884 lines
50 KiB
Markdown
884 lines
50 KiB
Markdown
---
|
|
created_at: '2018-01-04T14:51:28.000Z'
|
|
title: Battle of the Clipper Chip (1994)
|
|
url: http://www.nytimes.com/1994/06/12/magazine/battle-of-the-clipper-chip.html?pagewanted=all
|
|
author: Cieplak
|
|
points: 65
|
|
story_text:
|
|
comment_text:
|
|
num_comments: 19
|
|
story_id:
|
|
story_title:
|
|
story_url:
|
|
parent_id:
|
|
created_at_i: 1515077488
|
|
_tags:
|
|
- story
|
|
- author_Cieplak
|
|
- story_16070656
|
|
objectID: '16070656'
|
|
|
|
---
|
|
On a sunny spring day in Mountain View, Calif., 50 angry activists are
|
|
plotting against the United States Government. They may not look
|
|
subversive sitting around a conference table dressed in T-shirts and
|
|
jeans and eating burritos, but they are self-proclaimed saboteurs. They
|
|
are the Cypherpunks, a loose confederation of computer hackers, hardware
|
|
engineers and high-tech rabble-rousers.
|
|
|
|
The precise object of their rage is the Clipper chip, offically known as
|
|
the MYK-78 and not much bigger than a tooth. Just another tiny square of
|
|
plastic covering a silicon thicket. A computer chip, from the outside
|
|
indistinguishable from thousands of others. It seems improbable that
|
|
this black Chiclet is the focal point of a battle that may determine the
|
|
degree to which our civil liberties survive in the next century. But
|
|
that is the shared belief in this room.
|
|
|
|
The Clipper chip has prompted what might be considered the first holy
|
|
war of the information highway. Two weeks ago, the war got bloodier, as
|
|
a researcher circulated a report that the chip might have a serious
|
|
technical flaw. But at its heart, the issue is political, not technical.
|
|
The Cypherpunks consider the Clipper the lever that Big Brother is using
|
|
to pry into the conversations, messages and transactions of the computer
|
|
age. These high-tech Paul Reveres are trying to mobilize America against
|
|
the evil portent of a "cyberspace police state," as one of their
|
|
Internet jeremiads put it. Joining them in the battle is a formidable
|
|
force, including almost all of the communications and computer
|
|
industries, many members of Congress and political columnists of all
|
|
stripes. The anti-Clipper aggregation is an equal-opportunity club,
|
|
uniting the American Civil Liberties Union and Rush Limbaugh.
|
|
|
|
The Clipper's defenders, who are largely in the Government, believe it
|
|
represents the last chance to protect personal safety and national
|
|
security against a developing information anarchy that fosters
|
|
criminals, terrorists and foreign foes. Its adherents pose it as the
|
|
answer, or at least part of the answer, to a problem created by an
|
|
increasingly sophisticated application of an age-old technology:
|
|
cryptography, the use of secret codes.
|
|
|
|
For centuries, cryptography was the domain of armies and diplomatic
|
|
corps. Now it has a second purpose: protecting personal and corporate
|
|
privacy. Computer technology and advanced telecommunications equipment
|
|
have drawn precious business information and intimate personal
|
|
communications out into the open. This phenomenon is well known to the
|
|
current Prince of Wales, whose intimate cellular phone conversations
|
|
were intercepted, recorded and broadcast worldwide. And corporations
|
|
realize that competitors can easily intercept their telephone
|
|
conversations, electronic messages and faxes. High tech has created a
|
|
huge privacy gap. But miraculously, a fix has emerged: cheap,
|
|
easy-to-use, virtually unbreakable encryption. Cryptography is the
|
|
silver bullet by which we can hope to reclaim our privacy.
|
|
|
|
The solution, however, has one drawback: cryptography shields the law
|
|
abiding and the lawless equally. Law-enforcement and intelligence
|
|
agencies contend that if strong codes are widely available, their
|
|
efforts to protect the public would be paralyzed. So they have come up
|
|
with a compromise, a way to neutralize such encryption. That's the
|
|
Clipper chip and that compromise is what the war is about.
|
|
|
|
The idea is to give the Government means to override other people's
|
|
codes, according to a concept called "key escrow." Employing normal
|
|
cryptography, two parties can communicate in total privacy, with both of
|
|
them using a digital "key" to encrypt and decipher the conversation or
|
|
message. A potential eavesdropper has no key and therefore cannot
|
|
understand the conversation or read the data transmission. But with
|
|
Clipper, an additional key -- created at the time the equipment is
|
|
manufactured -- is held by the Government in escrow. With a
|
|
court-approved wiretap, an agency like the F.B.I. could listen in. By
|
|
adding Clipper chips to telephones, we could have a system that assures
|
|
communications will be private -- from everybody but the Government.
|
|
|
|
And that's what rankles Clipper's many critics. Why, they ask, should
|
|
people accused of no crime have to give Government the keys to their
|
|
private communications? Why shouldn't the market rather than Government
|
|
determine what sort of cryptosystem wins favor. And isn't it true that
|
|
the use of key escrow will make our technology so unattractive to the
|
|
international marketplace that the United States will lose its edge in
|
|
the lucrative telecommunications and computer fields? Clipper might clip
|
|
the entire economy.
|
|
|
|
Nonetheless, on Feb. 4 the White House announced its approval of the
|
|
Clipper chip, which had been under study as a Government standard since
|
|
last April, and the Crypto War broke out in full force. Within a month,
|
|
one civil liberties group, Computer Professionals for Social
|
|
Responsibility, received 47,000 electronic missives urging a stop to
|
|
Clipper. "The war is upon us," wrote Tim May, co-founder of the
|
|
Cypherpunks, in an urgent electronic dispatch soon after the
|
|
announcement. "Clinton and Gore folks have shown themselves to be
|
|
enthusiastic supporters of Big Brother."
|
|
|
|
And though the Clinton Administration's endorsement of Clipper as a
|
|
Government standard required no Congressional approval, rumblings of
|
|
discontent came from both sides of the Capitol. Senator Patrick J.
|
|
Leahy, the Vermont Democrat whose subcomittee has held contentious
|
|
hearings on the matter, has called the plan a "misstep," charging that
|
|
"the Government should not be in the business of mandating particular
|
|
technologies."
