1 2 3 4 5 6 7 8 9 10

Roughly, the scheme worked like this: each chip contains a unique serial number, a unique encryption key, and a family key that is the same across all Clipper chips but is known--or supposed to be known--only to authorized law enforcement personnel. Private keys are eighty bits in length (in general, the longer the key the greater the security), and in the original proposal were to be split into two pieces to be escrowed with two government agencies, NIST (in the Department of Commerce) and the Treasury Department.

The bit of code that unlocks Clipper for interested police officers, though, is the Law Enforcement Access Field (LEAF), which is exchanged when two Clipper-Inside devices negotiate at the start of a session (or the chips won't work). The LEAF is derived by first using the chip's unique key to encrypt the session key that's been generated and then appending the chip's unique serial number and a checksum (a number generated for verification) and re-encrypting the entire mess with the family key.

At least that was the plan when Clipper was announced, in early 1993. The objections were immediate and so broad-based that the NSA representatives who showed up to debate the issue at CFP'94 seemed stunned. After all, the argument went, what we're offering people is much stronger and safer than the nothing everyone uses even now, three years later.

The political objections were obvious: why should the government have the ability to read people's private electronic communication? The Post Office doesn't keep an escrowed copy of every letter we write, and no little chip tracks our daily movements in case law enforcement later needs to find out what we were doing on February 23, 1973 (even if video cameras go up daily). Opposition came from all sorts of places: the Electronic Frontier Foundation, Computer Professionals for Social Responsibility, the American Civil Liberties Union, and software industry giants like Microsoft and IBM's Lotus subsidiary (whose product Notes is made to handle complex, confidential, business-wide databases). The software companies figured (correctly) that the continued ban on exporting strong cryptography and the key escrow requirement would not make it easier for them to sell their products in foreign markets. Less predictably, opposition to Clipper also came from Christian fundamentalists, and even Rush Limbaugh.

Nonetheless, then NSA general counsel Stewart Baker dismissed the protests this way at CFP'94 and later in print in Wired: "The opposition to Clipper is coming from people who weren't allowed to go to Woodstock because they had to finish their math homework."[2]This was received with about as much enthusiasm as (though less hilarity than) White House science spokesman Mike Nelson's comment at CFP'96 that key escrow in fact would be acceptable to non-U.S. citizens because they'd trust our government sooner than their own, and that "we do not help countries that oppress their own people."

Nonetheless, Baker's comment had an element of truth to it: a lot of the protest was coming from the forty- and fiftysomethings who came of age in the era of distrust engendered by Viet Nam and Watergate and reinforced by Oliver North. It's hard not to think of your government as potentially hostile when you remember that four college students just like you were shot at Kent State during anti-war protests, or when your first exposure to Senate hearings was to those that wound up with the resignation of a president. American tradition is, in any case, on the side of limiting the powers of government and always paying healthy attention to the possibility that today's benevolent government may be replaced, someday down the line, with one that's not so friendly. As Phil Zimmermann has often put it, "If you're looking at technology policy, you should ask yourself what kind of technological infrastructure would strengthen the hand of a police state, and then don't deploy that technology. That's a matter of good civic hygiene."

There are, of course, good reasons for giving someone a copy of your key. It's too easy to look ahead and imagine the day when Aunt Minnie dies, leaving all her assets locked up in electronic cash on her laptop, and no one in her family can guess the passphrase that unlocks access to the money because no one knows about the illicit lover whose name she used. Making sure a copy of the key is safely stowed somewhere is just as logical as giving a friend the keys to your house in