From: nobody@shell.portal.com
Date: Fri, 15 Apr 94 00:43:42 PDT
To: cypherpunks@toad.com
Subject: Why the Clipper's Not Likely to Chip Away at Privacy
Message-ID: <199404150744.AAA26542@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


----------------------------------------------------------------------
Reproduced without permission.
======================================================================
The Los Angeles Times
Thursday, April 14, 1994, p.D1 - Business
======================================================================
INNOVATION
======================================================================
    Why the Clipper's Not Likely to Chip Away at Privacy
    By Michael Schrage

    JGVD BOSF BEUI JUZP VTIP VMEX PSLG PSUI FOTB...
...or maybe you shouldn't.  But there should be no doubt that the
Clinton Administration's confused Clipper chip initiative threatens to
turn every American who cares about privacy into a practicing digital
cryptographer.  Which may very well be a good thing, but perhaps not
in quite the way this Administration intended.

    Some background: One year ago, President Clinton signed an
executive order that authorized the creation of an optional federal
standard for secure voice and data communications.  Rather than go
with a commercially available encryption scheme, the government chose
to use one effectively developed by the National Security Agency
(America's Capital of Cryptanalysis).

    A specially designed silicon chip called Clipper would be the tool
to encrypt and decode these communications.  Clipper would ultimately
be built into the telephones the government procured.  Hey, why
shouldn't the government have secure internal communications?

    But creating a new encryption standard for federal use apparently
didn't go far enough.  The feds -- aggressively encouraged by the
national security and law enforcement communities -- agreed to market
Clipper as an alternate encryption standard and an essential high-tech
ingredient in the global War Against Crime.

    The NSA, the Justice Department and the FBI have publicly
encouraged global corporations, such as banks, to adopt Clipper as
their own encryption standard.  To absolutely, positively assure that
no one in the government would ever improperly eavesdrop on Clipper-
ized conversations -- that could never happen, could it? -- the
Administration offered an elaborate scheme of safeguards whereby law
enforcement officers who managed to get a warrant would have to go to
two separate agencies to get the software keys to unlock the relevant
Clipper code.

    Needless to say, the civil libertarians have gone ballistic over
this effort by the government to build an infrastructure that
technologically empowers it to more easily listen in on human-to-human
and computer-to-computer communications.

    Scores of private companies have voiced their opposition to the
Clipper proposal (which, a harried spokeswoman for the National
Institute of Standards and Technology swears up, down and sideways, is
really "optional, optional, *optional*!").  Essentially, the public
relations campaign for Clipper has been about as intelligently handled
as Whitewater.

    Put the vital issues of privacy and civil liberties aside,
however, and, on purely pragmatic terms, the Clipper initiative seems
to have been put together by people who behave as if they have no
understanding of privacy, technology or markets.

    In fact, the Clipper chip seems destined to produce exactly the
opposite effect of what was intended.  Instead of creating an
encryption standard that gives the government a fighting chance for
successful eavesdropping, the feds have encouraged the creation of an
encryption market to bypass the threat of government decryption.

    Put it this way:  Suppose the government issued you very strong
locks to protect your home against intrusion.  Now suppose the
government could get the keys to those locks only with a very special
warrant.  If you could buy your own powerful locks or alarm system for
just a few extra dollars, would you do it?  that's the question
confronting individuals and organizations who fear for their
telecommunications privacy today.

    Right now, you can go on the Internet and, at no cost, get an
encryption scheme called PGP (for Pretty Good Privacy) to protect you
electronic mail.  By the end of the year, predicts PGP creator Philip
Zimmerman, people will be able to participate in scrambled voice
communications using their personal computers as encryption boxes, for
far less than the cost of a Clipper.

    You can expect to see cryptography activists posting freeware or
shareware versions of their algorithms in the ongoing battle to assure
truly private communications in the face of government standards.  Who
knows?  Maybe Mitch Kapor's Electronic Frontier Foundation or the
Markle Foundation will fund such privacy initiatives.

    Now, unless the government actually makes such private encryption
illegal, Clipper is going to foment entrepreneurial digital
cryptographers feeding off the paranoid fantasies of individuals and
institutions that fear their communications might be compromised by
Big Brother.

    Does the slogan "If cryptography is outlawed, only outlaws will
have cryptography" ring a bell?

    As an internal government standard, Clipper is fine.  But without
regulating commercial cryptography, the Clipper chip is a wasteful,
impotent policy gesture.

    The economics of digital cryptography mean the marginal cost of
providing powerful encryption is going down even as the government
tries to seduce -- or require -- people to use its proffered standard.
 Clipper is economically obsolete even as you read this.

    This is so obvious to people in the cryptographic community that
they hardly discuss it.  But the fact is that digital cryptography has
proliferated to the point where Clipper is likely to be more of a
catalyst for innovation than an effective weapon against criminals.

    People truly concerned about government eavesdropping -- global
drug dealers, organized crime, hedge fund managers, munitions makers,
etc. -- are precisely the sort who would be willing to pay a few
hundred extra dollars to buy encryption software that foils or
bypasses a Clipper chip.  Talk with people in law enforcement about
the bypass option and they have no real response (although they are
fond of pointing out how stupid criminals can be when talking on the
phone).

    As long as there is a thriving market in commercial cryptography,
Clipper is unlikely to be a threat to our privacy or our criminals. 
It is, however, a definite threat to our respect for the government
technocrats who craft public policies that treat our privacy and our
technology marketplaces with a mix of such seeming ignorance and
contempt.

+----------------------------------------------------------------+
| Michael Schrage is a writer, consultant and research associate |
| at the Massachusetts Institute of Technology.  He writes this  |
| column independently for The Times.  He can be reached at      |
| schrage@latimes.com by electronic mail via the Internet.       |
+----------------------------------------------------------------+

<end>

======================================================================