Here are some questions about the Clipper program I would like to submit.
Much has been said about Clipper and Capstone (the term Clipper will be used
to describe both) recently. Essentially, Clipper is a government-sponsored
tamper-resistant chip that employs a classified algorithm and a key escrow
facility that allows law enforcement, with the cooperation of two other
parties, to decipher Clipper-encrypted traffic. The stated purpose of the
program is to offer telecommunications privacy to individuals, businesses, and
government, while protecting the ability of law enforcement to conduct
The announcement said, among other things, that there is currently no plan to
attempt to legislate Clipper as the only legal means to protect
telecommunications. Many have speculated that Clipper, since it is only
effective in achieving its stated objectives if everyone uses it, will be
followed by legislative attempts to make it the only legal telecommunications
protection allowed. This remains to be seen.
There are no current plans to legislate the use of Clipper.
Clipper will be a government standard, which can be - and
likely will be - used voluntarily by the private sector. The
option for legislation may be examined during the policy
review ordered by the President.
The proposal, taken at face value, still raises a number of serious questions.
What is the smallest number of people who are in a position to compromise the
security of the system? This would include people employed at a number of
places such as Mikotronyx, VSLI, NSA, FBI, and at the trustee facilities. Is
there an available study on the cost and security risks of the escrow process?
It will not be possible for anyone from Mykotronx, VLSI,
NIST, NSA, FBI (or any other non-escrow holder) to
compromise the system. Under current plans, it would be
necessary for three persons, one from each of the escrow
trustees and one who knows the serial number of the Clipper
Chip which is the subject of the court authorized electronic
intercept by the outside law enforcement agency, to conspire
in order to compromise escrowed keys. To prevent this, it
is envisioned that every time a law enforcement agency is
provided access to the escrowed keys there will be a record
of same referencing the specific lawful intercept
authorization (court order). Audits will be performed to
assure strict compliance. This duplicates the protection
afforded nuclear release codes. If additional escrow agents
are added, one additional person from each would be required
to compromise the system. NSA's analysis on the security
risks of the escrow system is not available for public
How were the vendors participating in the program chosen? Was the process
The services of the current chip vendors were obtained in
accordance with U.S. Government rules for sole source
procurement, based on unique capabilities they presented.
Criteria for selecting additional sources will be
forthcoming over the next few months.
AT&T worked with the government on a voluntary basis to use
the "Clipper Chip" in their Telephone Security Device. Any
vendors of equipment who would like to use the chips in
their equipment may do so, provided they meet proper
government security requirements.
A significant percentage of US companies are or have been the subject of an
investigation by the FBI, IRS, SEC, EPA, FTC, and other government agencies.
Since records are routinely subpoenaed, shouldn't these companies now assume
that all their communications are likely compromised if they find themselves
the subject of an investigation by a government agency? If not, why not?
No. First of all, there is strict and limited use of
subpoenaed material under the Federal Rules of Criminal
Procedure and sanctions for violation. There has been no
evidence to date of Governmental abuse of subpoenaed
material, be it encrypted or not. Beyond this, other
Federal criminal and civil statutes protect and restrict the
disclosure of proprietary business information, trade
secrets, etc. Finally, of all the Federal agencies cited,
only the FBI has statutory authority to conduct authorized
electronic surveillance. Electronic surveillance is
conducted by the FBI only after a Federal judge agrees that
there is probable cause indicating that a specific
individual or individuals are using communications in
furtherance of serious criminal activity and issues a court
order to the FBI authorizing the interception of the
What companies or individuals in industry were consulted (as stated in the
announcement) on this program prior to its announcement? (This question seeks
to identify those who may have been involved at the policy level; certainly
ATT, Mikotronyx and VLSI are part of industry, and surely they were involved
in some way.)
To the best of our knowledge: AT&T, Mykotronx, VLSI, and
Motorola. Other firms were briefed on the project, but not
"consulted," per se.
Is there a study available that estimates the cost to the US government of the
No studies have been conducted on a government-wide basis to
estimate the costs of telecommunications security
technologies. The needs for such protection are changing
all the time.
There are a number of companies that employ non-escrowed cryptography in their
products today. These products range from secure voice, data, and fax to
secure email, electronic forms, and software distribution, to name but a few.
With over a million such products in use today, what does the Clipper program
envision for the future of these products and the many corporations and
individuals that have invested in and use them? Will the investment made by
the vendors in encryption-enhanced products be protected? If so, how? Is it
envisioned that they will add escrow features to their products or be asked to
Again, the Clipper Chip is a government standard which can
be used voluntarily by those in the private sector. We also
point out that the President's directive on "Public
Encryption Management" stated: "In making this decision, I
do not intend to prevent the private sector from developing,
or the government from approving, other microcircuits or
algorithms that are equally effective in assuring both
privacy and a secure key-escrow system." You will have to
consult directly with private firms as to whether they will
add escrow features to their products.
Since Clipper, as currently defined, cannot be implemented in software, what
options are available to those who can benefit from cryptography in software?
Was a study of the impact on these vendors or of the potential cost to the
software industry conducted? (Much of the use of cryptography by software
companies, particularly those in the entertainment industry, is for the
protection of their intellectual property.)
You are correct that, currently, Clipper Chip functionality
can only be implemented in hardware. We are not aware of a
solution to allow lawfully authorized government access when
the key escrow features and encryption algorithm are
implemented in software. We would welcome the participation
of the software industry in a cooperative effort to meet
this technical challenge. Existing software encryption use
can, of course, continue.
Banking and finance (as well as general commerce) are truly global today. Most
European financial institutions use technology described in standards such as
ISO 9796. Many innovative new financial products and services will employ the
reversible cryptography described in these standards. Clipper does not comply
with these standards. Will US financial institutions be able to export
Clipper? If so, will their overseas customers find Clipper acceptable? Was a
study of the potential impact of Clipper on US competitiveness conducted? If
so, is it available? If not, why not?
Consistent with current export regulations applied to the
export of the DES, we expect U.S. financial institutions
will be able to export the Clipper Chip on a case by case
basis for their use. It is probably too early to ascertain
how desirable their overseas customers will find the Clipper
Chip. No formal study of the impact of the Clipper Chip has
been conducted since it was, until recently, a classified
technology; however, we are well aware of the threats from
economic espionage from foreign firms and governments and we
are making the Clipper Chip available to provide excellent
protection against these threats. As noted below, we would
be interested in such input from potential users and others
affected by the announcement. Use of other encryption
techniques and standards, including ISO 9796 and the ISO
8730 series, by non-U.S. Government entities (such as
European financial institutions) is expected to continue.
I realize they are probably still trying to assess the impact of Clipper, but
it would be interesting to hear from some major US financial institutions on
We too would be interested in hearing any reaction from
these institutions, particularly if such input can be
received by the end of May, to be used in the
Presidentially-directed review of government cryptographic
Did the administration ask these questions (and get acceptable answers) before
supporting this program? If so, can they share the answers with us? If not,
can we seek answers before the program is launched?
These and many, many others were discussed during the
development of the Clipper Chip key escrow technology and
the decisions-making process. The decisions reflect those
discussions and offer a balance among the various needs of
corporations and citizens for improved security and privacy
and of the law enforcement community for continued legal
access to the communications of criminals.