May 1994
Department report as a country that "does not interfere with the right of citizens to practice their personal beliefs in the privacy of their own home..." Not surprisingly, the State Department report completely ignores the development of the surveillance-orientated IT2000 project by the Singapore Government. Critics maintain that Singapore has no laws preventing the Government of Singapore from opening the computer files or reading the electronic mail of individuals connected to what amounts to Singapore's version of the proposed US National Information Infrastructure (Nil). It could be argued that criticism of IT2000 was muted by the State Department in order that similar privacy concerns not be raised in the US. Clinton and Gore have made the Nil a cornerstone of their technology policy. Criticizing Singapore's network could be politically embarrassing for the US administration. The arguments voiced by Singapore's Government in favour of Government eavesdropping of communications networks are frighteningly similar to those being voiced by the FBI in support of escrowed encryption systems: "If you haven't anything to hide, why would you worry about it?" The report on privacy in China concentrates on China's contraception programme. Important issues like China's insistence on monitoring electronic mail, facsimile, telephone, pager and cellular communications is totally ignored. But perhaps the State Department found itself in a position of being unable to condemn a telecommunications surveillance policy that the Clinton administration, through its own Clipper/Capstone/Tessera communications surveillance projects, is encouraging in the US. The State Department Human Rights Report is not a serious review of telecommunications and information privacy around the world. Instead, the report continues a long and predictable policy of ignoring gross violations of data privacy in certain countries. Possibly because the US lacks a Data Protection or Data Privacy Commission, the report ignored the
©1994 Elsevier Science Ltd
Computer Fraud & Security Bulletin
existence of Privacy and Freedom of Information Commissions around the world save for New Zealand. Incidents of wiretapping in certain friendly countries, especially those in Latin America, are deemed aberrations rather than official government policies. Data privacy violations in some countries are couched in terms so diplomatic that the seriousness of the violations is lost on the reader.
A CLIPPER PRIMER Dr. Harold Joseph Highland, FICS The Clipper chip war over the US Government's perceived need for the power to tap into every telephone and computer transmission is one year old and it is not over yet. The Clinton Administration's support of the National Security Agency (NSA), the Federal Bureau of Investigation (FBI) and other law enforcement agencies has run into a firestorm of opposition. Against them is a odd coalition of civil libertarians, computer companies, right-wing columnists, several industry groups, and cryptographers. These opponents include some leading encryption specialists who have economic interests in other cipher schemes, academics whose egos were punctured because they were not part of the 'in group' trusted with the secrets of Clipper, companies that have huge investments in DES equipment and are reluctant to change, others from the political right who are against the President, and those who see a threat to privacy. But there are no voices in Congress against Clipper.
What is Clipper? Clipper is an encryption chip designed for the AT&T commercial secure voice products.
Compulit, Inc., 1994. All rights reserved.
13
Computer Fraud & Security Bulletin
A c t u a l l y the C l i p p e r chip is j u s t one implementation of the Skipjack algorithm which was provided by NSA. The chip's logic circuits were designed by Mykotronx, and was fabricated by VLSI, Inc.
Who developed Clipper? The cryptographic algorithm (used in both the Clipper and Capstone chips) was developed by the NSA, the agency charged with signal intelligence. It is responsible for intercepting foreign government c o m m u n i c a t i o n s and breaking the ciphers that protect these messages in an effort to protect national security. Part of the vehemence in the current debate is the result of the creation of the agency and is operations over the decades. NSA was 'born' on 4 N o v e m b e r 1952. There was no press a n n o u n c e m e n t s , no news coverage, nor c o n g r e s s i o n a l debate. It was created by Executive Order signed by Harry S. Truman. How many people work for NSA or the size of its annual budget is classified. Many opponents to Clipper view NSA as Big Brother. 1 Back in 1985, early in the second term of the Reagan Administration, NSA started working on a new encryption algorithm, Skipjack, the foundation for Clipper. Testing the algorithm took years and its final evaluation was completed in 1990, a b o u t the beginning of the Bush Administration. Had it not been for the thawing of the Cold War and a Congress that was at odds with the President, Clipper might have been proposed by former President Bush. But with the 'old enemy' fading away, it may have been too hot a potato for the administration to offer Skipjack as a r e p l a c e m e n t for the Data Encryption Standard (DES).
