From: _Electronic Engeering Times_ 22-nov-93 U.S. weights Clipper chip alternatives by GEorge Leopold Washington -- The clinton administration is readying a new encryption policy that could help defuse industry opposion to introduction of the government developed Clipper chip by embracing commercial technologies as alterntives for netword security, according to government and industry sources. A National Security Council panel lead by George Tenet, psecial presidential assistant for intelligence programs, is completing a broad review of government encryption policy with an eye toward empolying the Clipper chip, as well as commercial alternatives, to ensure privacy and security on public networks. Those would include the proposed electronic superhighway, or National Information Infrastructure (NII). Tenet could not be reached for comment on the review's status, but a U.S. official said last week the results of the seven-month National Security Council policy review will be announced soon. The Clipper chip, backed by the National Security Agency and proposed by the Clinton administration in April as a new data-encryption standard, is widely viewed by industry critics as a fait accompli, since the spy agency wants to use it to protect intelligence data. Asked in an interview last Monday whether the policy review would result in modification of the Clipper chip proposal, Micheal Nelson, special assistant for information technology in the White House Office of Science and Technology Policy, acknowledged the need to consider other encryption technologies for network security, including software solutions. He also said the government should have sought greater industry participation before proposing the Clipper chip. "Clipper is not a sliver bullet, it's not even a brass bullet," Nelson said, "It's only one approach." He added, "If we don't address these [network security] issues, people won't use the NII." Nelson said last week the National Security Council review was designed to bring industry and Congress into the process of looking for commercial solutions, besides Clipper, to the network-security issue. Industry groups said last week they have contributed to the review, which began shortly after Clipper was proposed. The review is expected to result in a decision on how to implement Clipper. A decision on how to proceed with the Clipper proposal was scheduled for Sept. 1 but was delay in response to a recommendation from a private-sector advisory group to the Commerce Department. Clipper, which scrambles telephone conversatinos using an encryption algorithm called Skipjack, is at the heart of an adminstration initiative annoumced in April on secure telecom networks and wireless communication links. Forced to balance the interests of campanies and private citizens with nation-security needs, President Clinton ordered a comprehensive review of U.S. encruytion policy addressing: * Privacy, including the need for voice and data encryption to protect proprietary business data. * The ability of federal law-enforcement officials to tap phones and computers. * The employment of modern technology to build the NII, including encryption technology needed to protect proprietary information transmitted over the information superhighway. * The need for American companies to build and export high-technology products to boost U.S. competitiveness. U.S. companies may offer encryption as a feature in software sold in the United States, but are prohibited from including encryption software in commercial software exports. Proponents of decontrolling encrypted software argue that restrictions are useless because encryption technology is widely available (see Oct. 18, page 18). Acknowledging industry's concerns, the initiative also includes creation of a key-escrow system to ensure the Cliper chip would be used to protect privacy. (A Commerce Department official said last week the government has dropped the Clipper moniker, referring to it instead as the "key- escrow chip," out of convern for possible trademark infringement.) Devices incorporation the chip would have two unique software keys government investigators would need to decode encoded messages. TWo key-escrow data banks would be overseen by a pair of independent agencies designated by the Justice Department and the White House. A decision on which agencies will oversee the detabases has not been made, Commerce spokeswoman Anne Enright Shepherd said last Wednesday. According ot a White House statement announcing the encryption policy, "We need the Clipper chip and other approaches that can both provide law-abiding citizens with access to the encryption they need and prevent criminals from using it to hide their illegal activities." Despite the administration's insistence that Clipper and the rest of the encryption policy are voluntary efforts, many U.S. high-tech companies have opposed it (see June 21, page 28). Instead, they want policy makers to retain the ubiquitous federal Data Encryption Standard (DES) and use other public-key encryption technologies, such as RC-2 and RC-4. DES uses a 56-bit key while Clipper employs an 80-bit key. Clipper "was forced upon [the Clinton adminstration] before they had a chance to evaluate its impact," Bruce Heiman, a Washington attorney representing the Business Software Alliance, said last Tuesday. "NSA sold them a bill of goods." The policy review means "they realize that Clipper has problems... but they don't want to rule it out entirely," Heiman said, adding that industry would accpet Clipper as one alternative to network security only if it is part of a truly voluntary program that includes public-key encryption.