reproduced with attributation:
From Electronic Engineering Times, November 22, 1993, issue 773, page 1 and page 78.
U.S. weighs Clipper chip alternatives BY GEORGE LEOPOLD Washington - The Clinton adminstration is readying a new encryption policy that could help defuse industry opposition to introduction of the government-developed Clipper chip by embracing commercial technologies as alternatives for network security, according to government and industry sources. A National Security Council panel led by George Tenet, special presidential assistant for intelligence programs, is completing a broad review of government encryption policy with an eye toward employgin the Clipper chip, as well as commercial alternatives, to ensure privacy and security on public networks. Those would include the proposed electronic superhighway, or National Information Infrastructure (NII). Tenent could not be reached for comment on the review's status, but a U.S. official said last week the results of the seven-month National Security Council policy review will be announced soon. The Clipper chip, backed by the National Security Agency and proposed by the Clinton administration in April as a new data-encryption standard, is widely viewed by industry critics as a fait accompli, since the spy agency wants to use it to protect intelligence data. Asked in an interview last Monday whether the policy review sould resutl in modification of the Clipper chip proposal, Michael Nelson, special assistant for information technology in the White House Office of Science and Technology Policy, acknowledged the need to consider other encryption technologies for network security, including software solutions. He also said the government should have sought greater industry participation before proposing the Clipper chip. Industry opposition to the Clipper chip resurfaced at a recent government-industry summit in San Fancisco (see Nov. 8, page 1). During a panel on the NII, Nelson told angry company executives that the Clinton admininistration would no impose Clipper on industry or rule out alternative encryption technologies. "Clipper is not a silver bullet, it's not even a brass bullet," Nelson said. "It's only one approach." He added, "If we don't address these (network security) issues, people won't use the NII." Nelson said last week the National Security Council review was designed to bring industry and Congress into the process of looking for commercial solutions, besides Clipper, to the network-security issue. Industry groups said last week they have contributed to the review, which began shortly after Clipper was proposed. The review is expected to result in a decision on how to implement Clipper. A decision on how to proceed with the Clipper proposal was scheduled for Sept. 1 but was delayed in response to recommendation from a private-sector advisory group to the Commerce Department. Clipper, which scrambles telephone conversations using an encryption algorithm called Skipjack, is at the heart of an administration initiative announced in April on secure telecom networks and wireless communications links. Forced to balance the interests of companies and private citizens with law-enforcement and national-security needs, President Clinton ordered a comprehensive review of U.S. encryption policy adressing: x Privacy, including the need for voice and data encryption to protect proprietary business data. x The ability of federal law-enforcement officials to tap phones and computers. x The employment of modern technology to build the NII, including encryption technolgy needed to protect proprietary information transmitted over the information superhighway. x The need for American companies to build and export high-technology products to boost U.S. competiveness. U.S. companies may offer encryption as a feature of software sold in the United States, but are prohibited from including encryption in commercial software exports. Proponents of decontrolling encrypted software aruge that restrictions are useless because encryption technology is widely available (see Oct. 18, page 18). Acknowledging industry's concerns, the initiative also includes the creation of a key-escrow system to insure the Clipper chip would be used to protect privacy. (A Commerce Department official said last week the government has dropped the Clipper moniker, referring to it instead as the "key-escrow chip", out of concern for possible trademark infringement.) Devices incorporating the chip would have two unique software keys government investigators would need to decode encoded messages. Two key-escrow data banks would be overseen by a pair of independent agencies designated by the Justice Department and the White House. A decision on which agencies will oversee the databases has not been made, Commerce spokeswoman Anne Enright Shepherd siad last Wedesday. According to a White House statement announcing the encryption policy, "We need the Clipper chip and other approaches that can both provide law-abiding citizens the access they need and prevent criminals from using it to hide their illegal activities." Depsite the administration's insistence that Clipper and the rest of the encryption policy are voluntary efforts, many U.S. high-tech companies have opposed it (see June 21, page 28). Instead, they want policy makers to retain the ubiquitous federal Data Encryption Standard (DES) and use other public-key technologies, such as RC-2 and RC-4. DES uses a 56-bit key while Clipper employs an 80-bit key. Clipper "was forced upon [the Clinton administration] before they had the chance to evaluate its impact," Bruce Heiman, a Washington attorney representing the Business Software Alliance, said last Tuesday. "NSA sold them a bill of goods." The policy review means "they relaize that Clipper has problems ... but they don't want to rule it out entirely," Heiman said, adding that industry would accept Clipper as one alternative to network security only if it is a part of a truly voluntary program that includes public-key encryption.