1 2 3 4 5 6 7 8 9 10

December 1996 speak of "key management" only as a "possible solution" and come down heavily on the side of international interoperability and the removal of controls that might hinder cross-border electronic commerce. In early 1997, the U.K. government introduced proposals for a government licensing requirement for trusted third parties.

The technical objections to Clipper were equally strong. For one thing, the whole system was going to be based on a secret algorithm. While even "guerrilla cryptographers" like Phil Zimmermann have said that the NSA really is as good at cryptography as it thinks it is,[5] it's generally not considered a good sign for a security system to rely on secrecy. In the case of cryptography, what proves an algorithm's soundness is the failure of informed attempts at cracking it.[6] The respect PGP has won for itself on the Net doesn't come from its status as "outlaw software," but rather because five years of widespread availability and analysis from the cryptographic community have failed to expose weaknesses.

So the cryptographic community reacted with general discomfort when the NSA said the algorithm was classified. On top of that, there were objections about the encryption system's implementation in hardware instead of software (more flexible and cheaper) and cost (estimated at $30, a price level probably higher than current demand for anyone except celebrities who have already been caught telling their innermost secrets over analog cellular phones).

The Clipper version of the encryption battle was rendered moot, however, in early 1994, when the NSA actually let a few sample chips out for inspection by members of the cryptographic community. One of them went to Bell Labs researcher Matt Blaze, who that February had established a reputation of fairness for himself by posting a report to the Internet on a demonstration of Clipper the NSA had carried out while visiting Bell Labs.

As Blaze told it at the 1995 Computers, Freedom, and Privacy conference,[7] he came back to home base with his Clipper chip, and his Clipper chip reader, and his NSA mug (nice to know where our tax dollars go), and started by looking at the law enforcement field to see what the mechanism was for reading traffic through it. "As I expected," he said, "the obvious ways of circumventing it don't work. But very much to my surprise, only very slightly less obvious ways worked." What Blaze found was a way to falsify the field so that no amount of applying your escrowed key to the garbled data would produce plaintext. The scheme, he said, requires some technical literacy, but not enough to defeat the determined terrorists and child pornographers the law enforcement agencies were insisting were too dangerous to trust with a non-escrowed system like PGP. Blaze wrote up his discovery and sent a copy of his findings to the NSA, and then published them as a research paper. What he didn't expect was to land on the front page of the New York Times.[8]

Clipper pretty much died there, although some products were released that use the chip. But the idea behind it--that law enforcement needs assured access to the communications systems of the future--didn't. It continues in proposals (quickly dubbed "Clipper II") for a key escrow infrastructure, called variously a network of trusted third parties (Europe) or public-key infrastructure (PKI; United States). "Key recovery" is beginning to appear as the government's (inaccurate) euphemism of preference. As of early 1997 it's clear that the debate is going to continue for some time, as late 1996 proposals from the Clinton administration are for the appointment of a crypto-ambassador to promote international acceptance of the government's desired escrow infrastructure, along with the conditional lifting of export controls.

This is even more mediocre than it sounds, since the plan is to raise the key length allowable for export to 56 bits (from 40 bits) for two years, but in return companies selling encryption products must have ready a key-escrow system by the end of that time. This is nearly a year after seven leading cryptographers, including Blaze, wrote a January 1996 report for the Business Software Alliance advising that DES with 56-bit keys was "increasingly inadequate" and that since there is little extra expense involved, current implementations should use a minimum of 75-bit keys. Assuming that Moore's Law holds and computing power continues to double every