Slashdot Mirror
The Feds Thoughts on Clipper
An anonymous reader sent us this article which describes a bunch of stuff released as part of the freedom of information act regarding the clipper chip. Its an interesting look into the government's view of encryption (or at least, what it thought 10 years ago anyway. Now that they have the quantum computer that can crack all all communications, and the quantum disk drives that they use to store every packet ever, they already know your underwear size, to say nothing of a complete copy of your DNA for their cloning efforts).
Correct, it's dead. I really think it should have been regulated by federal law, just like it is in some European countries (like France, for instance.) You can't trust businesses to behave in an ethical manner, it goes against their greed.
The FBI knowing your underwear size is a GOOD thing.
It means that when they handcuff you, they can use custom-made handcuffs that'll be more comfortable for you. Same goes for straitjackets - the taylor-made ones are FAR superiour to the Off-The-Shelf variety.
Also when the FBI is out shopping for birthday presents, they know what kind of DVDs you buy so they won't end up sending you The Little Mermaid again.
--
In the land of the blind, the one-eyed man is kinky.
Ummm, you are a little off on both counts.
1) The telephony-only version of Clipper was merely the first to market and the most well known. There were also data-oriented versions designed, referred to as "Capstone" chips, which were put into PCMCIA cards known as "Fortezza" cards. I actually have marketing liturature at home from Mykotronix (the chip foundry for Clipper chips.)
2) True, in that it is harder to spy on people using Clipper than it is to spy on people using no encryption at all. The goal of the program was not to encourage people to start using encryption. The goal was to get Clipper-based products into the market to forstall the adoption of products without LEAF features. As the article states, outlawing non-LEAF encryption was clearly discussed.
Of course, the slow uptake of encryption in the mass market despite the failure of Clipper indicates that maybe they had nothing to worry about. On the other hand, we might see a surge in the use of encryption at any time now. The CPU and network speeds are certainly there now to handle the overhead. Look at the success of SSH. I think nothing now of encrypting all of my files during transit using scp now. A few years ago, the performance overhead was significant. Now, it's minor.
But even so, the messages are STILL referred to as "cables". . . from experience with a US Mission overseas....
...is that it only dictates that you must eventually release the information.
Not to sound too much the paranoid alarmist, but of the documents that the CIA and others have destroyed, "don't exist", or were not released -- what do those say?
Until the Freedom of Information Act Part Now Redux states that all information must be archived (no more paper shredders and incinerators), we the Public will never know just what's going on.
I mean, just because "they" say it's ultra-mega-secret, then how does anyone know unless an independent auditor comes snooping around?
Where the @#!! is Congressional Oversight in all this? Or is it an intentional oversight that Congress isn't overseeing it?
Does anybody remember when they stopped talking about it?
(I know; I know -- -1, Redundant....)
/.
/. If the government wants us to respect the law, it should set a better example.
Looks like we wanted to spy on the populations of *other* countries, then realized that the governments of those countries might not allow it unless they were in on it *also*. Yay, exporting Big Brother everywhere.
It's 10 PM. Do you know if you're un-American?
Personally to me crypto its not a matter of "hiding criminal evidence from the feds" which is the basis of every single argument they'll thwo into the loop. As a citizen of the US you should be entitled as Amended to your right to privacy. What people rarely see is the level of abuse the Feds partake in regarding technology nowadays, abuse that happens on a scale that is barely told out of fear from sounding like an "anti-government" looney ranting about rights.
As I posted in a prior thread, taking a look at some of the cases going down with tech (Jerome Hackenkamp, Jim Bell, and others) its regretful to see no one has truly questioned the methods of the FBI regarding tech. What we do hear about are overhyped situations fed to the media, in order for Big Brother to look like a martyr. (e.g. Notice every month they announce a so called "cyberwar", or expected DoS attacks?) Rarely does any media outlet post situations like the Hackenkamp situation or the Max Vision situation, and the judge flat out gagged the media on the Jim Bell case.
So why is this done? Simple government does not want you to have the right to privacy when it comes to encryption, should they want to screw you as they have others, crypto makes everything more difficult for them to do so. Now when I say screw I literally mean screw. For those who have read the cases what happens is, when gov wants someone they'll use every resource in the book to get them. Even if its something as minimal as spitting on the floor. So to proactive people like Jim Bell, and Max Vision, who are likely to use crypto this makes their job that mich harder, so they take a "crypto is for criminals" attitude on the situation in hopes of proving that because some have used crypto for bad purposes in the past, everyone will as well. Argumentative however this isn't done when dealing with issues such as firearms. Why? Because when you have people like the NRA to voice out and pay politicians off, the situation quickly gets hushed, as opposed to tech where you have a handful of associations which attempt to help but are understaffed/underfunded/underadmined such as EPIC, EFF, and others.
Privacy for life
Want Root?
