EFFector Online 07.04 - FBI Digital Telephony Nightmare Recurs

[Stanton McCandlish]

=========================================================================
________________ _______________ _______________
/_______________/\ /_______________\ /\______________\
\\\\\\\\\\\\\\\\\ \ ||||||||||||||||| / ////////////////
\\\\\\\\\\\\\\\\\/ ||||||||||||||||| / ////////////////
\\\\\\_______/\ ||||||_______\ / //////_____\
\\\\\\\\\\\\\ \ |||||||||||||| / /////////////
\\\\\\\\\\\\\/____ |||||||||||||| / /////////////
\\\\\___________/\ ||||| / ////
\\\\\\\\\\\\\\\\ \ ||||| / ////
\\\\\\\\\\\\\\\\/ ||||| \////

=========================================================================
EFFector Online Volume 07 No. 04 Feb. 24, 1994 edi...@eff.org
A Publication of the Electronic Frontier Foundation ISSN 1062-9424

In This Issue:

Digital Telephony - FBI "Wiretap Bill" Resurrected
EFF Statement on FBI Draft Digital Telephony Bill
NIST Press Release on Clipper Decisions
FCC ftp site now online
Nat'l Symposium on Arts & Humanities Policies for NII
What YOU Can Do

----------------------------------------------------------------------

Subject: Digital Telephony - FBI "Wiretap Bill" Resurrected
-----------------------------------------------------------

The Clinton Administration is backing a proposal by law enforcement
agencies that could make the entire communications infrastructure
susceptible to surveillance. The Digital Telephony Proposal, reintroduced
this year after being successfully thwarted last year, would require
communications service providers to include "back doors" in their software
through which "wiretapping" can be done. In addition, the proposal would
give law enforcement officers access to records *about* communications,
such as who you call and how long you talk. Such traffic analysis can
can reveal vast amounts of information about you. EFF is extremely
concerned about this proposal and has prepared the following summary to
explain it and the harm it could do. More on what *you* can do to fight
the Digital Telephony Proposal will be coming soon.

------------------------------

Subject: EFF Statement on FBI Draft Digital Telephony Bill
----------------------------------------------------------

EFF has received a draft of the FBI's new, proposed "Digital Telephony"
bill. After initial analysis, we strongly condemn the bill, which would
require all common carriers to construct their networks to deliver to law
enforcement agencies, in real-time, both the contents of all communications
on their networks and the "signalling" or transactional information.

In short, the bill lays the groundwork for turning the National Information
Infrastructure into a nation-wide surveillance system, to be used by law
enforcement with few technical or legal safeguards. This image is not
hyperbole, but a real assessment of the power of the technology and
inadequacy of current legal and technical privacy protections for users of
communications networks.

Although the FBI suggests that the bill is primarily designed to maintain
status quo wiretap capability in the face of technological changes, in
fact, it seeks vast new surveillance and monitoring tools. Among the new
powers given to law enforcement are:

1. Real-time access to transactional information creates the ability to
monitor individuals "live".

The bill would require common carrier networks (telephone companies
and anyone who plans to get into the telephone business, such as cable TV
companies) to deliver, in real-time, "call setup information." In the
simplest case, call setup information is a list of phone numbers
dialed by a given telephone currently under surveillance. As we all come
to use electronic communications for more and more purposes, however, this
simple call setup information could also reveal what movies we've ordered,
which online information services we've connected to, which political
bulletin boards we've dialed, etc. With increasing use of
telecommunications, this simple transactional information reveals almost as
much about our private lives as would be learned if someone literally
followed us around on the street, watching our every move.

We are all especially vulnerable to this kind of surveillance, because,
unlike wiretapping the *content* of our communications, it is quite easy
for law enforcement to get permission to obtain this transactional
information. Whereas courts scrutinize wiretap requests very carefully,
authorizations for access to call setup information are routinely granted
with no substantive review. Some federal agencies, such as the IRS, even
have the power to issue administrative subpoenas on their own, without
appearing before a court.

The real impact of the FBI proposal turns, in part, on the fact that it is
easy to obtain court approval for seizing transactional data.

The change from existing law contained in the FBI proposal is that carriers
would have to deliver this call setup information *in real-time*, that is,
"live", as the communication occurs, directly to a remote listening post
designated by law enforcement. Today, the government can obtain this
information, but generally has to install a device (called a 'pen
register') which is monitored manually at the telephone company switching
office.

2. Access to communication and signalling information for any mobile
communication, regardless of location allows tracking of an individual's
movements.

The bill requires that carriers be able to deliver either the contents or
transactional information associated with any subscriber, even if that
person is moving around from place to place with a cellular or PCS phone.
It is conceivable that law enforcement could use the signalling information
to identify that location of a target, whether that person is the subject
of a wiretap order, or merely a subpoena for call setup information.

This provision takes a major step beyond current law in that it allows for
a tap and/or trace on a *person*, as opposed to mere surveillance of a
telephone line.

3. Expanded access to electronic communications services, such as the
Internet, online information services, and BBSs.

The privacy of electronic communications services such as electronic mail
is also put at grave risk. Today, a court order is required under the
Electronic Communications Privacy Act to obtain the contents of electronic
mail, for example. Those ECPA provisions would still apply for the
contents of such messages, but the FBI bill suggests that common carriers
might be responsible for delivering the addressing information associated
with electronic mail and other electronic communications. For example, if
a user connects to the Internet over local telephone lines, law enforcement
might be able to demand from the telephone company information about where
the user sent messages, and into which remote systems that user connects.
All of this information could be obtained by law enforcement without ever
receiving a wiretap order.

4. The power to shut down non-compliant networks

Finally, the bill proposes that the Attorney General have the power to shut
down any common carrier service that fails to comply with all of these
requirements. Some have already called this the "war powers" provision.
Granting the Department of Justice such control over our nation's
communications infrastructure is a serious threat to our First Amendment
right to send and receive information, free from undue government
intrusion.

********************************

This posting represents EFF's initial response to the new FBI proposal.
Several documents, including the full text of the proposed bill and a more
detailed section-by-section analysis are available via anonymous ftp on
EFF's ftp site, as well as an archived copy of this announcement, and
FBI Director Louis Freeh's Digital Telephony speech from late 1993.

This docuemnt is digtel94.announce

The documents can be located via ftp, gopher, or www, as follows:

ftp://ftp.eff.org/pub/EFF/Policy/Digital_Telephony/digtel94_bill.draft
ftp://ftp.eff.org/pub/EFF/Policy/Digital_Telephony/digtel94_analysis.eff
ftp://ftp.eff.org/pub/EFF/Policy/Digital_Telephony/digtel94.announce
ftp://ftp.eff.org/pub/EFF/Policy/Digital_Telephony/digtel93_freeh.speech

for gopher, same but replace first part with:

gopher://gopher.eff.org/00/EFF/...

for WWW, same but replace first part with:

http:/www.eff.org/ftp/EFF/...

The directory also contains older Digital Telephony materials from earlier
incarnations of the FBI's wiretapping scheme; see digtel92* and digtel93*

********************************

Press inquiries, contact:

Jerry Berman, Executive Director <jbe...@eff.org>
Daniel Weitzner, Senior Staff Counsel <d...@eff.org>

+1 202-347-5400 <voice>
+1 202-393-5509 <fax>

Basic EFF info: in...@eff.org
General queries: a...@eff.org
Membership info: membe...@eff.org

------------------------------

Subject: NIST Press Release on Clipper Decisions
------------------------------------------------

(EMBARGOED FOR RELEASE: 3:00 P.M., Friday, Feb. 4, 1994)

Fact Sheet
NIST Cryptography Activities

Escrowed Encryption Standard

On April 16, 1993, the White House announced that the President
approved a directive on "Public Encryption Management." Among
other items, the President directed the Secretary of Commerce, in
consultation with other appropriate U.S. agencies, to initiate a
process to write standards to facilitate the procurement and use of
encryption devices fitted with key-escrow microcircuits in federal
communications systems that process sensitive but unclassified
information.

In response to the President's directive, on July 30, 1993, the
Department of Commerce's National Institute of Standards and
Technology (NIST) announced the voluntary Escrowed Encryption
Standard (EES) as a draft Federal Information Processing Standard
(FIPS) for public comment. The FIPS would enable federal agencies
to procure escrowed encryption technology when it meets their
requirements; the standard is not to be mandatory for either
federal agency or private sector use.

During the public review of the draft standard, a group of
independent cryptographers were provided the opportunity to examine
the strength of the classified cryptographic algorithm upon which
the EES is based. They found that the algorithm provides
significant protection and that it will be 36 years until the cost
of breaking the EES algorithm will be equal to the cost of breaking
the current Data Encryption Standard. They also found that there
is no significant risk that the algorithm can be broken through a
shortcut method of attack.

Public comments were received by NIST on a wide range of issues
relevant to the EES. The written comments submitted by interested
parties and other information available to the Department relevant
to this standard were reviewed by NIST. Nearly all of the comments
received from industry and individuals opposed the adoption of the
standard. However, many of those comments reflected
misunderstanding or skepticism about the Administration's
statements that the EES would be a voluntary standard. The
Administration has restated that the EES will be a strictly
voluntary standard available for use as needed to provide more
secure telecommunications. The standard was found to be
technically sound and to meet federal agency requirements. NIST
made technical and editorial changes and recommended the standard
for approval by the Secretary of Commerce. The Secretary now has
approved the EES as a FIPS voluntary standard.

In a separate action, the Attorney General has now announced that
NIST has been selected as one of the two trusted agents who will
safeguard components of the escrowed keys.Digital Signature Standard

In 1991, NIST proposed a draft digital signature standard as a
federal standard for publiccomment. Comments were received by NIST
on both technical and patent issues. NIST has reviewed the
technical comments and made appropriate changes to the draft.

In order to resolve the patent issues, on June 3, 1993, NIST
proposed a cross-licensing arrangement for a "Digital Signature
Algorithm" for which NIST has received a patent application. The
algorithm forms the basis of the proposed digital signature
standard. Extensive public comments were received on the
proposed arrangement, many of them negative and indicating the need
for royalty-free availability of the algorithm. The
Administration has now concluded that a royalty-free
digital signature technique is necessary in order to promote
widespread use of this important information security technique.
NIST is continuing negotiations with the aim of obtaining a
digital signature standard with royalty-free use worldwide. NIST
also will pursue other technical and legal options to attain that
goal.

Cooperation with Industry

During the government's review of cryptographic policies and
regulations, NIST requested assistance from the Computer System
Security and Privacy Advisory Board to obtain public
input on a wide range of cryptographic-related issues, including
the key escrow encryption proposal, legal and Constitutional
issues, social and public policy issues, privacy, vendor and
business perspectives, and users' perspectives. The Board held
five days of public meetings. Comments obtained by the Board were
useful during the government's review of these
issues. In addition, NIST met directly with many industry and
public interest organizations, including those on the Digital
Privacy and Security Working Group and the Electronic
Frontier Foundation.

As directed by the President when the key escrow encryption
initiative was announced, the government continues to be open to
other approaches to key escrowing. On August 24,
1993, NIST also announced the opportunity to join a Cooperative
Research and Development Agreement (CRADA) to develop secure
software encryption with integrated cryptographic key escrowing
techniques. Three industry participants have expressed their
interest to NIST in this effort; however, the government still
seeks fuller participation from the commercial software industry.
NIST now is announcing an opportunity for industry to join in a
CRADA to develop improved and alternative hardware technologies
that contain key escrow encryption capabilities.

Additionally, the Administration has decided to strengthen NIST's
cryptographic capabilities in order to better meet the needs of
U.S. industry and federal agencies.

2/4/94

------------------------------

Subject: FCC ftp site now online
--------------------------------

NEWS News media information
Federal Communications Commission 202/632-5050
1919 M Street, N.W. Recorded listing of releases and texts
Washington, D.C. 20554 202/632-0002

This is an unofficial announcement of Commission action. Release of the
full text of a Commission order constitutes official action. See _MCI_v._
FCC_, 515 F.2d 385 (DC Circ 1974)

February 22, 1994

FCC TO MAKE DOCUMENTS AVAILABLE ON INTERNET

On February 22, the FCC will begin making some of its information
available through Internet. Starting today, the FCC Daily Digest, the FCC
News Releases, some Public Notices, and speeches by Commission officials
will be accessible. The file name by which each document can be accessed
will appear in the Daily Digest. In the future, the Commission will be
making more of its documents available through Internet.

The FCC's Internet address is ftp.fcc.gov

- FCC -

Office of Public Affairs contact: Rosa Prescott at (202) 632-5050.

------------------------------

Subject: Nat'l Symposium on Arts & Humanities Policies for NII
--------------------------------------------------------------

CALL FOR PAPERS, PANELS, AND PRESENTATIONS

On October 14th, 15th and 16th, the Center for Art Research in Boston will
sponsor a National Symposium on Proposed Arts and Humanities Policies for
the National Information Infrastructure.

Participants will explore the impact of the Clinton Administration's AGENDA
FOR ACTION and proposed NII (National Information Infrastructure)
legislation on the future of the arts and the humanities in 21st Century
America.

The symposium, which will be held at the American Academy of Arts and
Sciences in Cambridge, Massachusetts, will bring together government
officials, academics, artists, writers, representatives of arts and
cultural institutions and organizations, and other concerned individuals
from many disciplines and areas of interest to discuss specific issues of
policy which will effect the cultural life of *all* Americans during the
coming decades.

To participate, submit a 250-word abstract of your proposal for a paper,
panel-discussion or presentation, accompanied by a one-page vitae, by March
15, 1994.

Special consideration will be given to those efforts that take a critical
perspective of the issues, and are concerned with offering specific
alternatives to current administration and congressional agendas.

Thank you,
Jay Jaroslav

NOTE: PLEASE FORWARD AND/OR RE-POST TO APPROPRIATE NEWSGROUPS & MAILING LISTS.

Jay Jaroslav, Director jaro...@artdata.win.net
CENTER FOR ART RESEARCH 241 A Street, Boston, MA 02210-1302 USA
voice: (617) 451-8030 fax: (617) 451-1196

------------------------------

Subject: What YOU Can Do
------------------------

"Relying on the government to protect your privacy is like asking a peeping
tom to install your window blinds."

- John Perry Barlow, EFF co-founder, "Decrypting the Puzzle Palace"

You've been following the newspapers and reading EFFector Online.
You know that today there are several battles being fought over the future
of personal privacy. The Clipper Chip, export restrictions, the Digital
Telephony Proposal - the arguments are numerous and complex, but the
principles are clear. Who will decide how much privacy is "enough"?

The Electronic Frontier Foundation believes that individuals should be
able to ensure the privacy of their personal communications through any
technological means they choose. However, the government's current
restrictions on the export of encrytion software have stifled the
development and commercial availability of strong encryption in the U.S.
Rep. Maria Cantwell has introduced a bill (H.R. 3627) in the House that
would liberalize export controls on software that contains encryption, but
needs vocal support if the bill is to make it out of the committee stage.

The decisions that are made today will affect our futures indefinitely.
EFF is a respected voice for the rights of users of online technologies
and EFF members receive regular online updates on the issues that affect
our online communications and particpate in shaping the future.

Now, more than ever, EFF is working to make sure that you are the one that
makes that decision for yourself. Our members are making themselves heard
on the whole range of issues. To date, EFF has collected over 4100 letters
of support for Rep. Cantwell's bill to liberalize restrictions on
cryptography. We also have over 1000 letters asking Sen. Leahy to hold
open hearings on the proposed Clipper encryption standard.

If you'd like to add your voice in support of the Cantwell bill and the
Leahy hearings, you can send your letters to:

cant...@eff.org, Subject: I support HR 3627
le...@eff.org, Subject: I support hearings on Clipper

Your letters will be printed out and hand delivered to Rep. Cantwell and
Sen. Leahy by EFF.

You KNOW privacy is important. You have probably participated in our online
campaigns. Have you become a member of EFF yet? We feel that the best
way to protect your online rights is to be fully informed and to make your
opinions heard. EFF members are informed, and are making a difference.
Join EFF today!

------------------------------

INTERNET CONTACT ADDRESSES
--------------------------

Membership & donations: membe...@eff.org
Legal services: sst...@eff.org
Hardcopy publications: pu...@eff.org
Online publications, conferences, & other resources: me...@eff.org
Technical questions/problems, access to mailing lists: e...@eff.org
General EFF, legal, or policy questions: a...@eff.org

------------------------------

MEMBERSHIP IN THE ELECTRONIC FRONTIER FOUNDATION
================================================

Print out in monospaced (non-proportional) font and mail to:

Membership Coordinator
Electronic Frontier Foundation
1001 G Street, NW, Suite 950 East, Washington, DC 20001

SIGN ME UP!
-----------

I wish to become a member of the Electronic Frontier Foundation. I enclose:

___ Regular membership -- $40
___ Student membership -- $20

Special Contribution

I wish to make an additional tax-deductible donation in the amount of
$__________ to further support the activities of EFF and to broaden
participation in the organization.

PAYMENT METHOD:
---------------

___ Enclosed is a check or money order payable to
the Electronic Frontier Foundation.

___ Please charge my:

___ MasterCard ___ Visa ___ American Express

Card Number: _____________________________________________

Expiration Date: _________________________________________

Signature: _______________________________________________

NOTE: We do not recommend sending credit card information via email!

YOUR CONTACT INFORMATION:
-------------------------

Name: __________________________________________________________

Organization: __________________________________________________

Address: _______________________________________________________

_______________________________________________________

Phone: _____________________

FAX: _____________________

BBS: _____________________ BBS Name: ____________________

E-mail addresses: ______________________________________________

______________________________________________

PREFERRED CONTACT

___ Electronic: Please contact me via the Internet address listed above.
I would like to receive the following at that address:

___ EFFector Online - EFF's biweekly electronic newsletter
(back issues available from ftp.eff.org,
pub/EFF/Newsletters/EFFector).

___ Online Bulletins - bulletins on key developments
affecting online communications.

NOTE: Traffic may be high. You may wish to browse these
publications in the Usenet newsgroup comp.org.eff.news (also
available in FidoNet, as EFF-NEWS).

___ Paper: Please contact me through the US Mail at the street
address listed above.

NOTE: Paper documents available upon request.
"Networks & Policy" Newsletter automatically sent via US Mail.

PRIVACY POLICY
--------------

EFF occasionally shares our mailing list with other organizations promoting
similar goals. However, we respect an individual's right to privacy and
will not distribute your name without explicit permission.

___ I grant permission for the EFF to distribute my name and contact
information to organizations sharing similar goals.

This form came from EFFector Online (please leave this line on the form!)

