From: Duncan Frissell <frissell@panix.com>
Date: Mon, 28 Mar 94 07:48:24 PST
To: CYPHERPUNKS@toad.com
Subject: NSA in the WSJ
Message-ID: <199403281548.AA15995@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


From:  The Wall Street Journal, Tuesday March 22, 1994, p. B1


TECHNOLOGY


Clipper Chip Is Your Fried, NSA Contends

NSA Seeks to Dispel Misgivings of Public About Clipper Chip


By Bob Davis

Staff Reporter of The Wall Street Journal.

FORT MEADE, Md. --- The National Security Agency wants everyone to know
that its new computer-security system will protect individual privacy.
But as the spy agency knows, hardly anyone believes that.

Critics fear the government will use the NSA technology, designed in
secret, to spy on Americans.  The project "is a focal point for the
distrust of government," acknowledges Clinton Brooks, the NSA scientist
who led the so-called Clipper Chip project, in the agency's first
interview on the subject.

The Clinton administration last month adopted the NSA plan for a series
of computer chips that would protect telephones and computers.  Use
of the technology would be voluntary.  Federal agencies would adopt it
first, and public use is expected to spread gradually.

Under the plan, cryptographic "keys" that could unscramble the
communications would be split in two and held separately at the Treasury
Department and the National Institute of Standards and Technology.  That
way, law-enforcement agents could tap the communications by getting court
authorization to obtain the two halves.  The idea is to boost security
but to keep the technology out of the hands of criminals and spies.

The NSA is the world's biggest eaves-dropper.  Equipped with the latest
in super-computers and satellite receivers, it targets communications by
foreign governments.  The agency shuns publicity but agreed to the
interview to explain its role in the Clipper controversy and try to
dispel fears.  Mr. Brooks, a 26-year veteran of the NSA, says the project
began in 1989 and cost more than $2.5 million.

He says the NSA is consumed with what it calls the "equities problem" ---
how to balance privacy rights against the needs of law enforcement,
national security and private industry.  In 1989, he and Raymond Kammer,
deputy director of NIST, began discussions about how to improve computer
security without making it impenetrable to police.  NIST is a Commerce
Department agency with formal responsibility for unclassified computer
security.

Before the interview, Mr. Brooks takes a look around a small cryptographic
museum just outside the NSA's gates.  He stands before an exhibit of
Enigma machines, used by the Germans during World War II to encrypt
messages --- and later broken by Allied intelligence.  Enigma started as
a commercial product; recognizing its military value, the Nazis pulled
it off the market.  "That was the concern we're wrestling with today,"
Mr. Brooks says --- commercial encryption technology becoming so good that
U.S. spy agencies can't crack it.

In 1989, NIST and the NSA put together an eight-person team, split evenly
between the agencies, to quietly work out security concepts.  The team
decided against using a weak encryption code --- "Roman Numeral One is
that it had to be good security," says Mr. Brooks.  And it also rejected
a so-called trapdoor approach, in which the computer code would be
designed so it would have a weak spot --- a trapdoor --- that federal
agencies could enter via computer to tap the communications.  Someone else
could discover the trapdoor, they decided.

The team settled on a system with a powerful encryption formula, called
an algorithm, and encryption keys that would be held by outsiders.  Law-
enforcement agencies could get copes of the keys when they needed to bug
the conversations.  The toughest decision, both Mr. Brooks and Mr. Kammer
say, was to keep the algorithm, dubbed the Skipjack, secret.  That meant
the public wouldn't know for sure whether the NSA had inserted a trapdoor
or some other eavesdropping device.

"It would defeat the purpose [of the project] if we gave the knowledge
of how the algorithm worked" to the public, says the 56-year-old Mr.
Brooks.  "It was going to have to be kept classified."  Otherwise, he
explains, engineers could use the algorithm to design computer-security
systems that the government's encryption keys couldn't unlock.

By 1990, he says, as many as 30 NSA "cryptomathematicians" and other
employees were working to perfect the algorithm and other features.  A
year later, the NSA launched what it called the Capstone Project to build
the algorithm into a computer chip.  The NSA contracted with Mykotronx
Inc., a small company in Torrance, Calif., to do much of the development.
By September 1992, the NSA was confident the system would work.

None too early for the NSA.  Earlier that year, Mr. Brooks says, American
Telephone & Telegraph Co. informed the NSA that it wanted to sell a
phone using a popular encryption technology to scramble conversations.
The NSA balked.  "We said it probably wouldn't get an export license
from this country," Mr. Brooks says.  Instead, AT&T was told of the
Capstone work and agreed to use the technology if it became a federal
standard and was exportable, he says.  The NSA then took some of the
functions of the Capstone chip and tailored it to phone equipment, calling
the resulting product the Clipper Chip.  For computers, Capstone was
encased on a computer card that became known as Tessera.

The the Bush administration, enmeshed in a re-election bid, never pushed
Capstone.  So shortly after the election, National-security heavyweights
importuned the Clinton transition team to move quickly on Capstone.  Just
weeks after the inauguration, the new administration's national-security
team was debating the NSA proposal and in April announced to the public
that it would adopt the scheme.

Last month, the administration gave the final go-ahead --- despite
withering criticism from industry.  Vice President Gore called encryption
a "law and order issue."  NIST's Mr. Kammer says the new administration
was also trying to line up backing among national-security officials to
liberalize export controls on computer equipment and other high-tech
gear.

The high-tech industry was stunned at the decision.  David Peyton, vice
president of the Information Technology Association of America, a trade
group of computer companies, says the scheme will dangerously centralize
power in the federal government and will limit exports.  James Bidzos,
president of a computer-security firm, RSA Data Security Inc., goes
further.  He posted a letter on the Internet computer network arguing
that Clipper may be the "visible portion of a large-scale covert
operation on U.S. soil by NSA."

Nonsense, responds Mr. Brooks, who says he is distressed by the
"emotionalism" of the arguments.  "The only reason we're involved is
that we have the best cryptomathematicians in the country."

--- WinQwk 2.0b#1165