NSA'S TESSERA PLAN (NYT/MARKOFF)
anon...@anon.penet.fi
Date: Tue, 25 Jan 1994 11:18:37 -0500 (EST)
From: steven cherry <s...@panix.com>
Subject: Tessera
To: sea-list <sea-...@sea.org>, sea-...@sea.org
Note: I am not a crypto or telecomm expert, and would appreciate any
corrections or additions to the information below. Further technical
discussion should take place on the sea-tech list. -stc-
According to the New York Times (Monday, January 24, 1993; D1) the
National Security Agency (NSA) intends to establish a standard, called
Tessera, for hardware-based encryption for personal computers. Tessera
would be similar to the Clipper chip, an earlier NSA/NIST proposal that
would encrypt voice communications by adding a chip to telephone
equipment. Tessera would be grounded in printed circuit boards and would
encrypt computer-based communications and data.
"The National Security Agency will seek bids from companies to produce
circuit cards based on its technology, which would be used to scramble
electronic messages for Goverment agencies and, eventually, private
companies," the Times story says. Testing has apparently already begun at
the Internal Revenue Service, though the article gave no details.
Like Clipper, Tessera would contain a back door that would allow the NSA
to decrypt messages. To do so, the NSA would have to obtain a court's
"permission"; this is apparently not necessarily the same thing as a
search warrant. The article did not discuss the issue of "key holders," a
critical element in the Clipper proposal. The algorithms for Tessera would
not be made public, as is common with encryption technology; this is
another similarity to Clipper. Both technologies are (currently)
voluntary, but by making them standards within the government, and
requiring the public to use them in in their electronic dealings with the
military and with government agencies, the NSA can make it difficult and
expensive for any other encryption methodologies to become standards. Like
any aspect of communications, a method must be a standard to have any
significance.
While Clipper is currently undergoing a classified review by the Clinton
Administration (due in "a couple of weeks"), the NSA seems ready to put
Tessera on a faster timetable. "The agency tentatively plans to award
contracts for the Tessera card by March 25," the article concludes.
Whereas Clipper was a standard proposed by the National Institute of
Standards and Technology (NIST), Tessera is a de facto standard the NSA
can begin implementing within government by contracting and purchasing the
cards that contain it.
It is therefore not clear that there is any structural way to comment on
Tessera, since nothing is proposed and no comments are requested.
-------------------------------------------------------------------------
To find out more about the anon service, send mail to he...@anon.penet.fi.
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to ad...@anon.penet.fi.
anon...@anon.penet.fi
U.S. CODE AGENCY IS JOSTLING FOR CIVILIAN TURF
New York Times, Monday, January 24, 1994
By John Markoff
The National Security agency is trying to establish a standard tor
electronically scrambling computer communications, a move that would go far
beyond the agency's usual military and intelligence domain to include
civilian activities like electronic tax returns and computerized medical
payments.
The plan by the N.S.A., which may be announced as early as today, worries
business executives, who fear a Government encroachment on privacy. And
some officials in the Clinton Administration believe that the N.S.A. is
overstepping its bounds.
The N.S.A. is the Federal agency responsible for electronic surveillance
of global communications, though usually not civilian communlcations,
within the United States.
But in an era when everyday business is increasingly conducted over
computer networks, and when much of that electronic commerce is transmitted
in scrambled form to prevent eavesdropping or theft of information, the
agency is intent on having Government and civilian computer users employ a
standard approach to scrambling.
That way, after-obtaining a court's permission, law-enforcement officials
would have a way of cracking codes.
Bidding Process
The agency will seek bids from companies to produce circuit cards based
on its technology, which would be used to scramble electronic messages for
Government agencies and, eventually, private companies. Agency employees
confirmed the plan late Friday, though no agency officials could be reached
over the weekend for further details.
The Internal Revenue Service, the Government agency that has the most
electronic communication with the public, has already started testing the
system. "We need to know what the administrative issues are with this
technology," said Henry Philcox, the tax agency's chief information
officer.
Many computer industry executives oppose the National Security Agency's
effort, saying there is no way for industry experts and outsiders to
determine the reliability and security of the underlying scrambling
technology, which the agency intends to keep secret.
Privacy-rights advocates, meanwhile, are wary of the system because of
the electronic "back door" it contains, permitting Government
eavesdropping. And some other Administration officials say the agency is
going too far by pushing the standard into civilian computing
"What these guys are trying to do is run ahead of the blocking," an
Administration official who spoke on the condition of anonymity said.