The Electronic Frontier Foundation is a nonprofit, 501(c)(3) organization
supported by contributions from individual members, corporations and
private foundations. Donations are tax-deductible.

End of EFFector Online v07 #03
******************************

$$

--
Stanton McCandlish * me...@eff.org * Electronic Frontier Found. OnlineActivist
F O R M O R E I N F O, E - M A I L T O: I N F O @ E F F . O R G
O P E N P L A T F O R M O N L I N E R I G H T S
V I R T U A L C U L T U R E C R Y P T O

[Red Herring]

>A Publication of the Electronic Frontier Foundation ISSN 1062-9424
>
>
>In This Issue:
>
>Digital Telephony - FBI "Wiretap Bill" Resurrected
>EFF Statement on FBI Draft Digital Telephony Bill
>NIST Press Release on Clipper Decisions
>FCC ftp site now online
>Nat'l Symposium on Arts & Humanities Policies for NII
>What YOU Can Do
>
>----------------------------------------------------------------------
>
>
>Subject: Digital Telephony - FBI "Wiretap Bill" Resurrected
>-----------------------------------------------------------
>
>The Clinton Administration is backing a proposal by law enforcement
>agencies that could make the entire communications infrastructure
>susceptible to surveillance. The Digital Telephony Proposal, reintroduced
>this year after being successfully thwarted last year, would require
>communications service providers to include "back doors" in their software
>through which "wiretapping" can be done.

What is next? Requiring every bedroom door to be made with
a "Clipper" peephole?

[Alain Simon]

goyk...@apollo.hp.com (Red Herring) writes>
> > [ ... ]

> >The Clinton Administration is backing a proposal by law enforcement

> > [ ... ]

> >through which "wiretapping" can be done.
> What is next? Requiring every bedroom door to be made with
> a "Clipper" peephole?

No need for this: every citizen will be issued a brain
tap implant that will broadcast thoughts directly into
the administration's computers.

If you think it is far fatched, think harder. The
arguments invoked for all attacks on our rights and
freedoms imply that a) if it is to fight against some
form of imagination catching evil (raping children is
today's favorite, but the red menace is not that far,
nor are witch burnings) it is OK; b) the presumption
of innocence is an unncessary burden on law enforcement.

Given these two premises I can see no reason why our
bureaucrats and politicians would stop at Clipper.

--
Alain - Virtually me, really

[General Mail]

I may be wrong, but presumably you can layer encription. The
result of which being that you can still beat the FEDS if you
really want to. Just the same as today minus clipper. There are
two dangers though: 1) Ordinary people will be lulled into a
false sense of security about what they say on the phone.
2) Government will be less open to the kind of accidental leaks
that reveal they are flogging arms to [insert your fave bogey-
man state] in return for [backhanders/secrets/sex/heroin/hostages]

It is too easy to get paranoid about _lack_ of secrecy. If you're
doing political things as secret cabals you are barking up the
wrong tree. The real danger is in too much secrecy, and if you
want the prime example, look at the British state. Most info does
not come from intecepted comms though; as it is too low level.
To understand something properly you need an insider. Rumours and
conspiracy theories have gone on for years about all sorts of
things to do with our government and royalty, what matters is not
whether there is a supposed tape, but whether people belive,
and the mainstream (tory) press disseminate.
Roland, in personal capacity, using gen a/c

[Jay Troy]

rol...@tquest.demon.co.uk writes:

> I may be wrong, but presumably you can layer encription. The
> result of which being that you can still beat the FEDS if you
> really want to.

You can never beat the feds (or anyone else dedicated enough) through
encryption. The bottom line is that all you can really hope to do is
delay someone from decoding your broadcast long enough that the information
is irrelevant. Of course, the use of encryption can affect the cost/benefit
curve significantly enough to make would-be decoders look elsewhere for
gratification. I beleive that's the ultimate goal of any encryption.

The idea of hiding behind encryption for illegal purposes is stupid for
this same reason. Most illegal activity has a statute of limitations
attached to it, at least in the US. So, if the lawmen want you, and you
broadcast incriminating info, they just need the time and resources to
decode your transmissions. With a 5-10 year statute, you're done.

I think Clipper is a waste of my tax dollars. If I was developing a secure
Clipper device for the non-military. I would definitely include a layer of
encryption on top of any required Clipper-type encryption to insure security
for my customers. Clipper is like the government requiring a key to the
lock on the front door of my house. Sure, they can have one, but I'm
gonna have a couple of additional ones, too.

> There are two dangers though: 1) Ordinary people will be lulled into a
> false sense of security about what they say on the phone.
> 2) Government will be less open to the kind of accidental leaks
> that reveal they are flogging arms to [insert your fave bogey-
> man state] in return for [backhanders/secrets/sex/heroin/hostages]

True. The only real recourse in the US is to vote Libertarian. A great
US statesman once said, "The man who sacrifices freedom for security
deserves neither". Of course, he's long dead, and he's only remembered
for stupid things like flying kites in rain storms.

--
Jay Troy Delaware Valley Solution Systems, Inc.
Computing Solutions for Business and Industry
P.O. Box 190 // Claymont, DE 19703 // (302)798-DVSS
Internet: ...!udel.edu!dvss!jtroy (jt...@dvss.UUCP)

[leppik peter]

dvss!jt...@udel.edu (Jay Troy) writes:
>You can never beat the feds (or anyone else dedicated enough) through
>encryption. The bottom line is that all you can really hope to do is
>delay someone from decoding your broadcast long enough that the information
>is irrelevant. Of course, the use of encryption can affect the cost/benefit
>curve significantly enough to make would-be decoders look elsewhere for
>gratification. I beleive that's the ultimate goal of any encryption.

Not quite true. There are encryption techniques which are mathematically
unbreakable. I can think of two:

1) The "one time pad", where each individual character is encrypted by a
random key, and the decrypter has a caopy of the entire key. The
disadvantage is that the key has to be as long as the message, so
exchanging keys can be cumbersome.

2) So-called "quantum encryption," where the encryption is carried out
via exchange of paired photons. Anybody intercepting either (or both)
streams of photons collapses the wavepackets, and ruining the encryption
for the receiver, making it obvious that the stream has been intercepted
(and allowing the two parties to discontinue their communication). The
disadvantage is that nobody has ever built a practical device to do this--
they exist in theory only (though the relevant physical principles have
been amply demonstrated in the lab).
--
Peter Leppik-- p-l...@uiuc.edu

Assistant Head, Department of Mad Science
University of Illinois at Urbana-Champaign

[Benjamin Snowhare Franz]

Jay Troy (dvss!jt...@udel.edu) wrote:
: rol...@tquest.demon.co.uk writes:

: > I may be wrong, but presumably you can layer encription. The
: > result of which being that you can still beat the FEDS if you
: > really want to.

: You can never beat the feds (or anyone else dedicated enough) through
: encryption. The bottom line is that all you can really hope to do is
: delay someone from decoding your broadcast long enough that the information
: is irrelevant. Of course, the use of encryption can affect the cost/benefit
: curve significantly enough to make would-be decoders look elsewhere for
: gratification. I beleive that's the ultimate goal of any encryption.

Depends on what you mean by "beating them". If you mean "you can make a
code they can't break". Yes. It is trivially easy to do so. The one time
pad is very old and provably impossible to break. It is just not
convienent to use. I suppose that by using automated generation of
electronic one time pads stored to CD-ROMs even that objection could be
overcome for specialized usages. If you are only interested in known point
to known point conversation and have a sercure way to distribute the
necessary key material you CAN render material absolutely secure
cryptographically speaking.

The problems arise when you want to talk securely between two points that
are unknown in advance. So the first thing you have to do is establish a
secure channel. This is where public key cryptography comes in, along with
the debates over whether a particular scheme is secure or not. SOmething
worth remembering is that public key is *best* used to bootstrap you into
an ultra-secure mode like CD_ROMed one time pads.

If you meant "The feds will find some other way to obtain the information
they want - without necessarily cracking the code and reading your messages."
Then also yes. They probably can obtain a lot of the information they want
through other sources than reading your mail.

: The idea of hiding behind encryption for illegal purposes is stupid for

: this same reason. Most illegal activity has a statute of limitations
: attached to it, at least in the US. So, if the lawmen want you, and you
: broadcast incriminating info, they just need the time and resources to
: decode your transmissions. With a 5-10 year statute, you're done.

I thnk you are implying that they will crack the code in that kind of
time. Sorry - no.

: I think Clipper is a waste of my tax dollars. If I was developing a secure

: Clipper device for the non-military. I would definitely include a layer of
: encryption on top of any required Clipper-type encryption to insure security
: for my customers. Clipper is like the government requiring a key to the
: lock on the front door of my house. Sure, they can have one, but I'm
: gonna have a couple of additional ones, too.

Problem is that they seem to be trying to mandate it be built in a way that
prevents superimposing another layer of encryption on top of theirs.

--
Benjamin Franz

[David Sternlight]

In article <940315.075449.2...@dvss.uucp>,
Jay Troy <dvss!jt...@udel.edu> wrote:

>Clipper is like the government requiring a key to the
>lock on the front door of my house.

Actually, a better analogy would be that it's like the government's National
Antiburglary Agency developing a special lock which they say is secure
against burglars. They'll let you buy one, but only if the manufacturer
deposits your key in two separately-unusable pieces in two escrow agencies,
in case the police get a search warrant.

--
David Sternlight The views expressed in this message do not necessarily
represent those of the author, who reserves the right
to modify, amend, withdraw, or attack them at any time.

[Ben Campbell]

David Sternlight (strn...@netcom.com) wrote:
: In article <940315.075449.2...@dvss.uucp>,
: Jay Troy <dvss!jt...@udel.edu> wrote:

: >Clipper is like the government requiring a key to the
: >lock on the front door of my house.

: Actually, a better analogy would be that it's like the government's National
: Antiburglary Agency developing a special lock which they say is secure
: against burglars. They'll let you buy one, but only if the manufacturer
: deposits your key in two separately-unusable pieces in two escrow agencies,
: in case the police get a search warrant.

Neither analogy works. In the "lock" analogy, if you don't like it, you don't play. You just keep your old lock.

If Clipper becomes popular, you won't have that choice. Even if you have a non-clipper encrypted telephone, who would you talk to with it? Maybe a few friends, if you're lucky.

Ben Campbell.

: --

[Chuck Kincy]

In article <strnlghtC...@netcom.com> da...@sternlight.com (David Sternlight) writes:
>In article <940315.075449.2...@dvss.uucp>,
>Jay Troy <dvss!jt...@udel.edu> wrote:
>
>
>>Clipper is like the government requiring a key to the
>>lock on the front door of my house.
>
>Actually, a better analogy would be that it's like the government's National
>Antiburglary Agency developing a special lock which they say is secure
>against burglars. They'll let you buy one, but only if the manufacturer
>deposits your key in two separately-unusable pieces in two escrow agencies,
>in case the police get a search warrant.

Of course, the government shouldn't mind if I put a few more locks on
my door, should they?

cpk
--
UNOFFICIAL CORRESPONDENCE. The opinion expressed in this post is not
based upon the author's capacity as an employee of the USGS.
---
Chuck Kincy --- cki...@mcdgs01.cr.usgs.gov --- +1 314 341-9391

[David Sternlight]

In article <netnewsC...@netcom.com>, Plaz <pl...@netcom.com> wrote:
>In article <strnlghtC...@netcom.com> David Sternlight,

>strn...@netcom.com writes:
>> In article <940315.075449.2...@dvss.uucp>,
>> Jay Troy <dvss!jt...@udel.edu> wrote:
>>
>>
>> >Clipper is like the government requiring a key to the
>> >lock on the front door of my house.
>>
>> Actually, a better analogy would be that it's like the government's
>National
>> Antiburglary Agency developing a special lock which they say is secure
>> against burglars. They'll let you buy one, but only if the manufacturer
>> deposits your key in two separately-unusable pieces in two escrow
>agencies,
>> in case the police get a search warrant.
>

>And then the NAA (National Antiburglary Agency) orders thousands of said
>locks to artificially create a market, "drops by" competing lock-makers
>to get them to tow the line, and then restricts "non-escrowed" locks from
>being exported.

Almost fair enough but not quite. The NAA orders thousands of said locks for
their own needs (the "artificially create a market" is an imputation),
offers to give competing lock makers the right to use the NAA lock design if
they adhere to the key safeguards, and continues their existing policy that
most locks cannot be exported. However, recognizing that some may wish to
use the NAA lock overseas, they offer to permit export of those locks if the
keys are escrowed.

>
>Add to this the fact that they can open your lock, poke around and take
>whatever they want without your knowledge. If your rights are violated,
>you may not even know to complain.

They can do that now for those who don't use locks, or perhaps use competing
locks. On the other hand, with the NAA lock, the burglars can no longer do
that. Thus it is a step forward for those who wish to buy the NAA lock, and
for those who prefer to take their chances with competing locks or none at
all, they are free to do so.

>Now you have a reasonably close analogy.

[Russell Nelson]

In article <940315.075449.2...@dvss.UUCP> dvss!jt...@udel.edu (Jay Troy) writes:

I would definitely include a layer of encryption on top of any
required Clipper-type encryption to insure security for my
customers.

Don't count on being able to do that. They'll only sell you clipper
chips for approved applications. Capstone chips might be easier to
double-encrypt, but clipper *will* be a pain; count on that.

--
-russ <nel...@crynwr.com> ftp.msen.com:pub/vendor/crynwr/crynwr.wav
Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key
11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light
Potsdam, NY 13676 | LPF member - ask me about the harm software patents do.

[Alexandra Griffin]

In article <NELSON.94M...@crynwr.crynwr.com>,
Russell Nelson <nel...@crynwr.crynwr.com> wrote:
> [pre-encrypting data before Clipper]

>
>Don't count on being able to do that. They'll only sell you clipper
>chips for approved applications. Capstone chips might be easier to
>double-encrypt, but clipper *will* be a pain; count on that.

If the Clipper chip is being used in a phone, couldn't someone build a gizmo
to connect in-line with the phone handset and encrypt/decrypt the data at
that point? They can't very well ban detachable phone handsets! I guess
the extra analog-digital-analog conversion would be a hassle, though-- in
particular it would be problematic to convert the pre-encrypted data back to
analog form to send to the phone, since it would no longer really be an audio
signal and would thus undergo distortion in the phone's front-end section (and
with most encryption schemes one flipped bit means the whole transmission
becomes unusable). Still, maybe possible in theory?

--
______
\ / //////////////////////////////////////////////
\ / / Alexandra Griffin /// a...@kzin.cen.ufl.edu /
\/ //////////////////////////////////////////////

[Alain Simon]

lep...@uxa.cso.uiuc.edu (leppik peter) writes:
: Not quite true. There are encryption techniques which are mathematically

: unbreakable. I can think of two:
: 1) The "one time pad", where each individual character is encrypted by a
: random key, and the decrypter has a caopy of the entire key. The
: disadvantage is that the key has to be as long as the message, so
: exchanging keys can be cumbersome.

there are ways to manage one-time pads which are practical
without weakening the system's strength.

: 2) So-called "quantum encryption," where the encryption is carried out

: via exchange of paired photons. Anybody intercepting either (or both)
: streams of photons collapses the wavepackets, and ruining the encryption
: for the receiver, making it obvious that the stream has been intercepted
: (and allowing the two parties to discontinue their communication). The
: disadvantage is that nobody has ever built a practical device to do this--
: they exist in theory only (though the relevant physical principles have
: been amply demonstrated in the lab).

I would not hold my breath for a practical application
(out of the lab) and I would not trust my secrets to
something so thoroughly misunderstood as quantum mech.

At the risk of repeating myself (and others), steganography makes all
of the above soul searching moot.

[Matthew Holiday]

In article <strnlghtC...@netcom.com>, strn...@netcom.com (David Sternlight) writes:
-> In article <netnewsC...@netcom.com>, Plaz <pl...@netcom.com> wrote:
-> >In article <strnlghtC...@netcom.com> David Sternlight,
-> >strn...@netcom.com writes:
-> >> In article <940315.075449.2...@dvss.uucp>,
-> >> Jay Troy <dvss!jt...@udel.edu> wrote:
-> >>
-> >>
-> >> >Clipper is like the government requiring a key to the
-> >> >lock on the front door of my house.
-> >>
-> >> Actually, a better analogy would be that it's like the government's
-> >National
-> >> Antiburglary Agency developing a special lock which they say is secure
-> >> against burglars. They'll let you buy one, but only if the manufacturer
-> >> deposits your key in two separately-unusable pieces in two escrow
-> >agencies,
-> >> in case the police get a search warrant.
-> >
-> >And then the NAA (National Antiburglary Agency) orders thousands of said
-> >locks to artificially create a market, "drops by" competing lock-makers
-> >to get them to tow the line, and then restricts "non-escrowed" locks from
-> >being exported.
->
-> Almost fair enough but not quite. The NAA orders thousands of said locks for
-> their own needs (the "artificially create a market" is an imputation),
-> offers to give competing lock makers the right to use the NAA lock design if
-> they adhere to the key safeguards, and continues their existing policy that
-> most locks cannot be exported. However, recognizing that some may wish to
-> use the NAA lock overseas, they offer to permit export of those locks if the
-> keys are escrowed.
->
-> >
-> >Add to this the fact that they can open your lock, poke around and take
-> >whatever they want without your knowledge. If your rights are violated,
-> >you may not even know to complain.
->
-> They can do that now for those who don't use locks, or perhaps use competing
-> locks. On the other hand, with the NAA lock, the burglars can no longer do
-> that. Thus it is a step forward for those who wish to buy the NAA lock, and
-> for those who prefer to take their chances with competing locks or none at
-> all, they are free to do so.
->
-> >Now you have a reasonably close analogy.

You left out the little detail whereby the new lock design requires the use of a
hasp that only allows the NAA lock to be used. A niggling detail, so I've been
told. :-)

I think I like the Benjamin Franklin quote I've seen recently in a signature:
``Those who sacrifices freedom for security deserve neither.''

--
Matt Holiday #include <std/disclaimer>
hol...@bnr.ca
BNR Richardson, TX "Proud owner of an unregistered computer"

[David Sternlight]

In article <2m7omo$d...@crchh327.bnr.ca>,

Matthew Holiday <hol...@bnr.ca> wrote:
>
>You left out the little detail whereby the new lock design requires the use of a
>hasp that only allows the NAA lock to be used. A niggling detail, so I've been
>told. :-)

There's no requirement for such a hasp unless one wishes to put a lock on
one's door to the government.

