Date: Fri, 11 Feb 1994 13:47:05 EST Subject: CPSR Alert 3.03 CPSR Alert 3.03 ============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@ @ @@@ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @ @ @ @ @@@@ @@@@ @ @ @ ============================================================= Volume 3.03 February 11, 1994 ------------------------------------------------------------- Published by Computer Professionals for Social Responsibility Washington Office (Alert@washofc.cpsr.org) ------------------------------------------------------------- Contents [1] CPSR Launches Clipper Campaign [2] Sign the Clipper Petition! [3] Clipper FAQ [4] EPIC to Provide Clipper Analysis [5] CPSR Needs Your Support! [6] RFD for CPSR Newsgroups [7] New Files at the CPSR Internet Library [8] Upcoming Conferences and Events ------------------------------------------------------------- [1] CPSR Launches Clipper Campaign The electronic petition begun by CPSR to oppose Clipper has generated more than 8,500 responses in less than 10 days. The number is increasing at a faster rate than occurred with the successful 1990 campaign to stop Lotus Marketplace. Details of the petition follow. If you have already signed on, ask your friends and colleagues to sign. Call up your parents. Tell them to get an email account and then to sign the petition. Check your rolodex. Call old friends. Send email to former business partners, lovers, etc. In your very next email message, ask the person you are writing to if he or she has signed the CPSR Clipper petition. The number of people who have opposed Clipper already far exceeds the number of lawful wiretaps conducted by all government officials last year. Other upcoming milestones: 10,000 Current government orders for Clipper chip (est.) 12,000 Number of computer networks connected to the Internet 15,000 Estimated number of total lawful wiretaps, 1968-1994 70,000 Anticipated number of Clipper purchases this year More details on the petition follow. ------------------------------------------------------------- [2] Sign the Clipper Petition! Electronic Petition to Oppose Clipper *Please Distribute Widely* On January 24, many of the nation's leading experts in cryptography and computer security wrote President Clinton and asked him to withdraw the Clipper proposal. The public response to the letter has been extremely favorable, including coverage in the New York Times and numerous computer and security trade magazines. Many people have expressed interest in adding their names to the letter. In response to these requests, CPSR is organizing an Internet petition drive to oppose the Clipper proposal. We will deliver the signed petition to the White House, complete with the names of all the people who oppose Clipper. To sign on to the letter, send a message to: Clipper.petition@cpsr.org with the message "I oppose Clipper" (no quotes) You will receive a return message confirming your vote. Please distribute this announcement so that others may also express their opposition to the Clipper proposal. =========================================================== The President The White House Washington, DC 20500 Dear Mr. President: "We are writing to you regarding the "Clipper" escrowed encryption proposal now under consideration by the White House. We wish to express our concern about this plan and similar technical standards that may be proposed for the nation's communications infrastructure. "The current proposal was developed in secret by federal agencies primarily concerned about electronic surveillance, not privacy protection. Critical aspects of the plan remain classified and thus beyond public review. "The private sector and the public have expressed nearly unanimous opposition to Clipper. In the formal request for comments conducted by the Department of Commerce last year, less than a handful of respondents supported the plan. Several hundred opposed it. "If the plan goes forward, commercial firms that hope to develop new products will face extensive government obstacles. Cryptographers who wish to develop new privacy enhancing technologies will be discouraged. Citizens who anticipate that the progress of technology will enhance personal privacy will find their expectations unfulfilled. "Some have proposed that Clipper be adopted on a voluntary basis and suggest that other technical approaches will remain viable. The government, however, exerts enormous influence in the marketplace, and the likelihood that competing standards would survive is small. Few in the user community believe that the proposal would be truly voluntary. "The Clipper proposal should not be adopted. We believe that if this proposal and the associated standards go forward, even on a voluntary basis, privacy protection will be diminished, innovation will be slowed, government accountability will be lessened, and the openness necessary to ensure the successful development of the nation's communications infrastructure will be threatened. "We respectfully ask the White House to withdraw the Clipper proposal." ------------------------------------------------------------- [3] Clipper