From: Dave Banisar <banisar@washofc.cpsr.org>
Date: Sun, 6 Mar 94 11:06:16 PST
To: clipper@washofc.cpsr.org
Subject: Time Article on Clipper
Message-ID: <9403061401.AA55948@Hacker2.cpsr.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Time Magazine June 7, 1994


TECHNOLOGY 

WHO SHOULD KEEP THE KEYS?

The U.S. government wants the power to tap into every phone, fax and computer 
transmission

BY PHILIP ELMER-DEWITT

  Until quite recently, cryptography -- the science of making and breaking 
secret codes -- was, well, secret. In the U.S. the field was dominated by the 
National Security Agency, a government outfit so clandestine that the U.S. 
for many years denied its existence. The NSA, which gathers intelligence for 
national security purposes by eavesdropping on overseas phone calls and 
cables, did everything in its power to make sure nobody had a code that it 
couldn't break. It kept tight reins on the ''keys'' used to translate coded 
text into plain text, prohibiting the export of secret codes under U.S. 
munitions laws and ensuring that the encryption scheme used by business -- 
the so-called Digital Encryption Standard -- was weak enough that NSA 
supercomputers could cut through it like butter.

  But the past few years have not been kind to the NSA. Not only has its 
cover been blown, but so has its monopoly on encryption technology. As 
computers -- the engines of modern cryptography -- have proliferated, so have 
ever more powerful encryption algorithms. Telephones that offered nearly 
airtight privacy protection began to appear on the market, and in January 
U.S. computermakers said they were ready to adopt a new encryption standard 
so robust that even the NSA couldn't crack it. 

  Thus the stage was set for one of the most bizarre technology-policy 
battles ever waged: the Clipper Chip war. Lined up on one side are the three-
letter cloak-and-dagger agencies -- the NSA, the CIA and the FBI -- and key 
policymakers in the Clinton Administration (who are taking a surprisingly 
hard line on the encryption issue). Opposing them is an equally unlikely 
coalition of computer firms, civil libertarians, conservative columnists and 
a strange breed of cryptoanarchists who call themselves the cypherpunks. 

  At the center is the Clipper Chip, a semiconductor device that the NSA 
developed and wants installed in every telephone, computer modem and fax 
machine. The chip combines a powerful encryption algorithm with a ''back 
door'' -- the cryptographic equivalent of the master key that opens 
schoolchildren's padlocks when they forget their combinations. A ''secure'' 
phone equipped with the chip could, with proper authorization, be cracked by 
the government. Law-enforcement agencies say they need this capability to 
keep tabs on drug runners, terrorists and spies. Critics denounce the Clipper 
-- and a bill before Congress that would require phone companies to make it 
easy to tap the new digital phones -- as Big Brotherly tools that will strip 
citizens of whatever privacy they still have in the computer age. 

  In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich 
Partners, two-thirds said it was more important to protect the privacy of 
phone calls than to preserve the ability of police to conduct wiretaps. When 
informed about the Clipper Chip, 80% said they opposed it.

  The battle lines were first drawn last April, when the Administration 
unveiled the Clipper plan and invited public comment. For nine months 
opponents railed against the scheme's many flaws: criminals wouldn't use 
phones equipped with the government's chip; foreign customers wouldn't buy 
communications gear for which the U.S. held the keys; the system for giving 
investigators access to the back-door master codes was open to abuse; there 
was no guarantee that some clever hacker wouldn't steal the keys. But in the 
end the Administration ignored the advice. In early February, after computer-
industry leaders had made it clear that they wanted to adopt their own 
encryption standard, the Administration announced that it was putting the NSA 
plan into effect. Government agencies will phase in use of Clipper technology 
for all unclassified communications. Commercial use of the chip will be 
voluntary -- for now.

  It was tantamount to a declaration of war, not just to a small group of 
crypto-activists but to all citizens who value their privacy, as well as to 
telecommunications firms that sell their products abroad. Foreign customers 
won't want equipment that U.S. spies can tap into, particularly since 
powerful, uncompromised encryption is available overseas. ''Industry is 
unanimous on this,'' says Jim Burger, a lobbyist for Apple Computer, one of 
two dozen companies and trade groups opposing the Clipper. A petition 
circulated on the Internet electronic network by Computer Professionals for 
Social Responsibility gathered 45,000 signatures, and some activists are 
planning to boycott companies that use the chips and thus, in effect, hand 
over their encryption keys to the government. ''You can have my encryption 
algorithm,'' said John Perry Barlow, co-founder of the Electronic Frontier 
Foundation, ''when you pry my cold dead fingers from my private key.''

  The seeds of the present conflict were planted nearly 20 years ago, when a 
young M.I.T. student named Whitfield Diffie set out to plug the glaring 
loophole in all traditional encryption schemes: their reliance on a single 
password or key to encode and decode messages. Ultimately the privacy of 
coded messages is a function of how carefully the secret decoder keys are 
kept. But people exchanging messages using conventional coding schemes must 
also find a way to exchange the key, which immediately makes it vulnerable to 
interception. The problem is compounded when encryption is employed on a vast 
scale and lists of keys are kept in a central registry.

  Diffie's solution was to give everybody two keys -- one that could be 
widely distributed or even published in a book, and a private key known only 
to the user. For obscure mathematical reasons, a message encoded with either 
key could be decoded with the other. If you send a message scrambled with 
someone's public key, it can be turned back into plain text only with that 
person's private key.

  The Diffie public-key encryption system could solve one of the big problems 
facing companies that want to do business on the emerging information 
highway: how to collect the cash. On a computer or telephone network, it's 
not easy to verify that the person whose name is on a credit card is the one 
who is using it to buy a new stereo system -- which is one of the reasons 
catalog sales are rife with fraud. But if an order confirmation encoded with 
someone's public key can be decoded by his or her private key -- and only his 
or her private key -- that confirmation becomes like an unforgeable digital 
signature.

  However, public-key encryption created a headache for the NSA by giving 
ordinary citizens -- and savvy criminals -- a way to exchange coded messages 
that could not be easily cracked. That headache became a nightmare in 1991, 
when a cypherpunk programmer named Phil Zimmermann combined public-key 
encryption with some conventional algorithms in a piece of software he called 
PGP -- pretty good privacy -- and proceeded to give it away, free of charge, 
on the Internet.

  Rather than outlaw PGP and other such programs, a policy that would 
probably be unconstitutional, the Administration is taking a marketing 
approach. By using its purchasing power to lower the cost of Clipper 
technology, and by vigilantly enforcing restrictions against overseas sales 
of competing encryption systems, the government is trying to make it 
difficult for any alternative schemes to become widespread. If Clipper 
manages to establish itself as a market standard -- if, for example, it is 
built into almost every telephone, modem and fax machine sold -- people who 
buy a nonstandard system might find themselves with an untappable phone but 
no one to call. 

  That's still a big if. Zimmermann is already working on a version of PGP 
for voice communications that could compete directly with Clipper, and if it 
finds a market, similar products are sure to follow. ''The crypto genie is 
out of the bottle,'' says Steven Levy, who is writing a book about 
encryption. If that's true, even the nsa may not have the power to put it 
back.

Reported by David S. Jackson/San Francisco and Suneel Ratan/Washington


Copyright 1994 Time Inc. All rights reserved.


Transmitted:  94-03-06 13:04:08 EST