[C. D. Tavares]

In article <strnlghtC...@netcom.com>, strn...@netcom.com (David Sternlight) writes:

> In article <2m7omo$d...@crchh327.bnr.ca>,
> Matthew Holiday <hol...@bnr.ca> wrote:

> >You left out the little detail whereby the new lock design requires the use of a
> >hasp that only allows the NAA lock to be used. A niggling detail, so I've been
> >told. :-)

> There's no requirement for such a hasp unless one wishes to put a lock on
> one's door to the government.

My, my. Now who would even consider needing one of those.

"B.A.T... I mean, Candygram!"
--

c...@rocket.sw.stratus.com --If you believe that I speak for my company,
OR c...@vos.stratus.com write today for my special Investors' Packet...

[Robert Krawitz]

In article <strnlghtC...@netcom.com> strn...@netcom.com (David Sternlight) writes:

In article <940315.075449.2...@dvss.uucp>,
Jay Troy <dvss!jt...@udel.edu> wrote:

>Clipper is like the government requiring a key to the
>lock on the front door of my house.

Actually, a better analogy would be that it's like the government's National
Antiburglary Agency developing a special lock which they say is secure
against burglars. They'll let you buy one, but only if the manufacturer
deposits your key in two separately-unusable pieces in two escrow agencies,
in case the police get a search warrant.

Actually, that's not a bad analogy. Don't tell me you'd actually go for
such a harebrained scheme, though.

There'd also have to be the proviso that the workings of the lock were
classified, that all applications of the lock would have to be reviewed
to prohibit people from using other locks, and so forth...
--
Robert Krawitz <r...@think.com> OS/IO Software Engineer (617)234-2116
Thinking Machines Corp. 245 First St. Cambridge, MA 02142

Member of the League for Programming Freedom -- mail l...@uunet.uu.net
Tall Clubs International -- tci-r...@think.com or 1-800-521-2512

[Alain Simon]

strn...@netcom.com (David "Borg" Sternlight) writes:
: >Clipper is like the government requiring a key to the

: >lock on the front door of my house.
: Actually, a better analogy would be that it's like the government's National
: Antiburglary Agency developing a special lock which they say is secure
: against burglars. They'll let you buy one, but only if the manufacturer
: deposits your key in two separately-unusable pieces in two escrow agencies,
: in case the police get a search warrant.

by your standards, the right to remain silent should
be waved because it gets in the way of investigations.

by your standards, my thoughts belong to the state, if
only to insure that I don't plan some monstrous crime.

by your standards, we are all drones in the android
hive... is that the world you want to live in?

[Mark O. Wilson]

In <strnlghtC...@netcom.com> strn...@netcom.com (David Sternlight) writes:

|In article <940315.075449.2...@dvss.uucp>,
|Jay Troy <dvss!jt...@udel.edu> wrote:

|>Clipper is like the government requiring a key to the
|>lock on the front door of my house.

|Actually, a better analogy would be that it's like the government's National
|Antiburglary Agency developing a special lock which they say is secure
|against burglars. They'll let you buy one, but only if the manufacturer
|deposits your key in two separately-unusable pieces in two escrow agencies,
|in case the police get a search warrant.

And the trick is that we are suppossed to trust the government not to use
those keys unless they get a search warrant. Not to make copies of the keys
while they have a search warrant, and to return the keys when they are done.

Yeah right.
--
Mob rule isn't any prettier merely because the mob calls itself a government
It ain't charity if you are using someone else's money.
Wilson's theory of relativity: If you go back far enough, we're all related.
Mark....@AtlantaGA.NCR.com

[David Sternlight]

In article <CMt5C...@ncratl.atlantaga.ncr.com>,

Mark O. Wilson <mwi...@ncratl.AtlantaGA.NCR.COM> wrote:
>In <strnlghtC...@netcom.com> strn...@netcom.com (David Sternlight) writes:
>

>|In article <940315.075449.2...@dvss.uucp>,
>|Jay Troy <dvss!jt...@udel.edu> wrote:
>
>
>|>Clipper is like the government requiring a key to the
>|>lock on the front door of my house.
>
>|Actually, a better analogy would be that it's like the government's National
>|Antiburglary Agency developing a special lock which they say is secure
>|against burglars. They'll let you buy one, but only if the manufacturer
>|deposits your key in two separately-unusable pieces in two escrow agencies,
>|in case the police get a search warrant.
>

>And the trick is that we are suppossed to trust the government not to use
>those keys unless they get a search warrant. Not to make copies of the keys
>while they have a search warrant, and to return the keys when they are done.

Exactly. And there are a number of safeguards built in, including that the
two parts of the key cannot be combined to make the real key, but must be
put in a black box which actually opens the lock, and which destroys the
keys after the search warrant expires. That several people have to sign to
get the keys. That the black box is closely controlled.

It's not perfect, but then, you don't have to use the NAA's lock if you
don't trust the above conditions--you can still go on using no lock at all,
or one that's been beaten by some burglars. Or you could go out and buy a
Medeco lock for the same price as the NAA one. The government won't say if
the FBI can pick the Medeco lock or not, but Medeco says it's "pretty good",
and so do those locksmiths who don't have access to the FBI's lock picking
technology.

David

[Alain Simon]

r...@underprize.think.com (Robert Krawitz) writes:
: against burglars. They'll let you buy one, but only if the manufacturer

: deposits your key in two separately-unusable pieces in two escrow agencies,
: in case the police get a search warrant.
:
: Actually, that's not a bad analogy. Don't tell me you'd actually go for
: such a harebrained scheme, though.
: There'd also have to be the proviso that the workings of the lock were
: classified, that all applications of the lock would have to be reviewed
: to prohibit people from using other locks, and so forth...

From everything the poster in question has written so far,
it seems that he is willing to throw away everybody's freedom
in order to have some illusion of safety for himself.

[Peter da Silva]

In article <strnlghtC...@netcom.com>,

David Sternlight <da...@sternlight.com> wrote:
> It's not perfect, but then, you don't have to use the NAA's lock if you
> don't trust the above conditions--you can still go on using no lock at all,
> or one that's been beaten by some burglars. Or you could go out and buy a
> Medeco lock for the same price as the NAA one. The government won't say if
> the FBI can pick the Medeco lock or not, but Medeco says it's "pretty good",
> and so do those locksmiths who don't have access to the FBI's lock picking
> technology.

And the NAA is saying the Medeco lock is illegal, and implies they can open
it, and won't let Medeco sell it outside your town, and you have to build it
from a kit because Medeco can't make money selling completed locks in your
town only, so everyone who goes down and buys their locks from the hardware
store gets the NAA lock and only the locksmithing hobbyists are safe.
--
Peter da Silva `-_-'
Network Management Technology Incorporated 'U`
1601 Industrial Blvd. Sugar Land, TX 77478 USA
+1 713 274 5180 "Hast Du heute schon Deinen Wolf umarmt?"

[David Lesher]

UnProfessor Sternlight writes:

>Or you could go out and buy a
>Medeco lock for the same price as the NAA one. The government won't say if
>the FBI can pick the Medeco lock or not, but Medeco says it's "pretty good",
>and so do those locksmiths who don't have access to the FBI's lock picking
>technology.

But they do have full and open access to the Medeco design. You can
examine and inspect it. Further, there is a large body of literature
and experience on Medeco locks. They are not "pick-proof" any more than
ballistic glass is "bullet-proof". But both buy you LOTS of time
& safety.

But as I said in alt.locksmithing, if you are prepared to _personally
demonstrate_ your ability to open a USG keyway Medeco, I'll be happy to
put you in touch with folks who will want to see you perform.
--
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close...........(v)301 56 LINUX
Unless the host (that isn't close)....kibo# 777............pob 1433
is busy, hung or dead..............vr....................20915-1433

[David Sternlight]

Hardly. If you want to remain silent, just don't use Clipper, or use
something else.

The rest is rather overblown, eh?

David

[Gregory Stewart-Nicholls]

In article <strnlghtC...@netcom.com>
da...@sternlight.com "David Sternlight" writes:

I'd rather buy a lock that has to be blown open by experts spending time
and money to do it, than a lock that Buford T Justice can open with a stroke
of his pen.
--
Vidi | Gregory Stewart-Nicholls
Vici | ni...@olympus.demon.co.uk
Veni | TeknoLogika ltd

[Doug Sewell]

David Sternlight (strn...@netcom.com) wrote:
: In article <CMtyI...@rco.qc.ca>, Alain Simon <al...@interax.net> wrote:

: > From everything the poster in question has written so far,

: > it seems that he is willing to throw away everybody's freedom
: > in order to have some illusion of safety for himself.

: What nonsense! Since Clipper is voluntary and other systems aren't
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: proscribed, nobody is throwing away anybody else's freedom. In truth it's
^^^^^^^^^^

How long do you expect this state of affairs to last ????

--
Doug Sewell (do...@cc.ysu.edu, do...@ysub.bitnet)

Meetings are indispensable when you don't want to do something.
-- John Kenneth Galbraith

[Snowhare]

David Sternlight (strn...@netcom.com) wrote:
: In article <763997...@olympus.demon.co.uk>,
: Gregory Stewart-Nicholls <ni...@olympus.demon.co.uk> wrote:

: > I'd rather buy a lock that has to be blown open by experts spending time

: >and money to do it, than a lock that Buford T Justice can open with a stroke
: >of his pen.

: Actually, the lock you'd rather buy can be opened by experts with their new
: Z-ray. Nobody knows how long it will take them, but when they do, they can
: enter you house and leave, closing the lock behind them, without a trace.

Now that is a downright misleading statement. Clipper has a guarenteed
"backdoor": the escrow. Completely independent of *any* mathematical tricks.
And Clipper cannot even be analysed to find out if there are any
mathematical backdoors due to "national security". (What an abused phrase
"national security" is).

I (and others) have already shown that there *ARE* guarenteed unbreakable
codes. It is not a matter of applying more computer power or magic z-rays.
If *I* encrypt something and want it ultimately secure: it will be.

Even for the mathematically weaker schemes, such as RSA, despite well
over a decade of analysis no one has found any loopholes or mysterious
mathematical symmetries hidden away for the would be cracker to exploit.
It still depends on the mathematical difficulty of factoring out two
large prime numbers. And I can make it secure to a *known* degree just
by increasing my key length.

Oh - I'm sorry: I misread your statement. You meant CLIPPER is the one
where "they can enter you house and leave, closing the lock behind them,
without a trace."

Correcto-mundo.

--
Benjamin Franz

[David Lesher]

UnProfessor Sternlight writes:

> ...... and right away, since apparently the bill has now been introduced.

Sigh,
UnProfessor {again} LEAPS to conclusions on subjects he knows little
about.....

I was in Dirkson 226 for that hearing, as was Jerry Berman (as a
witness), other EFF staffers, David Banister and a FULL HOUSE of
interested press and public observers.

[Here's my best no-notes recollection of what was said. If you want
exact transcripts, call the Hill, cuz I do not claim these remarks
are..]

NO legislation has been introduced. Freeh read his part of his prepared
speech, but the panel cut him off and started asking THEIR questions.
Sen. Spectre asked several piercing questions, as did Leahy.

Freeh backpeddled at Warp 2 on the $10,000/day penality, when the panel
took him to task. I'm glad I was not sitting behind him ;-}

Freeh claimed that 91 taps had been foiled in the last year. Industry
introduced the CPSR FOIA response that showed none. (Freeh had left by
then, so the Senators never got an answer as to that one...) Freeh also
made general insinuations that wire tapping had been vital "in a recent
esponiage case" but gave no specifics. (For those out of touch with
recent Beltway politics, the game is to somehow work "Ames" into any
topic. Increase in first-class postage? Gotta repaint that chalked
mailbox, etc..)

It was clear that several of the Senators were very concerned about the
FBI effectively telling industry how they can build switches. Leahy
made _pointed_ remarks about how USG communications (military and White
House being the best examples) lag industry by 2 decades. And as he put
it, if Justice can't keep its top slots full -- who's going to decide
on switch feature packages?

There was vast disagreement about the cost. Freeh said he thought that
~$500M will fix all. Industry said ~1.2Bil _just_ to do what the
Feebes' want with call-forwarding. They also pointed out the ongoing
cost of having 24hr on-call personnel at every Vermont One-town Telco
to meet the FBI demands. (They, ahhem, also complained about getting
the Feeb's to pay outstanding past-due bills ;-}

The finger-pointing was illuminating. Freeh claimed that industry, at
the Quantico meets, was saying that they can't meet the FBI's demands.
Thus the (proposed bill) was their fault. Industry said "Get the FBI
to write down _exactly WHAT_ they want that is new and different --
WE can't!"

It was clear there will LOTS more work before ANYTHING is marked up.

========================
I do urge each of you to write to your House member and both Senators
and let them know how you feel. They may not read each letter,
but you can be sure their staff will. There's enough public fat
in this fire to make smoke. Add yours.

[David Sternlight]

In article <763997...@olympus.demon.co.uk>,
Gregory Stewart-Nicholls <ni...@olympus.demon.co.uk> wrote:

> I'd rather buy a lock that has to be blown open by experts spending time
>and money to do it, than a lock that Buford T Justice can open with a stroke
>of his pen.

Actually, the lock you'd rather buy can be opened by experts with their new

Z-ray. Nobody knows how long it will take them, but when they do, they can
enter you house and leave, closing the lock behind them, without a trace.

David

[Gregory Stewart-Nicholls]

In article <strnlghtC...@netcom.com>
da...@sternlight.com "David Sternlight" writes:

> In article <763997...@olympus.demon.co.uk>,
> Gregory Stewart-Nicholls <ni...@olympus.demon.co.uk> wrote:
>
> > I'd rather buy a lock that has to be blown open by experts spending time
> >and money to do it, than a lock that Buford T Justice can open with a stroke
> >of his pen.
>
> Actually, the lock you'd rather buy can be opened by experts with their new
> Z-ray. Nobody knows how long it will take them, but when they do, they can
> enter you house and leave, closing the lock behind them, without a trace.
>

Perhaps, however it's certainly going to take longer that sheriff Justice's
pen. In the event that it doesn't, I'm really no worse off, am I ???
You're comparing one worst case scenario, with a certainty. For better or
worse, I'll risk the Z-ray.

[Alain Simon]

First, a parenthesis:
I have added can.politics to the already long list of X-posted
groups. Recent events in Canada lead me to believe that our
government has finally realized what information superhighway
means for law enforcement and political control.

Now, the meat:
In article <strnlghtC...@netcom.com>,
strn...@netcom.com (David Sternlight) tries to put a stop to my
lyricism:

> In article <CMsHM...@rco.qc.ca>, Alain Simon <al...@interax.net> wrote:
> > by your standards, the right to remain silent should
> > be waved because it gets in the way of investigations.
> > by your standards, my thoughts belong to the state, if
> > only to insure that I don't plan some monstrous crime.
> > by your standards, we are all drones in the android
> > hive... is that the world you want to live in?

> Hardly. If you want to remain silent, just don't use Clipper, or use
> something else. The rest is rather overblown, eh?

True, I could abstain from using Clipper. But what you don't say
here is that I would not be allowed to use anything else instead.
And the argument (from you, Denning et all) is law and order and
national security.

Without this little piece of information, my stand does sound a bit
overblown. Talking of which, somebody else thought so as well and
e-mailed me a rather stinging rebuke, pointing out that I was not
really answering to Mr Sternlight's position. Here is my side of
this particular exchange, slightly edited, in lieu of response:

My sloppy debating is certainly to be regretted. However,
in the great David Sternlight debate, style and rules of
engagement went out the window at the word go.

Arguments, and point by point refutations have been presented
in vain to Mr Sternlight (and a few other) and to the members of
the US Administration we could reach. It appears that we are
pissing in a violin to make music: their reasons for wanting
such devices as Clipper and Key Escrow has nothing to do with
reason, it has to do with politics for some, with fears for most.

Marxists thought they could build the perfect economy if only
they could control all parameters. Reality intruded into their
dream: it is impossible to know all parameters, far less control
them. Likewise, there are those who would build the perfect
society (Marxists tried that too, we know what happened) by
making sure nothing can happen that was not planned by the State.
Within such mind set, it is very likely that the idea of thought
itself becomes scary to those who would do the controlling.

Autonomous, independant thinking is the first thing targeted
by tyrannies. Free will and opinion, the thing politicians
fear most. I can't reproach law enforcement for wanting all
the help they can get. I blame politicians for having an agenda
when they propose to give in to the demands. If Mr Sternlight's
(I don't know what, if any of these groups he belongs to) finds
that having peace and order justifies such things, who will draw
the line for him, and where? My response was addressing his
point very well, albeit not at the expected level.

I am afraid it's not Queensburry Rules anymore, and the gloves
are off.

The technical aspects of these proposals have been shown to be
so weak as to be laughable; their only strength is in *who* is
supporting them. I will not repeat the thread here.

The social implications are scary. They are in line with the
normal evolution of societies in that people (specially those
who did not study history) are too often willing to trade some
illusion of safety for a bit of very fragile liberty. It is
natural and it keeps happening. Today, people are willing
to give up on their freedom of speech in order to gain feeble
protection from verbal abuses (Polical Correctness).

By default, things like Key Escrow will happen, with or without
a push from the FBI or an endorsement by demagogues. Let's not
default on this duty to ourselves.

End of excerpt.

Just a question: what will steganography do to the Clipper chip
and Key Escrow issues?

> David
--
Virtually me, really...

[David Sternlight]

In article <snowhareC...@netcom.com>,

Snowhare <snow...@netcom.com> wrote:
>David Sternlight (strn...@netcom.com) wrote:
>: In article <763997...@olympus.demon.co.uk>,
>: Gregory Stewart-Nicholls <ni...@olympus.demon.co.uk> wrote:
>
>: > I'd rather buy a lock that has to be blown open by experts spending time
>: >and money to do it, than a lock that Buford T Justice can open with a stroke
>: >of his pen.
>
>: Actually, the lock you'd rather buy can be opened by experts with their new
>: Z-ray. Nobody knows how long it will take them, but when they do, they can
>: enter you house and leave, closing the lock behind them, without a trace.
>
>Now that is a downright misleading statement. Clipper has a guarenteed
>"backdoor": the escrow. Completely independent of *any* mathematical tricks.
>And Clipper cannot even be analysed to find out if there are any
>mathematical backdoors due to "national security". (What an abused phrase
>"national security" is).
>
>I (and others) have already shown that there *ARE* guarenteed unbreakable
>codes. It is not a matter of applying more computer power or magic z-rays.
>If *I* encrypt something and want it ultimately secure: it will be.