1Forthose interestedin an excellent, detailedaccountof NSA I strongly recommend reading James Barnford's The
May 1994
Why did Clinton introduce Clipper? When Clinton defeated Bush, the US had a new agenda. However, crime and drug trafficking soon surfaced as a number one issue in public opinion polls, surpassing the need to create more jobs and stimulate the economy. Someone in NSA or FBI saw Clipper as a way to support the public's demand for stronger law-and-order. The Clinton Administration, which had inherited Clipper, undoubtedly did not have any real opposition. There are some who feel that the Clinton Administration was not sophisticated nor experienced enough to deal with this issue. But the President has shown himself to be a capable court house politician and has successfully thus far navigated his way through the high-charged donnybrook.
What is the technology behind Clipper? C l i p p e r (for voice s e c u r i t y ) is a hardware-orientated, cryptographic device using the Skipjack symmetric encryption/decryption algorithm. Functionally it is similar to DES but uses a symmetric 80-bit key instead of the 64-bit key of DES. It is also stronger in that it uses 32 rounds of processing for each single encrypt/decrypt operation as compared with DES's 16 rounds. During its production the chip programming equipment writes for each chip individually the following information into a special memory (called VROM or VIA-Link) on the chip: •
(unique) serial number
•
(unique) unit key
•
(common) family key
•
(common) specialized control software
When the user generates or enters a session key, the chip performs the following actions:
Puzzle Palace, A Report on America's Most Secret Agency,
published in 1982by Houghton Mifflin Company.
14
©1994 Elsevier Science Ltd
May 1994
•
encrypts an 80-bit session key under the unit key producing an 80-bit intermediate result; concatenates this 80-bit result with the 25-bit serial number and a 23-bit authentication pattern producing a 128-bit string; enciphers the 128-bit string with a common family key to produce a 128-bit cipher block chain (this is known as the Law Enforcement Field (LEF) or Law Enforcement Access Field (LEAF); which is transmitted at the beginning of the communication's session.
The two communicating Clipper chips use this field together with a random IV to establish Cryptographic Synchronization. Once synchronized, the sender's and receiver's chips use the session key to provide encryption in both directions with speeds up to 15-20 Mb per second. The chips reportedly are programmed not to enter secure mode if there is tampering of the LEF field.
What is the technology behind Capstone? Capstone (for data encryption) is likewise a hardware-orientated, cryptographic device using Skipjack, the same algorithm as Clipper, but in addition, includes the following functions: •
NIST's Digital Signature Algorithm (DSA);
•
NIST's Secure Hashing Algorithm (SHA);
•
A general purpose exponentiation algorithm;
•
A general purpose, random number generator which uses a pure noise source;
•
A Key Exchange Algorithm based on a public key exchange; which is programmable.
What is Key Escrow? Key Escrow is the target of most opposition. It was included at the request of the FBI and other law enforcement agencies. For years FBI
©1994 Elsevier Science Ltd
Computer Fraud & Security Bulletin
eavesdropped on suspected criminals, using the traditional alligator clips on the telephone line. Advances in telephone technology, in particular, digital and fibre-optic transmissions, use of high-capacity lines, has made the alligator technology obsolete. The FBI has made several attempts in recent years to 'secure the cooperation' of telephone companies to assist it in making wire taps possible in the high-tech environment. There are two components of the key that will be held in escrow. The 80-bit strings will be held by two separate government agencies that will act as escrow agents, the National Institute for Standards and T e c h n o l o g y (NIST) and Automated Services of the Treasure Department. The FBI and law enforcement agencies would have to obtain a court order for the escrow agents to release their respective keys. NIST has already announced that it will need more personnel to do the job. There are many who are very uncomfortable with government agencies holding the keys since most government agencies have a poor record in computer security. There are also many who are unhappy with key escrow under any circumstances. Many realize that we in the US have 'signing judges'. They are known to be willing to sign virtually any court order. But key escrow can be abandoned entirely and without jeopardizing the original purpose of Clipper. What is absurd is the FBI's belief that the criminal elements will voluntarily line up to buy Clipper chip telephones. For decades organized crime has been aware of phones being tapped and few, if any, conduct business over clear lines. They've used encryption for years, possibly long before many Federal agencies.