"Trying to sell this as the wave of the future is premature as
Administration policy.
The circuit card, which is designed to fit into a personal computer and
which the agency calls Tessera, is based on technology similar to a device
known as the Clipper Chip, a telephone voice-scrambling chip that provides
a back-door means for letting law-enforcement officials eavesdrop.
The Clipper plan, developed by the National Security Agency in
cooperation with the National Insatute for Standards and Technology, a
Commerce Department agency, was announced in April by the Clinton
Administration. It has been almost universally opposed by computer and
telecommunications executives and by public policy groups.
In a letter to be sent to President Clinton today, which was released on
Friday to The New York Times, a group of 38 of the nation's leading
computer scientists, computer-security specialists and privacy experts have
urged that the Clipper program be stopped.
"The current proposal was developed in secret by Federal agencies
primarily concerned about electronic surveillance, not privacy protection,"
the letter states. "Critical aspects of the plan remain classified and thus
beyond public review."
The letter was signed by most of the civilian pioneers of modern
cryptography, including Whitfield Diffie of Sun Microsystems, Ralph C
Merkle of the Xerox Corporation, Martin Hellman of Stanford University and
Ronald Rivest of the Massachusetts Institute of Technology.
While there has been no other indication so far that the Government wants
to torce private industry to use Clipper or Tessera technolo8ies, their
adoption as Government and military standards could go a long way toward
making them de facto standards. The Federal and military markets are some
of the largest for the computer and communications industrles, and the
Government has the power to determine what sorts of advanced technology can
be exported.
Moreover, the Government could insure widespread use of the Clipper and
Tessera technologies by insisting that they be used by businesses and
individuals when communicating electronically with Federal agencies.
Official Reasoning
Law-enforcement officials say the technologies are intended to resolve a
longstanding problem of the information age: how to preserve the right of
businesses and citizens to use codes to protect all sorts of digltal
communications without letting criminals and terrorists conspire beyond the
law's reach. Businesses and individuals who often communicate over computer
networks already make use of a variety of scrambling systems-either of
their own devising or those commercially available.
Many of these scrambling systems are unbreakable by anyone who does not
hold the electronic keys to the code, something generally known only by the
sender and the recipient of scrambled messages.
That is a problem for the National Security Agency, which routinely
listens to many of the world~s telephone and computer conversations -
although it has no jurisdiction for moni toring non-Government
conversations within the United States. The N.S.A.'s Tessera and Clipper
systems would have an independent agency hold master keys to the codes,
which could be obtained with a court's permission for surveillance by
law-enforcement officials.
The agency plans initially to purchase 10,000 to 70,000 of the Tessera
cards for its use and that of the Pentagon. In an industry briefin8 held
earlier this month, however, N.S.A. officials proposed the eventual use of
the secure communications card in a vast range of civilian and Government
applications including some by the Internal Revenue Service, the
Departments of Health and Hurnan Services, Justice and State and in the
Senate and the House.
The agency also suggested that the card could be used for civilian
functions like electronic mail and in the scrambling systems employed in
cable television.
The National Security Agency's new standard-setting effort is being
introduced a couple of weeks before the Clinton Administration completes a
classified review of the Clipper proposal, and several industry executives
said the announcement had been timed to apply pressure to the
Administration's decision making.
The proposal angers industry executives who believe that the agency is
rushing to establish a de facto standard that will undercut efforts to
adopt a competing commercial standard without a built-in back door. That
standard, being developed by RSA Data Security, a Redwood City, Calif.,
software company, has been endorsed by the nation's leading computer
makers, software developers and telecommunications companies.
Secret Formula
These companies are particularly troubled by the National Security
Agency~s refusal to disclose the mathematical formula, or algorithm, on
which-its scrambling technology is based.
"The issue here is: Should a secret algorithm developed by the
intelligence community be used for unclassified civilian uses?" said
Stephen Walker, a computer security industry executive and a member of the
Government's Computer System Security and Privacy Advisory Board. l think
the answer is it should not.
The agency has increasingly come into conflict with industry and public !
policy groups who argue that independent and public coding technology is
essential if the nation is to develop a viable electronic commerce system.
"These Government surveillance plans focus on limiting public privacy at
a time when everyone is calling for more privacy," said Marc Rotenberg, .