That's false, except for one-time pads. It's just a matter of time before
PGP or Ripem can be cracked by brute force. The issue is how long, and the
answer to that question depends on whether one has the money to buy multiple
parallel processor power (thousands or more of parallel processors in the
machine) at cutting edge speeds, or whether one is thinking of a
single-processor workstation. There have been quite a few posts here showing
the calculations for a single processor case at various commonly-used key
lengths. What's more, we don't know if there's been some classified
breakthrough in directly attacking DES, TDES, or IDEA.

Even one-time pads aren't "guaranteed unbreakable"--there's always
"practical cryptanalysis".

But we were talking about locks. :-)

[David Sternlight]

In article <764089...@olympus.demon.co.uk>,
Gregory Stewart-Nicholls <ni...@olympus.demon.co.uk> wrote:

> You're comparing one worst case scenario, with a certainty. For better or
>worse, I'll risk the Z-ray.

That's the crux of the individual decision. Some will risk the Z-ray and use
Pretty Good Locks (PGL), and others will not. In part it depends on the
value of the contents of your house to the government, vs. the value of the
contents of your house to bad guys who might have a Z-ray of their own.

[David L Evens]

David Sternlight (strn...@netcom.com) wrote:
: In article <2m7omo$d...@crchh327.bnr.ca>,

: Matthew Holiday <hol...@bnr.ca> wrote:
: >
: >You left out the little detail whereby the new lock design requires the use of a
: >hasp that only allows the NAA lock to be used. A niggling detail, so I've been
: >told. :-)

: There's no requirement for such a hasp unless one wishes to put a lock on
: one's door to the government.

Would you care to say that again without dangling any participals so the
we can tell what the hell you mean?

: --

[Robert Krawitz]

In article <strnlghtC...@netcom.com> strn...@netcom.com (David Sternlight) writes:

That's false, except for one-time pads. It's just a matter of time before
PGP or Ripem can be cracked by brute force. The issue is how long, and the
answer to that question depends on whether one has the money to buy multiple
parallel processor power (thousands or more of parallel processors in the
machine) at cutting edge speeds, or whether one is thinking of a
single-processor workstation. There have been quite a few posts here showing
the calculations for a single processor case at various commonly-used key
lengths. What's more, we don't know if there's been some classified
breakthrough in directly attacking DES, TDES, or IDEA.

Oh, for heaven's sakes. Of course PGP and Ripem can be cracked by brute
force. So can DES and ROT13. Of course the issue is how long it takes.

Parallel processing can give you linear speedup over a single processor.
Barring certain special effects (e. g. paging), it cannot give you more.
A good parallel machine can certainly do better than a simple cluster of
workstations in many cases, since the network is much faster and has
much lower latency, but even so it still takes longer to fetch data over
the network than it does to reference data from local memory (not that
that necessarily matters for brute force crypto attacks, which are often
embarrassingly parallel -- no communication whatsoever -- or so close to
it that you could use snail mail for the communication and it wouldn't
matter). The key length for PGP and Ripem can also be increased, with
the result that the time required to break the encryption, by any
publicly known techniques, increases exponentially. That's a huge
increase.

Perhaps there has been a classified breakthrough in attacking IDEA or
what have you. So what? Maybe Skipjack has some other back door that
the NSA isn't telling us about. IDEA has undergone a lot more public
review than Skipjack has -- five people working for a few months cannot
match the network community working for years.

Even one-time pads aren't "guaranteed unbreakable"--there's always
"practical cryptanalysis".

One time pads are guaranteed unbreakable if the OTP is truly random --
e. g. generated by quantum processes -- and if the pad does not fall
into enemy hands. Better yet, if someone ever produces a workable
quantum encryption device, that will be GUARANTEED unbreakable, since
any tap on the line can be detected.

BTW, you have just hoisted your self by your own petard with your
comment about "practical cryptanalysis". That alone is a monumental
weakness in the entire Clipper system -- buying someone in each escrow
house should be relatively cheap, perhaps cheaper than a low-end
parallel processor.

[David Sternlight]

In article <CMtyI...@rco.qc.ca>, Alain Simon <al...@interax.net> wrote:

> From everything the poster in question has written so far,
> it seems that he is willing to throw away everybody's freedom
> in order to have some illusion of safety for himself.

What nonsense! Since Clipper is voluntary and other systems aren't

proscribed, nobody is throwing away anybody else's freedom. In truth it's

the anti-Clipper crowd who want to deprive the pro-Clipper types of THEIR
freedom to use it by trying to get it withdrawn.

[David Sternlight]

CNN Headline News had an item just now on the FBI Wiretap Proposal, in which
they quoted Freeh as saying something to the effect that if they don't get
it, it will be a big blow against stopping crime, while the phone companies
oppose it as an invasion of privacy and raising people's phone bills.

This one is going to require a lot of work with Congress, and right away,

since apparently the bill has now been introduced.

David

[Peter da Silva]

In article <strnlghtC...@netcom.com>,
David Sternlight <da...@sternlight.com> wrote:

> What nonsense! Since Clipper is voluntary and other systems aren't
> proscribed,

Um, David, other systems *are* proscribed. You can sell them, you just
can't sell them outside the US. This makes them also useless for anyone
doing business across the US border.

[Matthew Holiday]

In article <strnlghtC...@netcom.com>, strn...@netcom.com (David Sternlight) writes:

-> In article <2m7omo$d...@crchh327.bnr.ca>,
-> Matthew Holiday <hol...@bnr.ca> wrote:
-> >
-> >You left out the little detail whereby the new lock design requires the use of a
-> >hasp that only allows the NAA lock to be used. A niggling detail, so I've been
-> >told. :-)
->
-> There's no requirement for such a hasp unless one wishes to put a lock on
-> one's door to the government.

Precisely. Given the character of government in these latter days, I'd say most
people would prefer to lock that particular door.

[Arthur Bernard Byrne]

After suitible remix...
In article <alain-190...@maximon.rco.qc.ca>,

Alain Simon <al...@interax.net> wrote:
>In article <strnlghtC...@netcom.com>, strn...@netcom.com
>(David Sternlight) tries to put a stop to my lyricism:
>> In article <CMsHM...@rco.qc.ca>, Alain Simon <al...@interax.net> wrote:
>> >by your standards, the right to remain silent should
>> >be waved because it gets in the way of investigations.
>> >by your standards, my thoughts belong to the state, if
>> >only to insure that I don't plan some monstrous crime.
>> >by your standards, we are all drones in the android
>> >hive... is that the world you want to live in?
>
>> Hardly. If you want to remain silent, just don't use Clipper, or use
>> something else. The rest is rather overblown, eh?
>
>True, I could abstain from using Clipper. But what you don't say
>here is that I would not be allowed to use anything else instead.

This is an assumption about what government policy may become.
IMHO, a fairly cautious assumption, but by not making this explicit, you
make yourself look foolish, and leave yourself open to easy rebuttal.

AB^2
--
--------------------------------------------------------------------------
"You can have my encryption algorithm... when you pry my cold dead fingers
from its private key." -John Barlow, "Decrypting the Puzzle Palace"

[David Sternlight]

In article <2mincm$g...@access3.digex.net>,
Black Unicorn <uni...@access.digex.net> wrote:

>
>My advice is to get to Sen. Leahy, Sen. Specter, they seem to be
>anti-DT for the most part.
>
>The strongest arguements seemed to be in the realm of
>
>1> Holding back technology until the FBI was ready to deal with it
>when technology is one of the US's strongest fronts of international
>markets.
>
>2> Cost figures (FBI says 200-500 Million, off by as much as 500
>million, telco's say 1.8 billion just to fix a small portion of
>the problems FBI is complaining about with regard to Call
>Forwarding.)

I want to associate myself with the writer's suggestions.

We're finally getting to the bottom of this--the FBI has trouble with call
forwarded calls even with a wiretap order, and they want the rest of us to
pay for fixing it. For what it will cost to do so, based on the number of
wiretaps they get each year, they could assign 20 people with parabolic
mikes to every suspect and still have enough left over to run a lot of
present Federal, State and Local law enforcement. $1.8 billion isn't chopped
liver, and they want the phone users, in the end, to pay for it.

As a matter of simple truth and honesty in government, let 'em put up a bill
in Congress for a $1.8 billion appropriation for this purpose and see how
far they get.

In fact, even if Congress were willing to appropriate such funds, first the
FBI would have to make a showing that they'd save at least $1.8 billion in
crime costs due to this additional capability alone.

I wonder how much new law enforcement technology (not involving putting
equipment in people's phone companies) $1.8 billion would buy? How many new
prisons? How many extra police on the streets? I wonder what the benefits of
those measures would be compared to the FBI proposal.

By the way, given the massively well documented evidence of government cost
estimates vs. final costs, even if the FBI honestly believes it's $300
million as an estimate, the phone companies are probably right about the
$1.8 billion. But they also often underestimate, so it's probably even more.

No, they haven't thought this one through, or if they have, they're a long
way from presenting a convincing argument.

[David Sternlight]

In article <2mj7la$5...@access1.digex.net>,

Steve Brinich <ste...@access1.digex.net> wrote:
> > That's false, except for one-time pads. It's just a matter of time before
> >PGP or Ripem can be cracked by brute force. The issue is how long, and the
> >answer to that question depends on whether one has the money to buy multiple
> >parallel processor power (thousands or more of parallel processors in the
> >machine) at cutting edge speeds, or whether one is thinking of a
> >single-processor workstation.
>

> Barring a fundamental mathematical breakthrough, the difficulty of factoring
>an N-bit number increases exponentially with N. Anyone familiar with basic
>mathematics -- hell, basic *arithmetic* knows that exponential growth easily
>overwhelms any real-world resources.

The exponential growth argument has been discredited every time it's been
tried. Can you say "Club of Rome"? "Limits to Growth?" "Bigger fool theory"
in the stock market? etc.

Just so here. There's a limit to practical key lengths caused by time to
encrypt or decrypt. Right now an estimate is that a single workstation would
take 100 years to break commonly used "long" keys. Thus a 1000 parallel
processor computer would take 1.2 months, at conventional workstation
speeds, and probable a few days at currently available money-no-object chip
speeds. Recall that the brute force search problem is perfectly divisible
with little overhead-just divide the key space equally among the processors.

Chances are that the resources of rich, smart cryptologic organizations will
always overwhelm practical key lengths usable with widely available,
mass-market encryption. It's only a question of which targets are worth
putting such resources on.

Though it is naively argued that one can "just use a longer key", limits on
encryption and decryption time are a function of hardware capability, and as
hardware becomes more powerful to permit longer keys, so will hardware to
brute force search those keys. What's more the users have only one dimension
to pick up security in--hardware speed permitting longer keys with
practical encryption/decryption times. But the "codebreakers" have two
dimensions to work in--speed and number of parallel processors, and just as
speed goes up every few years, so too do chip costs and manufacturing costs
for multiple processor machines go down.

[Black Unicorn]

In article <strnlghtC...@netcom.com>,
David Sternlight <da...@sternlight.com> wrote:

>In article <CMtyI...@rco.qc.ca>, Alain Simon <al...@interax.net> wrote:
>
>> From everything the poster in question has written so far,
>> it seems that he is willing to throw away everybody's freedom
>> in order to have some illusion of safety for himself.
>
>What nonsense! Since Clipper is voluntary and other systems aren't
>proscribed, nobody is throwing away anybody else's freedom. In truth it's
>the anti-Clipper crowd who want to deprive the pro-Clipper types of THEIR
>freedom to use it by trying to get it withdrawn.

It seems that every argument Mr. Sternlight makes is a derivative
of "Since Clipper is voluntary...."

I have tried several times to put forth the point that the Clipper
proposals goal (or one of them) is to REGULATE encryption.

Anyone who asserts otherwise is simply missing something.

Sure, it's voluntary because no one is branding users of other
crypto, but it certainly is not voluntary when you look at the
dramatic economic coercion involved.

1> Limits on exports (and profitability) of other crypto.
2> Huge subsidies for Clipper technology.
3> The threat of withdrawal of Government largess (in the form of
contracts for now) to those who do not adopt Clipper.
4> The administrations stated goal to impose a non-industry
approved standard.

Hardly entirely "voluntary."

Mr. Sternlight tries to turn the issue on it's head by demanding
that forcing Clippers withdrawal as a proposal is depriving Pro-
Clipper types of their desired product.

The easiest solution here is to unclassify Clipper, make it public
and allow what manufactures want to make the chip make them without
subsidies. If there is REALLY a market for Clipper, why isn't it
being released in the private sphere instead of imposed through the
public sphere?

In the alternative, what right are we depriving you of?
The right to use a system that is secure except to the government?

Isn't one of Mr. Sternlight's premises that IDEA and T-DES are
breakable by the NSA?

If so what good is Clipper? Consumers already HAVE such a system
according to Mr. Sternlight's own assumptions.

As usual, Mr. Sternlight has clouded the issue, tried to pull one
over the eyes of those not initiated in his tactics, and tried to
suck the unwary into his blind and fatal faith in the centralization
of power which he justifies on flawed legal process grounds.

>--
>David Sternlight The views expressed in this message do not necessarily
> represent those of the author, who reserves the right
> to modify, amend, withdraw, or attack them at any time.
>
>

-uni- (Dark)
--
Heute ist Mirroccoli Tag - Find me Sick, Dark and Twisted, and I'm happy.
073BB885A786F666 6E6D4506F6EDBC17 - One if by land, two if by sea.

[Black Unicorn]

In article <strnlghtC...@netcom.com>,
David Sternlight <da...@sternlight.com> wrote:

>CNN Headline News had an item just now on the FBI Wiretap Proposal, in which
>they quoted Freeh as saying something to the effect that if they don't get
>it, it will be a big blow against stopping crime, while the phone companies
>oppose it as an invasion of privacy and raising people's phone bills.
>
>This one is going to require a lot of work with Congress, and right away,
>since apparently the bill has now been introduced.

The bill is still in draft form.
The CNN quip you picked up was probably off-shoot from the joint
hearings Fri and Sat.

As for work with congress, even the pro-DT'94 crowd conceeded that
many modifications were in order.

My advice is to get to Sen. Leahy, Sen. Specter, they seem to be
anti-DT for the most part.

The strongest arguements seemed to be in the realm of

1> Holding back technology until the FBI was ready to deal with it
when technology is one of the US's strongest fronts of international
markets.

2> Cost figures (FBI says 200-500 Million, off by as much as 500
million, telco's say 1.8 billion just to fix a small portion of
the problems FBI is complaining about with regard to Call
Forwarding.)

>

>David
>--
>David Sternlight The views expressed in this message do not necessarily
> represent those of the author, who reserves the right
> to modify, amend, withdraw, or attack them at any time.
>
>

-uni- (Dark)

[Gregory Stewart-Nicholls]

In article <strnlghtC...@netcom.com>
da...@sternlight.com "David Sternlight" writes:

> In article <764089...@olympus.demon.co.uk>,
> Gregory Stewart-Nicholls <ni...@olympus.demon.co.uk> wrote:
>
> > You're comparing one worst case scenario, with a certainty. For better or
> >worse, I'll risk the Z-ray.
>
> That's the crux of the individual decision. Some will risk the Z-ray and use
> Pretty Good Locks (PGL), and others will not. In part it depends on the
> value of the contents of your house to the government, vs. the value of the
> contents of your house to bad guys who might have a Z-ray of their own.

Pardon me, but do I take it from this that you believe that the NAA's
secret key to my house would be inaccessable to the bad guys ??
If so, are you interested in buying a bridge ???

[Tommy the Tourist]

David Sternlight wrote:
> ... In truth it's

> the anti-Clipper crowd who want to deprive the pro-Clipper types of THEIR
> freedom to use it by trying to get it withdrawn.

That's rubbish and you know it. We don't object to anybody using the
Skipjack algorithm. What we object to is the government insisting that
to use Skipjack you must have your key escrowed with the government and
trying by hook or by crook to make their key-escrowed system the de facto
standard, coercing or persuading the majority of crypto-users to use
escrowed Skipjack and only Skipjack.

--
Rebel If drugs were legal the Mafia would make less money out of them.
explosives nitroglycerin
glock ira
--------
For more information about this anonymous posting service, please send mail
to h...@soda.berkeley.edu with Subject: remailer-info. Eric Hollander takes
no responsibility for the contents of this post. Please, don't throw knives.

[Alain Simon]

In article <strnlghtC...@netcom.com>, strn...@netcom.com (David

Sternlight) wrote:

> > From everything the poster in question has written so far,
> > it seems that he is willing to throw away everybody's freedom
> > in order to have some illusion of safety for himself.
> What nonsense! Since Clipper is voluntary and other systems aren't
> proscribed, nobody is throwing away anybody else's freedom. In truth it's

what do you mean "other systems aren't proscribed"? This is the whole
idea of Clipper. The administration's approach is to forbid encryption
systems that can resist law enforcement efforts to crack it (at least
it is their excuse). There would be no Clipper controversy of it were
not exclusive.

> the anti-Clipper crowd who want to deprive the pro-Clipper types of THEIR
> freedom to use it by trying to get it withdrawn.

Wrong again: you use Clipper if you are so bloody minded about it.
But stop cramming it everybody's throat by making it into law. Why
would you need a law if it were voluntary?

--
Virtually me, really...

[Alain Simon]

In article <strnlghtC...@netcom.com>, strn...@netcom.com (David
Sternlight) wrote:

> > [ ... ]

> >I (and others) have already shown that there *ARE* guarenteed unbreakable

> >codes. [ ... ]

> That's false, except for one-time pads. It's just a matter of time before
> PGP or Ripem can be cracked by brute force. The issue is how long, and the
> answer to that question depends on whether one has the money to buy multiple
> parallel processor power (thousands or more of parallel processors in the
> machine) at cutting edge speeds, or whether one is thinking of a
> single-processor workstation. There have been quite a few posts here showing
> the calculations for a single processor case at various commonly-used key
> lengths. What's more, we don't know if there's been some classified
> breakthrough in directly attacking DES, TDES, or IDEA.

we know exactly how weak these are, at any time.
we can tailor the strength to our needs by increasing key length.
there are other methods (including steganography) that are stronger.
and we have no way of knowing how "weak" skipjack/clipper is.

I'll take my chances with what I know.

> Even one-time pads aren't "guaranteed unbreakable"--there's always
> "practical cryptanalysis".

this applies to clipper as well.

> But we were talking about locks. :-)

no. we were talking about politics |8-(

--
Virtually me, really...

[Matt Austern]

In article <alain-200...@maximon.rco.qc.ca> al...@interax.net (Alain Simon) writes:

> what do you mean "other systems aren't proscribed"? This is the whole
> idea of Clipper. The administration's approach is to forbid encryption
> systems that can resist law enforcement efforts to crack it (at least
> it is their excuse). There would be no Clipper controversy of it were
> not exclusive.

