Copy Link
Add to Bookmark
Report

SURFPUNK Technical Journal 105

  

Date: Mon, 14 Mar 94 20:26:58 PST
From: surfpunk@osc.versant.com (SURFPUNK Technical Journal)
Subject: [surfpunk-0105] FOIA: the Clipper Key Escrow databases

* "I know of no safe depository of the ultimate powers
* of the society but the people themselves, and if we
* think them not enlightened enough to exercise that
* control with a wholesome discretion, the remedy is not
* to take it from them, but to inform their discretion."
*
* -- Thomas Jefferson, 1820
* [passed along by librarian Ruth Reynolds]


SURFPUNK BACKISSUES: ftp://ftp.yak.net/pub/surfpunk
ALSO: ftp://ftp.eff.org/pub/Publications/CuD/Surfpunk/


John Gilmore has sent a Freedom Of Information Act (FOIA) request for
the database of escrowed key components. These are the half-keys that
will be required to decrypt conversations on the pre-wiretapped
Clipper encrypted telephones.

The idea behind FOIA is that the U S Government should be accountable
to its citizens by having its files and databases open to public
inspection. The mechanism for doing this is to file a FOIA request to
a government agency, and they are supposed to send you what you ask
for, with some exceptions. Requesting the Clipper key databases seems
silly at first, but really it strikes at the heart of why Clipper is
such a bad idea: FOIA prevents government from collecting information
about citizens that the citizens themselves cannot be trusted with. If
we do not want other citizens listening in to our private conversations,
the government has no business doing it, either, because they should be
working *for* us.

BTW, Eric Hughes points out that "escrowed" is not really the right
word. An escrow agent is someone chosen and agreed to by both parties
to hold something for future release under certain conditions. In the
case of Clipper Keys, both parties do not get to agree to who the
escrow agents are. They are chosen for you: one is the U S Treasury
department, whose Secret Service brought you the Steve Jackson Games
fiasco; the other is NIST, who is plowing ahead with the Clipper
standard despite a nearly unanimous response against it during their
period of public comment.

It looks like John has created a mailing list foia-keys-request@toad.com
if you're interested in following this. The Cypherpunks list is still at
cypherpunks-request@toad.com. --strick

________________________________________________________________________
________________________________________________________________________

To: cypherpunks@toad.com, gnu@toad.com
Subject: <6g> I have FOIA'd the Clipper Key Escrow databases
Date: Fri, 25 Feb 94 12:58:40 -0800
From: gnu@toad.com


There appears to be no FOIA exemption that would justify withholding
the key escrow databases which Treasury and NIST are building. (The
keys are not tied to any individual, so individual privacy isn't a
valid exemption. The database isn't classified. Etc.) I have asked
for a copy of each database, in toto. Letters were sent yesterday.
One is reproduced below; the other is identical except for the
addressee and minor details.

You too can do things like this. It's fun and it occasionally
produces highly useful information. Just think of something that the
government knows, and has written down on paper, that you want to
know. Ask them for it. You have the right to know. They're spending
your taxes to subjugate you, and they're required to answer, though
almost all agencies do it grudgingly. Post your request to the net,
so that we-all will know it's happening, and can be inspired to think
of other interesting things to ask for.

You don't need all the boilerplate below about exemptions and time
limits and stuff; that is to put the agencies on notice that we will
push them in court, if necessary, to be responsive. Or you can use
our boilerplate in your own requests, if you like. Alter the "media
requester" section to suit your own situation.

John

[[ The actual FOIA request is at the end --strick ]]


________________________________________________________________________

Date: Mon, 28 Feb 94 11:48:59 -0800
From: hughes@ah.com (Eric Hughes)
Message-Id: <9402281948.AA05053@ah.com>
To: cypherpunks@toad.com
Subject: <8c> I have FOIA'd the Clipper Key Escrow databases


Should John's FOIA request for the clipper key database work, it
creates a wonderful hole in the entire key custody system.

It would require a legislative act to plug the hole.

This is extremely significant, since the whole clipper strategy is
based on unchecked and unbalanced actions by the executive branch. No
laws were passed to create clipper and no judicial review has taken
place.