FAQ The Clipper Chip: Frequently Asked Questions (FAQ) What is the Clipper Chip? It is a cryptographic device purportedly intended to protect private communications while at the same time permitting government agents to obtain the "keys" upon presentation of what has been vaguely characterized as "legal authorization." The "keys" would be held by two government "escrow agents" and would enable the government to access the encrypted private communication. While Clipper would be used to encrypt voice transmissions, a similar device known as Capstone would be used to encrypt data. Who developed the underlying technology? The cryptographic algorithm, known as Skipjack, was developed by the National Security Agency (NSA), a super-secret military intelligence agency responsible for intercepting foreign government communications and breaking the codes that protect such transmissions. In 1987, Congress passed the Computer Security Act, a law intended to limit NSA's role in developing standards for the civilian communications system. In spite of that legislation, the agency has played a leading role in the Clipper initiative and other civilian security proposals. NSA has classified the Skipjack algorithm on national security grounds, thus precluding independent evaluation of the system's strength. CPSR has filed suit under the Freedom of Information Act seeking the disclosure of the secret algorithm and other information concerning the Clipper plan. What is the government's rationale for Clipper? The key-escrow system was developed at the urging of the FBI and other law enforcement agencies, which claim that the increasing availability of strong encryption programs will interfere with their ability to conduct wiretapping. No evidence in support of these claims has been released -- in fact, FBI documents obtained through litigation by CPSR indicate that no such difficulties have been reported by FBI field offices or other federal law enforcement agencies. How important is wiretapping to law enforcement agencies? Electronic surveillance is just one of many investigative techniques available to law enforcement. In fact, it is not a widely used technique -- in 1992, fewer than 900 wiretap warrants were issued to state and federal law enforcement agencies. It is to protect the viability of that small number of wiretaps from an unsubstantiated risk that the FBI and NSA have proposed to compromise the security of billions of electronic transactions. What is the current status of the Clipper plan? On February 4, the Administration announced the formal adoption of the "Escrowed Encryption Standard," which is the technical specification for the Clipper system. This action means that Clipper will become the encryption standard within the government -- all cryptographic products for government use must comply with the standard (i.e., contain the key- escrow mechanism) and all individuals and businesses wishing to transmit secure communications to government agencies will eventually be obliged to use the NSA-developed technology. Will the Clipper standard become mandatory? The Administration maintains that Clipper will be a "voluntary" standard outside of the government, but many industry observers question the reality of this claim. The government exerts enormous pressure in the marketplace, and it is unlikely that alternative means of encryption will remain viable. Further, the possibility of Clipper becoming mandatory at some time in the future is quite real given the underlying rationale for the system. If criminals do, indeed, intend to use encryption to evade electronic surveillance, they are unlikely to voluntarily use the Clipper technology. What can I do to oppose Clipper? Sign the electronic petition against the Clipper plan that is being organized by CPSR. Stay informed of relevant developments by reading the CPSR Alert and other periodic announcements. And consider lending your financial support to CPSR's campaign to protect the privacy of electronic communications. ------------------------------------------------------------- [4] EPIC to Provide Clipper Analysis The Electronic Privacy Information Center (EPIC) will be providing policy information on the Clipper proposal. EPIC is a joint project of CPSR and the Fund for Constitutional Government, a national civil liberties organization. EPIC releases will soon be available to CPSR members through the CPSR Announce list. ------------------------------------------------------------- [5] CPSR Needs Your Support! If you have signed the CPSR petition, and would like to do more to help stop Clipper, please consider sending a cash contribution to CPSR. What do we do with the money? Pay staff salaries, telephone bills, rent, printing costs. The basics. Why support CPSR? Because we have a good reputation for our work on privacy and cryptography, and because our efforts on Clipper are already having an impact. We know it's a little scurrilous to ask for money on the network. We don't do this very often. The good news is that an anonymous donor has agreed