5 Stuffing the Genie Back in the Can of Worms

1 2 3 4 5 6 7 8 9 10

In common with sacred writings everywhere, omen records were couched in deliberately obscure wording. Because omens affected national security and required specialized knowledge, omen work was restricted to small teams of scholars who were more like academics than magicians or priests, men of high rank whose office was hereditary and who reported directly to the king.

--Geoffrey Dean, explaining the origins of astrology in Gordon Stein's An Encyclopedia of the Paranormal

Spreading PGP across the world is only a partial solution if the desired result is the ready availability of strong cryptography. Individuals may take the risk of using software whose legality is uncertain (although most would rather not), but businesses can't--and a lot of our most private communications are with businesses such as banks, lawyers, doctors, and government departments. For encryption to become standard practice, it has to be clearly legal. More than that, it has to be standardized the way the Net itself is. Otherwise, the first time you wanted to send anyone an encrypted message you'd first have to contact them to find out what products they were using. PGP may yet become that standard. But in April 1993, the National Institute of Standards and Technology (NIST) approved a different standard, the Clipper chip, for government use.

Clipper, which the government imagined would be built into all kinds of telephony devices from modems to mobile phones, was a bit of hardware that was supposed to garble data just as effectively as PGP. To cypherpunks, there was a significant difference: Clipper had a special built-in function that would store, or escrow, a copy of your private key with a government agency so that in case of need law enforcement could retrieve the key and decrypt your communications. Only with a court order, of course.

Clipper was one of several results of ten years of research and development authorized by the Computer Security Act of 1987 and carried out by NIST and the National Security Agency (NSA), the super-secret agency no one was supposed to know existed until the publication in 1982 of John Bamford's comprehensive history, The Puzzle Palace.[1] Investment on this level would have been considered necessary even without the Net. As hardware gets ever more powerful, yesterday's uncrackable encryption systems become tomorrow's easy targets. The previous standard, DES (for Data Encryption Standard), developed at IBM in the 1970s, was certified in 1977 as a government standard, and was reviewed in 1993 and certified until 1998. But the NSA could look ahead to the day when replacement was essential if the security agencies were to remain confident that their encryption could not be broken by other countries in a war, as the United States did to the Germans in World War II when it cracked their Enigma cipher. At the Crypto93 conference, Michael Wiener, a cryptographic advisor at Bell-Northern Research, published a paper containing a design (complete with circuit diagrams) of a $1 million machine that could crack DES in seven hours. Triple DES--a new technique that involves encrypting data with one key, decrypting it with a second, and re-encrypting it with a third--is thought to have substantially extended DES's useful life.

At the 1994 Computers, Freedom, and Privacy Conference (CFP'94), an NSA staffer in a Boyzz T-shirt adorned with a conference badge sporting a sticker saying, "We are everywhere" explained that the memory of Enigma still dominates NSA thinking from two viewpoints: (1) we should be able to crack other people's encryption systems; (2) no one should be able to crack ours. In a world where PGP and the Net didn't exist, those views must have seemed reasonable, and planning ahead must have made sense.

To create Clipper, the NSA came up with a proprietary algorithm called Skipjack, which uses a form of public-key cryptography. This algorithm was implemented in a chip (Clipper) that was intended to be tamper-proof, so that any attempt to get into the chip to extract its program code (and deconstruct the algorithm) would destroy the hardware. The controversial bit was the built-in function that allowed law enforcement access to each user's secret key. language are known to be used. Shades of Sherlock


Copyright © 1997-99 NYU Press. All rights reserved.
Reproduction in whole or in part in any form or medium without written permission of New York University Press is prohibited.

Be sure to visit the NYU Press Bookstore

[Design by NiceMedia]