Not "forbid", exactly. The Clipper proposal is for the government to
use strong-arm tactics making other forms of encryption grossly
inconvenient and legally ambiguous, but they won't be banned outright.
Not quite, anyway.

I agree that it's misleading to call Clipper "voluntary"---not exactly
wrong, depending on just how you define "voluntary", but misleading.
Still, nobody, at this moment, is actually proposing an outright ban
on other forms of encryption.
--
Matthew Austern Never express yourself more clearly
ma...@physics.berkeley.edu than you think. ---N. Bohr

[David Sternlight]

In article <2min2f$g...@access3.digex.net>,
Black Unicorn <uni...@access.digex.net> wrote:
>In article <strnlghtC...@netcom.com>,

>
>I have tried several times to put forth the point that the Clipper
>proposals goal (or one of them) is to REGULATE encryption.

There isn't a shred of evidence for this assertion.

>
>Anyone who asserts otherwise is simply missing something.

Perhaps they're missing that your assertion is a form of the big lie--often
repeated but never with evidence because there is none.

>Sure, it's voluntary because no one is branding users of other
>crypto, but it certainly is not voluntary when you look at the
>dramatic economic coercion involved.

Given the pricing of Clipper, it's trivial for alternatives to be marketed
and sold more cheaply. There's no economic coercion.

By the way, you're also misusing "economic coercion". It isn't economic
coercion to offer something at a good price. Economic coercion is when
someone says--if you don't do what I want it will cost you (see the history
of labor strikes for endless worked examples).

>
>1> Limits on exports (and profitability) of other crypto.

This has been in place long before Clipper and thus has nothing to do with
Clipper.

>2> Huge subsidies for Clipper technology.

The government needs it for their own uses. Thus it's a legitimate
expenditure. If you've looked at the pricing, you'll see that there are no
subsidies to private sector buyers, since the initial costs can be written
off against the government's own needs, as can the initial purchases.

>3> The threat of withdrawal of Government largess (in the form of
>contracts for now) to those who do not adopt Clipper.

There is no such threat.

>4> The administrations stated goal to impose a non-industry
>approved standard.

They've adopted an internal government standard, as is their right, and said
that those who wish to communicate privately with the government should use
that. Nothing wrong with that. If everyone could invent their own version of
Form 1040 the IRS would go nuts and the taxpayer's costs to run the IRS
would be much higher.

>
>Hardly entirely "voluntary."
>

Sure it is. If you want to continue to communicate with the government
unencrypted, you may do so.

>Mr. Sternlight tries to turn the issue on it's head by demanding
>that forcing Clippers withdrawal as a proposal is depriving Pro-
>Clipper types of their desired product.

That's exactly what it is. Since it's voluntary, nobody is forcing the
anti-Clipper crowd to use it. But if it's withdrawn, the pro-Clipper people
will be denied what we believe is a very high security NSA system to protect
our traffic. You don't like this argument because it shines the light of
truth on what's really going on--the anti-Clipper crowd trying to cram their
desires down the throats of the rest of us.

>
>The easiest solution here is to unclassify Clipper, make it public

They can't do it because it would let people make a version without escrow,
and if it's really secure, as I believe, it would be tantamount to giving
the bad guys one of NSA's better systems. I'd be outraged as a taxpayer if
they did that.

>and allow what manufactures want to make the chip make them without
>subsidies. If there is REALLY a market for Clipper, why isn't it
>being released in the private sphere instead of imposed through the
>public sphere?

Anyone who can meet the proper security requirements may manufacture Clipper
(at least in the U.S.--dunno about overseas).

>
>In the alternative, what right are we depriving you of?
>The right to use a system that is secure except to the government?
>
>Isn't one of Mr. Sternlight's premises that IDEA and T-DES are
>breakable by the NSA?
>
>If so what good is Clipper? Consumers already HAVE such a system
>according to Mr. Sternlight's own assumptions.
>
>As usual, Mr. Sternlight has clouded the issue, tried to pull one
>over the eyes of those not initiated in his tactics, and tried to
>suck the unwary into his blind and fatal faith in the centralization
>of power which he justifies on flawed legal process grounds.

See above in order to make up your own mind about how much truth there is in
the writer's last paragraph.

David

[David Sternlight]

In article <alain-200...@maximon.rco.qc.ca>,

Alain Simon <al...@interax.net> wrote:
>
> what do you mean "other systems aren't proscribed"? This is the whole
> idea of Clipper. The administration's approach is to forbid encryption
> systems that can resist law enforcement efforts to crack it (at least
> it is their excuse). There would be no Clipper controversy of it were
> not exclusive.

You either have not been reading, or have been sucked into some of the
fantasies of the anti-Clipper crowd. There is no provision for making
Clipper exclusive, and the government has said they have no plans to ban
non-Clipper crypto. In addition they've said that Clipper will be voluntary,
except for certain private communications with the government, and certain
internal uses of the government, for which they have made it a Federal
Information Processing Standard.

I agree with you. There should be no Clipper controversy, but some see bogey
men under every bed. All this talk of banning non-Clipper crypto is an
invention of the anti-Clipper crowd, not a government proposal.

David

[Steve Brinich]

> That's false, except for one-time pads. It's just a matter of time before
>PGP or Ripem can be cracked by brute force. The issue is how long, and the
>answer to that question depends on whether one has the money to buy multiple
>parallel processor power (thousands or more of parallel processors in the
>machine) at cutting edge speeds, or whether one is thinking of a
>single-processor workstation.

Barring a fundamental mathematical breakthrough, the difficulty of factoring

an N-bit number increases exponentially with N. Anyone familiar with basic
mathematics -- hell, basic *arithmetic* knows that exponential growth easily
overwhelms any real-world resources.

Steve Brinich | If the government wants us to respect the law, |
<ste...@access.digex.net> | it should set a better example. |

[David Sternlight]

In article <MATT.94Ma...@physics2.berkeley.edu>,
Matt Austern <ma...@physics.berkeley.edu> wrote:

>
>Not "forbid", exactly. The Clipper proposal is for the government to
>use strong-arm tactics making other forms of encryption grossly
>inconvenient and legally ambiguous, but they won't be banned outright.
>Not quite, anyway.

There is no such provision, and there is no provision for making other forms
of encryption either grossly inconvenient or legally ambiguous, except for
export controls that were in place long before Clipper.

>
>I agree that it's misleading to call Clipper "voluntary"---not exactly
>wrong, depending on just how you define "voluntary", but misleading.
>Still, nobody, at this moment, is actually proposing an outright ban
>on other forms of encryption.

It's not at all misleading. Your use of "is actually proposing" is also a
propaganda technique for creating ambiguity when there isn't a shred of
evidence to support it.

[Paul Ferguson]

David Sternlight (strn...@netcom.com) wrote:

> I agree with you. There should be no Clipper controversy, but some see bogey
> men under every bed. All this talk of banning non-Clipper crypto is an
> invention of the anti-Clipper crowd, not a government proposal.

I disagree with you (imagine that).

Clipper is controversial, whether you really believe it or not.
And personally, I'd like to see the entire controversy disappear
by having the issue disolved by the US Congress, but I'm afraid that is
probably asking too much.

Clipper, by amd in itself, is inherently a "bad thing" (tm) whether
you like the classification or not. There are enough of us net-weenies
that despise the idea, and therefore will pose speedbumps on the
information superhighway.

Please keep in mind, David, that my opinions are strictly my own,
and do not reflect the official, squid-like opinions of US Sprint.

_______________________________________________________________________________
Paul Ferguson
US Sprint
Enterprise Internet Engineering tel: 703.904.2437
Herndon, Virginia USA internet: pa...@hawk.sprintmrn.com

[David Sternlight]

In article <DGAY.94Ma...@didec24.epfl.ch>,
David Gay <dg...@di.epfl.ch> wrote:
>
>The cost of using a longer key increases polynomially. The cost of
>breaking a longer key increases exponentially. Who do you think is
>going to win ?

You must have missed my "limits to growth" post. There's a limit on the
increase in using a longer key, imposed not by costs but by time to use such
a key.

The only limit imposed on the use of large multi-parallel processor machines
is the budget of the user.

An interested reader may calculate both numbers directly as an exercise. How
many parallel processors can one include in a fast state-of-the-art speed
machine built under government contract, if the limit on cost is, say,
one-tenth of the NSA's budget at any time (I made that ratio up out of whole
cloth--I have no inside information)? How long are the keys such a machine
can search in, say, three days? (I made that number up, too).

Now: how big a key can one use with today's commonly available work stations
if the limit on encryption is, say 15 seconds). (I made that one up, too).

One could produce a table of cryptanalysis budget vs. encryption time using
the ideas in the previous two paragraphs, in order to determine which key
sizes are robust against particular budgets, for those really interested in
pursuing this.

Note that I've added sci.crypt to the original writer's distribution list,
since the calculations suggested above legitimately fall within the charter
of that group. Though I think the number of newsgroups the writer used was
going a bit overboard, I'll leave it for him to correct in his next reply.

David

[Bill Stewart +1-510-484-6204]

In article <strnlghtC...@netcom.com> strn...@netcom.com (David Sternlight) writes:

> Barring a fundamental mathematical breakthrough, the difficulty of factoring
>an N-bit number increases exponentially with N. Anyone familiar with basic
>mathematics -- hell, basic *arithmetic* knows that exponential growth easily
>overwhelms any real-world resources.

The exponential growth argument has been discredited every time it's been
tried. Can you say "Club of Rome"? "Limits to Growth?" "Bigger fool theory"
in the stock market? etc.

There's a difference between whether physical processes will really
follow exponential growth patterns without other effects becoming visible,
and whether mathematical functions follow them. Number of steps
required for brute-force encryption is part of the latter case;
increase in comuter speed is more like the former.
Thus your argument that brute-force parallel computer strength will
always catch up with longer keys is likely to be "discredited" :-)

Not having Schneier's book with me, I'll have to do a few
back-of-the-envelope calculations, but the Earth has somewhere around
2**90 atoms, and the age of the universe is about 2**89 nanoseconds,
so an Earth-sized machine doing a billion brute-force calculations per
second per atom of hardware could crack a 2**180 key in about the age
of the universe. That says that single-IDEA may not be fast enough,
with mere 128-bit keys, but triple-IDEA would force the cryptanalyst
to decide between buying up adjacent galaxies or using more
traditional methods, such as bribery and torture.

On the other hand, RSA key generation grows at about n**3 time with key-length,
and with current factoring theory, IDEA keys are about equivalent to
3100-bit RSA keys, so you'd probably need about 6000-bit keys to be safe,
which would take 200 times as long to generate as 1024-bit keys.
If you're dealing with a cryptanalyst with computers like the above,
getting that much horsepower on your laptop shouldn't be tough :-)
You may have to resort to guys with briefcases handcuffed to their arms...
--
# Bill Stewart AT&T Global Information Solutions (new name for NCR!)
# 6870 Koll Center Pkwy, Pleasanton CA 94566 1-510-484-6204 fax-6399
# Email: bill.s...@pleasantonca.ncr.com bills...@attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465

Disclaimer: My cats are walking on my keyboard again.

[David Sternlight]

In article <2mk84n$8...@agate.berkeley.edu>,

Tommy the Tourist <nob...@soda.berkeley.edu> wrote:
>David Sternlight wrote:
>> ... In truth it's
>> the anti-Clipper crowd who want to deprive the pro-Clipper types of THEIR
>> freedom to use it by trying to get it withdrawn.
>
>That's rubbish and you know it. We don't object to anybody using the
>Skipjack algorithm. What we object to is the government insisting that
>to use Skipjack you must have your key escrowed with the government and
>trying by hook or by crook to make their key-escrowed system the de facto
>standard, coercing or persuading the majority of crypto-users to use
>escrowed Skipjack and only Skipjack.

Not so fast. You are trying to prevent me from voluntarily agreeing to have
my key escrowed in order to get what I think to be the power of Clipper.
Thus my comment is accurate and your attempted refutation not.

As for "trying by hook or by crook" that's prolix imputation for which
there's no evidence, since all of the government's actions with respect to
Clipper have a perfectly reasonable, non-pejorative explanation. Your
assertion of "coercion" is also just plain inaccurate, as is "and only".
Both have been amply refuted in past discussion, and there's no point in
rehearsing that yet again, though I'd be glad to do so via e-mail for
readers who are interested in the data, rather than a make-wrong.

[Bill Stewart +1-510-484-6204]

In article <strnlghtC...@netcom.com> strn...@netcom.com (David

Sternlight) writes, in response to somebody,

>Sure, it's voluntary because no one is branding users of other
>crypto, but it certainly is not voluntary when you look at the
>dramatic economic coercion involved.

The US Income Tax is also voluntary, but somehow almost everyone volunteers...
I'd say the truth is somewhere between Sternlight and the other poster.

>1> Limits on exports (and profitability) of other crypto.

This has been in place long before Clipper and thus has nothing to do with
Clipper.

If Clipper imports and exports are permitted, and other crypto hardware
imports and exports aren't, than it *does* have something to do with Clipper.

>2> Huge subsidies for Clipper technology.

The government needs it for their own uses. Thus it's a legitimate
expenditure. If you've looked at the pricing, you'll see that there are no
subsidies to private sector buyers, since the initial costs can be written
off against the government's own needs, as can the initial purchases.

The government *doesn't* need it for their own uses - triple-DES would
have been fine, and the CCEP chips the NSA developed several years ago
would be fine or the same algorithms ported to modern chipware).
On the other hand, the subsidy isn't really very big - they paid
Mykotronx something like $4M, which is peanuts by NSA budget standards,
and per-chip subsidies are probably under $20. The interesting money
is in the purchase of thousands of $1000 phones, rather than thousands
of $50 chips.

>3> The threat of withdrawal of Government largess (in the form of
>contracts for now) to those who do not adopt Clipper.

There is no such threat.

The government is primarily saying "Well, we've been buying STU-III
phones, and we've been talking about buying DES-phones, but we'd
rather buy Clipperphones instead.", and vendors are saying
"The customer is always right." There haven't been any threats
reported in the press that they would drop contracts for other
products or services, or even that they would drop the STU-III contracts,
and if there have been any other threats that I as a stockholder of a
major telecommunications corporation should know about, nobody's told me :-)

>4> The administrations stated goal to impose a non-industry
>approved standard.

They've adopted an internal government standard, as is their right,
and said that those who wish to communicate privately with the
government should use that. Nothing wrong with that.

They made a real mockery of the standards process when they did so,
and their requests for public comment were purely for show.
The FIPS they released does *not* qualify as a technical standard;
its major technical sections said "ask the NSA".

will be denied what we believe is a very high security NSA system to protect
our traffic. You don't like this argument because it shines the light of
truth on what's really going on--the anti-Clipper crowd trying to cram their
desires down the throats of the rest of us.

Nonsense - according to the definitions of "strength" the NSA^h^h^hNIST's
"independent" review panel interim report used, which were basically
key length, known weaknesses, and ability to break on a Cray in a few days,
Clipper is far weaker than Triple-DES or IDEA; the pro-CLipper crowd
is trying to cram their desires for wiretapping down the throats of
the rest of us.

>The easiest solution here is to unclassify Clipper, make it public

They can't do it because it would let people make a version without escrow,
and if it's really secure, as I believe, it would be tantamount to giving
the bad guys one of NSA's better systems. I'd be outraged as a taxpayer if
they did that.

I'd be outraged as a taxpayer if that's one of the NSA's better systems :-)
As a taxpayer, I don't see why I *shouldn't* be allowed to use
technology I'v been forced to pay for.
As a citizen, I'm far more concerned about the NSA trying to set
standards for non-governmental cryptography and communications (and I thought
there was some law back in 1987 that told them not to do stuff like that?)
and if you think they're only trying to influence the government's
internal market, go ask the folks on the cellular phone standards
committees about attempts to bully them into using Clipper,
and into *not* using strong untappable cryptosystems,
or just look at some of Louis Freeh's recent ranting.

Anyone who can meet the proper security requirements may manufacture Clipper
(at least in the U.S.--dunno about overseas).

The FIPS didn't say that, not that standards do, and there aren't any
laws or officially announced policies saying who is allowed to
manufacture Clipper. The FIPS said that if you *want* to manufacture
Clipper, and have the proper security clearances, ask the NSA for more
information. The announced policies have said that you *won't* be
able to manufacture *anything* you want with Clipper; designs will
have to be approved (because it's easy to build a non-wiretapped
Clipperphone, as long as you aren't trying to be compatible with the
standard wiretapped designs, even if you don't have access to Clipper
internals or algorithms.)

--
# Pray for peace; Bill
# Bill.S...@pleasantonca.ncr.com 1-510-484-6204 fax-6399
# NCR Corporation, 6870 Koll Center Pkwy, Pleasanton CA 94566
# Please reply to this address rather than my news server.

[David Lesher]

UnProfessor Sternlight claims:

>Not so fast. You are trying to prevent me from voluntarily agreeing to have
>my key escrowed in order to get what I think to be the power of Clipper.
>Thus my comment is accurate and your attempted refutation not.

Gawd, it's getting deep here in Sterndreck.

Here is how to do so. As the old joke goes, I'll type slowly
so you can keep up...

1) Buy your very own free-market, uncompromised encrypted phone.

2) Mail the second set of keys to Janet Reno.
--
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close...........(v)301 56 LINUX
Unless the host (that isn't close)....kibo# 777............pob 1433
is busy, hung or dead..............vr....................20915-1433

[David L Evens]

David Sternlight (strn...@netcom.com) wrote:

You really don't read anything you don't post, do you?

[Robert J. Wade]

In article <strnlghtC...@netcom.com> da...@sternlight.com (David Sternlight) writes:
>In article <CMtyI...@rco.qc.ca>, Alain Simon <al...@interax.net> wrote:
>
>> From everything the poster in question has written so far,
>> it seems that he is willing to throw away everybody's freedom
>> in order to have some illusion of safety for himself.
>
>What nonsense! Since Clipper is voluntary and other systems aren't
>proscribed, nobody is throwing away anybody else's freedom. In truth it's
>the anti-Clipper crowd who want to deprive the pro-Clipper types of THEIR
>freedom to use it by trying to get it withdrawn.

>David Sternlight The views expressed in this message do not necessarily

wrong! us anit-clipper types want the FREE MARKET to COMPETE offering a wide
range of privacy protection which all citizens/corporations are FREE to
choose from and use what is best for them. also competition always leads
to continuous improvement and reduction of costs. people who are against
the government clipper chip scheme are TRUE PATRIOTS!!!!

