications by encoding them but still allow police to
> eavesdrop.
>
> "`A.k.a. Big Brother,' that's what I call it," said Stephen
> Bryen, a former Pentagon official who runs a company developing
> a rival encryption system.
>
> Bryen said it was "very disturbing" that the government has gone
> so far with the previously classified project "without
> consulting with experts in the industry" whose investments
> could be wiped out.
>
> To spur the venture, the Justice Department will soon purchase
> several thousand of the devices. Military and spy agencies also
> are expected to use them.
- ``US reveals computer chip for scrambling telephones.'' By John
Mintz. Washington Post, April, 17 1993.
> WASHINGTON -- The White House yesterday announced its new plan
> to prevent criminals, terrorists, and industrial spies from
> decoding communications over telephones, fax machines, and
> computers while ensuring the government's ability to eavesdrop.
>
> The official White House announcement yesterday was the
> endorsement of the Clipper Chip, developed by NSA, as the
> government standard for encryption devices.
- ``Clinton security plan hints of Big Brother: Clipper Chip would
let governemnt eavesdrop on encrypted voice and data
communications.'' By Ellen Messmer. Network World, April 19,
1993.
> But government officials had a difficult time last week
> rebutting the question why any criminal would use a Clipper
> Chip-based product when the person knows the government could
> listen in, particularly since there are a host of other
> encryption products available on the market that are, in
> theory, unbreakable codes.
>
> "A criminal probably wouldn't use it," said Mike Agee, marketing
> manager for secure products at AT&T, adding that the Clipper
> Chip is for the rest of the world.
For additional details, call Mat Heyman, National Institute of
Standards and Technology, (301) 975-2758.
See also soda.berkeley.edu:/pub/cypherpunks/clipper/ for an excellent
collection of data and articles, including information on Mycotronx,
the Clipper chip maker.
_____
<5.7> What are compliments/criticisms of the Clipper chip?
Compliments
----------
- Chip may protect the law abiding citizen's privacy from the casual
snooper.
- Potentially sophisticated and superior algorithm endorsed by the
NSA.
- May establish a new standard whereby companies may be able to
come up with competing pin-compatible chips.
- Potential for encrypting `on top' of the Clipper algorithm.
- May allow diverse law enforcement agency's to retain wiretapping
ability without serious or impossible obstacles.
- May enable broad new traffic analysis by law enforcement agencies.
Criticisms
----------
- Algorithm designed exclusively by the NSA with biased interests.
- Possibly unsophisticated, inferior, or more costly in comparison
with current or emerging technology.
- Compromised keys retroactively weaken all communication ever sent
over the device.
- Key generation techniques are `baroque activities in a vault':
suspicious and unrealistic-sounding.
- Impossible to ensure secrecy of a chip in the face of today's
technology and inevitable intense independent inquiry and
scrutiny, and dependence on it weakens security.
- No specific assurance that key generation is impartial and safe.
- Secrecy of the algorithm prevents serious inquiry and sabotages
trust in the algorithm. No guarantee against `back door'.
_____
<5.8> What are compliments/criticisms of the Clipper Initiative?
Compliments
-----------
- Brings privacy and encryption issues into the limelight.
- Sharpens the public debate on the role, extent, and legitimacy of
wiretapping practices.
- Exposes previously concealed high-level agenda in U.S. government
to manage cryptographic technology.
- Potential new option for individuals and companies interested in
protecting privacy.
- Suggests Clinton administration has strong interest in technology,
reaching compromises, and encouraging competitiveness.
Criticisms
----------
- Evasion of critical aspects (such as key agencies) and
preoccupation with others (references to criminals) ``begs the
question'' of inherent public desireability and support of plan.
- Legality within framework of paramount constitutional guarantees
on freedom of speech and freedom from unreasonable search and
seizure wholly unaddressed.
- Unilaterally imposed, i.e. no involvement from the parties it
purports to represent.
- Funded with taxpayer money with no meaningful public oversight and
scrutiny.
- Represents a fundamental switch in the government's role in
wiretapping from passive to active.
- Potentially criminals won't use the technology and will easily
evade it, while law-abiding citizens will be inconvenienced
and/or sacrifice rights.
- Does not protect the individual from corrupt government officials.
- Secrecy of the algorithm may amount to `security through
obscurity,' i.e. the algorithm security may rely on aspects of
chip operation staying confidential and undiscovered.
- Government appears to be colluding with private companies and
using leverage to intentionally create a monopoly.
- Possibility of taxpayer funds effectively subsidizing chip sales
not addressed.
- Secrecy of the chip design prevents inquiries into its precise
security.
- ``government engineers'' in competition with private industries,
with special favoritism in policies of the Clinton
administration.
- May require new vast and superfluous government bureacracies.
_____
<5.9> What are compliments/criticisms of the Clipper announcement?
Compliments
-----------
- Shows unequivocal commitment to wiretapping drug dealers,
criminals, and terrorists.
- Publicizes previously secret development and processes regarding
Clipper in particular and cryptography in general.
- Well publicized within some circles. Usenet press release
unprecedented and sophisticated.
