15191

神经网络昆斯林的新闻组分类2006

Newsgroups: sci.crypt
Path: cantaloupe.srv.cs.cmu.edu!crabapple.srv.cs.cmu.edu!bb3.andrew.cmu.edu!news.sei.cmu.edu!cis.ohio-state.edu!zaphod.mps.ohio-state.edu!sol.ctr.columbia.edu!ira.uka.de!math.fu-berlin.de!ifmsun8.ifm.uni-hamburg.de!rzsun2.informatik.uni-hamburg.de!fbihh!bontchev
From: bontchev@fbihh.informatik.uni-hamburg.de (Vesselin Bontchev)
Subject: Re: text of White House announcement and Q&As on clipper chip encryption
Message-ID: <bontchev.734981805@fbihh>
Sender: news@informatik.uni-hamburg.de (Mr. News)
Reply-To: bontchev@fbihh.informatik.uni-hamburg.de
Organization: Virus Test Center, University of Hamburg
References: <C5L17v.GH5@dove.nist.gov>
Distribution: na
Date: Fri, 16 Apr 1993 17:36:45 GMT
Lines: 268

clipper@csrc.ncsl.nist.gov (Clipper Chip Announcement) writes:

> The President today announced a new initiative that will bring
> the Federal Government together with industry in a voluntary
> program to improve the security and privacy of telephone
> communications while meeting the legitimate needs of law
> enforcement.

A nice formulation for the introduction of the first encryption
devices with built-in trapdoors - just like the Feds wanted...

> For too long there has been little or no dialogue between our
> private sector and the law enforcement community to resolve the
> tension between economic vitality and the real challenges of
> protecting Americans.  Rather than use technology to accommodate
> the sometimes competing interests of economic growth, privacy and
> law enforcement, previous policies have pitted government against
> industry and the rights of privacy against law enforcement.

Bla-bla.

> protect electronic mail and computer files.  While encryption
> technology can help Americans protect business secrets and the
> unauthorized release of personal information, it also can be used
> by terrorists, drug dealers, and other criminals.

Indeed, and the current proposal does nothing to prevent the latter.

> an ordinary telephone.  It scrambles telephone communications
> using an encryption algorithm that is more powerful than many in
> commercial use today.

This doesn't say much. There are many incredibly weak encryption
algorithms in commercial use today...

> This new technology will help companies protect proprietary
> information, protect the privacy of personal phone conversations
> and prevent unauthorized release of data transmitted
> electronically.

Except from the government.

>  At the same time this technology preserves the
> ability of federal, state and local law enforcement agencies to
> intercept lawfully the phone conversations of criminals. 

Nope. The criminals won't be stupid enough to use the new chip,
they'll use something secure. This technology provides only means to
intercept the phone conversations of people who are stupid enough to
use it.

> agencies to decode messages encoded by the device.  When the
> device is manufactured, the two keys will be deposited separately
> in two "key-escrow" data bases that will be established by the
> Attorney General.  Access to these keys will be limited to
> government officials with legal authorization to conduct a
> wiretap.

That is, the government has the keys. It doesn't matter much if they
are in one or in two of its hands...

> The "Clipper Chip" technology provides law enforcement with no
> new authorities to access the content of the private
> conversations of Americans.

Correct. It does, however, provide those Americans with the false
sense of privacy.

> devices.  In addition, respected experts from outside the
> government will be offered access to the confidential details of
> the algorithm to assess its capabilities and publicly report
> their findings.

If the screening is not public, it cannot be trusted. Some people do
not trust DES even today, after all the examinations - only because
some parts of its design were kept secret.

> The chip is an important step in addressing the problem of
> encryption's dual-edge sword:  encryption helps to protect the
> privacy of individuals and industry, but it also can shield
> criminals and terrorists.  We need the "Clipper Chip" and other
> approaches that can both provide law-abiding citizens with access
> to the encryption they need and prevent criminals from using it
> to hide their illegal activities.  In order to assess technology

So they'll use a different technology to hide their illegal
activities. So will those law-abiding citizens, who do not trust their
government not to misuse its abilities to decrypt their conversations.

>      --   the privacy of our citizens, including the need to
>           employ voice or data encryption for business purposes;

Except from the government.

>      --   the need of U.S. companies to manufacture and export
>           high technology products.

Huh? Later it says that the new technology will be export restricted.

> Since encryption technology will play an increasingly important
> role in that infrastructure, the Federal Government must act
> quickly to develop consistent, comprehensive policies regarding
> its use.  The Administration is committed to policies that
> protect all Americans' right to privacy while also protecting
> them from those who break the law.

In short, the new technology can:

1) Protect the law abiding citizen's privacy from the casual snooper.

It cannot:

1) Protect him from the government, if it decides to misuse its
ability to decrypt the conversations.

