CyberWire Dispatch // Copyright (c) 1994 //

Jacking in from the SNAFU Port:

Washington, DC -- Matthew Blaze never intended to make the front page of the New York Times. He was just doing his job: Nose around inside the government's most secret, most revered encryption code to see if he could "break it."

Blaze, a researcher for AT&T Bell Labs, was good at this particular job. Maybe a bit too good. Although he didn't actually "break" the code, he did bend the fuck out of it. That feat landed him a front page story in the June 9 issue of the New York Times.

What Blaze found -- and quietly distributed among colleagues and federal agencies in a draft paper -- was that design bugs in Skipjack, the computer code that underlies the Clipper Chip encryption scheme, can be jacked around, and re-scrambled so that not even the Feds can crack it. This of course defeats the whole purpose of the Clipper Chip, which is to allow ONLY the government the ability to eavesdrop on Clipper encoded conversations, faxes, data transmissions, etc.

What Blaze's research attacks is something called the LEAF, short for "Law Enforcement Access Field." The LEAF contains the secret access code needed by law enforcement agents to decode the scrambled messages. Blaze discovered that the LEAF uses only a 16-bit checksum, which is a kind of self-checking mathematical equation. When the checksum equations match up, the code is valid and everything's golden. The cops get to unscramble the conversations and another kiddie porn ring is brought to justice. (This is what the FBI will tell you... again and again and again and... )

But you can generate a valid 16-bit checksum in about 20 minutes, according to those crypto-rebels that traffic the Internet's Cypherpunks mailing list. "A 16-bit checksum is fucking joke," one cryptographic expert from the list told Dispatch. "If it weren't so laughable, I'd be insulted that all this tax payer money has gone into the R&D of something so flawed."

But the New York Times got the story *wrong* or at least it gave only part of the story. "What the New York Times story didn't say was that the findings... had nothing to do with the Government standard, which covers voice, facsimile and low-speed data transmission," said an AT&T spokesman. AT&T was the first company to publicly support the Clipper Chip. A stance that was essentially bought and paid for by the U.S. government with the promise it would get big government contracts to sell Clipper equipped phones to Uncle Sam, according to documents previously obtained by Dispatch.

The AT&T spokesman said the "frailty" that Blaze discovered doesn't actually exist in the Clipper Chip applications. "Our scientists, working with National Security Agency (NSA) scientists, were conducting research on proposed future extensions of the standard," he said.

Those "future extensions" are the so-called Tessera chip, intended to be embedded in a PCMCIA credit card sized device that fits into a slot in your computer.

When the NSA trotted out its Tessera card, it invited Blaze, among others, to review the technology, essentially becoming a beta-tester for the NSA. No formal contract was signed, no money changed hands. Blaze took on the job in a volunteer role. Using a prototype Tessera chip installed on a PCMCIA card, he broke the damn thing.

AT&T claims the whole scenario is different from the Clipper because the LEAF generated by Clipper "is a real time application... with Tessera it's static," the spokesman said. He said Tessera would be used to encrypt stored communications or Email. "And with Tessera, the user has the ability to get at the LEAF," he said, "with Clipper, you don't."

Blaze will deliver his paper, titled "Protocol Failure in the Escrowed Encryption Standard," this fall during the Fairfax Conference. His findings "should be helpful" to the government "as it explores future applications," of its new encryption technology the AT&T spokesman said. "In our view, it's better to learn a technology's limitations while there's time to make revisions before the Government spends large sums to fund development programs."

This is an important, if subtle statement. The Clipper Chip never underwent this type of "beta-testing," a fact that's drawn the ire of groups such as Computer Professionals for Social Responsibility (CPSR) and the Electronic Frontier Foundation (EFF). When the White House began to take hits over this ugly situation, it agreed to have an independent panel of experts review the classified code to check for any trapdoors.

Those experts claim they found nothing fishy, but their report -- alas --has also been classified, leading to further demands for openness and accountability. The White House is stalling, naturally.

But in an apparent about face, the NSA allowed an "open" beta-testing for Tess and -- surprise -- we find out there are bugs in the design.

Okay, Pop Quiz time: Does the existence of "Blaze Bug" make you feel: (A) More secure about the government's claim that Clipper will only be used to catch criminals and not spy on the citizenry. (B) Less secure about everything you've ever been told about privacy and encryption by the Clinton Administration. (C) Like this entire episode is really an extended "Stupid Pet Tricks" gag being pulled by David Letterman.

If you're still unsure about Clipper, check this quote from the AT&T spokesman: "It's worth noting that Clipper Chip wasn't subjected to this type of testing." Ah-huh... any questions?

The NSA is trying to downplay the news. "Anyone interested in circumventing law enforcement access would most likely choose simpler alternatives," said Michael Smith, the agency's planning director, as quoted by the New York Times. "More difficult and time-consuming efforts, like those discussed in the Blaze paper, are very unlikely to be employed."

He's right. Those "simpler alternatives" include everything from private encryption methods to not using a Clipper equipped phone or fax in the first place. (Of course, the FBI keeps insisting that criminals won't use any of this "simpler" knowledge because they are "dumb.")

Despite the NSA's attempt to blow off these findings, the agency is grinding its gears. One NSA source told Dispatch that the Blaze paper is "a major embarrassment for the program." But the situation is "containable" he said. "There will be a fix."

Dispatch asked if there would be a similar review of the Clipper protocols to see if it could be jacked around like Tess. "No comment," was all he said.

Meeks out...