PC Week - June 14, 1993 "Clipper security scheme criticized" By Kimberly Patch A proposed National Security Agency standard for voice and data encryption is not winning votes among U.S. executives concerned with security issues. Executives attending hearings held by the federal Computer Systems Security and Privacy Advisory Board earlier this month said the proposed Clipper chip encryption standard does not meet their technical or export needs. Under the Clipper guidelines, PCs would be outfitted with a board that contains the encryption chip, while the U.S. government would be privy to a pair of software "escrow keys" used to unlock the encryption. Although the Clipper chip uses an 80-bit encryption scheme, executives said it would be more expensive and slower than more popular software encryption schemes. Moreover, some expressed concern about its security since NSA is keeping the details of how it works secret. "Why would any law-abiding corporation buy equipment that has escrow keys that [allow] the government to [decrypt information] whenever they want without telling the corporation?" asked Ed Zeitler, a vice president at Fidelity Investments, a financial-services firm in Boston. An NSA spokeswoman in Fort Meade, MD., defended the scheme, claiming the keys would be protected and law-enforcement agencies would have to go through a formal legal process to decrypt messages. "People will only have access if they have a legal need for it," she said. Corporate users, however, objected. "[The government] wants [the Clipper standard] to be widely used so that law-enforcement people can listen in on things that are used by criminals," said Steven Walker, president of Trusted Information Systems, Inc., a Boston software company. "The criminals will find some other way to do it, which is the irony of this. It's not going to accomplish what [that government] wants, no matter what." One problem with today's encryption business is that U.S. firms are restrained from exporting software that offers powerful encryption capabilities, the executives said. Currently, U.S. firms can only export products that use a 40-bit key, which would take a fast computer about two and a half weeks to crack, said Zeitler. By contrast, the Data Encryption Standard -- a 56-bit key scheme not approved for export -- would take the same computer 2,200 years to crack, while the proposed Clipper chip, an 80-bit scheme, would take even longer.