John's request will be denied, no doubt, and will go to court. Should
he prevail in court, the executive branch is bound by that decision.
A key custody database which was public would make the system insecure
and unusable. The executive branch could not change this. Only the
legislature could.

Now, how many legislators do you know that are going to make a public
record by voting in favor of Big Brother?

We are witnessing the genius of framers of the USA Constitution here,
folks.

Eric

________________________________________________________________________

To: smb@research.att.com
Cc: cypherpunks@toad.com, gnu@toad.com
Subject: <6g> Re: I have FOIA'd the Clipper Key Escrow databases
In-Reply-To: <9402252135.AA04902@toad.com>
Date: Sun, 27 Feb 94 00:21:43 -0800


> I confess -- I expect one of two outcomes. First, they may say that
> the database is classified, if only at the level of ``For Official
> Use Only''.

`For Official Use Only' is not a valid classification. A document
with this marking cannot be withheld under FOIA exemption 1. You have
to read the Executive Orders on classification -- this category got
cleaned up a LONG time ago.

The current Executive Order gives particular criteria for classifying
things. If this database doesn't fit any of those criteria, it can't
legally be classified. I don't believe that this database is covered.
And a judge in a FOIA case can do a "de novo" (from scratch) review of
whether the material is legally classified, by examining it himself in
private -- we don't have to take the agency's word that "there really
is some reason it is classified".

Also, giving classified information to unauthorized people is a major
offense. They threatened me with that offense one time, over texts
that I found in a library. If the keys in the database are
classified, they can't give them out to cops. FOIA requires that they
"segregate" any classified part and give me the rest of what's there,
so if they claim that "well, one key isn't classified, but ten or a
thousand of them are classified", I bet we can (1) get some keys out,
(2) challenge this idea in court. In particular, it should be
possible to record the LEAF from a particular chip (whether you own
it, or not!) and send it to them in a FOIA request asking for the
matching unit key. They clearly can map a LEAF to a key (they do it
for cops), and FOIA only requires that you "reasonably describe" the
records you want. Given their mapping capability, the LEAF is a
reasonable description of the record you want.

> Second, maybe they will release it -- but remember that
> the keys are stored encrypted. Can you file an FOIA request for the
> key, too?

Either I can get the key, or I can get them to decrypt it for me. If
they could hold arbitrary government records in secret by simply
encrypting them and classifying the keys, FOIA would be entirely
thwarted; the courts wouldn't let them get away with it.

By the way, I did request the keys:

> This request includes your database of the escrowed key
> components. This request also includes any ancillary information
> about the database, such as data formats, procedures, standards,
> access methods, memos and documents about its use, access
> software, plans, etc. If the database itself is stored in encrypted
> form, then this request also includes the computer programs and
> keys required to access it.

John

________________________________________________________________________



law office of
Lee Tien
1452 Curtis Street
Berkeley, California 94702
_______________
tien@well.sf.ca.us
voice: (510) 525-0817
fax: (510) 525-3015


February 24, 1994

Reference: KEY ESCROW DATABASE-TREASURY


Departmental Disclosure Office
Department of the Treasury
Room 1054-MT
Washington, D.C. 20220
ATTN: FOIA request

Dear Sir or Madam:

This is a request under the Freedom of Information Act [5
U.S.C. Sec. 552] on behalf of my client, Mr. John Gilmore.

I write to request a copy of all agency records or portions
thereof, in electronic or other form, which relate to the database of
escrowed key components for encryption using the key escrow
encryption method. The Attorney General announced on Friday,
February 4, 1994, that the Automated Systems Division of the
Department of the Treasury will be one of the two escrow agents.


This request includes your database of the escrowed key
components. This request also includes any ancillary information
about the database, such as data formats, procedures, standards,
access methods, memos and documents about its use, access
software, plans, etc. If the database itself is stored in encrypted
form, then this request also includes the computer programs and
keys required to access it.

We specifically request that you make the database available in
electronic form, such as on magnetic tape. We remind you that the
long-standing rule that the FOIA "makes no distinction between
records maintained in manual and computer storage systems,"
Yeager v. D.E.A., 678 F.2d 315, 321 (D.C.Cir. 1982), has recently
been amplified in Armstrong v. Executive Office of the President,
810 F.Supp. 335 (D.D.C. 1993). Any paper print-outs of electronic
records, such as e-mail, must include all information in the
electronic record. Assuming that there would be no loss of
releasable information, such as written comments made on paper
print-outs, we therefore ask you to release all responsive electronic
records in electronic, i.e., machine-readable, form.

