The Future of 'Clipper'

Recently, there has been a major movement on the part of the government to enact legislation that will create a univeral 'unbreakable' encryption system for computer processes. Although it has been presented to the public as being beneficial towards the security of their transactions, many computer professionals regard it as a dangerous consolidation of power. The technological development that has sparked all of the debate is the "Clipper Chip", a complex encryption system which would change the way security is viewed on the net. The most basic idea behind the clipper chip is that each user will be given an encryted key with which they can decode information sent to them. The main reason for concern is that the government will also have a copy of that key, and thus have access to private information. Hence, many computer professionals, as well as other computer users, are concerned about the ramifications of such a device being the sole property of the US Government. In a medium almost overwhelmingly opposed to such a possibility, we want to try to present both sides of the argument. We think that the most important areas of consideration are the national legal issues, the effectiveness and methods of the chip itself, and how the existence of such a system will effect our international dealings.

----- Clipper Mandate?
On April 16 1993, President Clinton released an executive directive on "Public Encryption Management", the first of three Clipper Chip directives. This initial proposal, along with the subsequent two, "refinements" have been consistently opposed and ridiculed by industry and public interest groups alike. Given this stiff initial and sustained resistance, the administration has always maintained that the Clipper Chip is mandated only for government agencies and its adoption by industry would be totally voluntary. Additionally, they hold that it is not slated to become the sole legal means of encryption. This position is highly suspect given that an added layer of a non-escrowed encryption scheme would defy the purpose of the clipper chip by effectively denying law enforcement access to private citizens communication.

----- How Does it work?
Given that computer processors become cheaper every day, brute-force searches for DES keys are now well within the reach of relatively affordable, massively parallel machines. A recent paper describes a brute-force attack on DES as "alarmingly economical," estimating that for $1 million, one could build an optimized machine that would try fifty million keys per second and crack a DES key in an average of 3.5 hours. With this time ony diminishing in the face of more and more powerful machines, one of the most important questions posed to any new encryption mechanisms is how effective are they. The Clipper uses a very complex method with several checkpoints to insure the veracity and security of the information being sent.

----- International Relations
U.S. export control, the ITAR, is designed to prevent foreigners from acquiring cryptographic systems that are strong enough to create a serious barrier to traffic analysis, or that are difficult to crack. Only strong products that lack the capability of being adapted for encryption, or which are designed for specific banking applications, receive official export clearance. Would-be sellers of cryptographic products have frequently testified to Congress that the major effect of the ITAR is to prevent U.S. companies from competing with foreign companies that sell sophisticated cryptographic software abroad. The National Security Council is currently considering under what circumstances, if any, foreign governments would be given the U.S. family key. Giving a foreign government the family key puts it one step closer to decrypting all Clipper traffic. Refusing to share information with foreign law enforcement agencies risks disrupting working relationships.




A short debate of the pros and cons of the problem as we see them. The question we considered is

Should the Clipper Chip be legislated as the
only encryption system allowed in the United States?

Click on icon to go to Sources and Acknowledgements.