Date: Sun, 29 Aug 1993 08:13:32 -0500
From: farber(a)central.cis.upenn.edu (David Farber)
Subject: CLIPPING CLIPPER by permission from CACM
To: interesting-people(a)eff.org (interesting-people mailing list)
From: hoffman(a)seas.gwu.edu (Lance J. Hoffman)
Several people have asked me to post this for
those who do not get Communications
of the Association for Computing Machinery.
So here it is, reprinted with
permission from Communications of the ACM,
September 1993, volume 36, number 9.
(This is a version which differs in minor
detail from the one which finally
appeared, and which does not have the
footnotes included in the CACM article.
But, otherwise it is substantially the same.)
Viewpoint:
CLIPPING CLIPPER
Professor Lance J. Hoffman
Department of Electrical Engineering and
Computer Science
The George Washington University
Washington, D. C.
hoffman(a)seas.gwu.edu
The FBI is becoming increasingly worried
about the fact that the United
States is technologically close to having
effectively unbreakable encryption
available to individuals. This will eliminate
its capability to listen in on
specific telephone conversations, even with a
court-authorized warrant under
existing wiretap legislation. In 1991, it
pushed legislation to to require
significant changes in computer hardware,
software, and communications equipment
so that agents could maintain these
capabilities in the increasingly digital
telephone network [1]. But opposition by
computer and communications companies,
professional societies, and civil libertarians
convinced the Senate to remove the
provision from its crime bill. Last year, not
one member of Congress was willing
to introduce legislation requiring
telecommunications providers to turn back the
clock and redesign the emerging digital
telecommunications system so that the FBI
could, at some considerable economic cost to
all users, continue to tap, under
court order, certain digital communications
[2].
Now the FBI and its allies in the
intelligence community have persuaded the
President to pursue a course which, if not
reversed, may achieve the same goal by
effectively building "Big Brother"
capabilities into the computer/telephone
network of the future with the "Clipper" chip,
an encryption device with
applications in telephones and other computer
network peripherals [3, 4, 5].
The Clipper encryption method [6] (see
sidebar) requires escrowing of user
encryption keys with two trusted authorities,
not announced as of this writing.
One might anticipate the government will
compound its surprising move with Clipper
by selecting two in-government
executive-branch entities as the escrow
agents.
If it does so, there will be further erosion
of the power of Congress to establish
public policy.
One could, of course, ask whether escrow
technology will be accepted by
computer users who can get the real thing
elsewhere. Encryption is available
around the world without the burden of key
escrowing -- preliminary survey results
from the Software Publishers Association
revealed 143 non-U.S. and 133 U. S.-based
cryptographic products, many providing DES [7]
and/or RSA [8] capabilities.
Moreover, encryption software (including DES
and RSA algorithms and the user-ready
and popular Pretty Good Privacy (PGP) [9]
secure message system) is freely
downloadable from public networks around the
world [10].
Encryption is becoming increasingly
important. Persons who wish unescrowed
confidentiality -- both law-abiding persons
and criminals -- will find and use
other encryption schemes to protect
information they wish to keep secure. After
all, it is not hard to superencrypt messages
with one's own software or hardware
encryption first, not registering any key with
any authority, and very possibly
using an imported device (or software) from
another country. Increasingly,
travelers use telephones to communicate
information back and forth between
workstations they have never seen before and
their home or office computers; the
threats of eavesdropping and falsification are
much greater than in years past
[11]. These persons can't be expected to
trust a U. S.-developed standard whose
algorithm is secret if they can instead turn
to cryptosystems available elsewhere
with an algorithm that has faced public
scrutiny and whose keys are completely
under control of the user.
The only way a government can prevent
this is by outlawing the use of
encryption methods which are not readable by
the government. The Administration
admits that this is a fundamental policy
question which "will be considered during
the broad policy review" [12] it has underway.
If the government adopts (or, as
it appears now, decrees) such a "Digital
Volstead Act", there will be some
benefits to law enforcement. In the long term
however, it will have a negative
effect on individual freedom and liberty. It
might even encourage contempt for
law enforcement on the digital network since
strong cryptographic algorithms are
already available in software, freely
reproducible by all who desire, regardless
of where they live or work.
The Clinton administration should
postpone the introduction of Clipper. And
Congress should mandate a serious, open,
public review of the issues and options
facing society. The implications are too
profound to allow the promulgation of
the first partially classified Federal
Information Processing Standard (FIPS)
without appropriate discussion.
