On April 16 1993, President Clinton released an executive directive on "Public Encryption Management", the first of three Clipper Chip directives. This initial proposal, along with the subsequent two, "refinements" have been consistently opposed and ridiculed by industry and public interest groups alike. Given this stiff initial and sustained resistance, the administration has always maintained that the Clipper Chip is mandated only for government agencies and its adoption by industry would be totally voluntary. Additionally, they hold that it is not slated to become the sole legal means of encryption. This position is highly suspect given that an added layer of a non-escrowed encryption scheme would defy the purpose of the clipper chip by effectively denying law enforcement access to private citizens communication.
How Does it work?
Given that computer processors become cheaper every day, brute-force searches for DES keys are now well within the reach of relatively affordable, massively parallel machines. A recent paper describes a brute-force attack on DES as "alarmingly economical," estimating that for $1 million, one could build an optimized machine that would try fifty million keys per second and crack a DES key in an average of 3.5 hours. With this time ony diminishing in the face of more and more powerful machines, one of the most important questions posed to any new encryption mechanisms is how effective are they. The Clipper uses a very complex method with several checkpoints to insure the veracity and security of the information being sent.
U.S. export control, the ITAR, is designed to prevent foreigners from acquiring cryptographic systems that are strong enough to create a serious barrier to traffic analysis, or that are difficult to crack. Only strong products that lack the capability of being adapted for encryption, or which are designed for specific banking applications, receive official export clearance. Would-be sellers of cryptographic products have frequently testified to Congress that the major effect of the ITAR is to prevent U.S. companies from competing with foreign companies that sell sophisticated cryptographic software abroad. The National Security Council is currently considering under what circumstances, if any, foreign governments would be given the U.S. family key. Giving a foreign government the family key puts it one step closer to decrypting all Clipper traffic. Refusing to share information with foreign law enforcement agencies risks disrupting working relationships.
Click on icon to go to Sources and Acknowledgements.