A basic history of the legislation surrounding
the Clipper Chip

The story of the clipper chip begins in 1987 with the Computer Securities Act of 1987 ( 111(d) of the Federal Property and Administrative Services Act of 1949 as amended by the Computer Securities Act of 1987 (CSA- 1987), pub. L. 100-235, 101 Stat. 1724, codified at 15 U.S.C. 271 note, 272, 278g-3, 278g-4, 278h, 40 U.S.C. 759, 759 note. ).

This piece of legislation was to launch the government efforts to develop non-military computer securities standards to public scrutiny and to limit the role of the National Security Agency (NSA) in the creation of such standards." (statement) The NSA however proved more detemined to contribute.

In 1991 it was revealed through a Freedom of Information Act law suit filed by CPSR that the Digital Signature Standard (DSS) proposed for government-wide use by the National Institute of Standards and Technology a civilian agency under the Department of Commerce, was in fact developed by the NSA.

A Bulletin released in Feb 1991 attempts to clarify the division of responsibilities between the NSA and NIST. Even by their own understanding, NIST's CSL was the responsible party for non-classified systems while all classified systems, as covered by 10 U.S.C. Section 2315, the Warner Amendment fell under the jurisdiction of the NSA. The president, in a directive in July 1990 specified the Director of NSA as the National Manager for computer security for "national security systems" defined to be:

all that involves intelligence activities, involves
cryptologic activities related to national security,
involves command and control of military forces,
involves equipment that is an integral part of a weapon
or weapons systems, or involves equipment that is critical
to the direct fulfillment of military or intelligence
missions, excluding equipment or services used for routine
administrative and business applications." EFF

On April 16 1993, the new cryptography scheme was announced by the White House and NIST. It was acknowledged by a NIST spokesman that the NSA had been responsible for the development of the specification of the scheme. The clear shirking of responsibility by NIST in its task in defiance of the CSA-1987 is far over shadowed by the clear ethical conflict of interest involved in this situation (Reference)

Announced in the first few months of the Clinton administrations reign, the policy was a legacy from the previous administration; however, in light of the presidents political "soft on crime" liabilities (Draft Dodging and drug use) it was imperative for the administration to toe the law enforcement line. This policy was on par with the many other ineptitudes of the administrations early attempts at governance (gays in military). The announcement was immediately attacked from all sides as impractical, misguided and authoritarian. The business sector was dissatisfied with a number of the aspects of the policy. Amongst these were the continued control of strong cryptographic products which severely hampered them in conducting business on a worldwide basis.

The civil liberties and privacy advocacy public interest groups were outraged by the thinly veiled obfuscation of personal privacy under the rubric of national security and the sacred cow of protection from those "evil criminals and drug dealers" (war on drugs analysis). Our international allies, on the other hand were dissatisfied for their own part as they simply saw this as yet another US attempt at imposing its own will and standards on an increasingly worldwide technology; issues of interoperability as well as the credibility of the NSA were just a few of the issues causing tension in these quarters.

A flood of protest and ridicule made it clear that the administration would be unable to deploy what has come to be known as the CLIPPER I proposal. A series of strategic retreats ensued. The constitutional issues brought up by this proposal are numerous and complex and as all cases involving law, not in the least bit lucid.

Unphased by their initial defeat, the administration, and NIST pursued a tactical exploration of the path of least resistance. On September 6-7, at meetings held at NIST, the "commercial key escrow" proposal was unveiled. The meetings were supposedly exploratory working groups to examine the various road blocks and attempt to come up with a more reasonable policy which can be endorsed by all. However, in effect the ensuing policy endorses a rather more cynical analysis. Indeed, some earlier concerns were brought to fruition as shown by such policy priorities as " Avoiding multiple encryption -- How can the product be designed so as to prevent doubling (or tripling, etc.) the key space of the algorithm?" Center for Democracy and Technology

However, many of the professed goals as enumerated by vice-president Gore in his letter to the then Representative Maria Cantwell (D-WA), such as:

* Implementation in hardware of Software

* Public, Unclassified Algorithms

* Voluntary

* Forth Amendment privacy Safeguards

* Statutory liability rules to protect users

* Multiple Escrow Agents

were not addressed.

In the meantime, some competing efforts in the interest of protecting personal privacy are being take by legislators. One such effort is the "Promotion of Commerce On-Line in the Digital Era (Pro-CODE) Act" (S. 1726) bill introduced by Sen. Conrad Burns (R-MT). This bill attempts to undermine the administrations activities in a two pronged approach:

1) loosening export restrictions on crypto it will reduce the incentive of business to endorse the Clipper policy.

2) It codifies the protection of personal privacy by containing a "prohibition on mandatory key escrow" and would restrict the Department of Commerce's ability to impose government- mandated encryption standards (such as the Clipper Chip) on non-governmental entities.

The most recent chapter in this saga is the new and improved Clipper III proposal from the president released on May 10 1996. This new proposal opens up the policy to software and firmware options, new industry developed algorithms and allows self escrow in the case of large corporations. This thus allays some of the greatest industry concerns and thus further drives a wedge between the clipper opponents. From the perspective of personal privacy and civil rights however, this recent policy could turn out to be a giant leap backwards.

Click on icon to go back to debate.

Click on icon to go back to abstract.

Click on icon to go to Sources and Acknowledgements.