|
|
|
|
Two weeks ago, an AT\&T Bell Laboratories researcher revealed that he
|
|
had found a serious flaw in the Clipper technology itself, enabling
|
|
techno-savvy lawbreakers to bypass the security fuction of the chip in
|
|
some applications. Besides being a bad idea, Clipper's foes now say, it
|
|
doesn't even work properly.
|
|
|
|
Yet the defenders of Clipper have refused to back down, claiming that
|
|
the scheme -- which is, they often note, voluntary -- is an essential
|
|
means of stemming an increasing threat to public safety and security by
|
|
strong encryption in everyday use. Even if Clipper itself has to go back
|
|
to the drawing board, its Government designers will come up with
|
|
something quite similar. The underlying issue remains unchanged: If
|
|
something like Clipper is not implemented, writes Dorothy E. Denning, a
|
|
Georgetown University computer scientist, "All communications on the
|
|
information highway would be immune from lawful interception. In a world
|
|
threatened by international organized crime, terrorism and rogue
|
|
governments, this would be folly."
|
|
|
|
The claims from both sides sound wild, almost apocalyptic. The passion
|
|
blurs the problem: Can we protect our privacy in an age of computers --
|
|
without also protecting the dark forces in society?
|
|
|
|
The crypto war is the inevitable consequence of a remarkable discovery
|
|
made almost 20 years ago, a breakthrough that combined with the
|
|
microelectronics revolution to thrust the once-obscure field of
|
|
cryptography into the mainstream of communications policy.
|
|
|
|
It began with Whitfield Diffie, a young computer scientist and
|
|
cryptographer. He did not work for the Government, which was strange
|
|
because in the 1960's almost all serious crypto in this country was done
|
|
under Federal auspices, specifically at the Fort Meade, Md.,
|
|
headquarters of the supersecret National Security Agency. Though it
|
|
became bigger than the C.I.A., the N.S.A. was for years unknown to
|
|
Americans; the Washington Beltway joke was that the initials stood for
|
|
"No Such Agency." Its working premise has always been that no
|
|
information about its activities should ever be revealed. Its main
|
|
mission involved cryptography, and the security agency so dominated the
|
|
field that it had the power to rein in even those few experts in the
|
|
field who were not on its payroll.
|
|
|
|
But Whitfield Diffie never got that message. He had been bitten by the
|
|
cryptography bug at age 10 when his father, a professor, brought home
|
|
the entire crypto shelf of the City College library in New York. Then he
|
|
lost interest, until he arrived at M.I.T.'s Artifical Intelligence
|
|
Laboratory in 1966. Two things rekindled his passion. Now trained as a
|
|
mathematician, he had an affinity for the particular challenges of
|
|
sophisticated crypto. Just as important, he says, "I was always
|
|
concerned about individuals, an individual's privacy as opposed to
|
|
Goverment secrecy."
|
|
|
|
Diffie, now 50, is still committed to those beliefs. When asked about
|
|
his politics, he says, "I like to describe myself as an iconoclast." He
|
|
is a computer security specialist for Sun Microsystems, a celebrated
|
|
cryptographer and an experienced hand at Congressional testimony. But he
|
|
looks like he stumbled out of a Tom Robbins novel -- with blond hair
|
|
that falls to his shoulders and a longish beard that seems a virtual
|
|
trademark among code makers. At a Palo Alto, Calif., coffeehouse one
|
|
morning, he describes, in clipped, precise cadence, how he and Martin E.
|
|
Hellman, an electrical engineering professor at Stanford University,
|
|
created a crypto revolution.
|
|
|
|
Diffie was dissatisfied with the security on a new time-sharing computer
|
|
system being developed by M.I.T. in the 1960's. Files would be protected
|
|
by passwords, but he felt that was insufficient. The system had a
|
|
generic flaw. A system manager had access to all passwords. "If a
|
|
subpeona was served against the system managers, they would sell you
|
|
out, because they had no interest in going to jail," Diffie says. A
|
|
perfect system would eliminate the need for a trusted third party.
|
|
|
|
This led Diffie to think about a more general problem in cryptography:
|
|
key management. Even before Julius Caesar devised a simple cipher to
|
|
encode his military messages, cryptography worked by means of keys. That
|
|
is, an original message (what is now called "plaintext") was encrypted
|
|
by the sender into seeming gibberish (known as "ciphertext"). The
|
|
receiver, using the same key, decrypted the message back into the
|
|
original plaintext. For instance, the Caesar key was the simple
|
|
replacement of each letter by the letter three places down in the
|
|
alphabet. If you knew the key, you could encrypt the word help into the
|
|
nonsense word khos; the recipient of the message would decrypt the
|
|
message back to help.
|
|
|
|
The problem came with protecting the key. Since anyone who knew the
|
|
Caesar key would be able to understand the encoded message, it behooved
|
|
the Romans to change that key as often as possible. But if you change
|
|
the key, how do you inform your spies behind enemy lines? (If you tell
|
|
them using the old code, which may have already been cracked, your
|
|
enemies will then learn the new code.) For centuries, generals and
|
|
diplomats have faced that predicament. But a few years ago, it took on
|
|
added urgency.
|
|
|
|
With computers and advanced telecommunications, customers outside
|
|
Government were discovering a need for information security.
|
|
Cryptography was the answer, but how could it be applied widely,
|
|
considering the problem of keys? The best answer to date was something
|
|
called a key-management repository, where two parties who wanted secrecy
|
|
would go to a trusted third party who would generate a new key for the
|
|
private session. But that required just what Diffie deplored -- an
|
|
unwanted third wheel.
|
|
|
|
"The virtue of cryptography should be that you don't have to trust
|
|
anybody not directly involved with your communication," Diffie says.
|
|
"Without conventional key distribution centers, which involved trusting
|
|
third parties, I couldn't figure how you could build a system to secure,
|
|
for instance, all the phones in the country."
|
|
|
|
When Diffie moved to Stanford University in 1969, he foresaw the rise of
|
|
home computer terminals and began pondering the problem of how to use
|
|
them to make transactions. "I got to thinking how you could possibly
|
|
have electronic business, because signed letters of intent, contracts
|
|
and all seemed so critical," he says. He devoured what literature he
|
|
could find outside the National Security Agency. And in the mid-1970's,
|
|
Diffie and Hellman achieved a stunning breakthrough that changed
|
|
cryptography forever. They split the cryptographic key.