to make a matching grant of $10,000 to support CPSR's Clipper campaign. That means that if you contribute $50 we receive $100. If you contribute $100 we receive $200 and so on. Please take a moment to write a check and send it to "CPSR, P.O. Box 717, Palo Alto, CA 94302." Write "Clipper" on the check. Thanks in advance. We appreciate your help. ------------------------------------------------------------- [6] Call for Discussion on CPSR Newsgroups CPSR has submitted a Request for Discussion (RFD) to create two new USENET newsgroups: comp.org.cpsr.news and comp.org.cpsr.talk. Comp.org.cpsr.news will be a reflection of the cpsr-announce mailing list. It will be moderated and only carry 1-2 messages per week including the CPSR Alert and other official CPSR releases, and announcements of relevant conferences. Comp.org.cpsr.talk will be an unmoderated discussion group. Topics will include privacy, the NII, working in the computer industry, and other areas of interest to CPSR members. Formal discussion on the newsgroups is taking place in news.groups. If you have any substantive comments, you may post them there or by e-mail to either news-groups@cs.utexas.edu or news.groups.usenet@decwrl.dec.com. If you just wish to express support for the new groups, please hold off until the voting begins in about one month. ------------------------------------------------------------- [7] New Files at the CPSR Internet Library The CPSR Internet Library is currently undergoing renovation to make it easier to use. File names are being revised, folders are being moved, and a better Gopher front-end is being designed. We apologize for any inconvenience in finding files. All Feb 4 White House releases on Clipper are available at /cpsr/privacy/crypto/clipper An analysis of US cryptography policy by Professor Lance Hoffman commissioned by NIST /cpsr/privacy/crypto/hoffman_crypto_policy_1994 The 1994 US State Department Human Rights Guide. 7.7 megs of files describing the situation of civil and political rights in every country in the world except the US. /cpsr/privacy/privacy_international/country_reports/1994_state_dept_guid e_human_rights 1993 GAO Report on misuse of the FBI's National Crime Information Center is also available. The CPSR Internet Library is a free service available via FTP/WAIS/Gopher/listserv from cpsr.org:/cpsr. Materials from Privacy International, the Taxpayers Assets Project and the Cypherpunks are also archived. For more information, contact ftp-admin@cpsr.org. ---------------------------------------------------------------- [7] Upcoming Conferences and Events "Highways and Toll Roads: Electronic Access in the 21st Century" Panel Discussion. 1994 AAAS Annual Meeting. San Francisco, CA. Feb. 21, 1994 2:30 - 5:30pm. Sponsored by the Association for Computing Machinery (ACM). Contact: Barbara Simons (simons@vnet.ibm.com). "Computers, Freedom and Privacy 94." Chicago, Il. March 23-26. Sponsored by ACM and The John Marshall Law School. Contact: George Trubow, 312-987-1445 (CFP94@jmls.edu). Directions and Implications of Advanced Computing (DIAC)-94 "Developing an Effective, Equitable, and Enlightened Information Infrastructure." Cambridge, MA. April 23 - 24, 1994. Sponsored by CPSR. Contact: cwhitcomb@bentley.edu or doug.schuler@cpsr.org. Computer-Human Interaction 94. Boston, Mass. April 24-28. Sponsored by ACM. Contact: 214-590-8616 or 410-269-6801, chi94office.chi@xerox.com "Navigating the Networks." 1994 Mid-Year Meeting, American Society for Information Science. Portland, Oregon. May 22 - 25, 1994. Contact: rhill@cni.org Rural Datafication II: "Meeting the Challenge of Providing Ubiquitous Access to the Internet" Minneapolis, Minnesota. May 23-24, 1994. Sponsored by CICNet & NSF. Contact: ruraldata-info-request@cic.net. Send name, mailing address and e-mail address. "Information: Society, Superhighway or Gridlock?" Computing for the Social Sciences 1994 Conference (CSS94). University of Maryland at College Park. June 1-3, 1994. Contact: Dr. Charles Wellford 301-405-4699, fax 301-405-4733, e-mail: cwellford@bss2.umd.edu. Abstracts for papers due March 1. Contact William Sims Bainbridge (wbainbri@nsf.gov). Grace Hopper Celebration of Women in Computer Science. Washington, DC June 9-11. Contact: 415 617-3335, hopper-info@pa.dec.com DEF CON ][ ("underground" computer culture) "Load up your laptop muffy, we're heading to Vegas!" The Sahara Hotel, Las Vegas, NV. July 22-24, Contact: dtangent@defcon.org. Conference on Uncertainty in AI. Seattle, WA. July 29-31. Contact: 206-936-2662, heckerma@microsoft.com. Symposium: An Arts and Humanities Policy for the National Information Infrastructure. Boston, Mass. October 14-16, 1994. Sponsored by the Center for Art Research in Boston. Contact: Jay Jaroslav (jaroslav@artdata.win.net). Third Biannual Conference on Participatory Design, Chapel Hill, North Carolina, October 27-28, 1994. Sponsored by CPSR. Contact: trigg@parc.xerox.com. Submissions due April 15, 1994. (Send calendar submissions to Alert@washofc.cpsr.org) ------------------------ END CPSR Alert 3.03 -----------------------