[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject




reproduced with attributation:

From Electronic Engineering Times, November 22, 1993,
issue 773, page 1 and page 78.



U.S. weighs Clipper chip alternatives

   BY GEORGE LEOPOLD

Washington -  The Clinton adminstration
is readying a new encryption policy that
could help defuse industry opposition to
introduction of the government-developed
Clipper chip by embracing commercial
technologies as alternatives for network
security, according to government and
industry sources.

  A National Security Council panel led
by George Tenet, special presidential
assistant for intelligence programs, is
completing a broad review of government
encryption policy with an eye toward
employgin the Clipper chip, as well as
commercial alternatives, to ensure 
privacy and security on public networks. 
Those would include the proposed electronic
superhighway, or National Information
Infrastructure (NII).

  Tenent could not be reached for
comment on the review's status, but a 
U.S. official said last week the results
of the seven-month National Security 
Council policy review will be announced
soon.

  The Clipper chip, backed by the National
Security Agency and proposed by the Clinton
administration in April as a new data-encryption
standard, is widely viewed by industry critics
as a fait accompli, since the spy agency
wants to use it to protect intelligence data.

  Asked in an interview last Monday whether the
policy review sould resutl in modification of
the Clipper chip proposal,  Michael Nelson, special 
assistant for information technology in the
White House Office of Science and Technology
Policy, acknowledged the need to consider other
encryption technologies for network security,
including software solutions.  He also said the
government should have sought greater industry
participation before proposing the Clipper chip.

  Industry opposition to the Clipper chip 
resurfaced at a recent government-industry 
summit in San Fancisco (see Nov. 8, page 1).
During a panel on the NII, Nelson told angry 
company executives that the Clinton admininistration
would no impose Clipper on industry or rule out
alternative encryption technologies.

  "Clipper is not a silver bullet, it's not even
a brass bullet," Nelson said.  "It's only one
approach."

  He added, "If we don't address these (network security)
issues, people won't use the NII."
  
  Nelson said last week the National Security Council
review was designed to bring industry and Congress 
into the process of looking for commercial solutions,
besides Clipper, to the network-security issue.  Industry
groups said last week they have contributed to the review,
which began shortly after Clipper was proposed.  The review
is expected to result in a decision on how to implement
Clipper.

  A decision on how to proceed with the Clipper proposal
was scheduled for Sept. 1 but was delayed in response
to recommendation from a private-sector advisory group
to the Commerce Department.

  Clipper, which scrambles telephone conversations using
an encryption algorithm called Skipjack, is at the heart
of an administration initiative announced in April on 
secure telecom networks and wireless communications links.
Forced to balance the interests of companies and private
citizens with law-enforcement and national-security needs,
President Clinton ordered a comprehensive review of U.S.
encryption policy adressing:

  x Privacy, including the need for voice and data
    encryption to protect proprietary business data.

  x The ability of federal law-enforcement officials to 
    tap phones and computers.

  x The employment of modern technology to build the NII,
    including encryption technolgy needed to protect
    proprietary information transmitted over the information
    superhighway.

  x The need for American companies to build and export
    high-technology products to boost U.S. competiveness.
    U.S. companies may offer encryption as a feature of 
    software sold in the United States, but are prohibited
    from including encryption in commercial software exports.
    Proponents of decontrolling encrypted software aruge that
    restrictions are useless because encryption technology is
    widely available (see Oct. 18, page 18).

  Acknowledging industry's concerns, the initiative also 
includes the creation of a key-escrow system to insure the
Clipper chip would be used to protect privacy.  (A Commerce
Department official said last week the government has 
dropped the Clipper moniker, referring to it instead as the
"key-escrow chip", out of concern for possible trademark
infringement.)

  Devices incorporating the chip would have two unique
software keys government investigators would need to decode
encoded messages.  Two key-escrow data banks would be
overseen by a pair of independent agencies designated by the
Justice Department and the White House.  A decision on which
agencies will oversee the databases has not been made,
Commerce spokeswoman Anne Enright Shepherd siad last
Wedesday.

  According to a White House statement announcing the 
encryption policy, "We need the Clipper chip and other 
approaches that can both provide law-abiding citizens the
access they need and prevent criminals from using it to
hide their illegal activities."

  Depsite the administration's insistence that Clipper and 
the rest of the encryption policy are voluntary efforts, many
U.S. high-tech companies have opposed it (see June 21, page 28).
Instead, they want policy makers to retain the ubiquitous
federal Data Encryption Standard (DES) and use other public-key
technologies, such as RC-2 and RC-4.  DES uses a 56-bit key
while Clipper employs an 80-bit key.

  Clipper "was forced upon [the Clinton administration] before
they had the chance to evaluate its impact," Bruce Heiman, a
Washington attorney representing the Business Software Alliance,
said last Tuesday.  "NSA sold them a bill of goods."

  The policy review means "they relaize that Clipper has problems
... but they don't want to rule it out entirely," Heiman said,
adding that industry would accept Clipper as one alternative to
network security only if it is a part of a truly voluntary 
program that includes public-key encryption.