The interesting bit on US Gov Encryption Policy is the dramatic change that occured after the infamous Chineese spy case at Los Alamos and the missing US State Department Laptop case. Both cases involved top secret data being stored unencrypted. At that time, the US Gov actively discouraged commercially available encryption via the export legislation. After those incidents, the reports concluded that the individuals in the cases didn't encrypt the information because of the expense and difficultly involved with the current day encryption technologies. The findings advised that the commerical restraints on encryption be lifted in order to more cheaply secure government data.
Someone you trust is one of us.
The prevailing hope is that word will get out inside the country about shennagans their government is (allegedly) involved in and that news will trigger a revolt. Worked great for Russia (*cough*) and Cuba and Iraq (*ahem*) and... um... well... that's what they think anyway. And it's kind of hard for the word to get out when the country keeps catching the dissidents and shooting them in the back of the head.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
What everyone seems to have forgotten was that Clipper wouldn't have worked (at least, not as intended, and provided the "bad guys" were reasonably smart).
Well, what people suspected at the time (and, actually, what they were planning, according to some quotes in the article), was that after Clipper was widely deployed, legislation would be passed making all other forms of encryption illegal in the US.
Aside from that, it actually would have been pretty nice if all phones in the US were sold with encryption built in. I could go out and buy one of those nice ATT phones (they make non-key-escrowed versions too, basically the same stuff except with 3DES instead of Skipjack and no backdoors), but who would I talk to with it? I mean there are maybe a few tens of thousands of these phones in use in the US, mostly by government and large corporations (most of whom are govt contracters and required to have them).
I studied the Clipper project in my computer security class last quarter and it all seemed like the stupidest idea ever. Then I wondered why I had never heard about it... well it WAS a stupid idea, and luckily people were able to fight against it on my behalf even though I didn't know about it. It's interesting now to see what COULD have happened, that really was the dumbest idea ever. And this only confirms my suspicions about the FBI/CIA out to monitor everything that I ever could possibly do. If you don't use PKI, maybe you should think again.
- "Never let a computer tell me shit." - DelTron Zero
This doesn't make any sense.
1) What does PGP have to do with this? Clipper is telephone based.
2) Clipper makes it harder to spy on people. Mostly because they need the warrant and keys from two other government organization to spy, as opposed to just a warrant itself for wiretapping.
Well, at least that's how I remember this whole saga going down... though a few quick searches on google didn't turn up info about this. Did I just imagine it that way?
PJRC: Electronic Projects, 8051 Microcontroller Tools
This was some time ago, so I had to refresh my knowledge base:
good description
Epic's rundown
Computer Security Resource Center version
"My mother never saw the irony in calling me a son-of-a-bitch." - Jack Nicholson
When clipper was first floated, the official line was that it would be purely voluntary, perhaps with some financial incentives, but the feds expected it to take off because it was simply superior.
The "paranoid fringe" quickly realized that a voluntary Clipper would be worthless, and predicted that it would be made mandatory, which the government vociferously denied.
Now, these documents show that the government intended Clipper to be mandatory after all.
My question is, does anyone remember when they stopped lying about it? I suspect that these documents don't go far enough back to show us what they were privately saying during Clipper I.
Back in the day, "Summer '87" to be exact, I wrote a few programs in Clipper. I never knew the feds cared!
Skiers and Riders -- http://www.snowjournal.com
Now that they have the quantum computer that can crack all all communications, and the quantum disk drives that they use to store every packet ever, they already know your underwear size, to say nothing of a complete copy of your DNA for their cloning efforts
.sig is great for this article!
The government doesn't have a quantum computer, the Illuminati do. But since the Illuminati control the government, they just eliminated the middle man in this article.
BTW - My
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
CLIPPER is an NSA developed, hardware oriented, cryptographic device that implements a symmetric encryption/decryption algorithm and a law enforcement satisfying key escrow system. While the key escrow management system design is not completely designed, the cryptographic algorithm (SKIPJACK) is completely specified (and classified SECRET).
The crytographic algorithm (called CA in this PAPER) has the following characteristics:
The CLIPPER CHIP is just one implementation of the CA. The CLIPPER CHIP designed for the AT&T commercial secure voice products has the following characteristics:
Actually, the Americans worry about Cesis, and the Canadians worry about the FBI.
Y'see, it's perfectly legal to spy on other countries if you don't get caught, so countries have arrangements together to spy on each other's citizens, then swap information.
Isn't it swell?
Go Kathryn Thurber!
What about the 4000+ pages of clipper chip information that hasn't been found by FBI personnel yet?
If of any interest, Skipjack (used by Clipper) and KEA (used by Capstone) were declassified in 1998 because the Fortezza hardware was too expensive for the Defense Messaging System. They wanted to switch to software implementations, so they had to declassify the algorithms.
While your missive makes for fairly decent satire, it goes too far in encouraging the statist group-think the average propeller-head here indulges in.