[David Sternlight]

In article <w.a.lynn-2...@wlynn.larc.nasa.gov>,
William A. Lynn III <w.a....@larc.nasa.gov> wrote:
>
>In both mandatory cases, the government has the clear text at one or both
>ends! Why do they need escrowed keys?

To be able to investigate the malfeasance of particular civil servants?
Attempted bribery? etc.

>
>Get a clue. The gov't has a (not well) hidden agenda.

It's a good idea for you to think it through;
Before posting messages saying "Get a clue."

Shakespeare?

:-)

[David Sternlight]

In article <WCS.94Ma...@anchor.att.com>,
Bill Stewart +1-510-484-6204 <w...@anchor.ho.att.com> wrote:

>In article <strnlghtC...@netcom.com> strn...@netcom.com (David Sternlight) writes:
> > Barring a fundamental mathematical breakthrough, the difficulty of factoring
> >an N-bit number increases exponentially with N. Anyone familiar with basic
> >mathematics -- hell, basic *arithmetic* knows that exponential growth easily
> >overwhelms any real-world resources.
>
> The exponential growth argument has been discredited every time it's been
> tried. Can you say "Club of Rome"? "Limits to Growth?" "Bigger fool theory"
> in the stock market? etc.
>

>There's a difference between whether physical processes will really
>follow exponential growth patterns without other effects becoming visible,
>and whether mathematical functions follow them. Number of steps
>required for brute-force encryption is part of the latter case;
>increase in comuter speed is more like the former.
>Thus your argument that brute-force parallel computer strength will
>always catch up with longer keys is likely to be "discredited" :-)
>
>Not having Schneier's book with me, I'll have to do a few
>back-of-the-envelope calculations, but the Earth has somewhere around
>2**90 atoms, and the age of the universe is about 2**89 nanoseconds,
>so an Earth-sized machine doing a billion brute-force calculations per
>second per atom of hardware could crack a 2**180 key in about the age
>of the universe. That says that single-IDEA may not be fast enough,
>with mere 128-bit keys, but triple-IDEA would force the cryptanalyst
>to decide between buying up adjacent galaxies or using more
>traditional methods, such as bribery and torture.

You guys ought to get together. Another "expert" posted a calculation of
your form in which he concluded that a single processor workstation would
take 80 years to break single-IDEA. He seemed to be implying it was secure.
Relying on that, I made my calculations for a 1000 parallel processor fast
machine of today's state of the art. Surely you can divide 80 by 1000, and
then another factor representing fastest current chip speeds compared with
conventional workstations.

When you guys get your various contradictory "proofs" together, I'll be
willing to listen to "age of the universe "number of atams in the galaxy"
kinds of assertions. Until then I have to consider it chin music.

David

[David Sternlight]

In article <21MAR94....@uwpg02.uwinnipeg.ca>,
<par...@uwpg02.uwinnipeg.ca> wrote:
>
>David Sternlight was saying....
>ST> Though it is naively argued that one can "just use a longer key",
>ST> limits on encryption and decryption time are a function of
>ST> hardware capability, and as
>ST> hardware becomes more powerful to permit longer keys, so will
>ST> hardware to brute force search those keys. What's more the users
>ST> have only one dimension to pick up security in--hardware speed
>ST> permitting longer keys with practical encryption/decryption
>ST> times. But the "codebreakers" have two dimensions to work
>ST> in--speed and number of parallel processors, and just as speed
>ST> goes up every few years, so too do chip costs and manufacturing
>ST> costs for multiple processor machines go down.
>
> Could you explain how this argument doesn't apply with equal or greater
>force for the Clipper? I am certainly no expert on encryption schemes, but
>a little common sense would say that this is disasterous for the Clipper.

As I've explained in a previous post, it depends on the number of
calculations per key tested, which depends on the complexity of the
algorithm. The posted calculations by another came up with 80 years for
single processor brute force search for IDEA, and about 110 years for TDES,
both assuming conventional workstation speeds and common currrent key sizes.

Clipper is a lot more complicated according to the civilian review panel
which was permitted to see the classified algorithm; though I've seen no
calculations of how long it would take to test each possible key it seems it
would be quite a bit longer than TDES.

David

[David Sternlight]

In article <2ml07r$l...@nermal.cs.uoguelph.ca>,
David L Evens <dev...@uoguelph.ca> wrote:
>And one-time pads ARE unbreakable. The results of encrypting with
>a properly constructed one-time pad are as random as the pad that was used
>in the encryption. You cannot extract data from noise without knowing
>what the noise IS first.

And you cannot make pronouncements about "practical cryptanalysis" unless
you know what practical cryptanalysis is.

:-)

[David Sternlight]

In article <wb8fozCn...@netcom.com>,

David Lesher <wb8...@netcom.com> wrote:
>UnProfessor Sternlight claims:
>>Not so fast. You are trying to prevent me from voluntarily agreeing to have
>>my key escrowed in order to get what I think to be the power of Clipper.
>>Thus my comment is accurate and your attempted refutation not.
>
>Gawd, it's getting deep here in Sterndreck.
>
>Here is how to do so. As the old joke goes, I'll type slowly
>so you can keep up...
>
>1) Buy your very own free-market, uncompromised encrypted phone.

I don't believe they'd be as algorithmically secure as one invented by the
NSA.

>
>2) Mail the second set of keys to Janet Reno.

Without a court order?

But your demonstration amply proves that you want to deprive me of the
system I want, and are trying to substitute a system you want, for my use.

I rest my case yet again.

[Pat Myrto]

In article <strnlghtC...@netcom.com> da...@sternlight.com (David Sternlight) writes:

/In article <763997...@olympus.demon.co.uk>,
/Gregory Stewart-Nicholls <ni...@olympus.demon.co.uk> wrote:
/
/> I'd rather buy a lock that has to be blown open by experts spending time
/>and money to do it, than a lock that Buford T Justice can open with a stroke
/>of his pen.
/
/Actually, the lock you'd rather buy can be opened by experts with their new
/Z-ray. Nobody knows how long it will take them, but when they do, they can
/enter you house and leave, closing the lock behind them, without a trace.

Of course, after they use their Z-ray and get what they want, they will
have to get it back to the office in a hurry: They will be glowing in
the dark, and slowly becoming transparant, while they are gradually
disintegrating...

There will be no trace of the break-in, because there will be no trace
of the house (or agents) in 20 minutes...

(this was printed in ultra-fine print at the back of the instruction
manual for running the Z-ray device)...
--
pat@rwing [If all fails, try: rwing!p...@ole.cdac.com] Pat Myrto - Seattle WA
"No one has the right to destroy another person's belief by demanding
empirical evidence." -- Ann Landers, nationally syndicated advice columnist
and Director at Handgun Control Inc.

[Black Unicorn]

In article <strnlghtC...@netcom.com>,

David Sternlight <da...@sternlight.com> wrote:
>In article <2min2f$g...@access3.digex.net>,
>Black Unicorn <uni...@access.digex.net> wrote:
>>In article <strnlghtC...@netcom.com>,
>
>>
>>I have tried several times to put forth the point that the Clipper
>>proposals goal (or one of them) is to REGULATE encryption.
>
>There isn't a shred of evidence for this assertion.

Unless you count the administrations STATED goal, to estlablish
a de facto standard and make clipper widely used by economic pressure.
(Call it support if you like)
This is infact the whole premise behind the program.

>>
>>Anyone who asserts otherwise is simply missing something.
>
>Perhaps they're missing that your assertion is a form of the big lie--often
>repeated but never with evidence because there is none.

Take this, from the press secretary:

We understand that many in industry would like to see all
encryption products exportable. However, if encryption technology is
made freely available worldwide, it would no doubt be usod
extensively by terrorists, drug dealers, and other criminals to harm
Americans both in the U.S. and abroad. For this reason, the
Administration will continue to restrict export of the most
sophisticated encryption devices, both to preserve our own foreign
intelligence gathering capability and because of the concerns of our
allies who fear that strong encryption technology would inhibit their
law enforcement capabilities.

Factor #1: Export regulation.

From the fact sheet:

The Secretary of Commerce, in consultation with other appropriate
U.S. agencies, shall initiate a process to write standards to
facilitate the procurement and use of encryption devices fitted
with key-escrow microcircuits in federal communications systems
that process sensitive but unclassified information. I expect this
process to proceed on a schedule that will permit promulgation of
a final standard within six months of this directive.

Factor #2: Unreviewed standards imposed.

>>Sure, it's voluntary because no one is branding users of other
>>crypto, but it certainly is not voluntary when you look at the
>>dramatic economic coercion involved.
>
>Given the pricing of Clipper, it's trivial for alternatives to be marketed
>and sold more cheaply. There's no economic coercion.
>
>By the way, you're also misusing "economic coercion". It isn't economic
>coercion to offer something at a good price. Economic coercion is when
>someone says--if you don't do what I want it will cost you (see the history
>of labor strikes for endless worked examples).

economic coercion is flooding the market with an inferior product,
or even a less "refined" product to alter the basic makeup of said
market.

>>
>>1> Limits on exports (and profitability) of other crypto.
>
>This has been in place long before Clipper and thus has nothing to do with
>Clipper.

That explains its presence in the press releases....

>>2> Huge subsidies for Clipper technology.
>
>The government needs it for their own uses. Thus it's a legitimate
>expenditure. If you've looked at the pricing, you'll see that there are no
>subsidies to private sector buyers, since the initial costs can be written
>off against the government's own needs, as can the initial purchases.

Needs it for their own uses? Why not use Skipjack with no escrow?
The price of an escrow system seems a little extreme and hardly
justifiable with a "Well, we were gonna do it ourselves anyhow...."

>>3> The threat of withdrawal of Government largess (in the form of
>>contracts for now) to those who do not adopt Clipper.
>
>There is no such threat.

You contend that IBM could conduct business with government through
encrypted channel with IDEA then?
Or will they be forced to adopt the governments use of Clipper as
part of a new policy on communications?

>>4> The administrations stated goal to impose a non-industry
>>approved standard.
>
>They've adopted an internal government standard, as is their right, and said
>that those who wish to communicate privately with the government should use
>that. Nothing wrong with that. If everyone could invent their own version of
>Form 1040 the IRS would go nuts and the taxpayer's costs to run the IRS
>would be much higher.

Internal standard is hardly proper wording. Why use an escrow system
on "internal government communications?" It's clear that's not the
point here.
Comparing tax form standardization and Clipper is apples and oranges
and you know it.
Develop a non-escrowed and cheaper standard if it's a standard you
want.

>>
>>Hardly entirely "voluntary."
>>
>
>Sure it is. If you want to continue to communicate with the government
>unencrypted, you may do so.

I rest my case.

>>Mr. Sternlight tries to turn the issue on it's head by demanding
>>that forcing Clippers withdrawal as a proposal is depriving Pro-
>>Clipper types of their desired product.
>
>That's exactly what it is. Since it's voluntary, nobody is forcing the
>anti-Clipper crowd to use it. But if it's withdrawn, the pro-Clipper people
>will be denied what we believe is a very high security NSA system to protect
>our traffic. You don't like this argument because it shines the light of
>truth on what's really going on--the anti-Clipper crowd trying to cram their
>desires down the throats of the rest of us.

Oh please,
you can't really believe that your better off than if skipjack
was just released can you?

>>
>>The easiest solution here is to unclassify Clipper, make it public
>
>
>They can't do it because it would let people make a version without escrow,
>and if it's really secure, as I believe, it would be tantamount to giving
>the bad guys one of NSA's better systems. I'd be outraged as a taxpayer if
>they did that.

I guess you wouldn't want a non escrowed system floating about.
So let's introduce Clipper,
and keep strong non-escrowed encryption off the market.

Security through obscurity. I am outraged already.

>
>>and allow what manufactures want to make the chip make them without
>>subsidies. If there is REALLY a market for Clipper, why isn't it
>>being released in the private sphere instead of imposed through the
>>public sphere?
>
>Anyone who can meet the proper security requirements may manufacture Clipper
>(at least in the U.S.--dunno about overseas).
>
>>
>>In the alternative, what right are we depriving you of?
>>The right to use a system that is secure except to the government?
>>
>>Isn't one of Mr. Sternlight's premises that IDEA and T-DES are
>>breakable by the NSA?
>>
>>If so what good is Clipper? Consumers already HAVE such a system
>>according to Mr. Sternlight's own assumptions.
>>
>>As usual, Mr. Sternlight has clouded the issue, tried to pull one
>>over the eyes of those not initiated in his tactics, and tried to
>>suck the unwary into his blind and fatal faith in the centralization
>>of power which he justifies on flawed legal process grounds.
>
>See above in order to make up your own mind about how much truth there is in
>the writer's last paragraph.
>
>David

This is a replay of the old story, technology outruns government so
government has to put the breaks on it to try and legislate it into
line.

Same story with Digital Telephony '94.

>
--
>David Sternlight The views expressed in this message do not necessarily
> represent those of the author, who reserves the right
> to modify, amend, withdraw, or attack them at any time.
>
>

-uni- (Dark)

--
Heute ist Mirroccoli Tag - Find me Sick, Dark and Twisted, and I'm happy.
073BB885A786F666 6E6D4506F6EDBC17 - One if by land, two if by sea.

[Steve Brinich]

> > > That's false, except for one-time pads. It's just a matter of time before
> > >PGP or Ripem can be cracked by brute force. The issue is how long, and the
> > >answer to that question depends on whether one has the money to buy
> > > multiple parallel processor power (thousands or more of parallel
> > > processors in the machine) at cutting edge speeds, or whether one is
> > > thinking of a single-processor workstation.
> >
> > Barring a fundamental mathematical breakthrough, the difficulty of
> > factoring an N-bit number increases exponentially with N. Anyone familiar
> > with basic mathematics -- hell, basic *arithmetic* knows that exponential
> > growth easily overwhelms any real-world resources.

> The exponential growth argument has been discredited every time it's been

>tried. Can you say "Club of Rome"? "Limits to Growth?" "Bigger fool theory"
>in the stock market? etc.

None of these examples are relevant. In the real world, exponential growth
hits some sort of wall and ceases, which is why the "population bomb"
projections turned out to be invalid, why chain letters won't Make Money Fast,
etc. In the world of pure mathematics, this is not the case.

> Just so here. There's a limit to practical key lengths caused by time to
>encrypt or decrypt.

True, but not particularly relevant. The difficulty of *using* the system
rises slowly with key length (at worst,in proportion to the square of key
length), while the difficulty of *breaking* the system rises rapidly with key
length (exponentially). Thus, increasing the power of typical computers by a
factor of four makes it possible to double the typical key length with no net
effect on normal users but a hellacious effect on would-be crackers.

>Right now an estimate is that a single workstation would take 100 years to
>break commonly used "long" keys. Thus a 1000 parallel processor computer would
>take 1.2 months, at conventional workstation speeds, and probable a few days
>at currently available money-no-object chip speeds. Recall that the brute
>force search problem is perfectly divisible with little overhead-just divide
>the key space equally among the processors.

This merely means that key lengths need to be increased somewhat, if high
security is desired.

> Chances are that the resources of rich, smart cryptologic organizations will
>always overwhelm practical key lengths usable with widely available,
>mass-market encryption. It's only a question of which targets are worth
>putting such resources on.
> Though it is naively argued that one can "just use a longer key", limits on
>encryption and decryption time are a function of hardware capability, and as
>hardware becomes more powerful to permit longer keys, so will hardware to

>brute force search those keys.

Anyone who can't understand the difference between polynomial increase and
exponential increase, and its implications, is in no position to accuse anyone
else of "naive" argument.

> What's more the users have only one dimension to pick up security in--
>hardware speed permitting longer keys with practical encryption/decryption
>times. But the "codebreakers" have two dimensions to work in--speed and number
>of parallel processors, and just as speed goes up every few years, so too do
>chip costs and manufacturing costs for multiple processor machines go down.

Those "two dimensions" merely mean that the capability of codebreakers
increases with the square of the number of MIPS available in a typical
processor. Still no contest between that and the exponential increase in
difficulty from just making the key longer.

[Steve Brinich]

> You must have missed my "limits to growth" post. There's a limit on the
>increase in using a longer key, imposed not by costs but by time to use
>such a key.

Since the time required to use a key and the time required to generate a
key increase polynomially (no worse than the square of key length, I
believe), this is not a particularly significant constraint. Given that
an increase in "long" key length from 1024 bits to 2048 bits requires
the user to increase his computing power or his patience by a factor of
four, but imposes a similar factor of at least 10^10 on would-be crackers
(the most optimistic estimates of factoring I've seen say that each +30
bits increase the difficulty by a factor of 10; I'm generously assuming
they get that down to a factor of 2), it's still easy for increasing
key lengths to leave increasing cracker resources behind.

[par...@uwpg02.uwinnipeg.ca]

David Sternlight was saying....
ST> Though it is naively argued that one can "just use a longer key",
ST> limits on encryption and decryption time are a function of
ST> hardware capability, and as
ST> hardware becomes more powerful to permit longer keys, so will
ST> hardware to brute force search those keys. What's more the users
ST> have only one dimension to pick up security in--hardware speed
ST> permitting longer keys with practical encryption/decryption
ST> times. But the "codebreakers" have two dimensions to work
ST> in--speed and number of parallel processors, and just as speed
ST> goes up every few years, so too do chip costs and manufacturing
ST> costs for multiple processor machines go down.

Could you explain how this argument doesn't apply with equal or greater
force for the Clipper? I am certainly no expert on encryption schemes, but
a little common sense would say that this is disasterous for the Clipper.

The way I understand it is that my clipper has codes stored by the
government. I assume that means that my codes cannot get any longer, because
the government has what would be relatively permanent codes for my encryption.
So, there are people trying to crack my code taking advantage of these increases
in speed and power you are talking about.

Meanwhile, the guy next to me is using those same increases in speed
and power to increase the length of his realistic key. So, he is using the
same increases as the crackers to improve his protection. Now, here I am,
with my fixed code lengths, and the crakers are moving in on me. I can't
change my codes, and they just keep getting better.

Now, it is quite possible that I am fundamentally misunderstanding some
technical point. Please correct me if I am.

Darryl.

[David Koontz]

From: w...@anchor.ho.att.com (Bill Stewart +1-510-484-6204)

>References: <RLK.94Ma...@underprize.think.com> <CMtyI...@rco.qc.ca>
> <strnlghtC...@netcom.com> <2min2f$g...@access3.digex.net>
> <strnlghtC...@netcom.com>
>Sender: w...@cbnewsh.cb.att.com (william.clare.stewart)

>
>The government *doesn't* need it for their own uses - triple-DES would
>have been fine, and the CCEP chips the NSA developed several years ago
>would be fine or the same algorithms ported to modern chipware).
>On the other hand, the subsidy isn't really very big - they paid
>Mykotronx something like $4M, which is peanuts by NSA budget standards,
>and per-chip subsidies are probably under $20. The interesting money
>is in the purchase of thousands of $1000 phones, rather than thousands
>of $50 chips.