As you know, the FOIA provides that an agency must make an
initial determination of whether to comply with a FOIA request
within ten working days of receiving the request.

If the records that you possess were originated or classified by
another organization, I ask that your organization declassify them
(if needed) and release them to me, as provided in the FOIA,
within the statutory time limits. If there is a conflict between the
statutory time limits and some regulation or policy that requires
you to refer the records, the statutory requirement takes precedence
over any Executive-branch regulation, policy or practice.

Congress placed a limit on the time which may be expended in
referrals. The FOIA explicitly provides that referrals to other
interested agencies or agency components are treated under the
provision for "unusual circumstances," and cannot justify a delay
of more than an additional 10 working days. 5 U.S.C. Sec.
552(a)(6)(B)(iii).

"[W]hen an agency receives a FOIA request for 'agency
records' in its possession it must take responsibility for processing
the request. It cannot simply refuse to act on the ground that the
documents originated elsewhere." McGehee v. C.I.A., 697 F.2d
1095, 1110 (D.C. Cir. 1983). Even records originated by other
agencies are subject to immediate release under the applicable case
law, if they were at the time of the request in the possession and
control of your agency.

Simply put, the FOIA and the case law take precedence over
executive branch regulations or practices regarding referrals. If
you do refer documents to any other agency, and they are not
provided within the time limits, we intend to litigate on this
point.

As you know, the FOIA provides that even if some requested
material is properly exempted from mandatory disclosure, all
segregable portions must be released. [5 U.S.C. Sec. 552(b)] If any
or all material covered by this request is withheld, please inform
me of the specific exemptions that are being claimed, and mark all
deletions to indicate the exemption(s) being claimed to authorize
each individual withholding. If the (b)(3) exemption is claimed,
please indicate the relevant withholding statute(s).

If any records are withheld, I request a Vaughn index or its
equivalent during the administrative process. "[T]he objective of
the Vaughn requirements, to permit the requesting party to present
its case effectively, is equally applicable to proceedings within the
agency." Mead Data Central v. Department of the Air Force, 402
F.Supp. 460 (D.D.C. 1974), remanded, 566 F.2d 242 (D.C. Cir.
1977) aff'd, 575 F.2d 932 (D.C. Cir. 1978).

"[A] person cannot effectively appeal a decision about the
releasability of documents ... if he is not informed of at
least a list of the documents to which he was denied access
... and why those decisions were made. Denial of this
information would in all likelihood be a denial of due
process as well as effectively gutting the reasons for
applying the exhaustion doctrine in FOIA cases."

Shermco Industries, Inc. v. Secretary of the Air Force, 452 F.Supp.
306, 317 n.7 (N.D. Tex. 1978); see Oglesby v. Department of the
Army, 920 F.2d 57, 65 (D.C. Cir. 1990) (citing Shermco). It
should be simple to prepare a list and the claimed exemptions as
the records are processed. Disclosing such information would not
disclose any exempt information and it would make it easier to
appeal your initial determination on the merits.

In addition, I ask that your agency exercise its discretion to
release information that may be technically exempt. As you know,
the Attorney General on October 4, 1993, directed that agencies
should administer the FOIA under a presumption of disclosure, and
that information which need not be withheld should not be.

I remind you that under Chrysler v. Brown, 441 U.S. 281, 293
(1979), the 5 U.S.C. Sec. 552(b) exemptions are discretionary, not
mandatory. An agency can generally choose to release exempt
information. This discretionary review process for withholding
cannot take precedence over the law, which requires a response
within specified time limits. Moreover, that discretion, according
to the Attorney General's October 4, 1993 memorandum, must be
exercised in accordance with a presumption of disclosure. Even if
a substantial legal basis exists for withholding, information is not
to be withheld unless it need be.

I also request that fees be waived because Mr. Gilmore should
be deemed a media requester by your agency for FOIA purposes,
and because the public interest would be furthered by a fee waiver.


