Computerworld Editorial (31 May 93)

[Bruce Schneier <schneier () chinet com>]

                                        Bruce Schneier
                                        730 Fair Oaks Ave
                                        Oak Park, IL  60302
                                        (708) 524-9461
                                        550 words

                   CLIPPER - PERSONAL OPINION

In April, the Clinton administration, in cleaning up old business
left over from the Bush administration, introduced a new
cryptography initiative that ensures government the ability to
conduct electronic surveillance.  The first fruit of this
initiative is CLIPPER, designed to secure telecommunications.

CLIPPER is an NSA-designed, tamper-resistant VLSI chip which uses
a classified encryption algorithm.  Each chip has a special key,
not needed for messages, used only to encrypt a copy of each
user's message key.  Anyone knowing the special key can decrypt
wiretapped communications protected with this chip.  The claim is
that only the government will know this key and will use it only
if and when authorized by a court.

The encryption algorithm in CLIPPER is classified.  This is
wrong.  NSA's refusal to allow public scrutiny of the algorithm
gives ammunition to those who believe that there is a secret
"back door," to the algorithm, allowing the NSA to decrypt
messages at will.  The only way to assuage these fears is to
allow academic cryptographers world-wide to examine the algorithm
and publish their findings.

CLIPPER is a hardware device.  This forces manufacturers to
redesign their hardware to accommodate the chip.  DSP chips and
digital designs are becoming more and more a part of
telecommunications; why spend the extra money, weight, and power
for another chip?

Finally, CLIPPER is based on the Orwellian assumption that the
government has a right to listen to private communications.  It
promotes the power of government over the power of the
individual.  It represents a fundamental shift in government
policy, from a passive role of listening to an active role of
regulating new technologies.  

Why is the government now claiming that there is something wrong
with a private citizen trying to keep a secret from the
government?  This is not simply a little proposal of the
government in some obscure area; it is a preemptive and
unilateral attempt to usurp powers that previously belonged to
the people.

As long as CLIPPER is optional, people who desire real privacy
(both honest citizens and criminals) will use other encryption
methods.  Since these methods will be secure from wiretapping, I
expect the federal government to introduce legislation banning
non-escrowed encryption, and to reintroduce legislation forcing
telephone-switch manufacturers to add circuitry to allow
wiretapping.

The Administration is mandating a solution before allowing public
discussion of the problem.  Is the ability to conduct wiretaps
more important than the need for personal privacy?  How effective
are wiretaps in law enforcement?  Why would any intelligent
criminal use flawed encryption such as CLIPPER?  It is premature
for the Administration to propose standards before we, as a
people, have time to debate the issues.

CLIPPER does not protect privacy; it forces individuals to
unconditionally trust that the government will respect our
privacy.  It assumes that the government is the good guy and
private citizens are all bad guys.  The same law enforcement
authorities that illegally tapped Martin Luther King Jr.'s phones
can easily tap a phone protected with CLIPPER.  During the past
five years, local police authorities have been either charged
criminally or sued civilly in numerous jurisdictions--including
Maryland, Connecticut, Vermont, Georgia, Missouri, and Nevada--
for conducting illegal wiretaps.  It is a poor idea to deploy
technologies that could someday facilitate a police state.


------- End of Forwarded Message