 Seattle CPSR
Information Policy Fact Sheet
Encryption and the Clipper Chip
Topic
NOTE: THIS DOCUMENT HAS NOT BEEN UPDATED FOR YEARS. WE LEAVE
IT HERE FOR ITS HISTORICAL VALUE.
On April 16, 1993, the White House announced the development of an
encryption chip for voice communications developed in conjunction
with the National Security Agency (NSA) called the Clipper Chip,
along with an initiative regarding telecommunications and privacy
which could literally affect almost every citizen in the United
States.
Since that time, more than three dozen of the nation's leading
cryptographers, computer security specialists, and privacy
experts have urged President Clinton to abandon the Clipper
proposal. In a February 1994 Time/CNN poll, two-thirds of the
respondents said it was more important to protect the privacy of
phone calls than to preserve the ability of police to conduct
wiretaps. When informed about the Clipper Chip, 80% said they
opposed it.
What Are The Issues?
Encryption algorithms are used to "scramble" communications, making
them unintelligible to anyone but the intended recipient, who
holds a "key" to reveal the message. The encryption algorithm
implemented in the Clipper chip is remaining classified.
In the cryptography community, an encryption algorithm is only
considered secure after it has been examined extensively and
independently by a wide array of experts around the world. With
an algorithm which is kept secret, there is no guarantee that it
is secure and that the encryption method has no "back door"
(allowing easy decryption for those, such as the National
Security Agency, that know the "back door")
The key, which allows the information encrypted with this chip to
be decrypted, is embedded in the Clipper chip.
This means that once the key is known, the chip needs to be
replaced to maintain private communications. This would usually
mean replacing the entire device (e.g. telephone), anytime that
the key was divulged, whether legally or not.
The Clipper proposal would provide government agents with copies of
the keys that protect electronic communications. The 80-bit key
is made from the xor of two (2) 80-bit keys, which are kept in
databases at two different escrow agencies. Thus, the U.S.
Government will always have the ability to read any message
encrypted with the Clipper chip.
It's not clear how the key databases will be kept secure. It is
also unknown if the classified encryption algorithm is any less
secure to brute-force attacks, once half the key is known.
Though the government has announced plans to use the chip in their
own phones, they do not plan to use it for classified
information, only for unclassified information.
There is no evidence to support law enforcement's claims that new
technologies are hampering criminal investigations. CPSR recently
forced the release of FBI documents that show no such problems.
This chip has been in the making for 4 years. Prior to the Clipper
proposal announcement, little public comment or discussion was
held on a matter which is important to the privacy of that same
public. The underlying technology was developed in secret by the
NSA, an intelligence agency responsible for electronic
eavesdropping, not privacy protection. Congressional
investigations in the 1970s disclosed widespread NSA abuses,
including the illegal interception of millions of cables sent by
American citizens.
It would seem that the Government might be granting a monopoly to
Mykotronx, Inc. and VLSI Technology. VLSI will fabricate the
chip and Mykotronx will program the keys into it.
A successor chip has already been announced, called the Capstone
chip. The Capstone chip is supposed to be a "superset" of the
Clipper chip and will include the "digital signature standard"
(DSS), which many in the cryptography community seem to consider
insecure. The NSA also developed DSS, which wasn't disclosed
until CPSR filed a Freedom of Information Act request with NIST
(the National Institute of Standards & Technology).
The Administration has continued to ignore the overwhelming
opposition of the general public. When the Commerce Department
solicited public comments on the proposal last fall, hundreds of
people opposed the plan while only a few expressed support.
Summary of CPSR's Position
CPSR announced a national campaign to oppose the government's Clipper
proposal. The 1987 Computer Security Act (CSA) made clear that
the responsibility for technical standards for unclassified
computing lies with NIST, not the super-secret NSA. The Clipper
proposal subverted the NIST process of developing a "public,
unclassified" encryption algorithm, undermining the central
purpose of the CSA. Further, there is no legal basis to the
government's claim for the ability to intercept electronic
communications. CPSR opposes the secret reviews of Clipper that
have been held, and supports a public debate and review of
cryptography policy. Regulations and laws are needed to protect
the privacy of our communications.
CPSR's Actions
CPSR's campaign against the Clipper proposal has four goals:
- First, to educate the public about the implications of the Clipper proposal.
- Second, to encourage people to express their views on the Clipper proposal, particularly through the computer network.
- Third, to pursue litigation to force the public disclosure of documents concerning the Clipper proposal and to test the legality of the Department of Commerce's decision to endorse the plan.
- Fourth, to examine alternative approaches to Clipper.
What You Can Do
1. Sign the electronic petition opposing Clipper. CPSR has already
collected over 50,000 signatures on an electronic petition on
the Internet computer network urging the President to withdraw
the Clipper proposal. To sign on, email
clipper.petition @ cpsr.org with the message "I oppose clipper" in
the body of the text.
2. Lobby Congress. Get Congress to lift the cryptography embargo. The administration is trying to impose Clipper on us by
manipulating market forces. By purchasing massive numbers of
Clipper devices, they intend to induce an economy of scale which
will make them cheap while the export embargo of other encryption
technologies renders all competition either expensive or
nonexistent.
We can get Congress to eliminate the export embargo of other
encryption technologies. Rep. Maria Cantwell, D-Washington, has
a bill (H.R. 3627) before the Economic Policy, Trade, and
Environment Subcommittee of the House Committee on Foreign
Affairs that would do exactly that. She will need a lot of help
from the public. Please signal your support of H.R. 3627, either
by writing her directly or e-mailing her at cantwell@eff.org.
Messages sent to that address will be printed out and delivered
to her office. In the subject header of your message, please
include the words "support HR 3627." In the body of your
message, express your reasons for supporting the bill. Write
letters and make phone calls to your Member of Congress in your
own district, as well as your two US Senators.
3. Involve your local political parties. The right to privacy has a
surprisingly broad appeal, spanning all parts of the political
spectrum. We have many natural allies.
4. Contribute money. Computer Professionals for Social Responsibility
(CPSR) and the Electronic Frontier Foundation (EFF) are fighting
the Clipper proposal initiative. They need money for legal
expenses and lobbying.
5. Mobilize opposition in industry. Companies that will presumably
develop products that will incorporate the Clipper chip should be
lobbied against it, from within and from without. If you work
for a telecommunications equipment vendor, first enlist the aid
of your coworkers and fellow engineers against this initiative,
and then present your company's management with a united front of
engineering talent against this initiative. Write persuasive
memos to your management, with your name and your colleagues'
names on it. Hold meetings on it.
6. Boycott Clipper devices and the companies which make them. Don't
buy anything with a Clipper Chip in it. Don't buy any product
from a company that manufactures devices with Big Brother inside.
It is likely that the government will ask you to use Clipper for
communications with the IRS or when doing business with federal
agencies. They cannot, as yet, require you to do so. Just say
no.
---------------
Sources: CPSR Press Release 5/28/93; CPSR Testimony before the House
Subcommittee on Telecommunications and Finance 6/9/93; EFF Press
Release 2/4/94; "Jackboots on the Infobahn", John Perry Barlow,
Wired 2.04 Electrosphere 2/9/94; Phillip Zimmerman post to
alt.security.pgp Usenet newsgroup 3/24/93; "Who Should Keep the
Keys", Philip Elmer-Dewitt, TIME, 3/4/94.
|
Member login
Not a member yet?