|
|
|
|
In their system, every user has two keys, a public one and a private
|
|
one, that are unique to their owner. Whatever is scrambled by one key
|
|
can be unscrambled by the other. It works like this: If I want to send a
|
|
message to Whit Diffie, I first obtain his public key. (For complicated
|
|
mathematical reasons, it is possible to distribute one's public key
|
|
freely without compromising security; a potential enemy will have no
|
|
advantage in code-cracking if he holds your public key alone.) Then I
|
|
use that key to encode the message. Now it's gobbledygook and only one
|
|
person in the world can decode it -- Whit Diffie, who holds the other,
|
|
private, key. If he wants to respond to me with a secret message, he
|
|
uses my public key to encode his answer. And I decode it, using my
|
|
private key.
|
|
|
|
It was an amazing solution, but even more remarkable was that this
|
|
split-key system solved both of Diffie's problems, the desire to shield
|
|
communications from eavesdroppers and also to provide a secure
|
|
electronic identification for contracts and financial transactions done
|
|
by computer. It provided the identification by the use of "digital
|
|
signatures" that verify the sender much the same way that a real
|
|
signature validates a check or contract.
|
|
|
|
Suddenly, the ancient limitations on cryptography had vanished. Now,
|
|
perhaps before the millennium, strong cryptography could find its way to
|
|
every telephone, computer and fax machine -- if users wanted it.
|
|
Subsequent variations on the Diffie-Hellman scheme focused on using
|
|
crypto algorithms to insure the anonymity of transactions. Using these
|
|
advances, it is now possible to think of replacing money with digital
|
|
cash -- while maintaining the comforting untraceability of bills and
|
|
coins. The dark art of cryptography has become a tool of liberation.
|
|
|
|
From the moment Diffie and Hellman published their findings in 1976, the
|
|
National Security Agency's crypto monopoly was effectively terminated.
|
|
In short order, three M.I.T. mathematicians -- Ronald L. Rivest, Adi
|
|
Shamir and Leonard M. Adleman -- developed a system with which to put
|
|
the Diffie and Hellman findings into practice. It was known by their
|
|
initials, RSA. It seemed capable of creating codes that even the N.S.A.
|
|
could not break. They formed a company to sell their new system; it was
|
|
only a matter of time before thousands and then millions of people began
|
|
using strong encryption.
|
|
|
|
That was the National Security Agency's greatest nightmare. Every
|
|
company, every citizen now had routine access to the sorts of
|
|
cryptographic technology that not many years ago ranked alongside the
|
|
atom bomb as a source of power. Every call, every computer message,
|
|
every fax in the world could be harder to decipher than the famous
|
|
German "Enigma" machine of World War II. Maybe even impossible to
|
|
decipher\!
|
|
|
|
The genie was out of the bottle. Next question: Could the genie be made
|
|
to wear a leash and collar? Enter the Clipper chip.
|
|
|
|
When illustrating the Government's need to control crypto, Jim
|
|
Kallstrom, the agent in charge of the special operations division of the
|
|
New York office of the F.B.I., quickly shifts the discussion to the
|
|
personal: "Are you married? Do you have a child? O.K., someone kidnaps
|
|
one of your kids and they are holding your kid in this fortress up in
|
|
the Bronx. Now, we have probable cause that your child is inside this
|
|
fortress. We have a search warrant. But for some reason, we cannot get
|
|
in there. They made it out of some new metal, or something, right?
|
|
Nothing'll cut it, right? And there are guys in there, laughing at us.
|
|
That's what the basis of this issue really is -- we've got a situation
|
|
now where a technology has become so sophisticated that the whole notion
|
|
of a legal process is at stake here\!"
|
|
|
|
Kallstrom is a former head of the Bureau Tech Squad, involved in the
|
|
bugging operation that brought John Gotti to justice. Some have
|
|
described him as the F.B.I.'s answer to "Q," the gadget wizard of the
|
|
James Bond tales.
|
|
|
|
"From the standpoint of law enforcement, there's a superbig threat out
|
|
there -- this guy is gonna build this domain in the Bronx now, because
|
|
he's got a new steel door and none of the welding torches, none of the
|
|
boomerangs, nothing we have is gonna blast our way in there. Sure, we
|
|
want those new steel doors ourselves, to protect our banks, to protect
|
|
the American corporation trade secrets, patent rights, technology. But
|
|
people operating in legitimate business are not violating the laws -- it
|
|
becomes a different ball of wax when we have probable cause and we have
|
|
to get into that domain. Do we want a digital superhighway where not
|
|
only the commerce of the nation can take place but where major criminals
|
|
can operate impervious to the legal process? If we don't want that, then
|
|
we have to look at Clipper."
|
|
|
|
Wiretapping is among law enforcement's most cherished weapons. Only 919
|
|
Federal, state and local taps were authorized last year, but police
|
|
agencies consider them essential to fighting crime. Obviously if
|
|
criminals communicate using military-grade cryptosystems, wiretapping
|
|
them becomes impossible.
|
|
|
|
For two years, the F.B.I. has been urging Congress to pass the proposed
|
|
Digital Telephony and Communications Privacy Act, which would in essence
|
|
require that new communications technologies be designed to facilitate
|
|
wiretapping. Even if the bill should somehow pass, overcoming the
|
|
opposition of the communications industry and civil libertarians, the
|
|
extra effort and expense will be wasted if the only thing the
|
|
wiretappers can hear is the hissy white noise of encrypted phone
|
|
conversations and faxes. If cryptography is not controlled, wiretapping
|
|
could be rendered obsolete. Louis J. Freeh, the Director of the F.B.I.,
|
|
surely fears that prospect. He has told Congress that preserving the
|
|
ability to intercept communications legally, in the face of these
|
|
technological advances, is "the No. 1 law enforcement, public safety and
|
|
national security issue facing us today."
|
|
|
|
Some people criticize Clipper on the basis that truly sophisticated
|
|
criminals would never use it, preferring other easily obtained systems
|
|
that use high-grade cryptography. Despite Clipper, kidnappers and drug
|
|
kingpins may construct Kallstrom's virtual fort in the Bronx with
|
|
impunity, laughing at potential wiretappers.