CCEP chips required centralized key distribution - the cryptographic
check word (CCW) can't be tickled out of the chips. Having to ask the
NSA for a batch of keys probably discouraged wide spread acceptance.

>The FIPS didn't say that, not that standards do, and there aren't any
>laws or officially announced policies saying who is allowed to
>manufacture Clipper. The FIPS said that if you *want* to manufacture
>Clipper, and have the proper security clearances, ask the NSA for more
>information. The announced policies have said that you *won't* be
>able to manufacture *anything* you want with Clipper; designs will
>have to be approved (because it's easy to build a non-wiretapped
>Clipperphone, as long as you aren't trying to be compatible with the
>standard wiretapped designs, even if you don't have access to Clipper
>internals or algorithms.)

Having contacted one of the marketing guys at Mykotronx, I was encouraged
to produce Clipper based products. Having read FIPS PUB 140, it doesn't
sound that hard. Basically NIST (when up to speed) will evaluate a product
design for compliance. The certification process is on the same order
as CCEP products, although I would imagine chips aren't overmarked. The
process will probably be set up to not require knowledge of LEAF generation.
The toughest part is probably certification of session key generation and
distribution.

The camels nose is all the accounting, auditing and security to keep
track of the chips. I would imagine that a company wishing to produce
clipper products is vetted to some degree or another. There is probably
a friendly Quality Assurance audit performed periodically, as well.

I came away with the impression they were either desparate for more vendors,
or not particular as to who played (which exercises the paranoia streak to
no end).

[Alain Simon]

In article <alain-210...@maximon.rco.qc.ca>,
I made a mess of this text; so here is the cleaned up version:

> Subject: cyborgarchy - the brave new web

Picking up on the old EFFector Online threads, on digital telephony,
Clipper chips, and export bans, but with a different slant.

In article <2min2f$g...@access3.digex.net,
uni...@access.digex.net (Black Unicorn) wrote:

> It seems that every argument Mr. Sternlight makes is a
> derivative of "Since Clipper is voluntary...."

ain't that a hoot!?

> [ ... fast forward over excellent analysis... ]

Now let's look at it differently:

- if the rationale is preventing the bad guys from taking advantage
of encryption technologies, how come it is not mandatory?
The law enforcement and national security argument, if we buy
into it, makes it unavoidable that all other encryption methods
will be outlawed. Is the administration hoping that it can drop
the other shoe when we are not looking?

- If the rationale is preventing the bad guys from taking advantage
of encryption technologies, what measures are being prepared, or
already in place, to insure that all these sophisticated spies,
crooked politicians with friends in high places, mass murderers,
child rapists, racially tainted drug dealers, all intelligent,
motivated, sophisticated, enthusiastic law breakers, will
conform to the standard?

- If the rationale is preventing the bad guys from taking advantage
of encryption technologies, how can the good guys know that
some form of encryption is indeed being used, if the sneaky bad
guys use steganographic techniques?

- If the rationale is that the bad guys should be tracked, not by
their spoors, but by their call setups, what measures are being
prepared, or already in place, in order to insure that all these
sophisticated spies, crooked politicians with friends in high places,
mass murderers, child rapists, racially tainted drug dealers, all
intelligent, motivated, sophisticated, enthusiastic law breakers,
will not use alternative communication technologies?

- If the rationale is preventing the bad guys from taking advantage
of encryption technologies, how come it is possible to export
books on cryptography but not software? And why is it illegal
to export technologies that everybody has already invented and
reinvented, independantly (do you really believe the US are that
superior to the rest of the world in the brains department?)
anyway?

Now, let's ask the real question:

- who has the most to fear from these initiatives, criminals or
activists, spies or dissidents, drug dealers or small businesses,
crooks or tax payers, rapists or lovers, psychopaths or thinkers?

--
Virtually me, really...

[Snowhare]

David Sternlight (strn...@netcom.com) wrote:
: In article <2ml07r$l...@nermal.cs.uoguelph.ca>,

: David L Evens <dev...@uoguelph.ca> wrote:
: >And one-time pads ARE unbreakable. The results of encrypting with
: >a properly constructed one-time pad are as random as the pad that was used
: >in the encryption. You cannot extract data from noise without knowing
: >what the noise IS first.

: And you cannot make pronouncements about "practical cryptanalysis" unless
: you know what practical cryptanalysis is.

Unless you are referring to what is usually called *traffic* analysis you
are barking up the wrong tree. The one time pad is completely unbreakable.
So is quantum encryption. Quantum encryption is theoretically superior as
tapping can be detected and no prior secure communications are required.

Traffic analysis will not reveal the contents of encrypted messages.

Care to explicate what you mean by "practical cryptanalysis"?

--
Benjamin Franz

[Snowhare]

David Sternlight (strn...@netcom.com) wrote:
: In article <wb8fozCn...@netcom.com>,

: David Lesher <wb8...@netcom.com> wrote:
: >UnProfessor Sternlight claims:
: >>Not so fast. You are trying to prevent me from voluntarily agreeing to have
: >>my key escrowed in order to get what I think to be the power of Clipper.
: >>Thus my comment is accurate and your attempted refutation not.
: >
: >Gawd, it's getting deep here in Sterndreck.
: >
: >Here is how to do so. As the old joke goes, I'll type slowly
: >so you can keep up...
: >
: >1) Buy your very own free-market, uncompromised encrypted phone.

: I don't believe they'd be as algorithmically secure as one invented by the
: NSA.

Prove that they aren't. That is kind of the core to this: the NSA has
basically said "Trust us". A few people over a few weeks examining their
system in secret *does not* produce confidence in it. Schemes such as the
knapsack took *years* of public analysis by hundreds of people to find the
holes.

You wish to assert that the public systems will be easily cracked while
the NSA sponsored one will not. Find and dandy. Now PROVIDE EVIDENCE that
assertion is true.

Statements such as yours are nothing more than appeal to authority. We
have very good reason to question the NSA as being a suitable authority
here: a direct conflict of interest with their charter.

The NSA's JOB is to intercept communications for intelligence gathering.
To this end they intercept, decrypt, and perform traffic analysis,
*especially* electronic communications.

To ask the NSA to certify a cryptographic scheme for public use is setting
the fox to guard the henhouse. It is not insignificant that only
UNCLASSIFIED government communications will use Clipper. Classified
material will be still be sent via more secure methods. *SOMEONE* doesn't
trust Clipper at the NSA - at least not for *government* secrets.

--
Benjamin Franz

[Steve Brinich]

> Clipper is a lot more complicated according to the civilian review panel
>which was permitted to see the classified algorithm; though I've seen no
>calculations of how long it would take to test each possible key it seems
>it would be quite a bit longer than TDES.

Sternlight New Math: 2^80 > 2^112

[David Sternlight]

In article <2mletm$n...@access3.digex.net>,

Black Unicorn <uni...@access.digex.net> wrote:
>In article <strnlghtC...@netcom.com>,
>David Sternlight <da...@sternlight.com> wrote:
>>In article <2min2f$g...@access3.digex.net>,
>>Black Unicorn <uni...@access.digex.net> wrote:
>>>In article <strnlghtC...@netcom.com>,
>>
>>>
>>>I have tried several times to put forth the point that the Clipper
>>>proposals goal (or one of them) is to REGULATE encryption.
>>
>>There isn't a shred of evidence for this assertion.
>
>Unless you count the administrations STATED goal, to estlablish
>a de facto standard and make clipper widely used by economic pressure.
>(Call it support if you like)
>This is infact the whole premise behind the program.

The administration has never STATED this as a goal. You're making that up.
eThe rest of your message is left as an exercise for the reader, since it
would simply involve repeating old material if I dealt with it.

[David Sternlight]

In article <snowhareC...@netcom.com>,
Snowhare <snow...@netcom.com> wrote:

>David Sternlight (strn...@netcom.com) wrote:
>
>Care to explicate what you mean by "practical cryptanalysis"?

Practical cryptanalysis is a term-of-art euphemism for non-analytic methods
of attacking crypto systems, including black bag jobs, suborning people,
etc.

David

[David Sternlight]

In article <snowhareC...@netcom.com>,
Snowhare <snow...@netcom.com> wrote:

>: >
>: >1) Buy your very own free-market, uncompromised encrypted phone.
>
>: I don't believe they'd be as algorithmically secure as one invented by the
>: NSA.
>
>Prove that they aren't. That is kind of the core to this: the NSA has
>basically said "Trust us". A few people over a few weeks examining their
>system in secret *does not* produce confidence in it. Schemes such as the
>knapsack took *years* of public analysis by hundreds of people to find the
>holes.

I don't have to. I'm entitled, in a free society, to use the crypto systems
I think to be secure, and don't have to prove it to anyone. Any person who
tries to deprive me of that right by attempting to get a system suppressed
that isn't required they use is taking away my rights, and acting in an
elitist way--i.e. asserting he knows better than I what's good for me.

It is the anti-clipper crowd who are the suppressive elitists, not the pro
clipper crowd. They clothe themselves in the garb of civil rights while
attempting to take away the civil rights of others. It's a perfect example
of the aphorism that patriotism is the last refuge of the scoundrel.

Since Clipper is voluntary, the anti-Clipper crowd has a simple remedy that
doesn't infringe on anyone else's rights--don't use it. Anything more is an
infringement on my right to use it.
>

>You wish to assert that the public systems will be easily cracked while
>the NSA sponsored one will not. Find and dandy. Now PROVIDE EVIDENCE that
>assertion is true.

I don't have to. It's my assumption, on which I act on my own
responsibility. You still don't get it. I don't care if I convince you or
not--if you don't believe me, use PGP or Ripem by all means. Don't use
Clipper. But I have the right to use Clipper and you don't have the right to
try to suppress my use of it.

In a sense the anti-Clipper crowd are the anti-abortionists of the crypto
community. Instead of being content with their right not to have an
abortion, they want to take away my right to have one.

>
>Statements such as yours are nothing more than appeal to authority. We
>have very good reason to question the NSA as being a suitable authority
>here: a direct conflict of interest with their charter.

I appeal to no authority but my right of self-determination.

>
>The NSA's JOB is to intercept communications for intelligence gathering.
>To this end they intercept, decrypt, and perform traffic analysis,
>*especially* electronic communications.
>
>To ask the NSA to certify a cryptographic scheme for public use is setting
>the fox to guard the henhouse. It is not insignificant that only
>UNCLASSIFIED government communications will use Clipper. Classified
>material will be still be sent via more secure methods. *SOMEONE* doesn't
>trust Clipper at the NSA - at least not for *government* secrets.

You're just ill-informed about this. The NSA has a major communications
security responsibility, and is responsible for designing and providing
secure crypto systems. The two sides of the "house' at the NSA are
Communications Intelligence and Communications Security, according to public
sources.

What's more, the basic algorithmic type of Clipper is, according to those
who have access, the same as some of the highest security algorithms used
for government traffic. It isn't identical, since one principle of
communications security is compartmentation.

[David Sternlight]

Steve Brinich posts a message in which he refuses to acknowledge my
point--that there are non-mathematical limits to increasing key size caused,
among other things, by the time to encrypt practical-length messages in
practical volumes.

Since he begins by harping on pure mathematical growth--the same error all
the exponential growth crowd makes (I've given several examples), there's no
point in trying to reason further with him on this, because he seems to be
ignoring my points in order to repeat yet again the argument I've already
addressed and think to be badly incomplete.

[David Gay]

In article <strnlghtC...@netcom.com> strn...@netcom.com (David Sternlight) writes:

> Barring a fundamental mathematical breakthrough, the difficulty of factoring
>an N-bit number increases exponentially with N. Anyone familiar with basic
>mathematics -- hell, basic *arithmetic* knows that exponential growth easily
>overwhelms any real-world resources.

Though it is naively argued that one can "just use a longer key", limits on
encryption and decryption time are a function of hardware capability, and as
hardware becomes more powerful to permit longer keys, so will hardware to

brute force search those keys.

The cost of using a longer key increases polynomially. The cost of
breaking a longer key increases exponentially. Who do you think is
going to win ?

David Gay
dg...@di.epfl.ch

[John Frost]

_________________________________________________________________
|___________ / |
| / |
| u t u r e /_________ u l t u r e |
__________________________________________________________________|

I N F O

"I feel these Wires"
- andy hawks

updated march 6 1994

------------------------------------------- basic info / introduction

FutureCulture is on on-line mailing list set up to discuss the relevant
issues and aspects pertaining to the future of society as we know it.

>From the roads we choose to the vehicles that will take us there, the
FutureCulture community is dedicated to exploring the wide array of topics
that affect our progression into the world of tommorrow.

**FutureCulture is an open, unmoderated forum for the discussion of
topics which might be related to the future in any way. In the past the
subject matter discussed on this list has included the following:

+ technoculture/new edge/cyberculture
+ Cyberspace & the Internet
+ virtual reality
+ the computer underground
+ cyberpunk (literary and cultural movements)
+ raves and rave culture
+ media (music/movies/books/magazines) that are relevant
+ virtual communities
+ social and public policy issues

These are in no way a guideline or limiting range for conversation.
FutureCulture encourages the exploration of a wide-range of subject matter.

Discussion on the list often ranges from the mundane "gee-whiz", to
deep philosophical and scientific commentary, from the latest in computer
software and hardware, to issues of personal identity in the electronic
world, to reviews and discussion of the latest pertinent fiction and
non-fiction works.

As members of this virtual community, we are dedicated to informal
discussion of the various aspects of the sociological, psychological,
technological and cultural issues which relate to society's journey along
the ebb and flow of the tides of humanity's evolution.

---------------------------------------------------- subscribe today!

All automated administrative requests associated with the
FutureCulture list, including subscription and unsubscribe requests,
should be sent to:

list...@uafsysb.uark.edu

To send a message to the entire list, the official address for the
FutureCulture list is:

fut...@uafsysb.uark.edu

To subscribe to FutureCulture, send a message to the listserv address:
(list...@uafsysb.uark.edu). The message body should start with:

subscribe futurec <Your Name Here>

You can then add options on subsequent lines:

set futurec repro -receive a copy of your own posts
get futurec faq -to receive the FC FAQ
set futurec digest -daily concatenated
info refcard -for extended help

Subscriptions are available in either real-time or digest modes:

Real-time mode is nothing more than a mail reflector, meaning that as
soon as someone sends a message to the list, you will automatically
receive that message in your mailbox. Traffic usually averages
somewhere between 10 and 50 posts a day.

Digest mode means that you will receive one message a day in a
magazine-type format, which contains all the posts of the day. This
is useful for people who have more of a passing, secondary interest in
the list, or who do not have the capabilities of receiving more than a
few messages per day, or who like to peruse a list all at once, rather
than keeping up with the topics in real-time mode. It is most useful
for people who do not plan on contributing much to the list.

thanks and we hope you'll join us.

The FutureCulture Community

[Russell Nelson]

In article <strnlghtC...@netcom.com> strn...@netcom.com (David Sternlight) writes:

In article <wb8fozCn...@netcom.com>, David Lesher <wb8...@netcom.com> wrote:
>UnProfessor Sternlight claims:
>>Not so fast. You are trying to prevent me from voluntarily agreeing to have
>>my key escrowed in order to get what I think to be the power of Clipper.
>>Thus my comment is accurate and your attempted refutation not.

>Gawd, it's getting deep here in Sterndreck.
>
>Here is how to do so. As the old joke goes, I'll type slowly
>so you can keep up...
>
>1) Buy your very own free-market, uncompromised encrypted phone.

I don't believe they'd be as algorithmically secure as one invented by the
NSA.

Upon what evidence do you base this belief? Trust in the NSA? Um, David,
our currency says "In God We Trust", not "In the NSA We Trust".

>2) Mail the second set of keys to Janet Reno.

Without a court order?

Sure. Put them in an envelope that says "Do not open without a court order".
They would be ABSOLUTELY as secure as the key escrow system. The government
says that they won't give your keys to itself without a court order, so
it should be just as reliable about not opening your envelope.

But your demonstration amply proves that you want to deprive me of the
system I want, and are trying to substitute a system you want, for my use.

Whiner! So go buy your clipper-based phone. Don't complain that we
have no sympathy for you when there's no one to call with it...

--
-russ <nel...@crynwr.com> ftp.msen.com:pub/vendor/crynwr/crynwr.wav
Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key
11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light
Potsdam, NY 13676 | LPF member - ask me about the harm software patents do.

[Brock N. Meeks]

The FBI's own confidential cost benefit analysis states that the digital
wiretap bill is estimated to cost between $250-$300 million. But that's
only for cellular and land line telephone systems. The FBI documents,
which were first disclosed in an article by _CyberWire Dispatch_, don't
account for costs of "wiring" up cable systems, future PCS services.

The FBI merely states that those networks will have the wiretap capability
"engineered in" from the start, thus costing "nothing."

But during the hearing Fri., FBI Dir. Freeh admitted that there "is no
real bottom rock cost estimate" (yes, he said 'bottom rock'). He told
Sen. Leahy that it could go as high was $2 billion, a price quoted to him
by "a telephone executive."

Then Roy Neel, president of the U.S. Telephone Assn. said that the fix for
Call Forwarding could cost "anywhere from $180 million to $1.8 billion."
Everyone's quoting the larger figure, but he did in fact say it might cost
$180 million. No small price.

This just shows that the cost can't be nailed down, which makes it
very difficult to appropriate funds for.

Brock Meeks
reporter
CyberWire Dispatch

[David L Evens]

David Sternlight (strn...@netcom.com) wrote:
: In article <snowhareC...@netcom.com>,
: Snowhare <snow...@netcom.com> wrote:
: >David Sternlight (strn...@netcom.com) wrote:
: >: In article <763997...@olympus.demon.co.uk>,
: >: Gregory Stewart-Nicholls <ni...@olympus.demon.co.uk> wrote:
: >
: >: > I'd rather buy a lock that has to be blown open by experts spending time
: >: >and money to do it, than a lock that Buford T Justice can open with a stroke
: >: >of his pen.
: >
: >: Actually, the lock you'd rather buy can be opened by experts with their new
: >: Z-ray. Nobody knows how long it will take them, but when they do, they can
: >: enter you house and leave, closing the lock behind them, without a trace.
: >
: >Now that is a downright misleading statement. Clipper has a guarenteed
: >"backdoor": the escrow. Completely independent of *any* mathematical tricks.
: >And Clipper cannot even be analysed to find out if there are any
: >mathematical backdoors due to "national security". (What an abused phrase
: >"national security" is).
: >
: >I (and others) have already shown that there *ARE* guarenteed unbreakable
: >codes. It is not a matter of applying more computer power or magic z-rays.
: >If *I* encrypt something and want it ultimately secure: it will be.

