I had the dubious pleasure of meeting Baker in person a year ago during a CPSR-sponsored conference in DC. I had argued vigorously with him during a break before I realized that he was NSA's general counsel; afterwards, I realized that if I didn't have a file with them before, I certainly would later. :-)
I argued that the bad guys would have strong cryptography no matter what laws were passed, so we might as well make sure the good guys could have it too. His retort, repeated quite a few times, was, "So, your attitude toward the government is "Fuck 'em if they can't take a joke?" It wasn't exactly a reasoned, logical debate.
maybe he's a subgenius. [note to whichever nsa employee is reading this: check out the book of the subgenius for more info on this. it's really good reading, anyway.] about the bad guys getting strong crypto: let's review the des story for a moment, keeping in mind that clipper in the 90s may be a repeat of des in the 70s: des came out of the lucifer project at ibm in the early 70s and was adopted as a standard in 1976. at the time it was published, the design criteria of the s-boxes were classified, and this worried many people. everyone suspected that the nsa had hidden a backdoor of some kind in the s-boxes. the truth behind the s-boxes finally came out in 1990 when biham and shamir published the idea of differential cryptanalysis. it turns out that the design of the s-boxes is optimized against differential cryptanalysis and also that the 16 rounds were chosen specifically to defeat differential cryptanalysis. ibm researchers and the nsa knew about that in the early 70s. so the nsa did two things: they made sure that des was safe against differential cryptanalysis, in case some other entity had also discovered it, and also they classified the criteria of the design, to make sure that the public wouldn't find out about differential cryptanalysis. the nsa came out looking bad, but in retrospect, both of these actions really were for the benefit cryptography users. of course the 56 bit key size is more suspicious now than ever, and i would be very surprised if a des breaking machine didn't exist somewhere in the world. could clipper be the repeat of this story? on the surface, it all looks pretty suspicious, and maybe the character of the nsa has changed since the 70s, but we can't dismiss the possibility that it really is somehow in our own best interests. remember, they know more about cryptography than any other group anywhere in the world. e