A Chip Over My Shoulder: The Problems With Clipper Column for July 1994 issue of Internet World By Mike Godwin "Only in a police state is the job of a policeman easy." --Orson Welles Your government is deeply troubled by the possibility that you can keep a secret. Or, to put it more precisely, the government is disturbed by the prospect of widespread powerful encryption tools in individual hands. Once you can keep your communications and data truly secret, officials worry, the value of wiretapping, an important law-enforcement and intelligence tool, will evaporate. It's unclear whether the government's arguments are valid. But regardless of whether they are, the government's latest efforts to prevent us from adopting powerful and uncrackable encryption technologies raise serious questions about personal liberty, the role of government, and the possibility of privacy in the 21st century. If you're not already familiar with these efforts, here's an update. The Clinton Administration has embarked on an ambitious plan to prevent a mass market for uncrackable encryption from arising. The first step in this plan has already been announced: the Administration has called for the entire federal government to adopt the Clipper Chip--an encryption standard with a "back door"--for communications and data security. In addition, the government has declared its intention to use every legal method short of outright prohibition to discourage alternative forms of encryption technology. "Just what is this Clipper Chip?" you may be wondering. The short answer is: the chip is an encryption device, developed to National Security Agency specs, that keeps your communications and data secret from everyone ... except the government. To understand how the chip works, you need to look at what officials call its "key escrow encryption method." Manufactured by a private company called Mykotronix, the chip uses an NSA-developed algorithm called "Skipjack, " which, by all accounts so far, is a remarkably powerful algorithm. But the chip also includes the "feature" that its primary encryption key can be divided up mathematically into two "partial keys." The government proposes that each partial key be held by a separate government agency--the Administration has picked the Department of the Treasury and the National Institute of Standards and Technology (NIST)--from which the keys can be retrieved when government officials obtain a wiretap order. The NSA and the FBI love this idea. With the Clipper Chip in your phone or computer, they believe, you have the power to keep your information private from crooks and industrial spies and anyone else who wants to pry--except of course for law enforcement and the NSA. Law enforcement and intelligence agencies would be barred from seeking those escrowed keys in the absence of legal authorization, normally a court order. "And of course you needn't worry about us," say government officials. "We're here to protect you." Chips Off the New Block The current initiative has been a long time coming. It was in April of last year the Clinton Administration first announced Clipper--the announcement was met with a public outcry from civil-liberties and industry groups. Civil libertarians were concerned about the government's insistence on its need to prevent citizens from having access to truly unbreachable privacy technologies. Computer and telecom industry leaders worried about a standard that might crush a potentially vital market in such technologies. At first the Administration expressed a willingness to listen. The Digital Privacy and Security Working Group, a coalition of industry and public-interest organizations headed by the Electronic Frontier Foundation, outlined its objections and expressed the hope of engaging in talks with the Administration about the issue. In early February of this year, however, the Clinton Administration and various agencies announced to the world that, in spite of the grave misgivings of civil-liberties and industry groups, it would be proposing the Clipper Chip's encryption scheme as a new Federal Information Processing Standard (FIPS). The standard, stresses the government, will be entirely "voluntary"--but the government plans to use export-control laws and other methods to frustrate the market for any competitive form of encryption technology. Current export-control laws restrict the sales in foreign controls of encryption hardware and software. The laws have not been entirely effective in keeping commercial encryption technologies out of foreign hands--it's possible these days to buy encryption products in Moscow, for example. But the laws do succeed in deterring the American software industry from developing powerful and easy-to-use encryption products, since any company that does so is denied the right to sell the product on the global market. Still, if Clipper is voluntary, you may ask, what does it matter to *individuals *what standard the government adopts? The government also adopted the ADA programming language, after all, yet there are still people programming in all sorts of languages, from BASIC to C++. The answer is simple--"freedom of choice" is meaningful only if there are real choices. The government's export-control strategy is designed to make sure that there aren't any choices. If commercial software companies aren't allowed to sell encryption to the world market, they're unlikely to develop strong, easy-to-use alternatives to Clipper. And that means individuals won't have access to alternatives. Now, it's perfectly possible, in theory, to thwart the government-approved Clipper scheme by using a non-commercial encryption application, such as PGP, to pre-encrypt your messages before sending them through Clipper-equipped devices. But PGP and other products, because of their slowness or difficulty, are never likely to expand beyond the circle of hobbyists that enthusiastically support them. For encryption products to give rise to a genuine consumer market, they have to be quick and almost transparently easy to use. The government knows this, which is why their focus is on nipping (clipping?) the commercial encryption software market in the bud. It's the commercial market that really matters. The government's side When asked to substantiate the need for Clipper, or the threat of unbreakable encryption, the government often talks