Why the Clipper’s Not Likely to Chip Away at Privacy

J GVD BOSF BEUI JUZP VTIP VMEX PSLG PSUI FOTB . . .

. . . or maybe you shouldn’t. But there should be no doubt that the Clinton Administration’s confused Clipper chip initiative threatens to turn every American who cares about privacy into a practicing digital cryptographer. Which may very well be a good thing, but perhaps not in quite the way this Administration intended.

Some background: One year ago, President Clinton signed an executive order that authorized the creation of an optional federal standard for secure voice and data communications. Rather than go with a commercially available encryption scheme, the government chose to use one effectively developed by the National Security Agency (America’s Capital of Cryptanalysis).

A specially designed silicon chip called Clipper would be the tool to encrypt and decode these communications. Clipper would ultimately be built into the telephones the government procured. Hey, why shouldn’t the government have secure internal communications?

But creating a new encryption standard for federal use apparently didn’t go far enough. The feds--aggressively encouraged by the national security and law enforcement communities--agreed to market Clipper as an alternate encryption standard and an essential high-tech ingredient in the global War Against Crime.

The NSA, the Justice Department and the FBI have publicly encouraged global corporations, such as banks, to adopt Clipper as their own encryption standard. To absolutely, positively assure that no one in the government would ever improperly eavesdrop on Clipper-ized conversations--that could never happen, could it?--the Administration offered an elaborate scheme of safeguards whereby law enforcement officers who managed to get a warrant would have to go to two separate agencies to get the software keys to unlock the relevant Clipper code.

*

Needless to say, the civil libertarians have gone ballistic over this effort by the government to build an infrastructure that technologically empowers it to more easily listen in on human-to-human and computer-to-computer communications.

Scores of private companies have voiced their opposition to the Clipper proposal (which, a harried spokeswoman for the National Institute of Standards and Technology swears up, down and sideways, is really “optional, optional, optional!” ). Essentially, the public relations campaign for Clipper has been about as intelligently handled as Whitewater.

Put the vital issues of privacy and civil liberties aside, however, and, on purely pragmatic terms, the Clipper initiative seems to have been put together by people who behave as if they have no understanding of privacy, technology or markets.

In fact, the Clipper chip seems destined to produce exactly the opposite effect of what was intended. Instead of creating an encryption standard that gives the government a fighting chance for successful eavesdropping, the feds have encouraged the creation of an encryption market to bypass the threat of government decryption.

Put it this way: Suppose the government issued you very strong locks to protect your home against intrusion. Now suppose the government could get the keys to those locks only with a very special warrant. If you could buy your own powerful locks or alarm system for just a few extra dollars, would you do it? That’s the question confronting individuals and organizations who fear for their telecommunications privacy today.

Right now, you can go on the Internet and, at no cost, get an encryption scheme called PGP (for Pretty Good Privacy) to protect your electronic mail. By the end of this year, predicts PGP creator Philip Zimmerman, people will be able to participate in scrambled voice communications using their personal computers as encryption boxes, for far less than the cost of a Clipper.

You can expect to see cryptography activists posting freeware or shareware versions of their algorithms in the ongoing battle to assure truly private communications in the face of government standards. Who knows? Maybe Mitch Kapor’s Electronic Frontier Foundation or the Markle Foundation will fund such privacy initiatives.

Now, unless the government actually makes such private encryption illegal, Clipper is going to foment entrepreneurial digital cryptographers feeding off the paranoid fantasies of individuals and institutions that fear their communications might be compromised by Big Brother.

Does the slogan “If cryptography is outlawed, only outlaws will have cryptography” ring a bell?

As an internal government standard, Clipper is fine. But without regulating commercial cryptography, the Clipper chip is a wasteful, impotent policy gesture.

The economics of digital cryptography mean the marginal cost of providing powerful encryption is going down even as the government tries to seduce--or require--people to use its proffered standard. Clipper is economically obsolete even as you read this.

*

This is so obvious to people in the cryptographic community that they hardly discuss it. But the fact is that digital cryptography has proliferated to the point where Clipper is likely to be more of a catalyst for innovation than an effective weapon against criminals.

People truly concerned about government eavesdropping--global drug dealers, organized crime, hedge fund managers, munitions makers, etc.--are precisely the sort who would be willing to pay a few hundred extra dollars to buy encryption software that foils or bypasses a Clipper chip. Talk with people in law enforcement about the bypass option and they have no real response (although they are fond of pointing out how stupid criminals can be when talking on the phone).

As long as there is a thriving market in commercial cryptography, Clipper is unlikely to be a threat to our privacy or our criminals. It is, however, a definite threat to our respect for the government technocrats who craft public policies that treat our privacy and our technology marketplaces with a mix of such seeming ignorance and contempt.