Who is opposed to Clipper? Almost immediately after Clipper was announced on 16 April 1993, it met with opposition from a myriad of groups which have
15
Computer Fraud & Security Bulletin
coalesced as the months went by. Most of the turmoil in the United States has been confined to the professional computing press and several electronic forums. In the past few months there have been articles in general b u s i n e s s magazines and newspapers. There are several major opposition groups. Many academic cryptographers object to the Government's refusal to reveal the algorithm which the NSA has classified as 'Secret'. For almost two decades, many cryptographers have felt that mathematical proof is necessary to evaluate the robustness of an encryption algorithm. Many of them fear the unknown. The world's greatest cryptographer was and remains William Friedman 2, born in 1891. He always maintained that breaking a coded m e s s a g e w a s half d o n e w h e n one determined the algorithm. Finding the key was easier. Some computer professionals, academics and especially civil libertarians, oppose Clipper because of key escrow availability to law enforcement agencies. Two quotations to express their view: "He who exchanges liberty for safety deserves neither", and "The right to be left a l o n e is the most comprehensive of rights and the right most valued by civilized men." - - Supreme Court Judge Louis Brandeis. RSA Data Security Incorporated, licenser of public-key cryptography in the US, has also opposed Clipper. RSA has entered into contractual agreements with many software producers, such as Microsoft, WordPerfect, Lotus, in order to make their products more secure by using public-key encryption. The widespread use of Capstone will threaten their market.
2The colonel, together with his wife, Elizabeth Smith Friedman, have become legends in this field. I met him prior to World War II when he conducted courses for the Signal Intelligence Service.
16
May 1994
There are a number of industry groups, such as banking, in the US that have invested billions of dollars in DES software and hardware. They are among the first to oppose NIST's Digital Signal Algorithm. They are not eager to scrap existing DES equipment and to retrain their staffs to use new equipment and a new algorithm.
Can the Government order Clipper to be used? The Clinton Administration does not need to order Clipper's use by everyone. Politically, this would be an extremely naive move. If it came to a judicial test, and the case was brought to the US Supreme Court, the Government would very likely lose, possibly not on the basis of US law but because NSA would be highly unlikely to release materials which are classified in the national interest. The Government can promote Clipper's use within US Government agencies. It can use its buying power to establish Clipper as a standard without the politically explosive step of outlawing alternatives. Through Executive order the Government could strongly recommend the use of Clipper and Capstone by the civilian agencies of the Government - - Health, Education, Commerce, Internal Revenue, Agriculture, Labour, etc. That would give Clipper a very wide exposure in the Government; it would also help make chip production more economical. Naturally no overt move would be made to mandate the use of Clipper/Capstone by industry. The Department of Justice, home of the FBI, has already placed a large order for Clipper equipment. It would not be surprising if the Department of Defense (DoD) places a massive order for Clipper as well. Naturally, the DoD would not use it for its own sensitive data. The Department of Defense could require all organizations doing business with the Pentagon to use Clipper/Capstone. Those with long memories will remember that this was the
©1994 Elsevier Science Ltd
May 1994
Computer Fraud & Security Bulletin
technique to promote the use of DES many years ago.
constituents and vote against law enforcement and national security?
More and more individuals use electronic filing of income tax returns. The advantage in using this method is that refunds for extra taxes paid are sent to the individuals more quickly. The Internal Revenue Service could require all individuals and companies filing such returns to use C l i p p e r / C a p s t o n e to p r o t e c t the confidentiality of the returns.
With so many individuals and companies required to use Clipper technology, is there really a need to mandate its use by everyone? How many companies will attempt to maintain multiple encryption systems?
