Fun_People Archive
5 Feb
R.I.P -- Privacy '94


Date: Sat,  5 Feb 94 14:13:45 PST
To: Fun_People
Subject: R.I.P -- Privacy '94

[If you're looking for something humorous or uplifting,
 you can cruise right on by this one...
 p.s. I made some minor corrections to this one.
-psl]

 From: bostic@vangogh.CS.Berkeley.EDU (Keith Bostic)
 From: JR Oldroyd <jr@opal.com>
 From: "Brock N. Meeks" <brock@well.sf.ca.us>
 Date: Sat, 5 Feb 1994 00:58:22 -0800

Copyright (c) 1994
CyberWire
Brock N. Meeks

Jacking in from a Non-Government Approved Encryption Port:

Washington, DC --
The Clinton Administration today gang raped your privacy.

The White House Friday announced its endorsement of a sweeping new
security and privacy initiative.  Privacy, as we know it, will
never be the same.  All the rules have changed.  Forever.  The catch
is that the government gets to write all the rules;  you get no
vote.  None.  Worse, you can't even read the fucking rule book
because it's classified.

The initiative involves the creation of "new products to accelerate
the development and use of advanced and secure telecommunications
networks and wireless telecommunications links," the White House
said.  In English:  Law enforcement and intelligence agencies now
have an easy way to fuck with any and all forms of spoken or
electronically transmitted communications.

The policy is voluntary, of course.  You don't have to sign on to
it.  You don't have to use government approved encryption devices.
But if you plan to do any business with the government, you'll have
to use them.  And if the government gets its way, well, you'll end up
using them whether you want to or not.  You'll have no choice (are
you sensing a trend here?).  All telephones, computers, fax
machines, modems, etc. will come "wiretap ready."  It will be the
de facto standard.

If you don't use the government standard, you'll be branding
yourself a CryptoRebel.  Big fucking deal?  Maybe, maybe not.  But
think for a second.  Perhaps some agency will be able to check your
"crypto-approval rating."  Perhaps those favorable bank loans,
mortgage rates or low insurance premiums will only go to those with
high crypto-approval ratings.

But the White House is adamant about making sure you understand
this whole damn thing is voluntary.  And don't let anything sway
you from believing that, not even the White House backgrounder
materials that say no U.S. citizen "as a matter of right, is
entitled to an unbreakable commercial encryption product."

Just use the "balanced" approach of the government system, where in
this case the "breakability" of the encryption belongs only with
them.  Everything will work out fine.  Just listen:  "Encryption is
a law and order issue since it can be use by criminals to thwart
wiretaps and avoid detection and prosecution," said Vice President
Gore.  "Our policy is designed to provide better encryption to
individuals and businesses while ensuring that the needs of law
enforcement and national security are met."

The Administration won't tell you exactly why they expect you
simply hand over all your privacy safeguards to them.  "Listen, if
you knew what we knew about criminal activity, this issue wouldn't
even be debated," said Mike Nelson with the Office of Science and
Technology Policy and co-chair of the Working Group on Data
Security, a newly created interagency task force.

Chicken or the Egg?
==================

The new policy was hatched in the super-secret recesses of the
National Security Agency (NSA).  And while Clinton was still trying
to find the instruction manual for his White House telephone
system, the NSA, FBI and other assorted agencies shoved their ideas
onto the National Security Council table.  Before the
Administration could blink, it found itself in the unenviable
position of having backed a severely flawed security policy that
has compromised the privacy of every U.S. citizen and drawn the ire
of every civil liberties in the country.

But the White House quickly put the brakes on, calling for a full
scale, government wide "review" of its security and privacy
policies.  It gave privacy advocacy groups some breathing room. 
Surely the Administration, once it had a chance to actually study
this damn thing, would see through it.

But the White House punted.  The review was a smoke screen. 
Instead, it provided momentum inside the Administration.  It was
from this review, ordered last April, that this new initiative
springs.

And when all was said and done, the White House screwed the pooch.

Clipper Sails On
================

The one trick pony here is the Clipper Chip, a device that can be
installed in virtually any communications device.  The chip
scrambles all conversations.  No one can crack the code, except the
government, of course.  The Feds hold all the keys.  Rather, they
hold the only keys that count.

Each Clipper chip is made with 3 unique keys.  All three are needed
to descramble the encrypted messages streaming through them.  But
only the government's keys matter.  The key you get with your
Clipper Chip is essentially the chip's social security number. 
You'll never actually see this key, have any idea what its number
is or get your hands on it.  If you try to sneak a peek at it, the
damn thing self destructs.  Honest.

The other two keys will be held in electronic vaults;  fraternal
twins, separated by mandate.  Each of these keys will be held by
government agencies, called "escrow agents."  One will be held by
the National Institute for Standards and Technology, the other by
the Automated Systems Division of the Dept. of Treasury.

When a law enforcement agency, which could be your local sheriff's
department, wants to wiretap a conversation that's been encrypted
by Clipper they apply to each of the escrow agents.  The agents
send their respective key, electronically, to a "black box"
operated by the law enforcement agency.  As encrypted conversations
stream into the box, they come out the back side in nice, neat
sounding vowels and consonants, or in the case of electronic mail,
in plain ol' ASCII.

Yes, all law enforcement agencies need a court approved wiretap
before they can pull this whole scheme off.  This, the
Administration says, is where you're privacy is protected.  "We're
not going to use Clipper to listen in on the American public," said
Raymond Kammer of NIST deputy director.  It will only be used to
catch criminals.  Honest.