Washington director of Computer Professionals for Social Responsibility, a
public interest group that organized the letter that will be sent to
President Clinton today. "Privacy is a key part of the national information
infrastructure, and the decisions the Administration is making are leaning
l in the wrong direction."
The new security standard is being proposed at a time the National
Security Agency is trying to redefine its role after the cold war, and it
raises questions in critics' minds about whether the agency is overstepping
its authority. The 1988 Computer Security Act limited the N.S.A.'s computer
security role to military and intelligence agencies.
"These guys are fighting for job secyrity," said William Ferguson, vice
president of Semaphore Inc., a , Santa Clara, Calif., computer network
security firm. "Now that the K.G.B. has gone commercial, the N.S.A. is
trying to start its own initiatives that say, 'all we're trying to do i is
keep up with the K.G.B.' "
White House officials said the agency's actions would not necessarily
force the Administration to authorize, an unpopular coding technology.
One official said the Administration policy review was likely to establish
a permanent working group that, would limit the National Security, Agency's
role in policy making.
The N.S.A. originally planned to announce its request for proposals on
Friday. But the notice was delayed because the Government shut down
Thursday in response to the frigid weather that disrupted the supply of
electricity in Washington and other parts of the East. The agency
tentatively plans to award contracts for the Tessera card by March 25.
****
Matthew Holiday
-> Date: Tue, 25 Jan 1994 11:18:37 -0500 (EST)
-> From: steven cherry <s...@panix.com>
-> Subject: Tessera
-> To: sea-list <sea-...@sea.org>, sea-...@sea.org
->
-> [deleted...]
->
-> Like Clipper, Tessera would contain a back door that would allow the NSA
-> to decrypt messages. To do so, the NSA would have to obtain a court's
-> "permission"; this is apparently not necessarily the same thing as a
-> search warrant. The article did not discuss the issue of "key holders," a
-> critical element in the Clipper proposal. The algorithms for Tessera would
-> not be made public, as is common with encryption technology; this is
-> another similarity to Clipper. Both technologies are (currently)
-> voluntary, but by making them standards within the government, and
-> requiring the public to use them in in their electronic dealings with the
-> military and with government agencies, the NSA can make it difficult and
-> expensive for any other encryption methodologies to become standards. Like
-> any aspect of communications, a method must be a standard to have any
-> significance.
Keep in mind the NSA and certain other agencies have access to a special
court for the rubber-stamping of search warrants. To my knowledge, that
court's records are always sealed. As a result, it's not reasonable to
expect that interception of Tessera-protected data will occur only in
the event that there is probable cause of a crime being committed.
--
Matt Holiday #include <std/disclaimer>
hol...@bnr.ca
BNR Richardson, TX "Proud owner of an unregistered computer"
Steve Wildstrom
is designed to implement Skipjack as well as RSA, DES, or toher
encryption algorithms in secure hardware. The card is designed to FIPS
140-1 and I am told it complies with the Tessera spec altough who can be
sure, the specification being classified. At any rate, NSI is certainly
bidding for the Tessera contract. I don't know who the other bidders
might be.
--
----------------------------------------------------------------------
Steve Wildstrom Business Week Washington Bureau wi...@access.digex.net
"These opinions aren't necessarily mine or anyone else's."
-----------------------------------------------------------------------
John Nagle
Communications Week reports that no real Clipper products have actually been
announced. AT&T has announced non-Clipper crypto products since the
Clipper announcement. Supposedly, AT&T is going to have a Clipper product,
because NSA/DOJ ordered some, but that's just a Government procurement.
U.S. Government procurements don't really have much impact on
the computer industry any more. The government tried to promote
ISO Transport as a networking protocol, for example, and that went
absolutely nowhere.
U.S. Government attempts to enter the merchant semiconductor business
have likewise been a disaster. Remember U.S. Memories?
John Nagle
David Koontz
> I'm not too worried. Clipper has been a total bomb in the marketplace.
>Communications Week reports that no real Clipper products have actually been
>announced. AT&T has announced non-Clipper crypto products since the
>Clipper announcement. Supposedly, AT&T is going to have a Clipper product,
>because NSA/DOJ ordered some, but that's just a Government procurement.
