Computer Code's Security Worries Privacy Watchdogs : Technology: They fear government will abuse access to private messages. Officials promise safeguards.

By ROBERT LEE HOTZ

Oct. 4, 1993 12 AM PT

TIMES SCIENCE WRITER

Ted Bettwy frowned over the tops of his bifocals and pushed the crumpled sheets of fax paper across his desktop. “We felt raped,” he said, “our privacy violated.”

The fax was a copy of a computer message that detailed his company’s confidential corporate accounting records. It itemized the firm’s financial arrangements with the secretive National Security Agency, even the brand of office safe the company had purchased and the fact that it had never changed the combination.

The information, he said, had been filched from company files and transmitted openly on Internet, which links 15 million computers users in 125 countries.

Bettwy, president of a small Torrance company called Mykotronx Inc., was especially chagrined by the breach of confidence because Mykotronx has a special responsibility for keeping other people’s secrets. A security problem at Mykotronx is like arson in a firehouse.

Mykotronx is the only company in the United States authorized by the federal government to produce a powerful new computer chip that scrambles telephone, cellular, fax and computer transmissions. The White House has proposed that the encryption system, embodied in the company’s $26 “Clipper Chip,” be adopted by the government and all those who do business with it.

The chip is based on a new twist in the mathematics of cryptography that officials at the National Institute of Standards and Technology say will safeguard secrets better than almost anything else commercially available.

But the facet of the new code the government likes best is that the government itself will hold the keys to decipher it. Every chip will have a unique set of keys that will allow government agents with a court order to unscramble any clipper-coded computer message, fax or telephone call.

Consequently, the relationship between the tiny company in Torrance, a powerful intelligence agency such as the National Security Agency, and the design of the code makes some computer experts and independent cryptography specialists very uneasy.

Computer experts and technical analysts worry that the NSA, which has authority to intercept foreign telecommunications, may have commissioned Mykotronx to build a hidden weakness--a master key or “trap door”--in the chip that would allow intelligence agencies or law enforcement groups to crack any coded telephone call, fax transmission or electronic mail without a court order.

Mykotronx’s confidential corporate files were spilled by an anonymous computer user. Like many computer scientists, cipher experts and privacy advocates, the culprit was angry over what critics say is a government plan to make the Clipper Chip the keystone of a national electronic surveillance system.

In a radical departure from how today’s telephone system evolved, the federal government is making the code a fundamental design principal for a broad range of new telecommunications technologies. Telephones and computer modems in the future, some critics say, will be like combination locks designed to be opened by the government.

“There is clearly cause for alarm when the intelligence agencies--the people in charge of spying on the world--are in charge of protecting our privacy,” said David Banisar, an analyst for the Washington-based Computer Professionals for Social Responsibility, which sponsors an annual conference on advanced cryptography.

In the world of codes and cyphers, secrets are designed to be left out in the open for everyone to see but for only a select few to understand.

The Clipper Chip and the company that makes it are such secrets.

The chip contains the biggest secret in modern cryptography: the classified mathematical formula called Skipjack designed by the National Security Agency. But without the agency’s permission, no one is allowed to see inside the chip to judge the security of the code it contains or whether it would enable government agents to conduct illegal wiretaps.

Mykotronx is trusted to design and program the chip, safeguarding its integrity at all stages. But only those with a top secret clearance can really know what happens inside the company’s classified production area.

Cipher experts, computer security specialists and telecommunications experts are asking themselves whether anyone should confide their secrets to an arcane mathematical formula without knowing who designed it, what their true goals were or being able to analyze it directly.

To the observer, Mykotronx seems an unlikely keeper of one of the nation’s biggest secrets. The first time many cryptography experts heard of the company was the day last spring when the White House announced that the firm would be the sole supplier of the Clipper Chip for the foreseeable future. The contract was not put out for competitive bidding.

The firm’s headquarters, tucked in a second floor corner of an office park near a Torrance oil refinery, is an exercise in anonymity.