: That's false, except for one-time pads. It's just a matter of time before

: PGP or Ripem can be cracked by brute force. The issue is how long, and the
: answer to that question depends on whether one has the money to buy multiple
: parallel processor power (thousands or more of parallel processors in the
: machine) at cutting edge speeds, or whether one is thinking of a

: single-processor workstation. There have been quite a few posts here showing
: the calculations for a single processor case at various commonly-used key
: lengths. What's more, we don't know if there's been some classified
: breakthrough in directly attacking DES, TDES, or IDEA.

: Even one-time pads aren't "guaranteed unbreakable"--there's always
: "practical cryptanalysis".

: But we were talking about locks. :-)

Of course, the number of operations that are required to crack an
encrypted datastream grow (what, geometrically, or is it exponentially?)
with key length, so adding more digits to the key makes it much harder to
break. And one-time pads ARE unbreakable. The results of encrypting with

a properly constructed one-time pad are as random as the pad that was used
in the encryption. You cannot extract data from noise without knowing
what the noise IS first.

: --

[David L Evens]

David Sternlight (strn...@netcom.com) wrote:
: In article <764089...@olympus.demon.co.uk>,
: Gregory Stewart-Nicholls <ni...@olympus.demon.co.uk> wrote:

: > You're comparing one worst case scenario, with a certainty. For better or
: >worse, I'll risk the Z-ray.

: That's the crux of the individual decision. Some will risk the Z-ray and use
: Pretty Good Locks (PGL), and others will not. In part it depends on the
: value of the contents of your house to the government, vs. the value of the
: contents of your house to bad guys who might have a Z-ray of their own.

Your previous implications about the Z-ray suggest that anybody who can
afford to build it has much better things they can do with it than rifle
your house (unless they are the government), like rifle the government's
files. After all, if they have to get the flipping thing out, then they
are at least inconvenienced, perhaps long enough for me to do something.

[David Lesher]

I've been mulling over possible reasons for UnProfessor's virtual
saliva-dripping, rabid support for Clipper. As many other readers here
have observed, it seems so emotion-laden for him that it begs an
explanation.

I suggested one a few weeks back - he enjoys the electronic flagellation
of demonstrating his ignorance before a wide audience, getting attacked
by those who clearly DO know, and squirming, denying, evading, and
posturing.

This is always followed by a predictable 'conclusion' -- "I answered
that before. I'm gonna take my ball and go home. You're NO FUN
anymore..." which alas, means [al-la Ahnold] "I'll be back" not that
he's really leaving. (Maybe this should be a call to newgroup
'alt.sex.bondage.sternlight' - Elf might love it ;-)

But I wonder. Does he have another motive? Given the great truism "Love
or Money" - is it possible that UnProfessor has a pecuniary interest in
Clipper and friends? Might THAT help explain his actions? Anyone run
across his name while dumpster-diving?

Now, of course, I have no facts to support this, but that's never
stopped HIM in his conclusions. (I especially enjoyed the way he
dismissed mitc...@ncsa.uiuc.edu's debunking of his "math" -- Is it
maybe Lucas Electric, other side of the road, math that UnProfessor
uses?

Maybe there's a third explanation for him. Could he be the REAL
Dave Rhodes back to haunt us, (or worse! -- MES ;-) or he gets a
cut from UUNET for keeping volume up, or????

Inquiring minds want to know........
--
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close...........(v)301 56 LINUX
Unless the host (that isn't close)....kibo# 777............pob 1433
is busy, hung or dead..............vr....................20915-1433

[Snowhare]

David Sternlight (strn...@netcom.com) wrote:
: In article <snowhareC...@netcom.com>,

: Snowhare <snow...@netcom.com> wrote:
: >David Sternlight (strn...@netcom.com) wrote:
: >
: >Care to explicate what you mean by "practical cryptanalysis"?

: Practical cryptanalysis is a term-of-art euphemism for non-analytic methods
: of attacking crypto systems, including black bag jobs, suborning people,
: etc.

In other words: They can't break the cryptosystem. They may be able to use
other NONCRYPTOGRAPHIC methods to obtain the information they want however.

Well, Duh. That is no argument against one time pads. It applies equally
to ANY cryptographic scheme - including Clipper (even if Clipper _were_
secure).

Your sidetrack to "practical cryptanalysis" is a red herring.

Back to REAL issues.

--
Benjamin Franz

[Thayne Forbes]

Black Unicorn (uni...@access.digex.net) wrote:
[ Some political shouting deleted , and I appologize for not trimming the
newsgroups, but I will leave that to the principals ]

:> It seems that every argument Mr. Sternlight makes is a derivative

:> of "Since Clipper is voluntary...."

:> Sure, it's voluntary because no one is branding users of other

:> crypto, but it certainly is not voluntary when you look at the
:> dramatic economic coercion involved.

:> 1> Limits on exports (and profitability) of other crypto.
:> 2> Huge subsidies for Clipper technology.
:> 3> The threat of withdrawal of Government largess (in the form of

:> contracts for now) to those who do not adopt Clipper.

:> 4> The administrations stated goal to impose a non-industry
:> approved standard.
:> Hardly entirely "voluntary."

Pardon my naivete, but this sounds a lot like the governments
championing of OSI over TCP/IP. Ignoring point 1, 2- they subsidized
Retix with dozens of contracts, because they were the only domestic
supplier of the technology. 3- they required it on all computer
contracts, almost without regard for size (I.e. they selected that over
say, netware on the Desktop III contract). 4- they selected a "standard"
in the face of an overwhelmingly successful defacto standard.

See, they do it all the time. And as regards 1 above, I regret having
to recompile most applications with a locally created encription lib,
but it has not really slowed us down much, has it?

--
Thayne Forbes tha...@xmission.com
Computer Weenie at large

[Rivarol Voltaire]

In article <2min2f$g...@access3.digex.net>, uni...@access.digex.net (Black Unicorn) writes...

>In article <strnlghtC...@netcom.com>,
>David Sternlight <da...@sternlight.com> wrote:

>>In article <CMtyI...@rco.qc.ca>, Alain Simon <al...@interax.net> wrote:
>>
>>> From everything the poster in question has written so far,
>>> it seems that he is willing to throw away everybody's freedom
>>> in order to have some illusion of safety for himself.
>>
>>What nonsense! Since Clipper is voluntary and other systems aren't
>>proscribed, nobody is throwing away anybody else's freedom. In truth it's
>>the anti-Clipper crowd who want to deprive the pro-Clipper types of THEIR
>>freedom to use it by trying to get it withdrawn.

>
>It seems that every argument Mr. Sternlight makes is a derivative
>of "Since Clipper is voluntary...."
>

>I have tried several times to put forth the point that the Clipper
>proposals goal (or one of them) is to REGULATE encryption.
>

>Anyone who asserts otherwise is simply missing something.
>

>Sure, it's voluntary because no one is branding users of other
>crypto, but it certainly is not voluntary when you look at the
>dramatic economic coercion involved.
>
>1> Limits on exports (and profitability) of other crypto.
>2> Huge subsidies for Clipper technology.
>3> The threat of withdrawal of Government largess (in the form of
>contracts for now) to those who do not adopt Clipper.
>4> The administrations stated goal to impose a non-industry
>approved standard.
>
>Hardly entirely "voluntary."
>

>Mr. Sternlight tries to turn the issue on it's head by demanding
>that forcing Clippers withdrawal as a proposal is depriving Pro-
>Clipper types of their desired product.
>

>The easiest solution here is to unclassify Clipper, make it public

>and allow what manufactures want to make the chip make them without
>subsidies. If there is REALLY a market for Clipper, why isn't it
>being released in the private sphere instead of imposed through the
>public sphere?
>

>In the alternative, what right are we depriving you of?
>The right to use a system that is secure except to the government?
>
>Isn't one of Mr. Sternlight's premises that IDEA and T-DES are
>breakable by the NSA?
>
>If so what good is Clipper? Consumers already HAVE such a system
>according to Mr. Sternlight's own assumptions.
>
>As usual, Mr. Sternlight has clouded the issue, tried to pull one
>over the eyes of those not initiated in his tactics, and tried to
>suck the unwary into his blind and fatal faith in the centralization
>of power which he justifies on flawed legal process grounds.
>
>

>>--
>>David Sternlight The views expressed in this message do not necessarily
>> represent those of the author, who reserves the right
>> to modify, amend, withdraw, or attack them at any time.
>>
>>
>

[Michaael Cantrell]

don't know who wrote what, so i'll leave all haders...sorry

In article <strnlghtC...@netcom.com> da...@sternlight.com (David Sternlight) writes:
>In article <CMt5C...@ncratl.atlantaga.ncr.com>,
>Mark O. Wilson <mwi...@ncratl.AtlantaGA.NCR.COM> wrote:
>>In <strnlghtC...@netcom.com> strn...@netcom.com (David Sternlight) writes:
>>
>>|In article <940315.075449.2...@dvss.uucp>,
>>|Jay Troy <dvss!jt...@udel.edu> wrote:
>>
>>|>Clipper is like the government requiring a key to the
>>|>lock on the front door of my house.
>>
>>|Actually, a better analogy would be that it's like the government's National
>>|Antiburglary Agency developing a special lock which they say is secure
>>|against burglars. They'll let you buy one, but only if the manufacturer
>>|deposits your key in two separately-unusable pieces in two escrow agencies,
>>|in case the police get a search warrant.
>>
>>And the trick is that we are suppossed to trust the government not to use
>>those keys unless they get a search warrant. Not to make copies of the keys
>>while they have a search warrant, and to return the keys when they are done.
>
>Exactly. And there are a number of safeguards built in, including that the
>two parts of the key cannot be combined to make the real key, but must be
>put in a black box which actually opens the lock, and which destroys the
>keys after the search warrant expires. That several people have to sign to
>get the keys. That the black box is closely controlled.
>

Hmm, but what about the NSA, one of the primary promulgators of the
clipper system in the first place? That agency has a mandate to
monitor all foreign communications...and is never issued a
warrant. There are "unrevealable safeguards" built in to the clipper
system to prevent NSA abuse (from WH mouthpieces), but these are
classified. To reveal them would reveal "too much about NSA methods."
Sorry, but this agency does not have a sterling record when it comes
to restraining themselves within in the law. How does that old saying
go, "Fool me once, shame on you. Fool me twice, shame on me."?

What it comes down to is that we are expected to except the
government's word-- a largely corrupt, inefficient, self-perpetuating
bureacracy-- that it has my my best interests at heart and knows
what's best for me? Sorry again. I think that I am fully capable of
determining my best interests, and acting in them.

The other problem, is that so far, the arguments supporting clipper
are largely fatuous -- a nebulous conspiracy among criminal/terrorists
groups to conduct operations under the cover of strong
cryptography. As if they are not capable of finding some means of
avoiding clippr, or better yet, forgetting it exists al
together. Well, I have had contact with this element of society, and
sorry yet again, if law-enforcement truly has this view of the
criminal elements of our society, then they are more incompetant than
I ever dreamed: they truly underestimate the paranoia of even the
common street-corner dealer, much less the experience and resources of
true organized crime. And let's not forget that apparantly the last
terrorists who successfully struck on American soil (I have been on
vacation a week, I could be out od touch), not only didn't use
cryptography, but were also under FBI investigation. Yet these people
managed to bring several hundred pounds of explosive chemicals into a
major urban area.

No the day of government as all-knowiing, all-wise, father-figure
is passed. I require facts, not vague hand-waving and "if you knew
what I knew" arguments. I am a firm believer in social contract
philosophy. If I thought that there is a sufficient threat to my
security, I would gladly give up my privacy (to a certain extent). But
first, I want some goddamned facts!

Some important words to recall . . ."a government of the people, by
the people, and for the people." Words to live by.

>It's not perfect, but then, you don't have to use the NAA's lock if you
>don't trust the above conditions--you can still go on using no lock at all,
>or one that's been beaten by some burglars. Or you could go out and buy a
>Medeco lock for the same price as the NAA one. The government won't say if
>the FBI can pick the Medeco lock or not, but Medeco says it's "pretty good",
>and so do those locksmiths who don't have access to the FBI's lock picking
>technology.
>
>David

>--
>David Sternlight The views expressed in this message do not necessarily
> represent those of the author, who reserves the right
> to modify, amend, withdraw, or attack them at any time.
>
>

--Mike Cantrell, human, US citizen, taxpayer.

[Michaael Cantrell]

In article <strnlghtC...@netcom.com> da...@sternlight.com (David Sternlight) writes:
>

>We're finally getting to the bottom of this--the FBI has trouble with call
>forwarded calls even with a wiretap order, and they want the rest of us to
>pay for fixing it. For what it will cost to do so, based on the number of
>wiretaps they get each year, they could assign 20 people with parabolic
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

>mikes to every suspect and still have enough left over to run a lot of
>present Federal, State and Local law enforcement. $1.8 billion isn't chopped
>liver, and they want the phone users, in the end, to pay for it.

Ah, yes they could do that. But you are not considering the
Convenience Factor (tm). It saves time and effort for the FBI to be
able sit a a desk and monitor suspects (or not-suspects, it's really
convenient technology) through a computer terminal, rather than
actually going aout and doing the foot-pounding and legwork. Of course
the other argument seems to be, if you build all our wants, needs, and
desires (christmas list) into the next generation of telecomunication
devices and networks, you can then pass the cost on to the clients
(that's us) in the form of R&D costs anyway.

On the other hand, think of the comedic upsurge as we bring back
all the old "phone cops" jokes. Why, the industry culd make hundreds
of dollars, employing two, maybe three comedians...

--Mike

>
>As a matter of simple truth and honesty in government, let 'em put up a bill
>in Congress for a $1.8 billion appropriation for this purpose and see how
>far they get.
>
>In fact, even if Congress were willing to appropriate such funds, first the
>FBI would have to make a showing that they'd save at least $1.8 billion in
>crime costs due to this additional capability alone.
>
>I wonder how much new law enforcement technology (not involving putting
>equipment in people's phone companies) $1.8 billion would buy? How many new
>prisons? How many extra police on the streets? I wonder what the benefits of
>those measures would be compared to the FBI proposal.
>
>By the way, given the massively well documented evidence of government cost
>estimates vs. final costs, even if the FBI honestly believes it's $300
>million as an estimate, the phone companies are probably right about the
>$1.8 billion. But they also often underestimate, so it's probably even more.
>
>No, they haven't thought this one through, or if they have, they're a long
>way from presenting a convincing argument.

[Arthur Bernard Byrne]

In article <strnlghtC...@netcom.com>,
David Sternlight <da...@sternlight.com> wrote:

>Steve Brinich posts a message in which he refuses to acknowledge my
>point--that there are non-mathematical limits to increasing key size caused,
>among other things, by the time to encrypt practical-length messages in
>practical volumes.

OK, there are two factors you propose in breaking: improved and more
processors. Improved processors, however, (a) cannot go forever and (b)
will be used by both sides. Therefore, this can be effectively ignored
on the exponential growth. Further, while processors grow cheaper over time,
relative positions (top/middle/bottom of the line) costs are roughly
constant. Cost changes can be ignored as being the same for both sides.
Now, "more processors" is a linear investment. The question is, does
"more time" for encryption give an exponential return? I believe, from what
I've heard about the process, that it does. I COULD BE WRONG. (Is an expert
around?) If it does, then 10 minutes to lock may give 1 gazillion processor
years (yes, I'm being vague) to crack it. Unless you are claiming the NSA
can make their processors grow exponentially as well?
And what makes you think that parallel processors will stay NSA's
domain forever? =)

>Since he begins by harping on pure mathematical growth--the same error all
>the exponential growth crowd makes (I've given several examples), there's no
>point in trying to reason further with him on this, because he seems to be
>ignoring my points in order to repeat yet again the argument I've already
>addressed and think to be badly incomplete.

First off, your three examples are really two: The Club of Rome
was responsible for the Limits to Growth project (the "Limits" book was
a piece of populist drivel; read the technical report instead, _The
Dynamics of Growth in a Finite World_, and pay attention).
Second, you really didn't say what you thought of the "Limits".
It tore into the idea of indefinite growth, but it in turn was torn into
*EXTENSIVELY* (See _Models of Doom_, more or less the definitive
rebuttal piece). It is a *bad* example, simply because it is so
controversial, and widely disagreed with. (NB: The issue of "Limits"
should *not* be debated here; my point is, it is *not* a settled
issue, either way.)

From your "bigger fool" comment, I presume you mean to say
exponential growth can't go on forever. This is untrue in *pure*
mathematics. Computers apply that mathematics, making them limited
by the "impurity" of their application. The question is, *when* will
those limits come into play (the big question on TLG). I don't see
why the exponentially harder key-breaking would break down.

AB^2
--
--------------------------------------------------------------------------
"You can have my encryption algorithm... when you pry my cold dead fingers
from its private key." -John Barlow, "Decrypting the Puzzle Palace"

[David Sternlight]

In article <id.A4Y...@nmti.com>, Peter da Silva <pe...@nmti.com> wrote:
>In article <strnlghtC...@netcom.com>,
>David Sternlight <da...@sternlight.com> wrote:

>> What nonsense! Since Clipper is voluntary and other systems aren't
>> proscribed,
>

>Um, David, other systems *are* proscribed. You can sell them, you just
>can't sell them outside the US. This makes them also useless for anyone
>doing business across the US border.

That was the case long before Clipper. Thus it is a separate issue. I
sympathize with those who would like a crypto system they want to use for
privacy internationally, with no illegal intentions.

But the argument is nonsensical. One can now buy a commercial version of PGP
in the U.S., and since it will interoperate with international versions,
what you want is available. What's more, the vendor has a license from
RSADSI to use the RSA patent.

The free availability of this version of PGP with no government interference
for U.S. sale EVEN THOUGH IT HAS ALREADY BEEN, IN EFFECT EXPORTED gives the
lie to claims the government is trying to stop non-Clipper crypto.

The government is enforcing the munitions laws against export of crypto, and
can be expected to continue to do so, but that's a separate matter from the
hysterical claims by some that they're trying to "ban" non-Clipper crypto,
as is demononstrated by this freely purchasable version of PGP in the US,
which can operate unimpeded with versions of Clipper already legally usable
in other countries. There are some exceptions, where crypto requires
permission, such as France, but not the U.S.