[overview and site map] |
LOOKING AHEAD |
The Clipper Chip and Capstone |
The Clipper Chip is part of the Escrow Encryption Standard (EES). EES is designed to prevent communication from being decrypted by unauthorized parties. However, law enforcement retains the means to decrypt the communication in the course of an investigation. "EPIC and other critics of current U.S. encryption policy have long maintained that "key escrow" and "key recovery" approaches compromise the security of private information by providing "backdoor" access to encrypted data" (EPIC). This "backdoor," however, allows the U.S. government to feel assured that American companies are not selling products that may somehow be used against the United States. The Clipper Chip, if ever built, would be installed in devices such as telephones. The chip uses a series of keys to encode transmissions: a family key, a unique device key, and a session key. The family key is common to many devices of similar type. The unique device key is specific to one device. These two keys are held in escrow by the government, supposedly by two separate government agencies. The devices generate the session key at the beginning of each session from the two other keys. That way, a law enforcement officer could obtain the family and device keys to decrypt the session key and, thus, the entire session. Having two separate agencies hold the keys is meant to ensure that the keys are used only for legitimate purposes. It has been proposed that the Department of Commerce's NIST and the Treasury Department's Automated Systems Division would generate and hold the keys. Chips would be shipped to a secure location where the escrow agents would provide the numbers required to form the keys. The escrow agents would then receive the information connecting chip serial numbers to a key. Although the process appears safe to some, "no amount of technical ingenuity will suffice to protect the key fragments from a change in the legal rules governing the escrow agents" (Froomkin). The laws governing EES could change at any time, even without public notice. Already unnerving to U.S. citizens, Clipper Chip enabled devices would be even less attractive to foreign consumers. USACM acknowledges that U.S. manufacturers would be placed at a disadvantage abroad if they used technologies that contained keys escrowed with the U.S. government. The Clipper Chip, thus, is not an effective solution in allowing companies to export encryption-enabled products. Similar to the Clipper Chip, the Capstone-based Fortezza Card contains a device unique key that is held in escrow by a government agency. Unlike the Clipper Chip, which is used for real-time encryption in telephones, the Capstone Chip can encrypt e-mail and produce digital signatures. There are a couple of problems with the Fortezza Card. If someone were to damage their card, they would not be authorized to obtain their keys. Thus, they have no access to their email or other encrypted data. The card only encrypts data going out. So, a law officer could intercept and decrypt outbound e-mail. However, if someone sent e-mail to a person under investigation, then that person’s key could also be obtained. That would give the officer access to all of that person’s e-mail, even though he is not under investigation. These devices, which would be used in telephones or network cards, could be exported, allowing U.S. agents to monitor foreign communications. Both of these chips may allow law enforcement officers to access critical information in an ongoing investigation, but no foreign entities would ever trust such devices. They would never purchase such a device, especially when local devices would not use keys that are escrowed by the U.S. |
[overview and site map] |