|
|
|
|
The Government understands the impossibility of eradicating strong
|
|
crypto. Its objective is instead to prevent unbreakable encryption from
|
|
becoming rountine. If that happens, even the stupidest criminal would be
|
|
liberated from the threat of surveillance. But by making Clipper the
|
|
standard, the Government is betting that only a tiny percentage of users
|
|
would use other encryption or try to defeat the Clipper.
|
|
|
|
At a rare public appearance in March at a conference on computers and
|
|
privacy, Stewart A. Baker, then general counsel of the National Security
|
|
Agency, tried to explain. "The concern is not so much what happens today
|
|
when people go in and buy voice scramblers," said Baker, a dapper,
|
|
mustached lawyer who worked as an Education Department lawyer in the
|
|
Carter Administration. "It is the prospect that in 5 years or 10 years
|
|
every phone you buy that costs $75 or more will have an encrypt button
|
|
on it that will interoperate with every other phone in the country and
|
|
suddenly we will discover that our entire communications network is
|
|
being used in ways that are profoundly antisocial. That's the real
|
|
concern, I think, that Clipper addresses. If we are going to have a
|
|
standardized form of encryption that is going to change the world, we
|
|
should think seriously about what we are going to do when it is
|
|
misused."
|
|
|
|
Not all law-enforcement experts believe that cryptography will unleash a
|
|
riot of lawlessness. William R. Spernow, a Sacramento, Calif., computer
|
|
crime specialist who works on a grant from the Federal Bureau of Justice
|
|
Assistance, has encountered a few cases in which criminals have
|
|
encrypted information unbreakably, including one involving a pedophile
|
|
who encrypted the identities of his young victims. Yet Spernow sees no
|
|
reason to panic. "In cases where there's encryption, the officers have
|
|
been able to make the case through other investigative means," he says.
|
|
"If we hustle, we can still make our cases through other kinds of police
|
|
work."
|
|
|
|
But crime is only part of the problem. What happens to national security
|
|
if cryptography runs free? Those who know best, officials of the
|
|
National Security Agency, won't say. When the agency's director, Vice
|
|
Adm. John M. McConnell testified before a Senate subcommittee on May 3,
|
|
he withheld comment on this question until the public hearing was
|
|
terminated and a second, classified session convened in a secure room.
|
|
|
|
Still, the effect of strong crypto on N.S.A. operations is not difficult
|
|
to imagine. The agency is charged with signals intelligence, and it is
|
|
widely assumed that it monitors all the communications between borders
|
|
and probably much of the traffic within foreign countries. (It is barred
|
|
from intercepting domestic communications.) If the crypto revolution
|
|
crippled N.S.A.'s ability to listen in on the world, the agency might
|
|
miss out on something vital -- for instance, portents of a major
|
|
terrorist attack.
|
|
|
|
No compelling case has been made, however, that the key-escrow system
|
|
would make it easier for authorities to learn of such an attack. The
|
|
National Security Agency would take the legal steps to seek the telltale
|
|
keys after it had first identified those potential terrorists and
|
|
wiretapped their calls, then discovered the inpenetrable hiss of
|
|
encryption. Even then, the keys would be useful only if the terrorists
|
|
were encoding conversations with Clipper technology, the one kind the
|
|
Government had the capability to decode instantly. What sort of nuclear
|
|
terrorist would choose Clipper?
|
|
|
|
The Government response has been to say that potential terrorists might
|
|
indeed use alternative crypto methods to converse among themselves. But
|
|
if Clipper were the accepted standard, the terrorists would have to use
|
|
it to communicate with outsiders -- banks, suppliers and other contacts.
|
|
The Government could listen in on those calls. However, the work of the
|
|
Bell Labs researcher, Matthew Blaze, casts serious doubt on that
|
|
contention. Blaze has uncovered a flaw in Clipper that would allow a
|
|
user to bypass the security funtion of the chip. Anyone who tinkered
|
|
with Clipper in this way could communicate in privacy with anyone else
|
|
with a Clipper phone and Government wiretappers would be unable to
|
|
locate the key to unscramble the conversations.
|
|
|
|
Nonetheless, it was the terrorist threat, along with national security
|
|
concerns, that moved the Clinton Administration to support the
|
|
key-escrow inititative. White House high-tech policy makers share a
|
|
recurrent fear: one day they might be sitting before an emergency
|
|
Congressional investigation after the destruction of half of Manhattan
|
|
by a stolen nuclear weapon planted in the World Trade towers and trying
|
|
to explain that the Government had intercepted the communications of the
|
|
terrorists but could not understand them because they used strong
|
|
encryption. If Clipper were enacted, they could at least say, "We
|
|
tried."
|
|
|
|
Obviously the Government views the Crypto revolution with alarm and
|
|
wants to contain it. For years, much of its efforts have focused on the
|
|
use of stringent export controls. While cryptography within the United
|
|
States is unrestricted, the country's export laws treat any sort of
|
|
encryption as munitions, like howitzers or nuclear triggers. The
|
|
National Security Agency is the final arbiter and it will approve
|
|
exports of cryptosystems in computer software and electronic hardware
|
|
only if the protective codes are significantly weakened.
|
|
|
|
The N.S.A. stance is under attack from American businesses losing sales
|
|
to foreign competitors. Listen to D. James Bidzos, the 39-year-old
|
|
president of RSA Data Security, the Redwood City, Calif., company that
|
|
controls the patents for public-key cryptography: "For almost 10 years,
|
|
I've been going toe to toe with these people at Fort Meade. The success
|
|
of this company is the worst thing that can happen to them. To them,
|
|
we're the real enemy, we're the real target."
|
|
|
|
RSA is making a pitch to become the standard in encryption; its
|
|
technology has been adopted by Apple, AT\&T, Lotus, Microsoft, Novell
|
|
and other major manufacturers. So imagine its unhappiness that its main
|
|
rival is not another private company, but the National Security Agency,
|
|
designer of the key-escrow cryptosystems. The agency is a powerful and
|
|
dedicated competitor.