The lobby--with its pale violet walls, steel warehouse furniture, industrial carpet and Ansel Adams posters--gives no clue to the company’s purpose or its classified product line. The most advanced piece of electronics in evidence is an IBM Selectric Typewriter.

Only the electronic combination locks on every office door hint that this may be something more than the home of a hard-luck office rental agency. A note by the exit reminds employees discreetly: “The last person to leave must activate the alarm.”

Secure behind the combination locks is a different world.

Casually dressed engineers pad down halls lined with framed diagrams of colorful encryption circuits and plaques of appreciation from the National Security Agency. Circuit boards spill their guts on test benches. And behind the last door, secured by an extra set of combination locks, they program Clipper Chips.

In November, company officials expect to deliver their first shipment of 15,000 Clipper Chips to AT & T, which plans to install them in telephones for sale to the general public.

The company and its engineers have been responsible for U.S. space communications security since 1979. Hardly a satellite orbits whose command transmissions and data links are not encrypted through a black box built by Mykotronx.

“We do all the biggies,” Bettwy said. “The IBMs. The Aerojets. TRW. NASA. DOD. Lockheed. Hughes. We encrypt the data links between the ground and the spacecraft. That’s our bread and butter.

“The Clipper Chip is a spinoff,” he said.

Last year, that core business brought Mykotronx and its 43 employees about $4 million. Bettwy expects that to grow to about $6 million this year. In contrast, the National Security Agency is said to employ more than 40,000 people with a secret budget estimated at more than $16 billion.

NSA officials said they have spent about $2.5 million during the two years they have been working on the chip with Mykotronx. The Skipjack code, they said, has been in the works for more than a decade.

NSA officials would not discuss any details of their relationship with Mykotronx, but they acknowledged that the company has designed other encryption systems for the agency.

“Mykotronx was selected because they had secure facilities, experience in this field and the kinds of clearances required to work with some of the information that was necessary to do this work,” said Stewart A. Baker, NSA general counsel. “That combination is fairly rare in the private sector.”

The company’s corporate brochure, which features a painting of what appears to be a surveillance satellite on the cover, says Mykotronx has completed five cryptography projects approved by NSA and is working on three more.

No other firm has had so much experience with cryptography and complex integrated circuits, company executives said.

Three years ago, for example, Mykotronx was the first to build and orbit a complete encryption system contained on a single microchip. So far, it is the only company to do so on a tamper-proof chip, they said.

That expertise is especially important because the government is making the code available to the public only inside a tamper-proof chip. In a departure from standard practice, the code’s formula will remain classified.

When the current national encryption standard, a code designed by IBM called DES, was introduced almost 20 years ago, its inventors immediately made the formula public so that independent computer experts and corporate cryptographers could test it to make sure it was secure.

But the government is determined to keep the Skipjack formula to itself.

Consequently, what under ordinary circumstances would be material for scientific investigation--public trial, error and academic peer review--has been reduced to a question of human faith. To allay suspicion, the NSA invited five cryptography experts to test the classified code, but they will be barred from discussing their findings in any but the most general terms.

And that makes the role played by Mykotronx even more crucial, cryptography experts said.

Mykotronx essentially builds the lock--by designing the chip’s microcircuits--and then fits it with the keys that open it by programming each individual Clipper Chip with the serial numbers that identify it and form its numeric keys.

“The programming in these escrow keys is a very critical thing . . . and a very dangerous one,” said Martin Hellman, a pioneering computer scientist at Stanford University who helped invent modern cryptography.

Privacy advocates and independent cryptographers are concerned that, despite legal safeguards to prevent government abuse, federal agents will secretly hoard unauthorized sets of electronic keys to the code for clandestine eavesdropping.

And they fear that, to ensure that everyone uses only the code the government can read, federal officials eventually will make any other form of encryption illegal.

Those involved in the project say such fears are groundless.