So, without ANY satire, with all the truth that can be mustered by an electronic persona manifesting on an insignificant electronic message system, let me state unequivocally and without doubt that the State is the complete and absolute enemy of the individual, and any attempt by the State to take more power unto itself should be reviled and resisted as much as possible by any individual worth his or her salt.
You may go back to your Gameboy now.....
"The more corrupt the state, the more numerous the laws."--Tacitus, The Histories
--
--
McConnell noted that the advanced technology gives China the power to electronically lock out U.S. intelligence monitoring and lock in the Chinese population.
"Even if the Chinese use weak encryption the sheer volume of their communications will make it impossible for us to monitor. If China were to erect a public key infrastructure it will severely impact our intelligence gathering ability," stated McConnell.
He also stated that Clinton was aware that the advanced surveillance technology might be abused by hostile foreign powers.
"Can Key Recovery be used against dissidents and political opponents?" asked Adm. McConnell.
"In a word, YES," he concluded emphatically.
wtf? Like we care about freedom of information for these people. The Chinese are already locked into China's version of the internet, China's cell networks, etc. They already monitor what's going in and going out, and what's said within the country.
And ours for that matter.
Consider that, whatever the nature of this Clipper technology, the Chinese have the best cryptographic technology that our corporations have, much of which is better than that used by the government. The Chinese are, technically, as adaptable as the US and other Western countries. This knowledge is how they are catching the Chinese-American researchers who they keep detaining for spying and disclosing state secrets and such. They are catching Falun Gong organizers who plan via email.
With the international situation as it is, and has been for some time, with China, with an essential cold war, spy as much as you can mentality spearheaded by corporations and governments on both sides, there are no technological solutions to our relations with China. No amount of surveillance or control will resolve the fact that we have to come to terms with a power that is as big and has as many gadgets as we do.
-perdida
Goat sex free since 2001
The "wackiness" referred to seems be be that the US gov't was willing to share the keys with not-very-friendly foreign gov'ts. If you assume that they were telling the truth when they said they wanted Clipper for _national_ security, that's definitely wacky. If they wanted Clipper solely for the security of certain people in our gov't, ...
Yes, it would have worked--for the real purpose, not for the stated purpose. It wouldn't have caught criminals and terrorists, or at least not those smart enough to even load PGP. But it would have allowed for a lot of spying on everyone naive enough to trust the gov't not to spy on law-abiding people.
...is not to play? You can't guarantee any type of privacy unless you absolutely refuse to participate. At some point, your privacy dissolves as more entities participate in the activity. That's not to say that there aren't some basic measures to take, like not using your SSN as a public identifier... PGP, SSL, and other "security" implementations still rely on allowing the other side to participate in the activity...hence all the discussions on why your personal info got sold to whatever.com by the last place you shopped online...
my
GreyPoopon
--
Why is it I can write insightful comments but can't come up with a clever signature?
Privacy is most certainly dead. I recently looked at my credit report and--this is no joke--they actually had a previous address listed from when I was 6 years old. Wonder where they got that information. I certainly wasn't out building my credit back then...shit I didn't even get an allowance when I was a kid.
--
"Fuck your mama."
We also know that every so often something leaks (via the FOIA) about Echelon or Clipper Chips and so on. We tend to be alarmed by what we find.
The question then arises: "If the secrets that get out are so alarming, how alarming is the 99% of stuff we don't know?"
What we learn from this is that these organizations obviously have a mighty infrastructure for intercepting communications and spying on what we do. The extreme right would have us believe that either we are paranoid or that any such capabilities have legitimate law enforcement justifications.
STOP THE PRESSES
If these organizations are using all that technology for legitimate law enforcement activities where are the indictments and convictions?
We do know that less than a handful of indictments where handed out last year based on intercepted communications. If these interception technologies exist and are obviously not being used to any great extent for legitimate law enforcement activity exactly what are these guys doing with all of that intercepted information?
This is rather amazing, how we scream about a curiosity, like the clipper chip, being handed over to the Chinese, but not about worse technologies. Ok, so security, privacy, etcetera is important. But good old Bubba didn't exactly stop with clipper chips. For example, he handed the Chinese MIRV technology, but people concentrate on the clipper chip. Why is it, that people can be outraged, by the possibility, that a forgien government will know that people are looking at porn, but it doesn't bother people that we have handed our enemies a better way to deploy weapons of mass destruction? Do they really buy that crap about, needing this for launching satalites? It wasn't nessecarry for Sputnik(sp?). Please wake up folks, there are worse demons out there, we are just being handed toys like the clipper chip to keep us distracted. For those that don't know: MIRV - Multiple Independently Targetable Reentry Vehicles - used for dropping several nuclear warheads from an ICBM (InterContinental Ballistic Missle) see http://www.gwu.edu/~nsarchiv/nsa/NC/mirv/mirv.html
for more information.
Necessity is the mother of invention.
Laziness is the father.
-- MarkusQ