|
|
|
|
"We have the system that they're most afraid of," Bidzos says. "If the
|
|
U.S. adopted RSA as a standard, you would have a truly international,
|
|
interoperable, unbreakable, easy-to-use encryption technology. And all
|
|
those things together are so synergistically theatening to the N.S.A.'s
|
|
interests that it's driving them into a frenzy."
|
|
|
|
The export laws put shackles on Bidzos's company while his overseas
|
|
competitors have no such restaints. Cryptographic algorithms that the
|
|
N.S.A. bans for export are widely published and are literally being sold
|
|
on the streets of Moscow. "We did a study on the problem and located 340
|
|
foreign cryptographic products sold by foreign countires," says Douglas
|
|
R. Miller, government affairs manager of the Software Publishers
|
|
Association. "The only effect of export controls is to cripple our
|
|
ability to compete."
|
|
|
|
The real potential losses, though, come not in the stand-alone
|
|
encryption category, but in broader applications. Companies like
|
|
Microsoft, Apple and Lotus want to put strong encryption into their
|
|
products but cannot get licenses to export them. Often, software
|
|
companies wind up installing a weaker brand of crypto in all their
|
|
products so that they can sell a single version worldwide. This seems to
|
|
be the Government's intent -- to encourage "crypto lite," strong enough
|
|
to protect communications from casual intruders but not from Government
|
|
itself.
|
|
|
|
In the long run, however, export regulation will not solve the National
|
|
Security Agency's problem. The crypto business is exploding. People are
|
|
becoming more aware of the vunerability of phone conversations,
|
|
particularly wireless ones. Even the National Football League is
|
|
adopting crypto technology; it will try out encrypted radio
|
|
communication between coaches and quarterbacks, so rivals can't
|
|
intercept last-minute audibles.
|
|
|
|
Anticipating such a boom, the N.S.A. devised a strategy for the 90's. It
|
|
would concede the need for strong encryption but encourage a system with
|
|
a key-escrow "back door" that provides access to communications for
|
|
itself and law enforcement. The security agency had already developed a
|
|
strong cryptosystem based on an algorithm called Skipjack, supposedly 16
|
|
million times stronger than the previous standard, D.E.S. (Data
|
|
Encryption Standard). Now the agency's designers integrated Skipjack
|
|
into a new system that uses a Law Enforcement Access Field (LEAF) that
|
|
adds a signal to the message that directs a potential wiretapper to the
|
|
approriate key to decipher the message. These features were included in
|
|
a chip called Capstone, which could handle not only telephone
|
|
communications but computer data transfers and digital signatures.
|
|
|
|
Supposedly, this technology was designed for Government use, but in 1993
|
|
the National Security Agency had a sudden opportunity to thrust it into
|
|
the marketplace. AT\&T had come to the agency with a new, relatively
|
|
low-cost secure-phone device called the Surity 3600 that was designed to
|
|
use the nonexportable DES encryption algorithm. The N.S.A. suggested
|
|
that perhaps AT\&T could try something else: a stripped-down version of
|
|
Capstone for telephone communications. This was the Clipper chip. As a
|
|
result, AT\&T got two things: an agreement that Uncle Sam would buy
|
|
thousands of phones for its own use (the initial commitment was 9,000,
|
|
from the F.B.I.) and the prospect that the phone would not suffer the
|
|
unhappy fate of some other secure devices when considered for export.
|
|
There was also the expectation that AT\&T would sell a lot more phones,
|
|
since private companies would need to buy Clipper-equipped devices to
|
|
communicate with the Governmment's Clipper phones.
|
|
|
|
It was an ingenious plan for several reasons. By agreeing to buy
|
|
thousands of phones, and holding out the promise that thousands, or even
|
|
millions more might be sold, AT\&T phones gained a price advantage that
|
|
comes with volume. (The original price of the Surity 3600 was $1,195,
|
|
considerably less than the previous generation of secure phones;
|
|
Mykotronx, the company making the Clipper chip, says that each chip now
|
|
costs $30, but in large orders could quickly go as low as $10.) That
|
|
would give the phones a big push in the marketplace. But by saturating
|
|
the market, Clipper had a chance to become the standard for encryption,
|
|
depending on whether businesses and individuals would be willing to
|
|
accept a device that had the compromise of a government-controlled back
|
|
door.
|
|
|
|
This compromise, of course, is the essence of Clipper. The Government
|
|
recognizes the importance of keeping business secrets, intimate
|
|
information and personal data hidden from most eyes and ears. But it
|
|
also preserves a means of getting hold of that information after
|
|
obtaining "legal authorization, normally a court order," according to a
|
|
White House description.
|
|
|
|
The N.S.A. presented the idea to the Bush Administration, which took no
|
|
action before the election. Then it had to convince a Democratic
|
|
Administration to adopt the scheme, and started briefing the Clinton
|
|
people during the transition. Many in the computer industry figured that
|
|
with Vice President Al Gore's enthusiastic endorsement of the
|
|
high-frontier virtues of the information highway, the Administration
|
|
would never adopt any proposal so tilted in favor of law enforcement and
|
|
away from his allies in the information industries. They figured wrong.
|
|
A little more than two months after taking office, the Clinton
|
|
Administration announced the existence of the Clipper chip and directed
|
|
the National Institute of Standards and Technology to consider it as a
|
|
Government standard.
|
|
|
|
Clipper was something the Administration -- starting with the Vice
|
|
President -- felt compelled to adopt, and key escrow was considered an
|
|
honorable attempt to balance two painfully contradictory interests,
|
|
privacy and safety.
|
|
|
|
The reaction was instant, bitter and ceaseless. The most pervasive
|
|
criticisms challenged the idea that a Clipper would be, as the standard
|
|
said, "voluntary." The Government's stated intent is to manipulate the
|
|
marketplace so that it will adopt an otherwise unpalatable scheme and
|
|
make it the standard. Existing systems have to cope with export
|
|
regulations and, now, incompatibility with the new Government Clipper
|
|
standard. Is it fair to call a system voluntary if the Government puts
|
|
all sorts of obstacles in the way of its competitors?
|
|
|
|
Others felt that it was only a matter of time before the National
|
|
Security Agency pressured the Government to require key escrow of all
|
|
cryptographic devices -- that Clipper was only the first step in a
|
|
master plan to give Uncle Sam a key to everyone's cyberspace back door.