The company never has the keys in its possession, so it can’t compromise them, Bettwy said.

The chips are programmed automatically by a machine designed by Mykotronx and the NSA. The Mykotronx machine also automatically creates the “escrow keys” that police can use to decipher the code.

The machine will be set at the beginning of each run by an agent from the Treasury Department and an official from the National Institutes of Standards and Technology, who will hold each chip’s set of keys in “escrow” in Washington until presented with a proper court order. Then they will fax the numeric keys to the authorized wiretapper.

“We have no access to the keys,” Bettwy said. “We don’t know what they will be in advance. We will not have the whole key residing here. And no one here knows what key goes with what chip.”

In fact, Mykotronx will not even be able to unlock the office door to the machine unless both agents are present, he said.

In a security precaution reminiscent of the care taken with the launch keys for nuclear-tipped ICBMs, the programming room at the company’s Torrance headquarters can be entered only after each escrow agent opens a separate lock.

Bettwy and his colleagues are well aware of the suspicion surrounding their Clipper Chip. For those who question the code’s technical reliability, they are anxious to explain that no one could crack the Clipper code by conventional means.

Dorothy E. Denning, head of the computer science department at Georgetown University, is one of the five experts invited to test the code. She spent much of the summer testing the new code at the invitation of the NSA.

Denning said the NSA Skipjack algorithm indeed appears unbreakable. It is twice as complex and twice as convoluted as the DES code, she added.

Denning said the only reason the code is secreted inside the Clipper Chip is to safeguard classified design technology and make sure that people cannot block its wiretapping function.

Any suggestion the code has a built-in weakness is “hokey,” she said.

For Bettwy, the Clipper Chip, a complex circuit barely bigger than a beetle, is a small package with a large future.

“Today, it is simple to pick up e-mail. It is simple to intercept faxes. It is easy to hear calls,” he said. “We have to have some kind of privacy. It turns out that encryption is an easy way to solve the problem.”

He foresees a day when people will carry personalized “crypto-cards” containing an encryption chip to plug into pay telephones to make scrambled calls, personal computers to unlock coded files or interactive cable television boxes to make purchases. Publishers and producers will use such encryption chips to meter information and movies from pay-as-you-go CD-ROM disks.

Medical files stored on a wallet-sized “smart” insurance card, like the national health identity card proposed by the Clinton Administration, could be protected from unauthorized eyes by an encryption chip such as Clipper.

In the short run, his goals are more modest.

He said he would like to see the company take over the rest of the second floor.

Bettwy said he has spent a lot of time recently thinking about privacy, prompted partly by his work with the Clipper Chip and partly by his own security problems.

The security at Mykotronx, he acknowledged, was breached the old-fashioned way: Someone went through the garbage.

From the discarded IBM typewriter ribbons used by company secretaries, it was a simple matter to reconstruct company financial records, memos and other corporate secrets. Bettwy said the company has taken precautions to prevent any repetition.

“In a way, it was good for me because I was struggling with the question of whether the government should be allowed to intercept people’s conversations,” he said.

“I hated it when someone violated our privacy this way,” he said. But he added that he would feel differently if his files had been rifled instead by a properly authorized government agent or if his personal phone calls were intercepted by a court-ordered wiretap.

He ran his eye again down the list of the stolen company records: bank account numbers, stock holdings, payroll, test plans, bonus payments, even the corporate Federal Express account number.

“I would hate it even more if the government did this without authorization,” he said.

Comparing Two Codes

Government experts say the Skipjack code inside the Clipper Chip is a major advance over the current national encryption standard, an electronic code called the Data Encryption Standard (DES). Skipjack is twice as complex.

DES SKIPJACK *Designer: IBM National Security Agency *Year introduced: 1976 1993 *Formula: Public Classified *Law enforcement access: No Yes *Key chosen by: User Government *Number of keys: One Two

Sources: U.S. National Security Agency, Mykotronx Inc.