28 Jan 94, 11:55 PST
I just talked to someone at AT&T Surety Systems. The TSD-3600c (the one
with the clipper chip) will be available next week. The person I talked
to would not elaborate as to the present backlog, but said it "wasn't
just one or two". I asked if the backlog was related to orders for the
Department of Justice (DOJ), and was told that availability next week
was in addition to those "set aside" for delivery to DOJ. (I didn't
think to ask about a DOJ delivery schedule.)
If I hadn't just spent the money on fencing for corrals and paddocks, I'd
order a couple to play with. Maybe I have room on a credit card...
David Koontz
> I'm not too worried. Clipper has been a total bomb in the marketplace.
>Communications Week reports that no real Clipper products have actually been
>announced. AT&T has announced non-Clipper crypto products since the
>Clipper announcement. Supposedly, AT&T is going to have a Clipper product,
>because NSA/DOJ ordered some, but that's just a Government procurement.
28 Jan 94, 11:55 PST
Pat Myrto
is for real or just hokum.
If it IS for real, that demonstrates 'our' government is blithely ignoring
the protests it got on Clipper, and is simply shuffling names around (the
Teserra sounds like the package with the Capstone stuff on it) and going
ahead, simply trying to speed up the timetable to get it in place before
opposition can change directions and mount up an organized protest.
It is clear we have a government that is more interested in a police
state approach, than in adhering to the will of the governed.
Combind all this with the push to disarm the civilian (giving government
goons like BATF a monopoly on force) using outright lies and a manipulated
and one-sided presentation courtesy the media, eliminate privacy in
communications, using military assets to snoop on targeted homes, etc
(IR and night vision devices and personell to operate them), I cannot
see any way that this is being done with the benefit of the people in
mind.
It is being done with GOVERNMENT in mind. They want to control the
PEOPLE, and are finding the NII as an excellent chance to gain control
of communications by dictating the standards with trapdoor chips for
THAT.
A disarmed population with no privacy. Cute.
Rest In Peace, Bill of Rights - Murdered by Clinton in 1993.
--
p...@rwing.uucp [Without prejudice UCC 1-207] (Pat Myrto) Seattle, WA
[ If all else fails, try: rwing!p...@ole.cdac.com or uunet!pilchuck!rwing!pat ]
We Need Change! -- Lenin, 1916 | We Need Change! -- Hitler, 1933
We Need Change! -- Clinton, 1992 | [Stop Clinton's assault on the BoR]
Robert...
>
>Rest In Peace, Bill of Rights - Murdered by Clinton in 1993.
>
If only it were that simple, we could just vote the SOB out and
replace him with someone who would undo it all, or at least halt its
progress. Unfortunately, both major parties seem to have the
destruction of the Bill of Rights as an ingrained part of their
agenda, and getting third party candidates elected seems to be a
difficult proposition at best.
Ah, well, at least in our wonderful ``free'' country we are given a
choice of how we want our rights taken away...
--
-r
Nazi Waco, Texas cracking Ortega plutonium Khaddafi Saddam Hussein
munitions AK-47 Semtex bomb CIA Soviet explosion Marxist
Dr. David Chaos
>progress. Unfortunately, both major parties seem to have the
>destruction of the Bill of Rights as an ingrained part of their
>agenda, and getting third party candidates elected seems to be a
>difficult proposition at best.
a large amount of "privacy invasion" being orchestrated by non-elected
bureaucrats who are looking for post-cold-war job security.
Posts to this area of the net regarding the evils of government-based and
promoted "encryption technology" are largely "preaching to the choir". With
the exception of a few government apologist/lackeys, most folks here seem to
agree that Clipper, Capstone and Tessera are a real bad idea. IMHO it would
seem reasonable that we continue to hammer away at these so-called "security
enhancing" plans via the media.
I believe that the public-at-large is ignorant to the potential impact of these
encryption schemes. The more that they hear how bad an idea they are, the more
likely they are to resist it. Again, I would hope that those of us that have
access to the media will use said access for the purpose of derailing this
idiocy. Those of us that don't would likely help the "cause" by trying to
educate those around us, verbally.
Finally, with software available that uses "non-approved" encryption I believe
we should use, support and encourage third party developers to implement these
technologies. These actions will help prevent the government "trojan horse"
from becoming the de facto standard.
I would really like to see lots od advertisements for commercial encryption
packages so I would know which package was best for me and where to send my
money.
Dr. David Chaos "Don't tread on me" -The American Revolution
!/\/\/\_0<