|
|
|
|
"That's a real fear," says Stephen T. Walker, a former N.S.A. employee
|
|
who is now president of Trusted Information Systems, a company
|
|
specializing in computer security products. "I don't think the
|
|
Government could pull it off -- it would be like prohibition, only
|
|
worse. But I think they might try it."
|
|
|
|
But mostly, people were unhappy with the essence of Clipper, that the
|
|
Government would escrow their keys. As Diffie notes, key escrow
|
|
reintroduces the vulnerability that led him to invent public key
|
|
cryptography -- any system that relies on trusted third parties is, by
|
|
definition, weaker than one that does not. Almost no one outside the
|
|
Government likes the key-escrow idea. "We published the standard for 60
|
|
days of public comments," says F. Lynn McNulty, associate director for
|
|
computer security at the National Institute of Standards and Technology.
|
|
"We received 320 comments, only 2 of which were supportive."
|
|
|
|
Many people thought that in the face of such opposition, the
|
|
Administration would quietly drop the Clipper proposal. They were
|
|
dismayed by the Feb. 4 announcement of the adoption of Clipper as a
|
|
Government standard. Administration officials knew they were alienating
|
|
their natural allies in the construction of the information superhighway
|
|
but felt they had no alternative. "This," said Michael R. Nelson, a
|
|
White House technology official, "is the Bosnia of telecommunications."
|
|
|
|
If clipper is the administration's Techno-Bosnia, the crypto equivalent
|
|
of snipers are everywhere -- in industry, among privacy lobbyists and
|
|
even among Christian Fundamentalists. But the most passionate foes are
|
|
the Cypherpunks. They have been meeting on the second Saturday of every
|
|
month at the offices of Cygnus, a Silicon Valley company, assessing new
|
|
ways they might sabotage Clipper. The group was co-founded in September
|
|
1992 by Eric Hughes, a 29-year-old freelance cryptogapher, and Tim May,
|
|
a 42-year-old physicist who retired early and rich from the Intel
|
|
company. Other Cypherpunk cells often meet simultaneously in six or
|
|
seven locations around the world, but the main gathering place for
|
|
Cypherpunks is the Internet, by means of an active mailing list in which
|
|
members post as many as 100 electronic messages a day.
|
|
|
|
Cypherpunks share a few common premises. They assume that cryptography
|
|
is a liberating tool, one that empowers individuals. They think that one
|
|
of the most important uses of cryptography is to protect communications
|
|
from the Government. Many of them believe that the Clipper is part of an
|
|
overall initiative against cryptography that will culminate in Draconian
|
|
control of the technology. And they consider it worth their time to
|
|
fight, educating the general public and distributing cryptographic tools
|
|
to obstruct such control.
|
|
|
|
Both Hughes and May have composed manifestos. Hughes's call to arms
|
|
proclaims: "Cypherpunks write code. We know that someone has to write
|
|
software to defend privacy, and since we can't get privacy unless we all
|
|
do, we're going to write it."
|
|
|
|
May's document envisions a golden age in which strong cryptography
|
|
belongs to all -- an era of "crypto anarchism" that governments cannot
|
|
contain. To May, cryptography is a tool that will not only bestow
|
|
privacy on people but help rearrange the economic underpinnings of
|
|
society.
|
|
|
|
"Combined with emerging information markets, cryptography will create a
|
|
liquid market for any and all material that can be put into words and
|
|
pictures," May's document says. "And just as a seemingly minor invention
|
|
like barbed wire made possible the fencing-off of vast ranches and
|
|
farms, thus altering forever the concepts of land and property rights in
|
|
the frontier West, so too will the seemingly minor discovery out of an
|
|
arcane branch of mathematics come to be the wire clippers which
|
|
dismantle the barbed wire around intellectual property."
|
|
|
|
At a recent meeting, about 50 Cypherpunks packed into the Cygnus
|
|
conference room, with dozens of others participating electronically from
|
|
sites as distant as Cambridge, Mass., and San Diego. The meeting
|
|
stretched for six hours, with discussions of hardware encryption
|
|
schemes, methods to fight an electronic technique of identity forgery
|
|
called "spoofing," the operation of "remailing" services, which allow
|
|
people to post electronic messages anonymously -- and various ways to
|
|
fight Clipper.
|
|
|
|
While the Cypherpunks came up with possible anti-Clipper slogans for
|
|
posters and buttons, a bearded crypto activist in wire-rim glasses named
|
|
John Gilmore was outside the conference room, showing the latest sheaf
|
|
of cryptography-related Freedom of Information documents he'd dragged
|
|
out of Government files. Unearthing and circulating the hidden crypto
|
|
treasures of the National Security Agency is a passion of Gilmore, an
|
|
early employee of Sun Microsystems who left the company a
|
|
multimillionaire. The Government once threatened to charge him with a
|
|
felony for copying some unclassified-and-later-reclassified N.S.A.
|
|
documents from a university library. After the story hit the newspapers,
|
|
the Government once again declassified the documents.
|
|
|
|
"This country was founded as an open society, and we still have the
|
|
remnants of that society," Gilmore says. "Will crypto tend to open it or
|
|
close it? Our Government is building some of these tools for its own
|
|
use, but they are unavailable -- we have paid for cryptographic
|
|
breakthroughs but they're classified. I wish I could hire 10 guys --
|
|
cryptographers, librarians -- to try to pry cryptography out of the dark
|
|
ages."
|
|
|
|
Perhaps the most admired Cypherpunk is someone who says he is ineligible
|
|
because he often wears a suit. He is Philip R. Zimmermann, a 40-year-old
|
|
software engineer and cryptographic consultant from Boulder, Colo., who
|
|
in 1991 cobbled together a cryptography program for computer data and
|
|
electronic mail. "PGP," he called it, meaning Pretty Good Privacy, and
|
|
he decided to give it away. Anticipating the Cypherpunk credo,
|
|
Zimmermann hoped that the appearance of free cryptography would
|
|
guarantee its continued use after a possible Government ban. One of the
|
|
first people receiving the program placed it on a computer attached to
|
|
the Internet and within days thousands of people had PGP. Now the
|
|
program has been through several updates and is becoming sort of a
|
|
people's standard for public key cryptography. So far, it appears that
|
|
no one has been able to crack information encoded with PGP.
