From San Jose Mercury News business section, June 7 1994. Reprinted without permission. Clipper substitutes suggested * Computer and telephone industries offer alternatives to controversial encoding system. By Robert S. Boyd WASHINGTON - The Clinton administration and the computer and telephone industries are discussing ways to resolve their conflicts over the government's plan to enable it to eavesdrop on coded communication. Industry representatives hope the discussions will produce a substitute for the controversial Clipper chip, an electronic encoding and decoding system that the government is pushing over opposition from the computing community and privacy advocates. Several alternatives were suggested Monday at a conference on cryptography and privacy attended by government and industry officials. At the conference, Lynn McNulty, associate director for computer security at the National Institute of Standards and Technology, said the administration is "willing to discuss alternatives to Clipper." McNulty said the Commerce Department is asking industry to join in cooperative research projects to develop cryptographic methods, both hardware and software, that would satisfy law enforcement agencies and also be acceptable to private business. One industry proposal would provide computer software to law enforcement officials that would allow them to decode encrypted messages by suspected criminals or terrorists. The software would replace the Clipper Chip, a hardware device costing about $1,000 that can be placed in telephones to scramble conversations electronically. "Software is much cheaper than hardware," said Steve Lipner of Trusted Information Systems, the Glenwood Md. firm that set up the White House computer security system. Low-cost cryptographic software could be embedded in widely used computer applications, such as word processors or data bases, Lipner said. "This would be a market-acceptable way to build cryptography into high-volume products." Another proposal discussed at Monday's conference would let private companies, instead of the government, keep the electronic "keys" required to decode encrypted data and conversations. Police or the FBI could get the key by court order, such as is now required for wiretaps, according to Jon Roberts, president of TECSEC Inc., a security consulting form in Vienna, Va. "The government could subpoena the key from the bank that holds Mafia records or from the fraudulent government contractor," Roberts said. Under the Clipper chip system favored by the Clinton administration, the key would be held "in escrow" by the government, but, to minimize the risk of abuse, it would be split in half. One have would be held by the Treasury Department, the other half by the Commerce Department. A court order would be needed to get both halves to decode a message. Privacy experts protest that splitting the key between two departments of the executive branch offers little protection against a rogue administration. A third proposal discussed Monday, therefore, was to give one half of the electronic key to the legislative or judicial branch of government. The Department of Justice has already ordered 9,000 Clipper chips for distribution to federal, state, and local law enforcement agencies. McNulty said no decision has yet been made to use the chip in other departments. A gloomy note was struck by Susan Landau, a staff member of a special government-industry committee on cryptography that was created to give Congress recommendations on how to balance the government's needs with those of business. After months of study, the committee, organized by the ACM, a major industry trade group, was unable to agree on what should be done. The committee will publish a report in July that simply identifies unresolved issues for continued debate. They include the cost of cryptographic security, the needs of law enforcement, national security, international trade, privacy and civil liberties, Landau said.