Here is my final draft to the editor of The Atlantic in response to the June '94 article by James Fallows entitled "Open Secrets". ---------------------------------------------------- Editor The Atlantic 745 Boylston St. Boston, MA 02116 May 20, 1994 In James Fallows' article "Open Secrets" (June 1994), the Clipper chip and Digital Telephony bill are discussed with admirable clarity. The presentation of public key cryptography is the best I have seen for a lay audience. However, some incorrect implications from the article might be assumed unless several additional facts are pointed out. Government use of the Clipper chip is approved by the NSA for the transmission of non-secret information. The article gives the impression that Clipper is so strong that military and intelligence services would use it, but this is not so. Given this, concern is warranted about Clipper's actual degree of security or about possible secret back-doors. The 50,000 people who supported an Internet petition against Clipper were concerned about the classified nature of the algorithm. The Open Secrets article brushes this aside as an apparent distrust of bureaucracy. In actuality, cryptographers have always maintained that no cryptosystem can be trusted unless it is openly developed and tested. This is based on mathematical and programmatic aspects of cryptography that are ubiquitously used in mathematical proofs and software testing. In the absence of this open development, the only thing citizens can do is trust the NSA, an organization that is not directly accountable to citizens. However, the NSA has major incentives to support cryptosystems which are breakable only by their organization without using the escrow keys. A back door is difficult to recognize even in a non-secret algorithm, but in a secret algorithm it is essentially impossible to determine. (Historically, the NSA has backed encryption technology that it can break; the DES algorithm it approved for commercial usage is breakable by the NSA.) The FBI has never released statistics about how they are thwarted by encryption technology or by digital telephony. How can a citizen judge the need for Clipper and the Digital Telephony bill without such information? The Digital Telephony bill broadly defines telephone technology and even imposes exorbitant fines on private telephone systems that do not implement remote wiretapping capabilities. Since any multimedia computer today can be turned into a telephone by simply adding software, will this law have an unintended effect on individuals? The Digital Telephony bill will make wiretaps cheaper to implement because the consumer pays for the implementation. Since spying is limited by economics, this bill could increase the extent to which wiretapping is abused. And finally, it should be mentioned that the first NIST press release on the Clipper chip said that citizens do not have a right to unbreakable encryption. Thus, the administration started off with the goal of restricting encryption and only after opposition did they start saying Clipper was voluntary. Given their original intentions, which challenge the First Amendment, there is reason to be concerned.