Roughly, the scheme worked like this: each chip contains a unique serial number, a
unique encryption key, and a family key that is the same across all Clipper chips
but is known--or supposed to be known--only to authorized law enforcement
personnel. Private keys are eighty bits in length (in general, the longer the key the
greater the security), and in the original proposal were to be split into two pieces to
be escrowed with two government agencies, NIST (in the Department of
Commerce) and the Treasury Department.
The bit of code that unlocks Clipper for interested police officers, though, is the Law
Enforcement Access Field (LEAF), which is exchanged when two Clipper-Inside
devices negotiate at the start of a session (or the chips won't work). The LEAF is
derived by first using the chip's unique key to encrypt the session key that's been
generated and then appending the chip's unique serial number and a checksum (a
number generated for verification) and re-encrypting the entire mess with the family
At least that was the plan when Clipper was announced, in early 1993. The
objections were immediate and so broad-based that the NSA representatives who
showed up to debate the issue at CFP'94 seemed stunned. After all, the argument
went, what we're offering people is much stronger and safer than the nothing
everyone uses even now, three years later.
The political objections were obvious: why should the government have the ability
to read people's private electronic communication? The Post Office doesn't keep an
escrowed copy of every letter we write, and no little chip tracks our daily
movements in case law enforcement later needs to find out what we were doing on
February 23, 1973 (even if video cameras go up daily). Opposition came from all
sorts of places: the Electronic Frontier Foundation, Computer Professionals for
Social Responsibility, the American Civil Liberties Union, and software industry
giants like Microsoft and IBM's Lotus subsidiary (whose product Notes is made to
handle complex, confidential, business-wide databases). The software companies
figured (correctly) that the continued ban on exporting strong cryptography and the
key escrow requirement would not make it easier for them to sell their products in
foreign markets. Less predictably, opposition to Clipper also came from Christian
fundamentalists, and even Rush Limbaugh.
Nonetheless, then NSA general counsel Stewart Baker dismissed the protests this
way at CFP'94 and later in print in Wired: "The opposition to Clipper is coming from
people who weren't allowed to go to Woodstock because they had to finish their
math homework."This was received with about as much enthusiasm
as (though less hilarity than) White House science spokesman Mike Nelson's
comment at CFP'96 that key escrow in fact would be acceptable to non-U.S.
citizens because they'd trust our government sooner than their own, and that "we
do not help countries that oppress their own people."
Nonetheless, Baker's comment had an element of truth to it: a lot of the protest
was coming from the forty- and fiftysomethings who came of age in the era of
distrust engendered by Viet Nam and Watergate and reinforced by Oliver North. It's
hard not to think of your government as potentially hostile when you remember that
four college students just like you were shot at Kent State during anti-war protests,
or when your first exposure to Senate hearings was to those that wound up with
the resignation of a president. American tradition is, in any case, on the side of
limiting the powers of government and always paying healthy attention to the
possibility that today's benevolent government may be replaced, someday down
the line, with one that's not so friendly. As Phil Zimmermann has often put it, "If
you're looking at technology policy, you should ask yourself what kind of
technological infrastructure would strengthen the hand of a police state, and then
don't deploy that technology. That's a matter of good civic hygiene."
There are, of course, good reasons for giving someone a copy of your key. It's too
easy to look ahead and imagine the day when Aunt Minnie dies, leaving all her
assets locked up in electronic cash on her laptop, and no one in her family can
guess the passphrase that unlocks access to the money because no one knows
about the illicit lover whose name she used. Making sure a copy of the key is safely
stowed somewhere is just as logical as giving a friend the keys to your house in
Copyright © 1997-99 NYU Press. All rights reserved.
Reproduction in whole or in part in any form or medium without written permission of New York University Press is prohibited.
Be sure to visit the NYU Press Bookstore
[Design by NiceMedia]