We Don't Need No Stinkin' Warrant
=================================

Maybe now would be a good time to mention the National Security
Agency.  You know these guys.  Super-secret, spook agency.  Their
mission?  To monitor and intercept foreign communications.  Did you
catch that word FOREIGN?  I hope so, it's crucial.

The NSA is only allowed to intercept foreign communications --
spying on U.S. citizens is a crime.  They can't even pry into a
U.S. citizen's business with a court ordered wiretap.  A judge would
never allow it.  Yet it was the NSA that cooked up this whole
Clipper Chip scheme.  Why you ask?  Good question.  But the
Administration refuses to discuss the issue.

Here's another they can't answer.  Suppose the NSA intercepts a
message from Iraq and finds it's Clipper encrypted (that damn
little black box is specially made to sniff out the Clipper's
algorithm and descramble its social security number).  What does
the NSA do with this encrypted Iraqi message? How does it decrypt
the message?  There's a classic Catch-22 running here.

Agencies need the Clipper keys from the escrow agents to read the
message or listen in on the conversation.  But to get the keys you
need proof that you have a warrant.  The NSA is *never* issued a
warrant.  You see, the NSA doesn't need a warrant to spy on FOREIGN
communications.

So, this begs the $64,000 question:  How does the NSA get the
escrow agents to give them the keys to decrypt the message if they
can't show a warrant?

Answer:  They don't have to show a warrant; they don't have to show
cause; they don't have to show spit.

What's wrong with this picture?

"We have appropriate procedures and safeguards built into the
system for the NSA," Nelson said.  "I can't tell you what those
are, of course, that would divulging too much about the NSA's
operation."

Fox Guarding the Chickens
=========================

There will be absolutely no abuse of the system.  This is what the
Administration would like you to believe.  They also would like you
to believe that Presidents don't approve Watergate break-ins, that
arms are never traded for hostages, that the FBI never secretly
records civil rights leaders in the heat of infidelity and that FBI
directors have never shown a proclivity for red sequined dresses
and shiny high-heeled cruel shoes.

Representatives from four government organizations stood before the
press and outlined all the careful thinking and rigorous safeguards
that have gone into this system.  There are at least 9 different
steps that must be followed to get these Clipper keys transferred
from the escrow agents to the agency authorized to do the wiretap.

Fair enough, isn't it?  Well, it would be except for the fact that
the Justice Department intentionally wrote a giant fucking loophole
into the law.

Buried in the Justice Department briefing papers, outlining the
authorization procedures for release of the escrow keys, is this
gem: "These procedures do not create, and are not intended to
create, any substantive rights for individuals intercepted through
electronic surveillance, and noncompliance with these procedures
shall not provide the basis for any motion to suppress or other
objection to the introduction of electronic surveillance evidence
lawfully acquired."

So, if somebody screws up, like for instance, asks for the keys to
be sent before they actually have a wiretap in hand, or has no
wiretap authority at all! there is no recourse provision.

Criminals As Dumb Shits
=======================

But what about that wily criminal element?  Once they get wind of
this, won't they seek out another type of encryption?  The FBI
doesn't think so. In fact, the FBI thinks criminals are such dumb
shits that they'll forget all about the fact that Clipper even
exists.

"I predict that few criminals will remember years from now what
they've read in the Wall Street Journal" about how these devices
were installed in telephones, said FBI's James Kallestrom.  (Of
course, if criminals are so stupid, why are they perusing the Wall
St. Journal... maybe he really meant the New York Times...)

So let's get this right.  The FBI is sure that criminals will "just
forget" that Clipper is installed in their phones and use them
anyway.  These are the criminals that also would be forgetting that
their multi-million dollar drug deals, not to mention their own
sweet ass, could be in jeopardy every time they make a call.  Yes,
the government really thinks so.

It's more likely that some bright, enterprising criminal mind will
create a worldwide black market that deals in "non-Clipper
Installed" encryption devices.  Damn, talk about an industry with
some growth potential.

Getting To the Data Stream
==========================

The whole damn program goes into the crapper, however, if the
government can't get access to source, to the digital data stream,
as it comes out of the telephone switch.  In order to do this you
have to tap the digital conversation.  That's right, you guessed
it: Digital Wiretap Access.

The FBI failed on its own last year to generate any support in
Congress for this digital wiretap proposal.   Hell, the FBI
couldn't even get a single member of Congress to introduce the
thing.  So the FBI broke the chain of command: They got the
President and Vice President to sign off on the idea.

The Administration will soon announce its decision on how it will
give the FBI the right to easily wiretap even your unencrypted
conversations. "Within a few months at most we should have
something decided," said Barry Smith of the FBI's Congressional
Affairs office.  The FBI's Kallestrom said it was "all but a done
deal."

This isn't a question of whether or not the Administration will
line up behind the FBI on this.  It already has.  It's only a
matter of paperwork, and the nagging little issue of how to pay for
making the telephone companies comply with the new rules.  But
these are small details, compared to the heat the Administration
already knows it'll take when they finally unwrap this puppy.

Private No More
===============

OSTP's Nelson quipped that these security and privacy issues are
the Cyberspace version of the Administration's muddied Bosnia
policy.

Like Bosnia, the White House expects the American public to "trust
us" on this issue.  After all, the Administration says, they know
a hell of a lot more than we do about what kind of criminal activity
is really going down.

Trusting these law enforcement and intelligence agencies is one
thing; tempting them by putting all-powerful tools right into their
hip pockets is something that should generate a hue and cry loud
enough for all of Washington to hear.

So, if you're really pissed off, just pick up the phone and call
your neighbor.  Somebody in Washington is bound to hear it.

Meeks out....



[=] © 1994 Peter Langston []