- Shows Clinton administration commitment to developing national
policies on `information infrastructure' and the intrinsic role
of encryption technology.
- Masterpiece of propaganda for study by future generations.
Criticisms
----------
- States that Clipper is better than many encryption technologies
available today but does not indicate that many are recognized to
be weak and new and more powerful technologies are already under
development.
- Vague on critical aspects such as who the key escrow agencies are.
- Appears to assume that Americans wish to preserve wiretapping
capabilities by law enforcement agencies in the face of new
unbreakable encryption technologies.
- Specifically does not commit to freedom of encryption and hints
that failure of Clipper-style approaches may lead to restrictions
on strong cryptography.
- Gives the impression that Congress and private industry was
involved when their participation is minimal to nonexistent.
- Authoritarian, dictatorial, and Orwellian undertones.
- Evades mention of the NSA's specific involvement.
- Refers to the chip as `state of the art' without evidence.
- Refers to ``drug dealers, criminals, and terrorists'' with terms
such as `alleged,' `suspected,' `reputed,' and `accused'
conspicuously absent.
- Does not specifically commit to unrestrained public policy review
and appears to evade it.
- Evades mention of the history of the plan and erroneously implies
that Clinton administration involvement is primary.
_____
<5.10> Where does Clipper fit in U.S. cryptographic technology policy?
The Clipper chip is part of a large-scale plan that involves ``the
creation of new products to accelerate the development and use of
advanced and secure telecommunications networks and wireless
communications links'' utilizing the chip.
- ``we [of the Clinton Administration] understand the importance of
encryption technology in telecommunications and computing and are
committed to working with industry and public-interest groups to
find innovative ways to protect Americans' privacy, help
businesses to compete, and ensure that law enforcement agencies
have the tools they need to fight crime and terrorism.''
- ``The President has directed government agencies to develop a
comprehensive policy on encryption'' and ``explore new approaches
like the key-escrow system'' which ``is just one piece of what
must be the comprehensive approach to encryption technology,
which the Administration is developing.''
- The `broad policy review' will also address the role of
cryptography in ``the development of a National Information
Infrastructure or `information superhighways''' and consider
``the need of U.S. companies to manufacture and export high
technology products.''
- ``The Federal Government must act quickly to develop consistent,
comprehensive policies regarding its use'' and ``as we carry out
our review of encryption policy'' the ``on-going discussions with
Congress and industry on encryption issues'' are expected to
``intensify.''
* * *
SEE ALSO
========
Part 1
------ (previous file)
<1.1> What is `identity' on the internet?
<1.2> Why is identity (un)important on the internet?
<1.3> How does my email address (not) identify me and my background?
<1.4> How can I find out more about somebody from their email address?
<1.5> How do I provide more/less information to others on my identity?
<1.6> Why is identification (un)stable on the internet?
<1.7> What is the future of identification on the internet?
<2.1> What is `privacy' on the internet?
<2.2> Why is privacy (un)important on the internet?
<2.3> How (in)secure are internet networks?
<2.4> How (in)secure is my account?
<2.5> How (in)secure are my files and directories?
<2.6> How (in)secure is X Windows?
<2.7> How (in)secure is my email?
<2.8> How am I (not) liable for my email and postings?
<2.9> Who is my sysadmin? What does s/he know about me?
<2.10> Why is privacy (un)stable on the internet?
<2.11> What is the future of privacy on the internet?
<3.1> What is `anonymity' on the internet?
<3.2> Why is `anonymity' (un)important on the internet?
<3.3> How can anonymity be protected on the internet?
<3.4> What is `anonymous mail'?
<3.5> What is `anonymous posting'?
<3.6> Why is anonymity (un)stable on the internet?
<3.7> What is the future of anonymity on the internet?
Part 3
------ (next file)
<6.1> What UNIX programs are related to privacy?
<6.2> How can I learn about or use cryptography?
<6.3> What is the cypherpunks mailing list?
<6.4> What are some privacy-related newsgroups? FAQs?
<6.5> What is internet Privacy Enhanced Mail (PEM)?
<6.6> What are other Request For Comments (RFCs) related to privacy?
<6.7> How can I run an anonymous remailer?
<6.8> What are references on privacy in email?
<6.9> What are some email, Usenet, and internet use policies?
<7.1> What is ``digital cash''?
<7.2> What is a ``hacker'' or ``cracker''?
<7.3> What is a ``cypherpunk''?
<7.4> What is `steganography' and anonymous pools?
<7.5> What is `security through obscurity'?
<7.6> What are `identity daemons'?
<7.7> What standards are needed to guard electronic privacy?
<8.1> What is the background behind the Internet?
<8.2> How is Internet `anarchy' like the English language?
<8.3> Most Wanted list
<8.4> Change history
* * *
This is Part 2 of the Privacy & Anonymity FAQ, obtained via anonymous
FTP to rtfm.mit.edu:/pub/usenet/news.answers/net-privacy/ or
newsgroups news.answers, sci.answers, alt.answers every 21 days.
Written by L. Detweiler <ld231782@longs.lance.colostate.edu>.
All rights reserved.
