In his LA speech, Gore called the development of the NII “a revolution.” And it is a revolutionary war we are engaged in here. Clipper is a last ditch attempt by the United States, the last great power from the old Industrial Era, to establish imperial control over cyberspace. If they win, the most liberating development in the history of humankind could become, instead, the surveillance system which will monitor our grandchildren’s morality. We can be better ancestors than that.
--John Perry Barlow, “Jackboots on the Infobahn.” Wired, April 1994
The Clinton administration has adopted the chip, which would allow law enforcement agencies with court warrants to read the Clipper codes and eavesdrop on terrorists and criminals. But opponents say that, if this happens, the privacy of law-abiding individuals will be a risk. They want people to be able to use their own scramblers, which the government would not be able to decode. If the opponents get their way, however, all communications on the information highway would be immune from lawful interception. In a world threatened by international organized crime, terrorism, and rogue governments, this would be folly.
--Dorothy Denning, “The Clipper Chip will block crime.” Newsday, February 22, 1994
Of course there are people who aren’t prepared to trust the escrow agents, or the courts that issue warrants, or the officials who oversee the system, or anybody else for that matter. Rather than rely on laws to protect us, they say, let’s make wiretapping impossible; then we’ll be safe no matter who gets elected. This sort of reasoning is the long-delayed revenge of people who couldn’t go to Woodstock because they had too much trig homework. It reflects a wide – and kind of endearing – streak of romantic high-tech anarchism that crops up throughout the computer world.
--Stewart Baker, “Don’t Worry Be Happy: Why Clipper Is Good For You.” Wired, June, 1994
Overview of Clipper During 1994
The debate over the Digital Telephony Bill was carried out in the shadow of the much more public controversy over the Clipper Chip, which was authorized by the Clinton White House in April, 1993, and emerged as a full-fledged approved program – the Escrowed Encryption Standard (EES) – in February, 1994. Clipper, developed by the NSA, was system of encryption for telephone communications. It provided security through encryption, but arranged for the encryption keys to be held (in “escrow”) by the government, so that they could be obtained for conducting wiretaps. This was to be accomplished through a special chip (the Clipper Chip) that would be installed in every telephone.
- Classified Presidential Directive (PDF) of April 15, 1993, authorizing the Clipper initiative.
- Public announcement (PDF) of the Clipper initiative, April 16, 1993.
Clipper sparked enormous criticism. In addition to the overall issues about encryption and wiretapping, the specific proposal had fatal flaws:
- The encryption algorithm to be used, called Skipjack, was classified. (According to the NSA, publishing such a high-quality algorithm would be detrimental to national security.) This meant that Clipper implementations must be done in hardware, and, moreover, with expensive tamper-proof chips.
- Clipper phones would not interoperate with other phones. As a consequence, there is little economic incentive for anyone to buy one.
- Keys would be held by government agencies in such a way as to require a complex, centralized, expensive infrastructure. In addition, the checks and balances that would protect against unauthorized invasions of privacy by overzealous law-enforcement officials, or against disclosure of keys to criminal elements from corrupt officials were never adequately clarified.
These flaws were so serious that in retrospect it one wonders whether the NSA was so naïve as to seriously believe that Clipper would be adopted, or whether they merely put it forth as a ploy to elicit the emergence of practical proposals. In addition, there were several embarrassing developments, including the discovery of an attack on the Clipper protocol by Matt Blaze of Bell Labs, which would permit a determined hacker to subvert the escrow provisions of a Clipper phone (the NSA said they had known that all along) and the announcement by Prof. Silvio Micali of MIT that he held a patent on the key-splitting technique used in Clipper (the National Institute of Standards and Technology bought him off by licensing the patent).
In any event, by July of 1994 the Administration was already backing away from Clipper (note the July 20th letter from Vice President Gore and the follow-up articles in the news items from 1994) in favor of software-based “key escrow”, which is the subject of the next section this essay.
More Detailed Information on Clipper in 1994
Although the details of Clipper changed in subsequent proposals, the debates during 1994 are still very pertinent, since they surfaced the general issues concerning government control of cryptography.
