From: Robert W. Shirey (5/24/93) To: infsecur@mitre.org Mail*Link¨ SMTP NIST answers RSADSI Questio Received: by iegate.mitre.org with SMTP;24 May 1993 09:28:09 U Received: from mwunix.mitre.org by mbunix.mitre.org (911016.SGI/4.7) id AA07746; Mon, 24 May 93 09:07:58 -0400 Return-Path: Received: by mwunix.mitre.org (5.65c/SMI-2.2) id AA02886; Mon, 24 May 1993 09:07:57 -0400 Received: from smiley.mitre.org.sit (smiley.mitre.org) by mwunix.mitre.org (5.65c/SMI-2.2) id AA02824; Mon, 24 May 1993 09:07:47 -0400 Organization: The MITRE Corp. Received: from [128.29.140.100] (shirey-mac.mitre.org) by smiley.mitre.org.sit (4.1/SMI-4.1) id AA04143; Mon, 24 May 93 09:06:34 EDT Message-Id: <9305241306.AA04143@smiley.mitre.org.sit> Date: Mon, 24 May 1993 09:09:45 -0500 To: infsecur@mitre.org From: shirey@mitre.org (Robert W. Shirey) X-Sender: shirey@128.29.140.20 (Unverified) Subject: NIST answers RSADSI Questions re Clipper X-Mdf: fnc re-routed to "fnc@mbunix.mitre.org" In the following, Jim Bidzos (D. James Bidzos) is President of RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood city, CA 94065. RSADSI is one of the four partners in Public Key Partners, Inc. that holds the RSA patent, among others: RSA patent #4,405,829, awarded 9/20/83, expires 9/20/00. Diffie-Hellman patent #4,200,770, awarded 3/29/80. Merkle-Hellman knapsacks patent #4,218,582, awarded 8/19/80. Pohig-Hellman parent #4,424,414, awarded 3/03/84. I have heard it stated that these patents make claims that cover all means of encryption based on exponentiation. ---------------------------------------------------------------------------- ----------- Date: Mon, 17 May 1993 16:44:28 -0400 (EDT) From: ROBACK@ECF.NCSL.NIST.GOV Subject: Answers to Your Questions To: jim@RSA.COM To: Mr. Jim Bidzos, RSA Data Security, Inc. From: Ed Roback, NIST Mr. Ray Kammer asked me to forward to you our answers to the questions you raised in your e-mail of 4/27. We've inserted our answers in your original message. ------------------------------------------------------ From: SMTP%"jim@RSA.COM" 27-APR-1993 03:13:12.75 To: clipper@csrc.ncsl.nist.gov CC: Subj: Clipper questions .... Date: Tue, 27 Apr 93 00:11:50 PDT From: jim@RSA.COM (Jim Bidzos) Here are some questions about the Clipper program I would like to submit. Much has been said about Clipper and Capstone (the term Clipper will be used to describe both) recently. Essentially, Clipper is a government-sponsored tamper-resistant chip that employs a classified algorithm and a key escrow facility that allows law enforcement, with the cooperation of two other parties, to decipher Clipper-encrypted traffic. The stated purpose of the program is to offer telecommunications privacy to individuals, businesses, and government, while protecting the ability of law enforcement to conduct court-authorized wiretapping. The announcement said, among other things, that there is currently no plan to attempt to legislate Clipper as the only legal means to protect telecommunications. Many have speculated that Clipper, since it is only effective in achieving its stated objectives if everyone uses it, will be followed by legislative attempts to make it the only legal telecommunications protection allowed. This remains to be seen. >>>> NIST: There are no current plans to legislate the use of Clipper. Clipper will be a government standard, which can be - and likely will be - used voluntarily by the private sector. The option for legislation may be examined during the policy review ordered by the President. The proposal, taken at face value, still raises a number of serious questions. What is the smallest number of people who are in a position to compromise the security of the system? This would include people employed at a number of places such as Mikotronyx, VSLI, NSA, FBI, and at the trustee facilities. Is there an available study on the cost and security risks of the escrow process? >>>> NIST: It will not be possible for anyone from Mykotronx, VLSI, NIST, NSA, FBI (or any other non-escrow holder) to compromise the system. Under current plans, it would be necessary for three persons, one from each of the escrow trustees and one who knows the serial number of the Clipper Chip which is the subject of the court authorized electronic intercept by the outside law enforcement agency, to conspire in order to compromise escrowed keys. To prevent this, it is envisioned that every time a law enforcement agency is provided access to the escrowed keys there will be a record of same referencing the specific lawful intercept authorization (court order). Audits will be performed to assure strict compliance. This duplicates the protection afforded nuclear release codes. If additional escrow agents are added, one additional person from each would be required to compromise the system. NSA's analysis on the security risks of the escrow system is not available for public dissemination. How were the vendors participating in the program chosen? Was the process open? >>>> NIST: The services of the current chip vendors were obtained in accordance with U.S. Government rules for sole source procurement, based on unique capabilities they presented. Criteria for selecting additional sources will be forthcoming over the next few months. AT&T worked with the government on a voluntary basis to use the "Clipper Chip" in their Telephone Security Device. Any vendors of equipment who would like to use the chips in their equipment may do so, provided they meet proper government security requirements. A significant percentage of US companies are or have been the subject of an investigation by the FBI, IRS, SEC, EPA, FTC, and other government agencies. Since records are routinely subpoenaed, shouldn't these companies now assume that all their communications are likely compromised if they find themselves the subject of an investigation by a government agency? If not, why not? >>>> NIST: No. First of all, there is strict and limited use of subpoenaed material under the Federal Rules of Criminal Procedure and sanctions for violation. There has been no