Congress should also move to strengthen
the independence of NIST, which has
apparently not only used the National Security
Agency's skills in cryptography (as
required by the Computer Security Act of 1987)
but also appears to be all too
eager to adopt its policy interests as well.
This has resulted in the discussion
of critical issues being framed by the
cryptographic policy specialists at NSA,
who have so far sidestepped Congress and are
protecting their traditional ways of
doing things, while the world is changing all
around them. They are apparently
reluctant to admit that cryptography and the
policy issues that go with it are now
important enough to merit a full public
debate, or that the genie may be out of
the bottle, or that we now have "a regulatory
structure that goes back to the cold
war and does not recognize the realities of
the present situation" [11]. So they
are using the Clipper initiative to pull off a
"turf coup d'etat".
The issue here is U.S. cryptographic
policy and who controls it, not the
technical merit of the Clipper initiative.
This has far-reaching policy
implications [13, 14] and is not an issue for
the technical community only.
The Clinton administration has, to its
credit, identified the important
questions and realizes that there are serious
constitutional issues here.
Unfortunately, it has picked the wrong player
-- the National Security Council --
to examine them in the wrong forum, a
classified one. There is no valid reason
for the broad policy debate to be classified
and many reasons for it not to be;
one of the most important is the government's
credibility. There is no need to
rush to judgement here.
The administration has not reached out
beyond the government to computer
hardware or software manufacturers or to the
telecommunications industry or to
business in general or to academe during the
planning of the Clipper initiative.
This is one reason that almost all the major
players in the industry have raised
serious objections [11, 10, 15]. No adequate
and public analysis of the economic
and social costs and benefits of the Clipper
proposal has yet been done.
Unfortunately, the administration is
conducting a hasty ill-defined
investigation, going hell-bent for leather to
conclude by about the time you read
this [19]. Instead, what is needed is a
serious, comprehensive, dispassionate
study, with real data, cool heads, unbiased
scientists, legal experts, and
adequate time for examining many intricate
issues which threaten long lasting,
even permanent, consequences for the basic
structure of constitutional government
in the United States.
A number of issues must be considered in
the encryption policy discussion:
- Very serious Constitutional
questions. In the opinion of some, the
government's key-escrow initiative would
violate the First, Fourth, and Fifth
Amendments of the U. S. Bill of Rights [15,
20, 21], and possibly others such as
the Ninth and Tenth.
- Serious questions regarding the
proposed Clipper key escrow scheme,
including non-government escrow agencies and
software solutions [22]
- 114 questions asked by the Digital
Privacy and Security Working Group
[15]. As of this writing, NIST had not
responded to these.
- How U. S. firms can compete with
foreign firms who don't have to "dumb
down" [23] the technology (the "level playing
field" issue)
- Tensions between law enforcement,
national security, and the citizen's
personal freedoms and rights, such as privacy.
- The future world of a National (and
International) Information
Infrastructure, and why export controls [10,
24] have to be reformulated
- A rough cost/benefit analysis of
any controls over cryptography,
including retraining and conversion costs for
cryptographic experts with much less
to do if an increasing amount of traffic will
be encrypted well enough to defy
effective decryption by them.
Better answers will emerge if respected
organizations such as the National Academy
of Sciences and the Office of Technology
Assessment are given the opportunity to
analyze the issues carefully.
There are meritorious alternatives to
Clipper. For example, Professor Silvio
Micali of MIT has proposed a multi-key escrow
capability in which multiple trusted
parties authenticate a message and/or allow
eavesdropping [25]. The parties can
be selected by the message sender or jointly
by the sender and the other party (as
with current escrow agents). Without a choice
of alternatives, many persons who
are eager to develop and use the emerging
information infrastructure -- "digital
superhighways" and other forward-looking
projects of Vice President Gore -- will
turn away from those projects. The full
potential of the network and the Vice
President's vision will never be realized.
The Computer System Security and Privacy
Advisory Board, created by the
Computer Security Act of 1987, called for such
a full, public national review of
cryptographic policy in March 1992. It, too,
is queasy with the Clipper
initiative. On June 4, 1993, it passed a
resolution which stated that
"Key escrowing encryption technology
represents a dramatic change in the
nation's information infrastructure. The full
implications ... are not fully
understood at this time.
Therefore, the Board recommends that key
escrowing encryption technology not
be deployed beyond current implementations
planned within the Executive Branch,
until the significant public policy and
technical issues ... are fully
understood".
