Crypto Experts Oppose Clipper

[David Farber <farber () central cis upenn edu>]

     More than three dozen of the nation's leading cryptographers,
computer security specialists and privacy experts today urged
President Clinton to abandon the controversial Clipper encryption
proposal.  The letter was coordinated by Computer Professionals
for Social Responsibility (CPSR), which has long sought to open
the issue of cryptography policy to public debate


     The group cited the secrecy surrounding the proposal,
widespread public opposition to the plan and privacy concerns as
reasons why the initiative should not go forward.


     The letter comes at a crucial point in the debate on
cryptography policy.  An internal Administration review of the
issue is nearing completion and the National Security Agency (NSA)
is moving forward with efforts to deploy Clipper technology in
civilian agencies, including the Internal Revenue Service.


     CPSR has sponsored several public conferences on
cryptography and privacy and has litigated Freedom of Informa-
tion Act cases seeking the disclosure of relevant government
documents.  In one pending FOIA case, CPSR is challenging the
secrecy of the Skipjack algorithm which underlies the Clipper
proposal.


        For additional information, contact Dave Banisar, CPSR
Washington, DC, (202) 544-9240, <banisar () washofc cpsr org>.


=============================================================




January 24, 1994


The President
The White House
Washington, DC  20500


Dear Mr. President,


     We are writing to you regarding the "Clipper" escrowed
encryption proposal now under consideration by the White House.
We wish to express our concern about this plan and similar
technical standards that may be proposed for the nation's
communications infrastructure.


     The current proposal was developed in secret by federal
agencies primarily concerned about electronic surveillance, not
privacy protection.  Critical aspects of the plan remain
classified and thus beyond public review.


     The private sector and the public have expressed nearly
unanimous opposition to Clipper.  In the formal request for
comments conducted by the Department of Commerce last year, less
than a handful of respondents supported the plan.  Several hundred
opposed it.


     If the plan goes forward, commercial firms that hope to
develop new products will face extensive government obstacles.
Cryptographers who wish to develop new privacy enhancing
technologies will be discouraged.  Citizens who anticipate that
the progress of technology will enhance personal privacy will
find their expectations unfulfilled.


     Some have proposed that Clipper be adopted on a voluntary
basis and suggest that other technical approaches will remain
viable.  The government, however, exerts enormous influence in the
marketplace, and the likelihood that competing standards would
survive is small.  Few in the user community believe that the
proposal would be truly voluntary.


     The Clipper proposal should not be adopted.  We believe that
if this proposal and the associated standards go forward, even on
a voluntary basis, privacy protection will be diminished,
innovation will be slowed, government accountability will be
lessened, and the openness necessary to ensure the successful
development of the nation's communications infrastructure will be
threatened.


     We respectfully ask the White House to withdraw the Clipper
proposal.


Sincerely,


Public Interest and Civil Liberties Organizations


  Marc Rotenberg, CPSR
  Conrad Martin, Fund for Constitutional Government
  William Caming, privacy consultant
  Simon Davies, Privacy International
  Evan Hendricks, US Privacy Council
  Simona Nass, Society for Electronic Access
  Robert Ellis Smith, Privacy Journal
  Jerry Berman, Electronic Frontier Foundation


Cryptographers and Security Experts


  Bob Bales, National Computer Security Association
  Jim Bidzos, RSA Data Security Inc.
  G. Robert Blakley, Texas A&M University
  Stephen Bryen, Secured Communications Technologies, Inc.
  David Chaum, Digicash
  George Davida, University of Wisconsin
  Whitfield Diffie, Sun Microsystems
  Martin Hellman, Stanford University
  Ingemar Ingemarsson, Universitetet i Linkvping
  Ralph C. Merkle, Xerox PARC
  William Hugh Murray, security consultant
  Peter G. Neumann, SRI International
  Bart Preneel, Katolieke Universiteit
  Ronald Rivest, MIT
  Bruce Schneier, Applied Cryptography (1993)
  Richard Schroeppel, University of Arizona
  Stephen Walker, Trusted Information Systems
  Philip Zimmermann, Boulder Software Engineering


Industry and Academia


  Andrew Scott Beals, Telebit International
  Mikki Barry, InterCon Systems Corporation
  David Bellin, North Carolina A&T University
  Margaret Chon, Syracuse University College of Law
  Laura Fillmore, Online BookStore
  Scott Fritchie, Twin-Cities Free Net
  Gary Marx, University of Colorado
  Ronald B. Natalie, Jr, Sensor Systems Inc.
  Harold Joseph Highland, Computers & Security
  Doug Humphrey, Digital Express Group, Inc
  Carl Pomerance, University of Georgia
  Eric Roberts, Stanford University
  Jonathan Rosenoer, CyberLaw & CyberLex
  Alexis Rosen, Public Access Networks Corp.
  Steven Zorn, Pace University Law School


     (affiliations are for identification purposes only)