The D.C. Circuit Court of Appeals has held that "a
representative of the news media is, in essence, a person or entity
that gathers information of potential interest to a segment of the
public, uses its editorial skills to turn the raw materials into a
distinct work, and distributes that work to an audience." National
Security Archive v. Department of Defense, 880 F.2d 1381, 1387
(D.C.Cir. 1989), cert. denied 494 U.S. 1029 (1990).

This definition applies strongly to Mr. Gilmore, who is a co-
founder and director of the Electronic Frontier Foundation (EFF), a
Washington, D.C.-based public interest organization. The EFF has
been intimately involved in policy discussions concerning key
escrow encryption and distributes information to the public by
newsletter and electronic distribution about this and other topics
involving civil liberties. Mr. Gilmore is also a skilled computer
programmer who has spent the last ten years distributing his work
for public use to a worldwide audience on the Internet and the
Usenet.

Mr. Gilmore is also entitled to a fee waiver because "disclosure
of the information is in the public interest because it is likely to
contribute significantly to public understanding of the operations
or activities of the government and is not primarily in the
commercial interest of the requester."

There exists a tremendous public debate over the wisdom and
legality of the key escrow encryption plan, as I am sure you are
well aware. Your agency's database is clearly an operation of the
government in which the public has a great interest. The Vice
President himself has publicly expressed doubt about the
delegating key escrow responsibilities to agencies which are part of
the executive branch. The information requested herein relates to
such doubt. This information is not yet in the public record, so the
request makes a substantial contribution to the public
understanding.

This request is not primarily in the commercial interest of Mr.
Gilmore. He will not benefit financially from this information in
any way. He intends to disseminate the requested records widely
and freely to inform this public debate.

Should there be any problem in this regard, Mr. Gilmore
promises to pay up to $1000 in fees, and you should therefore
begin processing of this request without fee-related delays.

As provided under the FOIA, I will expect a reply within ten
(10) working days.


Sincerely,



Lee Tien
Attorney at Law
On behalf of Mr. John Gilmore

________________________________________________________________________

The SURFPUNK Technical Journal is a dangerous multinational hacker zine
originating near BARRNET in the fashionable western arm of the northern
California matrix. Quantum Californians appear in one of two states,
spin surf or spin punk. Undetected, we are both, or might be neither.
________________________________________________________________________

Submissions: <surfpunk@versant.com>,
Subscriptions: <surfpunk-request@versant.com>.
Backissues: ftp://ftp.yak.net/pub/surfpunk
also ftp://ftp.eff.org/pub/Publications/CuD/Surfpunk/
________________________________________________________________________
________________________________________________________________________





Vice President Al Gore's comments:


By Jay Levin (C) 1994
From New York Unix Vol 4 #3.
WASHINGTON, Feb 11

Under the Clipper plan, the keys would be stored at the
Treasury Department and the National Insitute of Standards and
Technology (NIST), whic is part of the Commerce Department.
Both Treasury and Commerce are from the same branch of
government, the executive branch.

"When I saw that I said 'Wow. That is not right,' and I raised
hell about that," Gore said in an interview Thursday.

Having the key holders from the same branch of government
raises concern because there is no systems of checks and
balances, Gore said. "That's going to be changed," he said.

... The selection of NIST and Treasury "was spun out of the process
at the low level and was not vetted at the top," Gore said.
Gore's comments were made after appearing before the first
meeting of a private sector advisory panel on the development
of a "national information infrastructure" in Washington, D.C.






From: Carl Ellison <cme@sw.stratus.com>


>The FBI and the Justice Department say the initiative would
>not expand their power, but would ensure access to the type of
>communications they have been entitled to tap for years.


This is totally bogus.

The FBI has never had the right to watch computer programs
execute. Now that computer programs are being written as
distributed systems, what was originally written to be an
internal subroutine call can look like a message over the phone
system.

The FBI never had the right to bug corporate conference rooms.
Now that companies are using videoconferencing, a private
corporate conference could look like a phone call.

Etc.

This needs to be fought.

- Carl




To: cypherpunks@toad.com
Subject: SQUISH

I just received a notice concerning your game. Please send me
some more information on how to join/play as well as any rules.
Thanks,
Jeff





← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT