From: Mike Godwin <mnemonic@eff.org>
Date: Thu, 3 Mar 94 09:38:00 PST
To: cypherpunks@toad.com (cypherpunks)
Subject: Internet World article on Clipper
Message-ID: <199403031738.MAA16760@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


 
 A Chip Over My Shoulder:
 The Problems With Clipper
 
 Column for July 1994 issue of Internet World
 By Mike Godwin
 
 
 
 "Only in a police state is the job of a policeman easy."
 --Orson Welles 
 
 
 Your government is deeply troubled by the possibility that you can keep a
 secret.
 
 Or, to put it more precisely, the government is disturbed by the prospect
 of widespread powerful encryption tools in individual hands. Once you can
 keep your communications and data truly secret, officials worry, the value
 of wiretapping, an important law-enforcement and intelligence tool, will
 evaporate.
 
 It's unclear whether the government's arguments are valid. But regardless
 of whether they are, the government's latest efforts to prevent us from
 adopting powerful and uncrackable encryption technologies raise serious
 questions about personal liberty, the role of government, and the
 possibility of privacy in the 21st century.
 
 If you're not already familiar with these efforts, here's an update. The
 Clinton Administration has embarked on an ambitious plan to prevent a mass
 market for uncrackable encryption from arising. The first step in this
 plan has already been announced:  the Administration has called for the
 entire federal government to adopt the Clipper Chip--an encryption
 standard with a "back door"--for communications and data security.  In
 addition, the government has declared its intention to use every legal
 method short of outright prohibition to discourage alternative forms of
 encryption technology.
 
 "Just what is this Clipper Chip?" you may be wondering. The short answer
 is: the chip is an encryption device, developed to National Security
 Agency specs, that keeps your communications and data secret from everyone
 ... except the government. 
 
 To understand how the chip works, you need to look at what officials call
 its  "key escrow encryption method." Manufactured by a private company
 called Mykotronix, the chip uses an NSA-developed algorithm called
 "Skipjack, " which, by all accounts so far, is a remarkably powerful
 algorithm. But the chip also includes the "feature" that its primary
 encryption key can be divided up mathematically into two "partial keys."
 The government proposes that each partial key be held by a separate
 government agency--the Administration has picked the Department of the
 Treasury and the National Institute of Standards and Technology
 (NIST)--from which the keys can be retrieved when government officials
 obtain a wiretap order. 
 
 The NSA and the FBI love this idea. With the Clipper Chip in your phone or
 computer, they believe, you have the power to keep your information
 private from crooks and industrial spies and anyone else who wants to
 pry--except of course for law enforcement and the NSA. Law enforcement and
 intelligence agencies would be barred from seeking those escrowed keys in
 the absence of legal authorization, normally a court order. "And of course
 you needn't worry about us," say government officials. "We're here to
 protect you."
 
 	Chips Off the New Block
 
 The current initiative has been a long time coming. It was in April of
 last year the Clinton Administration first announced Clipper--the
 announcement was met with a public outcry from civil-liberties and
 industry groups. Civil libertarians were concerned about the government's
 insistence on its need to prevent citizens from having access to truly
 unbreachable privacy technologies. Computer and telecom industry leaders
 worried about a standard that might crush a potentially vital market in
 such technologies.
 
 At first the Administration expressed a willingness to listen. The Digital
 Privacy and Security Working Group, a coalition of industry and
 public-interest organizations headed by the Electronic Frontier
 Foundation, outlined its objections and expressed the hope of engaging in
 talks with the Administration about the issue. In early February of this
 year, however, the Clinton Administration and various agencies announced
 to the world that, in spite of the grave misgivings of civil-liberties and
 industry groups, it would be proposing the Clipper Chip's encryption
 scheme as a new Federal Information Processing Standard (FIPS). The
 standard, stresses the government, will be entirely "voluntary"--but the
 government plans to use export-control laws and other methods to frustrate
 the market for any competitive form of encryption technology.
 
 Current export-control laws restrict the sales in foreign controls of
 encryption hardware and software. The laws have not been entirely
 effective in keeping commercial encryption technologies out of foreign
 hands--it's possible these days to buy encryption products in Moscow, for
 example. But the laws do succeed in deterring the American software
 industry from developing powerful and easy-to-use encryption products,
 since any company that does so is denied the right to sell the product on
 the global market.
 
 Still, if Clipper is voluntary, you may ask, what does it matter to
 *individuals *what standard the government adopts? The government also
 adopted the ADA programming language, after all, yet there are still
 people programming in all sorts of languages, from BASIC to C++. The
 answer is simple--"freedom of choice" is meaningful only if there are real
 choices. The government's export-control strategy is designed to make sure
 that there aren't any choices. If commercial software companies aren't
 allowed to sell encryption to the world market, they're unlikely to
 develop strong, easy-to-use alternatives to Clipper. And that means
 individuals won't have access to alternatives.
 
 Now, it's perfectly possible, in theory, to thwart the government-approved
 Clipper scheme by using a non-commercial encryption application, such as
 PGP, to pre-encrypt your messages before sending them through
 Clipper-equipped devices. But PGP and other products, because of their
 slowness or difficulty, are never likely to expand beyond the circle of
 hobbyists that enthusiastically support them. For encryption products to
 give rise to a genuine consumer market, they have to be quick and almost
 transparently easy to use. 
 
 The government knows this, which is why their focus is on nipping
 (clipping?) the commercial encryption software market in the bud. It's the
 commercial market that really matters.
 
 	The government's side
 
 When asked to substantiate the need for Clipper, or the threat of
 unbreakable encryption, the government often talks about crime prevention.
 As a practical matter, however, wiretaps are almost always used *after*
 crimes are committed--to gather evidence about the individuals the
 government already suspects to have been involved in a crime. So, the
 hypothetical cases involving nuclear terrorism or murder-kidnappings
 aren't really convincing--it's the rare case in which a wiretap prevents a
 crime from occurring. As a practical matter, the single most important
 asset to law enforcement is not wiretaps but informants. And nothing about
 unbreakable encryption poses the risk that informants are going to
 disappear.
 
 One of the more rational statements of the government's case for Clipper
 comes from my friend Trotter Hardy, a law professor at William and Mary,
 who writes:
 
 "The government's argument, I take it, is that the benefit is law
 enforcement.  That strikes me as at least as great a benefit as minimum
 wage laws; perhaps more, since it protects everybody (at least in theory),
 whereas [minimum] wage laws primarily benefit their recipients.  Maybe EPA
 regs are the better analogy: everybody gets reduced pollution; with
 Clipper, everybody gets reduced criminal activity.  Is that not a
 reasonable trade-off?"
 
 But the problem is that the government refuses to be forthcoming as to
 what  kind of trade-off we're talking about. According to government
 statistics, there are fewer than 1000 state and federal law-enforcement
 wiretaps per year, and only of a minority of these wiretaps leads to
 convictions. Yet we are being asked to abandon the chance for true privacy
 and to risk billions of dollars in trade  losses when there has never been
 shown to be any crime associated with  uncrackable encryption whatsoever.
 
 And we're also being asked to believe that the kind of criminals who are
 smart enough to use encryption are dumb enough to choose the one kind of
 encryption that the government is guaranteed to be able to crack.
 
 Moreover, there are fundamental political issues at stake. This country
 was founded on a principle of restraints on government. A system in which
 the privacy of our communications is contingent on the good faith of the
 government, which holds all the encryption keys, flies in the face of what
 we have been taught to believe about the structure of government and the
 importance of individual liberty.
 
 In short, the government fails to make its case in two separate
 ways--pragmatically and philosophically.
 
 Trotter goes on to write: 
 
 ".... I don't think the government cares whether an accountant in India
 can password protect a  spreadsheet.  I would guess that even Clipper or
 DES [the government's current Digital Encryption Standard] or whatever
 would be more than enough protection for such a person. I think the
 government cares that it be able to detect foreign intelligence that is
 relevant to US security or interests. I am not sure where I come out on
 the question, but at the very least it seems to me that the government is
 reasonable in this desire."
 
 Yet there are some premises here that need to be questioned. Do we really
 suppose that "foreign intelligence" is dependent on the American software
 industry to develop its encryption tools? Diffie-Helman public-key
 encryption and DES are already available worldwide, yet  Microsoft can't
 export software that contains either form of encryption.
 
 No, the real issue is that, to the extent that a mass market arises for
 encryption products, it makes the NSA's job more difficult, and it may  at
 some future time make some investigations more difficult as well.
 
 When asked to quantify the problem, however, the government invariably
 begs off.  Instead, government spokespeople say, "Well, how would you feel
 if there were a  murder-kidnapping that we couldn't solve because of
 encryption?" To which  my answer is, "Well, I'd feel about the same way
 that I'd feel if there  were a murder-kidnapping that couldn't be solved
 because of the privilege  against self-incrimination."
 
 Which is to say, I understand that limits on government power entail  a
 loss in efficiency of law-enforcement investigations and
 intelligence-agency operations. Nevertheless, there is a fundamental
 choice we have to make about what kind of society we want to live in.
 Open societies, and societies that allow individual privacy, are  *less
 safe*. But we have been taught to value liberty more highly  than safety,
 and I think that's a lesson well-learned.
 
 What's more, we need to be able to engage in rational risk assessment, and
 that's  something that the government resists. Instead, the government
 subscribes to  the reasoning of Pascal's Wager. Pascal, you may recall,
 argued that the  rational man is a Christian, even if the chances that
 Christianity is true  are small. His reasoning is quasi-mathematical--even
 if the chances of  Christianity's truth are small, the consequences of
 choosing not to  be a Christian are (if that choice is incorrect)
 infinitely terrible.  Eternal torment, demons, flames, the whole works.
 
 This is precisely the way that the government talks about nuclear
 terrorism and murder-kidnappings. When asked what the probability is  of
 a) a nuclear terrorist, who b) decides to use encryption, and c)  manages
 otherwise to thwart counterterrorist efforts, they'll answer  "What does
 it matter what the probability is? Even one case is too  much to risk!" 
 
 But we can't live in a society that defines its approach to civil
 liberties  in terms of infinitely bad but low-probability events. Open
 societies are risky. Individual freedom and privacy are risky. If we are
 to make a  mature commitment to an open society, we have to acknowledge
 those risks  up front, and reaffirm our willingness to endure them.
 
 We face a choice now. After a century of technological development that
 has eroded our ability to keep our personal lives private, we finally
 possess, thanks to cheap computing power and advances in cryptography, the
 ability to take privacy into our own hands and make our own decisions
 about how much, and how well, to protect it. 
 
 This prospect is frightening to a government that has come to rely on its
 ability to reach into our private lives when it sees the need to do so.
 But I have faith that our society is not dependent on our government's
 right to mandate disclosure of our personal records and private
 communications--that a mature society can tolerate a large degree of
 personal privacy and autonomy. 
 
 It's a faith I hope you share.