Handbook of Information Security Management:Access Control

Previous Table of Contents Next


THE CLIPPER CONTROVERSY

In April 1993, the Clinton administration proposed a new standard for encryption technology, developed with the National Security Agency. The new standard is a plan called the Escrowed Encryption Standard. Under the standard, computer chips would use a secret algorithm called Skipjack to encrypt information. The Clipper Chip is a semiconductor device designed to be installed on all telephones, computer modems, and fax machines to encrypt voice communications.

The Clipper Chip

The Clipper Chip combines a powerful algorithm that uses an 80-bit encryption scheme and that is considered impossible to crack with today’s computers within a normal lifetime. The chip also has secret government master keys built in, which would be available only to government agencies. Proper authorization, in the form of a court order, would be necessary to intercept communications.

The difference between conventional data encryption chips and the Clipper Chip is that the Clipper contains a law enforcement access field (LEAF). The LEAF is transmitted along with the user’s data and contains the identity of the user’s individual chip and the user’s key — encrypted under the government’s master key. This could stop eavesdroppers from breaking the code by finding out the user’s key. Once an empowered agency knew the identity of the individual chip, it could retrieve the correct master key, use that to decode the user’s key, and so decode the original scrambled information.

The Long Key

Clipper uses a long key, which could have as many as 1,024 values. The only way to break Clipper’s code would be to try every possible key. A single supercomputer would take a billion years to run through all of Clipper’s possible keys.

Opponents of the Clipper Chip plan have criticized its implementation on several counts:

  Terrorists and drug dealers would circumvent telephones if they had the Clipper Chip. Furthermore, they might use their own chip.
  Foreign customers would not buy equipment from American manufacturers if they knew that their communications could be intercepted by U.S. government agents.
  The integrity of the “back door” system could be compromised by unscrupulous federal employees.
  The remote possibility exists that an expert cryptologist could somehow break the code.

SUMMARY

Despite opposition from the computer industry and civil libertarians, government agencies are phasing in the Clipper technology for unclassified communications. Commercial use of Clipper is still entirely voluntary, and there is no guarantee it will be adopted by any organization other than governmental ones. Yet several thousand Clipper-equipped telephones are currently on order for government use. The Justice Department is evaluating proposals that would prevent the police and FBI from listening in on conversations without a warrant.

A possible solution to these concerns about privacy invasion would be to split the decryption key into two or more parts and give single parts to trustees for separate government agencies.

In theory, this would require the cooperation of several individuals and agencies before a message could be intercepted. This solution could compromise the secrecy needed to conduct a clandestine criminal investigation, but the Justice Department is investigating its feasibility. No method of data encryption will always protect individual privacy and society’s desire to stop criminal activities. Electronic funds transfer systems and the information superhighway have made the need for private communications more important than ever before. Society’s problems with drugs and terrorism complicate the issues, highlighting the sensitive balance among the individual’s right to privacy, society’s need to protect itself, and everyone’s fear of Big Brother government tools.


Previous Table of Contents Next



The CISSP Open Study Guide Web Site

We are proud to bring to all of our members a legal copy of this outstanding book. Of course this version is getting a bit old and may not contain all of the info that the latest version are covering, however it is one of the best tool you have to review the basics of security. Investing in the latest version would help you out in your studies and also show your appreciation to Auerbach for letting me use their book on the site.