Clipper Mandate?
On April 16 1993, President Clinton released an executive directive
on "Public Encryption Management", the first of three Clipper Chip
directives. This initial proposal, along with the subsequent two,
"refinements" have been consistently opposed and ridiculed by industry and
public interest groups alike. Given this stiff initial and sustained
resistance, the administration has always maintained that the Clipper Chip
is mandated only for government agencies and its adoption by industry
would be totally voluntary. Additionally, they hold that it is not slated
to become the sole legal means of encryption. This position is highly
suspect given that an added layer of a non-escrowed encryption scheme
would defy the purpose of the clipper chip by effectively denying law
enforcement access to private citizens communication.
How Does it work?
Given that computer processors become cheaper every day,
brute-force searches for DES
keys are now well within the reach of
relatively affordable, massively parallel machines. A recent paper
describes a brute-force attack on DES as "alarmingly economical,"
estimating that for $1 million, one could build an optimized machine that
would try fifty million keys per second and crack a DES key in an average
of 3.5 hours. With this time ony diminishing in the face of more and more
powerful machines, one of the most important questions posed to any new
encryption mechanisms is how effective are they. The Clipper uses a very
complex method with several checkpoints to insure the veracity and
security of the information being sent.
International
Relations
U.S. export control, the ITAR, is designed to prevent foreigners
from acquiring cryptographic systems that are strong enough to create a
serious barrier to traffic analysis, or that are difficult to crack. Only
strong products that lack the capability of being adapted for encryption,
or which are designed for specific banking applications, receive official
export clearance. Would-be sellers of cryptographic products have
frequently testified to Congress that the major effect of the ITAR is to
prevent U.S. companies from competing with foreign companies that sell
sophisticated cryptographic software abroad. The National Security
Council
is currently considering under what circumstances, if any, foreign
governments would be given the U.S. family key. Giving a foreign
government the family key puts it one step closer to decrypting all
Clipper traffic. Refusing to share information with foreign law
enforcement agencies risks disrupting working relationships.
.
.
Click on icon to go to Sources and Acknowledgements.