http://www.pcworld.com/software/internet_www/articles/oct96/1410_clipper.html

PC World Online
October 1996

RETURN OF CLIPPER: WITH A VENGEANCE
by Declan McCullagh (declan@well.com)

          The original Clipper Chip met an ignoble death at the hands of
          privacy advocates, conservatives, and businesses, but the
          latest proposal is Clipper with a twist: a divide-and-conquer
          strategy designed to splinter an industry previously united in
          opposition. Vice President Gore said yesterday the
          administration temporarily would relax rules on exporting
          data-scrambling software for those businesses that promise to
          follow a set of complex new rules giving the government access
          to the keys used to encode communications.

          This is a clever move by the Justice Department and the White
          House. It presents Silicon Valley companies with a kind of
          unholy prisoner's dilemma -- if you don't buy into this system,
          your competitor will. Faced with the prospect of hanging
          together or hanging separately, IBM and Digital Equipment
          Corporation already have signed onto the plan.

          Small companies without the money to set up the kind of "key
          recovery" plan the government demands will be left out, says
          Alan Davidson from the Center for Democracy and Technology. He
          says that "this proposal is targeted at large companies that
          have the resources" to comply with the hefty paperwork.

          Another problem with this plan is that the strongest encryption
          software that can be exported uses the 56-bit data encryption
          standard (DES) algorithm. According to a report released in
          January 1996 by a working group of renowned cryptographers, DES
          is woefully inadequate. They say: "To provide adequate
          protection against the most serious threats -- well-funded
          commercial enterprises or government intelligence agencies --
          keys used to protect data today should be at least 75 bits
          long."

          Since the Feds, foreign governments, and determined attackers
          can break anything encrypted with 56-bit DES, the White House's
          new Clipper plan will not protect but harm netizens by
          providing them with a false sense of security.

            __________________________________________________________

          I recently chatted with Michael Vatis, one of the assistant
          deputy attorneys general who oversees national security issues.
          He said an international consensus is forming that terrorists
          can use crypto, therefore crypto must be controlled.

          "But it just takes one country to decide to export strong
          crypto," I said.

          "You're missing something," said Vatis.
   
          "What?" I asked. "Unless you're talking about import
          restrictions."
                             
          "Exactly," he said.
            __________________________________________________________  
          
          By Declan McCullagh (declan@well.com)
          
          Washington, DC-based McCullagh writes about cyber-rights
          issues. You can subscribe to his Fight-Censorship newsletter on
          EFF's site. (http://www.eff.org/~declan/fight-censorship/)

###