2) Protect him from the criminals who succeed to break the new
encryption scheme or to steal the keys, or to bribe the people who
handle them, etc.

3) Prevent the criminals from using secure encryption for
communication.

> Q:   Does this approach expand the authority of government
>      agencies to listen in on phone conversations?

> A:   No.  "Clipper Chip" technology provides law enforcement with
>      no new authorities to access the content of the private
>      conversations of Americans.

Correct. However, it does not provide them that much privacy as it
claims.

> Q:   Who will run the key-escrow data banks?

> A:   The two key-escrow data banks will be run by two independent
>      entities.  At this point, the Department of Justice and the
>      Administration have yet to determine which agencies will
>      oversee the key-escrow data banks.

Two candidates: the NSA and the Mafia.

> Q:   How strong is the security in the device?  How can I be sure
>      how strong the security is?  

> A:   This system is more secure than many other voice encryption
>      systems readily available today. 

That is, "trust us".

> While the algorithm will
>      remain classified to protect the security of the key escrow

"Security through obscurity".

>      system, we are willing to invite an independent panel of
>      cryptography experts to evaluate the algorithm to assure all
>      potential users that there are no unrecognized
>      vulnerabilities.

If it's not entirely open to public examination, it cannot be
trusted. Besides, who can prove that the devices used for examination
and the ones built into your phones will be the same?

> Q:   Whose decision was it to propose this product?

> A:   The National Security Council, the Justice Department, the

The NSA and the FBI?

> Q:   Who was consulted?  The Congress?  Industry?

> A:   We have on-going discussions with Congress and industry on
>      encryption issues, and expect those discussions to intensify
>      as we carry out our review of encryption policy.  We have
>      briefed members of Congress and industry leaders on the
>      decisions related to this initiative.

Why did they "forget" the Academia?

> Q:   Will the government provide the hardware to manufacturers?

> A:   The government designed and developed the key access
>      encryption microcircuits, but it is not providing the
>      microcircuits to product manufacturers.  Product
>      manufacturers can acquire the microcircuits from the chip
>      manufacturer that produces them.

Doesn't this smell to monopolism?

> Q:   Who provides the "Clipper Chip"?

> A:   Mykotronx programs it at their facility in Torrance,
>      California, and will sell the chip to encryption device
>      manufacturers.  The programming function could be licensed
>      to other vendors in the future.

Like the Mafia?

> Q:   If the Administration were unable to find a technological
>      solution like the one proposed, would the Administration be
>      willing to use legal remedies to restrict access to more
>      powerful encryption devices?

This is the main question, why was it buried at the end?

> A:   This is a fundamental policy question which will be
>      considered during the broad policy review.  The key escrow

"We'll see".

>      mechanism will provide Americans with an encryption product
>      that is more secure, more convenient, and less expensive
>      than others readily available today, but it is just one

"Trust us".

>      The Administration is not saying, "since encryption
>      threatens the public safety and effective law enforcement,
>      we will prohibit it outright" (as some countries have

In short, "If we decide to outlaw strong crypto, we'll tell you".

>      effectively done); nor is the U.S. saying that "every
>      American, as a matter of right, is entitled to an
>      unbreakable commercial encryption product."  There is a

Since the US government seems to consider strong crypto as munitions
and since the US constitutions guarantees the right to every American
to bear arms, why is not every American entitled, as a matter of
right, to an unbreakable commercial encryption product?

> A:   It indicates that we understand the importance of encryption
>      technology in telecommunications and computing and are
>      committed to working with industry and public-interest
>      groups to find innovative ways to protect Americans'
>      privacy, help businesses to compete, and ensure that law
>      enforcement agencies have the tools they need to fight crime
>      and terrorism.

Bullshit. The proposed technology provides a false sense of security,
encryption devices with built-in capabilities for breaking the
encryption, does not prevent the criminals to use strong crypto, and
is a step to outlaw strong crypto.

> Q:   Will the devices be exportable?  Will other devices that use
>      the government hardware?

> A:   Voice encryption devices are subject to export control
>      requirements.  Case-by-case review for each export is
>      required to ensure appropriate use of these devices.  The

Who was the optimist who believed that the new administration will
leave the export controls on strong crypto devices?

OK, I'm not American, it's not my business, but I just couldn't resist
to comment... The whole plot looks so totalitaristic... It's up to
you, Americans, to fight for your rights.

Regards,
Vesselin

P.S. Now is the time for David Sternlight to pop up and claim that the
new system is great.
-- 
Vesselin Vladimirov Bontchev          Virus Test Center, University of Hamburg
Tel.:+49-40-54715-224, Fax: +49-40-54715-226      Fachbereich Informatik - AGN
< PGP 2.2 public key available on request. > Vogt-Koelln-Strasse 30, rm. 107 C
e-mail: bontchev@fbihh.informatik.uni-hamburg.de    D-2000 Hamburg 54, Germany