NIST has not (ever) taken any significant
action on the cryptographic policy
suggestions of this national statutory board
whose basic mission is to be alert
for latent public policy issues related to
computer and communications technology.
By the time you read this, the government
policy "review" may be close to
completion. Computer professionals have a
special obligation to let their
senators and member of Congress (as well as
other key legislators) know of the
profound negative impacts of such a rush to
judgment, and to urge them to defer
this initiative. Copies of those
communications should also be sent to the
President (whose electronic mail address is
president(a)whitehouse.gov) the vice
president (whose electronic mail address is
vice.president(a)whitehouse.gov) and
to NIST which is the official government
spokesman on the issue through its deputy
director, Raymond G. Kammer,
(kammer(a)micf.nist.gov)
REFERENCES
1. Sessions, W.S., "Keeping an Ear on Crime",
New York Times, March 27, 1992, page
A35.
2. Denning, D., To Tap or Not to Tap. CACM
36:25-44, 1993.
3. Statement by the Press Secretary on a
Cryptography Initiative. White House
Press Office, April 16, 1993.
4. Markoff, John, "U. S. as Big Brother of
Computer Age", New York Times, May 6,
1993, page D1.
5. Mintz, John and Schwartz, John, " Chipping
Away at Privacy?" Washington Post,
May 30, 1993, pages H1-H4.
6. Denning, D., "Cryptography, Clipper, and
Capstone", Proc. 3rd CPSR Cryptography
& Privacy Conf., Washington, D.C., June 7,
1993.
7. National Bureau of Standards, Data
Encryption Standard, Washington, D.C.:1977.
8. Rivest, R., Shamir, A. and Adelman, L., A
method for obtaining digital
signatures and public-key cryptosystems. CACM
21:120-126, 1978.
9. Zimmerman, P., "PGP, Public Key Encryption
for the Masses", Proc. 3rd CPSR
Cryptography & Privacy Conf., Washington,
D.C., June 7, 1993.
10. Rosenthal, I., Software Publishers
Association Statement to the Computer
System Security and Privacy Advisory Board on
cryptography, June 3, 1993.
11. Diffie, W., Testimony before the House
Subcommittee on Telecommunications and
Finance. Congressional Record June 9, 1993.
12. Statement by the White House Press
Secretary, Questions and Answers about the
Clinton Administration Telecommunications
Initiative, April 16, 1993.
13. Who Holds the Keys? In: Proc. 2nd Conf. on
Computers, Freedom, and Privacy,
edited by Hoffman, Lance J. New York, N.Y.:
Association for Computing Machinery,
1993, p. 133-147.
14. Murray, W.H., Who holds the keys? CACM
35:13-15, 1992.
15. Digital Privacy and Security Working
Group, Issues and Questions Regarding
the Administration's Clipper Chip Proposal, in
[18], 36-47, 1993.
16. Denning, D., Position Statement Supporting
the Key-Escrow Chip, in [18],
64-67, 1993.
17. Postings to sci.crypt, comp.risks, and
alt.privacy.clipper Internet newsgroups
after the announcement of the key escrow
initiative.
18. Cryptographic issue Statements Submitted
to the Computer System Security and
Privacy Advisory Board, May 27. 1993,
Gaithersburg, Md.:NIST, 1993.
19. Schwartz, J., "U. S. Data Decoding Plan
Delayed", Washington Post, June 8,
1993, p. A-12.
20. Computer and Business Equipment
Manufacturers Association, Statement before
the Computer Systems Security and Privacy
Advisory Board, May 27, 1993, in [18],
138-161, 1993.
21. American Civil Liberties Union, Comment
for Cryptographic Issue Statements,
in [18], 195-199, 1993.
22. NIST Computer System Security and Privacy
Advisory Board, Resolution #1 and
#2 of June 4, 1993.
23. Goldman, J., Why Cater to Luddites? New
York Times, March 27, 1992, p. A35.
24. Turner, G.W., Commercial Cryptography at
the Crossroads. Information Systems
Security 1:34-42, 1992.
25. Micali, S., Fair Public-Key Cryptosystems
(Preliminary Draft 3/25/93), MIT
Laboratory for Computer Science, Cambridge,
Mass.
--
Professor Lance J. Hoffman
Department of Electrical Engineering and Computer Science
The George Washington University (202) 994-4955 Fax: (202) 994-0227
Washington, D. C. 20052 hoffman(a)seas.gwu.edu