about crime prevention. As a practical matter, however, wiretaps are almost always used *after* crimes are committed--to gather evidence about the individuals the government already suspects to have been involved in a crime. So, the hypothetical cases involving nuclear terrorism or murder-kidnappings aren't really convincing--it's the rare case in which a wiretap prevents a crime from occurring. As a practical matter, the single most important asset to law enforcement is not wiretaps but informants. And nothing about unbreakable encryption poses the risk that informants are going to disappear. One of the more rational statements of the government's case for Clipper comes from my friend Trotter Hardy, a law professor at William and Mary, who writes: "The government's argument, I take it, is that the benefit is law enforcement. That strikes me as at least as great a benefit as minimum wage laws; perhaps more, since it protects everybody (at least in theory), whereas [minimum] wage laws primarily benefit their recipients. Maybe EPA regs are the better analogy: everybody gets reduced pollution; with Clipper, everybody gets reduced criminal activity. Is that not a reasonable trade-off?" But the problem is that the government refuses to be forthcoming as to what kind of trade-off we're talking about. According to government statistics, there are fewer than 1000 state and federal law-enforcement wiretaps per year, and only of a minority of these wiretaps leads to convictions. Yet we are being asked to abandon the chance for true privacy and to risk billions of dollars in trade losses when there has never been shown to be any crime associated with uncrackable encryption whatsoever. And we're also being asked to believe that the kind of criminals who are smart enough to use encryption are dumb enough to choose the one kind of encryption that the government is guaranteed to be able to crack. Moreover, there are fundamental political issues at stake. This country was founded on a principle of restraints on government. A system in which the privacy of our communications is contingent on the good faith of the government, which holds all the encryption keys, flies in the face of what we have been taught to believe about the structure of government and the importance of individual liberty. In short, the government fails to make its case in two separate ways--pragmatically and philosophically. Trotter goes on to write: ".... I don't think the government cares whether an accountant in India can password protect a spreadsheet. I would guess that even Clipper or DES [the government's current Digital Encryption Standard] or whatever would be more than enough protection for such a person. I think the government cares that it be able to detect foreign intelligence that is relevant to US security or interests. I am not sure where I come out on the question, but at the very least it seems to me that the government is reasonable in this desire." Yet there are some premises here that need to be questioned. Do we really suppose that "foreign intelligence" is dependent on the American software industry to develop its encryption tools? Diffie-Helman public-key encryption and DES are already available worldwide, yet Microsoft can't export software that contains either form of encryption. No, the real issue is that, to the extent that a mass market arises for encryption products, it makes the NSA's job more difficult, and it may at some future time make some investigations more difficult as well. When asked to quantify the problem, however, the government invariably begs off. Instead, government spokespeople say, "Well, how would you feel if there were a murder-kidnapping that we couldn't solve because of encryption?" To which my answer is, "Well, I'd feel about the same way that I'd feel if there were a murder-kidnapping that couldn't be solved because of the privilege against self-incrimination." Which is to say, I understand that limits on government power entail a loss in efficiency of law-enforcement investigations and intelligence-agency operations. Nevertheless, there is a fundamental choice we have to make about what kind of society we want to live in. Open societies, and societies that allow individual privacy, are *less safe*. But we have been taught to value liberty more highly than safety, and I think that's a lesson well-learned. What's more, we need to be able to engage in rational risk assessment, and that's something that the government resists. Instead, the government subscribes to the reasoning of Pascal's Wager. Pascal, you may recall, argued that the rational man is a Christian, even if the chances that Christianity is true are small. His reasoning is quasi-mathematical--even if the chances of Christianity's truth are small, the consequences of choosing not to be a Christian are (if that choice is incorrect) infinitely terrible. Eternal torment, demons, flames, the whole works. This is precisely the way that the government talks about nuclear terrorism and murder-kidnappings. When asked what the probability is of a) a nuclear terrorist, who b) decides to use encryption, and c) manages otherwise to thwart counterterrorist efforts, they'll answer "What does it matter what the probability is? Even one case is too much to risk!" But we can't live in a society that defines its approach to civil liberties in terms of infinitely bad but low-probability events. Open societies are risky. Individual freedom and privacy are risky. If we are to make a mature commitment to an open society, we have to acknowledge those risks up front, and reaffirm our willingness to endure them. We face a choice now. After a century of technological development that has eroded our ability to keep our personal lives private, we finally possess, thanks to cheap computing power and advances in cryptography, the ability to take privacy into our own hands and make our own decisions about how much, and how well, to protect it. This prospect is frightening to a government that has come to rely on its ability to reach into our private lives when it sees the need to do so. But I have faith that our society is not dependent on our government's right to mandate disclosure of our personal records and private communications--that a mature society can tolerate a large degree of personal privacy and autonomy. It's a faith I hope you share.