|
|
|
|
Like Diffie, Zimmermann developed a boyhood interest in crypto. "When I
|
|
was a kid growing up in Miami, it was just kind of cool -- secret
|
|
messages and all," he says. Later, "computers made it possible to do
|
|
ciphers in a practical manner." He was fascinated to hear of public key
|
|
cryptography and during the mid-1980's he began experimenting with a
|
|
system that would work on personal computers. With the help of some
|
|
colleagues, he finally devised a strong system, albeit one that used
|
|
some patented material from RSA Data Security. And then he heard about
|
|
the Senate bill that proposed to limit a citizen's right to use strong
|
|
encryption by requiring manufacturers to include back doors in their
|
|
products. Zimmermann, formerly a nuclear freeze activist, felt that one
|
|
of the most valuable potential uses of cryptography was to keep messages
|
|
secret from the Government.
|
|
|
|
Zimmermann has put some political content into the documentation for his
|
|
program: "If privacy is outlawed, only outlaws will have privacy.
|
|
Intelligence agencies have access to good cryptographic technology. So
|
|
do the big arms and drug traffickers. So do defense contractors, oil
|
|
companies, and other corporate giants. But ordinary people and
|
|
grassroots political organizations mostly have not had access to
|
|
affordable 'military grade' public-key cryptographic technology. Until
|
|
now."
|
|
|
|
He has been told that Burmese freedom fighters learn PGP in jungle
|
|
training camps on portable computers, using it to keep documents hidden
|
|
from their oppressive Government. But his favorite letter comes from a
|
|
person in Latvia, who informed him that his program was a favorite among
|
|
one-time refuseniks in that former Soviet republic. "Let it never be,"
|
|
wrote his correspondant, "but if dictatorship takes over Russia, your
|
|
PGP is widespread from Baltic to Far East now and will help democratic
|
|
people if necessary."
|
|
|
|
Early last year, Zimmermann received a visit from two United States
|
|
Customs Service agents. They wanted to know how it was that the strong
|
|
encryption program PGP had found its way overseas with no export
|
|
license. In the fall, he learned from his lawyer that he was a target of
|
|
a grand jury investigation in San Jose, Calif. But even if the Feds
|
|
should try to prosecute, they are likely to face a tough legal issue:
|
|
Can it be a crime, in the process of legally distributing information in
|
|
this country, to place it on an Internet computer site that is
|
|
incidentally accessible to network users in other countries? There may
|
|
well be a First Amendment issue here: Americans prize the right to
|
|
circulate ideas, including those on software disks.
|
|
|
|
John Gilmore has discovered that Government lawyers have their own
|
|
doubts about these issues. In some documents he sued to get, there are
|
|
mid-1980's warnings by the Justice Department that the export controls
|
|
on cryptography presented "sensitive constitutional issues." In one
|
|
letter, an assistant attorney general warns that "the regulatory scheme
|
|
extends too broadly into an area of protected First Amendment speech."
|
|
|
|
Perhaps taking Phil Zimmermann to court would not be the Government's
|
|
best method for keeping the genie in the bottle.
|
|
|
|
The Clipper program has already begun. About once a month, four couriers
|
|
with security clearances travel from Washington to the Torrance, Calif.,
|
|
headquarters of Mykotronx, which holds the contract to make Clipper
|
|
chips. They travel in pairs, two from each escrow agency: the NIST and
|
|
the Treasury Department. The redundancy is a requirement of a protocol
|
|
known as Two-Person Integrity, used in situations like nuclear missile
|
|
launches, where the stakes are too high to rely on one person.
|
|
|
|
The couriers wait while a Sun work station performs the calculations to
|
|
generate the digital cryptographic keys that will be imprinted in the
|
|
Clipper chips. Then it splits the keys into two pieces, separate number
|
|
chains, and writes them on two floppy disks, each holding lists of "key
|
|
splits." To reconstruct the keys imprinted on the chip, and thereby
|
|
decode private conversations, you would need both sets of disks.
|
|
|
|
After being backed up, the sets of disks are separated, each one going
|
|
with a pair of couriers. When the couriers return to their respective
|
|
agencies, each set of disks is placed in a double-walled safe. The
|
|
backup copies are placed in similar safes. There they wait, two stacks
|
|
of floppy disks that grow each month, now holding about 20,000 key
|
|
splits, the so-called back doors.
|
|
|
|
Will this number grow into the millions as the Government hopes?
|
|
Ultimately the answer lies with the American public. Administration
|
|
officials are confident that when the public contemplates scenarios like
|
|
the Fortress in the Bronx or the Mushroom Cloud in Lower Manhattan, it
|
|
will realize that allowing the Government to hold the keys is a
|
|
relatively painless price to pay for safety and national security. They
|
|
believe the public will eventually accept it in the same way it now
|
|
views limited legal wiretapping. But so far the Administration hasn't
|
|
recruited many prominent supporters. The main one is Dorothy Denning, a
|
|
crypto expert who heads the computer science department at Georgetown
|
|
University.
|
|
|
|
Since endorsing Clipper (and advocating passage of the Digital Telephony
|
|
initiative) Denning has been savagely attacked on the computer nets.
|
|
Some of the language would wither a professional wrestler. "I've seen
|
|
horrible things written about me," Denning says with a nervous smile. "I
|
|
try to actually now avoid looking at them, because that's not what's
|
|
important to me. What's important is that we end up doing the right
|
|
thing with this. It was an accumulation of factors that led me to agree
|
|
with Clipper, and the two most important areas, to me, are organized
|
|
crime and terrorism. I was exposed to cases where wiretaps had actually
|
|
stopped crimes in the making, and I started thinking, 'If they didn't
|
|
have this tool, some of these things might have happened.' You know, I
|
|
hate to use the word responsibility, but I actually feel some sense of
|
|
responsibility to at least state my position to the extent so that
|
|
people will understand it."
|
|
|
|
The opponents of Clipper are confident that the marketplace will vote
|
|
against it. "The idea that the Government holds the keys to all our
|
|
locks, before anyone has even been accused of committing a crime,
|
|
doesn't parse with the public," says Jerry Berman, executive director of
|
|
the Electronic Frontier Foundation. "It's not America."
