This piece of legislation was to launch the government efforts to develop non-military computer securities standards to public scrutiny and to limit the role of the National Security Agency (NSA) in the creation of such standards." (statement) The NSA however proved more detemined to contribute.
In 1991 it was revealed through a Freedom of Information Act law suit filed by CPSR that the Digital Signature Standard (DSS) proposed for government-wide use by the National Institute of Standards and Technology a civilian agency under the Department of Commerce, was in fact developed by the NSA.
A Bulletin released in Feb 1991 attempts to clarify the division
of responsibilities between the NSA and NIST. Even by their own understanding,
NIST's CSL was the responsible party for non-classified systems while all
classified systems, as covered by 10 U.S.C. Section 2315, the Warner Amendment
fell under the jurisdiction of the NSA. The president, in a directive in
July 1990 specified the Director of NSA as the National Manager for computer
security for "national security systems" defined to be:
On April 16 1993, the new cryptography scheme was announced by the White House and NIST. It was acknowledged by a NIST spokesman that the NSA had been responsible for the development of the specification of the scheme. The clear shirking of responsibility by NIST in its task in defiance of the CSA-1987 is far over shadowed by the clear ethical conflict of interest involved in this situation (Reference)
Announced in the first few months of the Clinton administrations reign, the policy was a legacy from the previous administration; however, in light of the presidents political "soft on crime" liabilities (Draft Dodging and drug use) it was imperative for the administration to toe the law enforcement line. This policy was on par with the many other ineptitudes of the administrations early attempts at governance (gays in military). The announcement was immediately attacked from all sides as impractical, misguided and authoritarian. The business sector was dissatisfied with a number of the aspects of the policy. Amongst these were the continued control of strong cryptographic products which severely hampered them in conducting business on a worldwide basis.
The civil liberties and privacy advocacy public interest groups were outraged by the thinly veiled obfuscation of personal privacy under the rubric of national security and the sacred cow of protection from those "evil criminals and drug dealers" (war on drugs analysis). Our international allies, on the other hand were dissatisfied for their own part as they simply saw this as yet another US attempt at imposing its own will and standards on an increasingly worldwide technology; issues of interoperability as well as the credibility of the NSA were just a few of the issues causing tension in these quarters.
A flood of protest and ridicule made it clear that the administration would be unable to deploy what has come to be known as the CLIPPER I proposal. A series of strategic retreats ensued. The constitutional issues brought up by this proposal are numerous and complex and as all cases involving law, not in the least bit lucid.
Unphased by their initial defeat, the administration, and NIST pursued a tactical exploration of the path of least resistance. On September 6-7, at meetings held at NIST, the "commercial key escrow" proposal was unveiled. The meetings were supposedly exploratory working groups to examine the various road blocks and attempt to come up with a more reasonable policy which can be endorsed by all. However, in effect the ensuing policy endorses a rather more cynical analysis. Indeed, some earlier concerns were brought to fruition as shown by such policy priorities as " Avoiding multiple encryption -- How can the product be designed so as to prevent doubling (or tripling, etc.) the key space of the algorithm?" Center for Democracy and Technology
However, many of the professed goals as enumerated by vice-president Gore in his letter to the then Representative Maria Cantwell (D-WA), such as:
* Implementation in hardware of Software
* Public, Unclassified Algorithms
* Voluntary
* Forth Amendment privacy Safeguards
* Statutory liability rules to protect users
* Multiple Escrow Agents
were not addressed.
In the meantime, some competing efforts in the interest of protecting personal privacy are being take by legislators. One such effort is the "Promotion of Commerce On-Line in the Digital Era (Pro-CODE) Act" (S. 1726) bill introduced by Sen. Conrad Burns (R-MT). This bill attempts to undermine the administrations activities in a two pronged approach:
1) loosening export restrictions on crypto it will reduce the incentive of business to endorse the Clipper policy.
2) It codifies the protection of personal privacy by containing a "prohibition on mandatory key escrow" and would restrict the Department of Commerce's ability to impose government- mandated encryption standards (such as the Clipper Chip) on non-governmental entities.
The most recent chapter in this saga is the new and improved Clipper III proposal from the president released on May 10 1996. This new proposal opens up the policy to software and firmware options, new industry developed algorithms and allows self escrow in the case of large corporations. This thus allays some of the greatest industry concerns and thus further drives a wedge between the clipper opponents. From the perspective of personal privacy and civil rights however, this recent policy could turn out to be a giant leap backwards.
Click on icon to go back to debate.
Click on icon to go back to abstract.
Click on icon to go to
Sources and Acknowledgements.