Papers, Articles, and Comments
- Barlow, John Perry. “Jackboots on the Infobahn.” Wired, April 1994. This is Barlow’s reaction to the reintroduction of the Clipper initiative early in 1994.
- Meeks, Brock. “The End of Privacy.” Wired, April 1994. Another early (and well written) anti-Clipper article.
- Stewart Baker, “Don’t Worry Be Happy: Why Clipper Is Good For You.” Wired, June 1994. Baker wrote this when he was Chief Legal Counsel for the National Security Agency. He has since returned to private practice at the law firm of Steptoe and Johnson, where he is an expert on the legal aspects of encryption and export.
- Dorothy E. Denning, “Resolving the Encryption Dilemma: The Case for Clipper”, Technology Review, July 1995. This article gives a good overview of the issues involved, and argues in favor of escrowed encryption.
- Inman, Bobby Ray. Report on government control of cryptography. Published in Internet Security Monthly, February 1995. Compiled by Rich Lethin (Adm. Inman is former director of the NSA.)
Here are some items culled from the Net during 1994. Skimming them in chronological order will give you a good feel for how the Clipper controversy evolved over that first year.
Clipper was the subject of many debates and panels. Here are two of them:
- “The Clipper Chip: Should the government control the master keys to electronic commerce?” Sponsored by The Association of the Bar of the city of New York, January 19, 1995.
- “MIT Panel on Clipper.” Sponsored by the MIT Center for Technology, Policy and Industrial Development, Communications Forum. September 29, 1994. (This panel is typical of the many debates over Clipper during 1994 and 1995.)
The Clipper debates engendered several significant studies of government encryption policy. (These are of historical interest in tracking the debate, but they are largely superseded by the 1996 report of the National Research Council.)
- Information Security and Privacy in Networked Environments was a major report released by the Office of Technology Assessment in September, 1994. This gives a comprehensive overview of cryptography and security issues, with emphasis on the potential policy actions to be undertaken by Congress. Chapter 4 contains a good, unbiased overview of Escrowed Encryption Standard (Clipper) and US export controls on cryptography. A summary of the report can be found here (PDF).
In June 1995, the OTA issued an update of the study that reviewed main points of the report and updated it in light of developments in the government and in the private sector during the second half of 1994 and the first half of 1995. A summary of the update can be found here (PDF).
- Codes, Keys and Conflicts is a Report of a Special Panel of the Association for Computing Machinery’s U.S. Public Policy Committee (USACM), June 1994. This study, sponsored by the ACM, is a(nother) comprehensive overview of the issues and options involved. Rumor has it that the study was originally supposed to make recommendations, but the panel could not agree, so it restricted itself to laying out the options. Simultaneously with an ACM press release, the USACM issued a separate press release calling for Clipper to be withdrawn. The two different press releases, one neutral and one anti-Clipper, by what seemed to be the same organization, caused a lot of confusion and a lot of flaming on the Net.
- Lance Hoffman, Building in Big Brother: The cryptographic policy debate, Springer-Verlag, 1995. This book of readings and source material collects together most of the important documents and articles on Clipper and export policy that appeared up to the beginning of 1995. (Many of these are also on line in the archives for this class.)
EPIC’s FOIA Request and Lawsuit
In August 1995, the Electronic Privacy Information Center obtained documents under the Freedom of Information Act revealing that the FBI had concluded in 1993 that the Clipper initiative could succeed only if alternative security techniques were outlawed, and planned to push for such legislation (which they have since done). The existence of these plans, even while while the Administration was assuring people throughout 1994 that there were no plans to impose domestic control of encryption, has led to an atmosphere of distrust that continues to envelop the encryption debate. Here is EPIC’s press release. In September 1995, EPIC filed a lawsuit against the NSA challenging the “national security” classification of information concerning the Clipper Chip and the underlying Skipjack algorithm.
More Sources on Clipper
The Clipper/EES/Capstone/Tessera/Key Escrow Archive maintained by the Electronic Frontier Foundation contains extensive source material on Clipper from 1993 and 1994.
Next section of this essay: 1995-97: From Clipper to Key Recovery