|
|
|
|
Senator Leahy hints that Congress might not stand for the Clinton
|
|
Administration's attempt to construct the key-escrow system, at an
|
|
estimated cost of $14 million dollars initially and $16 million
|
|
annually. "If the Administration wants the money to set up and run the
|
|
key-escrow facilities," he says, "it will need Congressional approval."
|
|
Despite claims by the National Institute of Standards and Technology
|
|
deputy director, Raymond G. Kammer, that some foreign governments have
|
|
shown interest in the scheme, Leahy seems to agree with most American
|
|
telecommunications and computer manufacturers that Clipper and
|
|
subsequent escrow schemes will find no favor in the vast international
|
|
marketplace, turning the United States into a cryptographic island and
|
|
crippling important industries.
|
|
|
|
Leahy is also concerned about the Administration's haste. "The
|
|
Administration is rushing to implement the Clipper chip program without
|
|
thinking through crucial details," he says. Indeed, although the
|
|
Government has been buying and using Clipper encryption devices, the
|
|
process of actually getting the keys out of escrow and using them to
|
|
decipher scrambled conversations has never been field tested. And there
|
|
exists only a single uncompleted prototype of the device intended to do
|
|
the deciphering.
|
|
|
|
Leahy is also among those who worry that, all policy issues aside, the
|
|
Government's key escrow scheme might fail solely on technical issues.
|
|
The Clipper and Capstone chips, while powerful enough to use on today's
|
|
equipment, have not been engineered for the high speeds of the coming
|
|
information highway; updates will be required. Even more serious are the
|
|
potential design flaws in the unproved key-escrow scheme. Matthew
|
|
Blaze's discovery that wrongdoers could foil wiretappers may be only the
|
|
first indication that Clipper is unable to do the job for which it was
|
|
designed. In his paper revealing the glitch, he writes, "It is not clear
|
|
that it is possible to construct EES (Escrow Encryption Standard) that
|
|
is both completely invulnerable to all kinds of exploitation as well as
|
|
generally useful."
|
|
|
|
At bottom, many opponents of Clipper do not trust the Government. They
|
|
are unimpressed by the elaborate key-escrow security arrangements
|
|
outlined for Clipper. Instead, they ask questions about the process by
|
|
which the Clipper was devised -- how is it that the N.S.A., an
|
|
intelligence agency whose mission does not ordinarily include consumer
|
|
electronics design, has suddenly seized a central role in creating a
|
|
national information matrix? They also complain that the Skipjack
|
|
cryptographic algorithm is a classified secret, one that cryptographic
|
|
professionals cannot subject to the rigorous, extended testing that has
|
|
previously been used to gain universal trust for such a standard.
|
|
|
|
"You don't want to buy a set of car keys from a guy who specializes in
|
|
stealing cars," says Marc Rotenberg, director of the Electronic Privacy
|
|
Information Center. "The N.S.A.'s specialty is the ability to break
|
|
codes, and they are saying, 'Here, take our keys, we promise you they'll
|
|
work.' "
|
|
|
|
At the March conference on computers and privacy, Stewart Baker
|
|
responded to this sort of criticism. "This is the revenge of people who
|
|
couldn't go to Woodstock because they had too much trig homework," he
|
|
said, evoking some catcalls. "It's a kind of romanticism about privacy.
|
|
The problem with it is that the beneficiaries of that sort of
|
|
romanticism are going to be predators. PGP, they say, is out there to
|
|
protect freedom fighters in Latvia. But the fact is, the only use that
|
|
has come to the attention of law enforcement agencies is a guy who was
|
|
using PGP so the police could not tell what little boys he had seduced
|
|
over the net. Now that's what people will use this for -- it's not the
|
|
only thing people will use it for, but they will use it for that -- and
|
|
by insisting on having a claim to privacy that is beyond social
|
|
regulation, we are creating a world in which people like that will
|
|
flourish and be able to do more than they can do today."
|
|
|
|
Even if Clipper flops, the Crypto War will continue. The Administration
|
|
remains committed to limiting the spread of strong cryptography unless
|
|
there's a back door. Recently, it has taken to asking opponents for
|
|
alternatives to Clipper. One suggestion it will not embrace is inaction.
|
|
"Deciding that the genie is out of the bottle and throwing our arms up
|
|
is not where we're at," says a White House official.
|
|
|
|
The National Security Agency will certainly not go away. "The agency is
|
|
really worried about its screens going blank" due to unbreakable
|
|
encryption, says Lance J. Hoffman, a professor of computer science at
|
|
George Washington University. "When that happens, the N.S.A. -- said to
|
|
be the largest employer in Maryland -- goes belly-up. A way to prevent
|
|
this is to expand its mission and to become, effectively, the one-stop
|
|
shop for encryption for Government and those that do business with the
|
|
Government."
|
|
|
|
Sure enough, the security agency is cooking up an entire product line of
|
|
new key-escrow chips. At Fort Meade, it has already created a high-speed
|
|
version of the Skipjack algorithm that outperforms both Clipper and
|
|
Capstone. There is also another, more powerful, encryption device in the
|
|
works named Baton. As far as the agency is concerned, these developments
|
|
are no more than common sense. "To say that N.S.A. shouldn't be involved
|
|
in this issue is to say that Government should try to solve this
|
|
difficult technical and social problem with both hands tied behind its
|
|
back," Stewart Baker says.
|
|
|
|
But Phil Zimmermann and the Cypherpunks aren't going away, either.
|
|
Zimmermann is, among other things, soliciting funds for a PGP phone that
|
|
will allow users the same sort of voice encryption provided by the
|
|
Clipper chip. The difference, of course, is that in his phone there is
|
|
no key escrow, no back door. If the F.B.I. initiated a wiretap on
|
|
someone using Zimmermann's proposed phone, all the investigators would
|
|
hear is static that they could never restore to orderly language.
|
|
|
|
What if that static shielded the murderous plans of a terrorist or
|
|
kidnapper? Phil Zimmermann would feel terrible. Ultimately he has no
|
|
answer. "I am worried about what might happen if unlimited security
|
|
communications come about," he admits. "But I also think there are
|
|
tremendous benefits. Some bad things would happen, but the trade-off
|
|
would be worth it. You have to look at the big picture."
|