evidence to date of Governmental abuse of subpoenaed material, be it encrypted or not. Beyond this, other Federal criminal and civil statutes protect and restrict the disclosure of proprietary business information, trade secrets, etc. Finally, of all the Federal agencies cited, only the FBI has statutory authority to conduct authorized electronic surveillance. Electronic surveillance is conducted by the FBI only after a Federal judge agrees that there is probable cause indicating that a specific individual or individuals are using communications in furtherance of serious criminal activity and issues a court order to the FBI authorizing the interception of the communications. What companies or individuals in industry were consulted (as stated in the announcement) on this program prior to its announcement? (This question seeks to identify those who may have been involved at the policy level; certainly ATT, Mikotronyx and VLSI are part of industry, and surely they were involved in some way.) >>>> NIST: To the best of our knowledge: AT&T, Mykotronx, VLSI, and Motorola. Other firms were briefed on the project, but not "consulted," per se. Is there a study available that estimates the cost to the US government of the Clipper program? >>>> NIST: No studies have been conducted on a government-wide basis to estimate the costs of telecommunications security technologies. The needs for such protection are changing all the time. There are a number of companies that employ non-escrowed cryptography in their products today. These products range from secure voice, data, and fax to secure email, electronic forms, and software distribution, to name but a few. With over a million such products in use today, what does the Clipper program envision for the future of these products and the many corporations and individuals that have invested in and use them? Will the investment made by the vendors in encryption-enhanced products be protected? If so, how? Is it envisioned that they will add escrow features to their products or be asked to employ Clipper? >>>> NIST: Again, the Clipper Chip is a government standard which can be used voluntarily by those in the private sector. We also point out that the President's directive on "Public Encryption Management" stated: "In making this decision, I do not intend to prevent the private sector from developing, or the government from approving, other microcircuits or algorithms that are equally effective in assuring both privacy and a secure key-escrow system." You will have to consult directly with private firms as to whether they will add escrow features to their products. Since Clipper, as currently defined, cannot be implemented in software, what options are available to those who can benefit from cryptography in software? Was a study of the impact on these vendors or of the potential cost to the software industry conducted? (Much of the use of cryptography by software companies, particularly those in the entertainment industry, is for the protection of their intellectual property.) >>>> NIST: You are correct that, currently, Clipper Chip functionality can only be implemented in hardware. We are not aware of a solution to allow lawfully authorized government access when the key escrow features and encryption algorithm are implemented in software. We would welcome the participation of the software industry in a cooperative effort to meet this technical challenge. Existing software encryption use can, of course, continue. Banking and finance (as well as general commerce) are truly global today. Most European financial institutions use technology described in standards such as ISO 9796. Many innovative new financial products and services will employ the reversible cryptography described in these standards. Clipper does not comply with these standards. Will US financial institutions be able to export Clipper? If so, will their overseas customers find Clipper acceptable? Was a study of the potential impact of Clipper on US competitiveness conducted? If so, is it available? If not, why not? >>>> NIST: Consistent with current export regulations applied to the export of the DES, we expect U.S. financial institutions will be able to export the Clipper Chip on a case by case basis for their use. It is probably too early to ascertain how desirable their overseas customers will find the Clipper Chip. No formal study of the impact of the Clipper Chip has been conducted since it was, until recently, a classified technology; however, we are well aware of the threats from economic espionage from foreign firms and governments and we are making the Clipper Chip available to provide excellent protection against these threats. As noted below, we would be interested in such input from potential users and others affected by the announcement. Use of other encryption techniques and standards, including ISO 9796 and the ISO 8730 series, by non-U.S. Government entities (such as European financial institutions) is expected to continue. I realize they are probably still trying to assess the impact of Clipper, but it would be interesting to hear from some major US financial institutions on this issue. >>>> NIST: We too would be interested in hearing any reaction from these institutions, particularly if such input can be received by the end of May, to be used in the Presidentially-directed review of government cryptographic policy. Did the administration ask these questions (and get acceptable answers) before supporting this program? If so, can they share the answers with us? If not, can we seek answers before the program is launched? >>>> NIST: These and many, many others were discussed during the development of the Clipper Chip key escrow technology and the decisions-making process. The decisions reflect those discussions and offer a balance among the various needs of corporations and citizens for improved security and privacy and of the law enforcement community for continued legal access to the communications of criminals. ======================================================================