Currently, the Department of Heath and Human Services requires all physicians and hospitals to file their Medicare reports for treatment of elderly patients in order to receive compensation. This agency too can mandate the use of Clipper/Capstone, especially if you want to get paid. Universities and colleges, handling student applications for financial assistance, could be required to use of Clipper/Capstone. After all this is private, sensitive information that must be protected. Wouldn't it be more secure to have all import-export trade handled by shipping brokers t h r o u g h the US C u s t o m s A g e n c y if the Clipper/Capstone were used? This could apply as well to large business organizations that handle their own import--export operations. The political scene today is far different from the decades immediately after World War I1. Business and various public interest groups have much stronger, larger and more vocal lobbies. How could the Government blunt Congressional action to stop the spread of Clipper? T h a t could be d o n e easily - - tie Clipper/Capstone to anti-crime legislation and action by the Government. The Vice President made a speech in which Clipper/Capstone were presented as a law-and-order issue. The chip's use would thwart criminals, drug dealers and terrorists and insure that the needs of law enforcement and national security are met. How many US C o n g r e s s m e n could face their
©1994 Elsevier Science Ltd
Will Clipper travel overseas? The appearance of a high NSA official in London a few months ago sparked British press protests against Clipper. The situation was exacerbated by the US Embassy in London denying the individual's presence. Sorry, not all of us are responsible for that inept security response. It should come as no great shock to anyone in the world, even in Europe, that non-US governments are interested in Clipper/Capstone. There are many of us in the US who view a number of European countries as having already reached the post-Clipper stage. The need to register encryption algorithms and encryption keys is what is objected to by many Clipper opponents. President Clinton, unlike the Queen, does not have the right under law to read anyone's mail. Although some governments do not enforce their laws, they nonetheless reserve to do this when needed, often without the need to go to court. If one does not comply with a 'reasonable' Government request, one may find the IRS paying a sudden and extended visit, nitpicking data over the past five or seven years. Besides, other government authorities can descend as a plague of locusts upon the company. Even if the company eventually wins in a court of law, might it not be a Pyrrhic victory? Most of Europe uses either public-key encryption or DES. Both, by the way, are US exports. DES has been enhanced by some companies overseas but nonetheless, it came from NIST. Proprietary encryption software and hardware made in Europe will continue to be
17
Computer Fraud & Security Bulletin
used. Whether they are weaker or stronger than the skipjack algorithm will be discovered in the future. Remember, this encryption program was developed by the best cloak and dagger experts.
How strong is Clipper? On the face of it, Clipper appears to be stronger than DES which has not be cracked in the non-intelligence community. Of course no intelligence agency anywhere in the world would admit that it had done so. Recently an algorithm has surfaced in public that might make DES easier to crack. Independent mathematicians have for years been successful in factoring larger and larger numbers. This was considered unsolvable a decade ago. Recently, mathematicians have announced that they are close to breaking a 129-digit number that was described 25 years ago as proof of the security of the current public key system. Whether or not NSA has been doing this for years is not known. NSA does not need Clipper's key escrow program. Since the Government knows the serial number and unit keys of each chip produced, its search for cracking is greatly reduced. It does not need a brute force attack. Computers operating at speeds far in excess of current ones are technically feasible. Building them is only a matter of money. The cost of $4, $10 or $50 million might be high for a university or major corporation, it's peanuts for NSA. Informed sources indicate that such a computer would be capable of cracking a Clipper cipher in a matter of minutes. Clipper also lends itself, under proper conditions, to a 'man in the middle' attack.
Will Clipper succeed? The Administration has presented Clipper as a law-and-order issue. Despite the opposition's just and unjust claims, we believe that the general public may go along because crime and personal safety is still a paramount issue. Secure private sources may become key custodians as a concession to those who fear intrusion of Big
18
May 1994
Brother into their lives. Key escrow may even be given up. It would be in line with court house politics to do so. Once Clipper is widely released it may not be long before the Skipjack algorithm will be known. Many capable non-government cryptographers will try to break it, far more than ever attempted to break DES. Besides the intelligence agencies, counterparts of NSA, in Russia, Israel, the UK and Germany, will also try discovering the algorithm. A close associate has predicted that the family key will be the first to be compromised, followed by the LEF, which he gives 30 to 45 days. Within 90 days people will discover how to pass traffic with an invalid or no LEF key. The journalist, John Perry Barlow, in his "Jackboots on the Infobahn", which he released to an E-mail forum prior to its publication stated: "The Clipper Chip ... which bodes to be either the goofiest waste of federal dollars since [President] Gerald Ford's Swine Flu program or, if actually deployed, a surveillance technology of profound malignancy ... seemed at first an ugly legacy of Reagan/Bush. 'This is going to be our Bay of Pigs,' one White House official told me at the time Clipper w a s introduced, referring to the d i s a s t r o u s C u b a n i n v a s i o n plan Kennedy inherited from Eisenhower."
BOOK REVIEW T i t l e : The H a c k e r C r a c k d o w n - - L a w a n d D i s o r d e r on the E l e c t r o n i c F r o n t i e r Author: B r u c e Sterling ISBN: 0 - 5 5 3 - 5 6 3 7 0 - X Publisher: B a n t a m B o o k s Price: £ 1 6 . 9 9 ( U K H a r d b a c k ) ; $ 5 . 9 9 (US p a p e r b a c k ) Bruce Sterling's The Hacker Crackdown - Law and Disorder on the Electronic Frontier, just out in paperback, makes for a great evening of
©1994 Elsevier Science Ltd