Clipper Chip

Overview

Cryptology involves the translation of uncoded data or plaintext, into coded a coded form called ciphertext.  This translation is done using a specific step-by-step procedure, or algorithm, called the encryption key.  The ciphertext is then transmitted to some other party, who uses a decryption key to change the ciphertext back into plaintext.  Usually in traditional methods of cryptography, the encryption and decryption keys are the same; to decode a message, you would just reverse the operation used to encode the message. This is called a single-key system. Traditional methods of encryption all have unique drawbacks, so different kinds of encryption techniques have been proposed and tried.

Advances in encryption technology have increased personal privacy, especially electronic privacy, but have reduced the U.S. government’s ability to wiretap telephones, read e-mail and decrypt encrypted information. So, in 1993 the government proposed the replacement of the current standard with a NSA-designed, public key cryptography algorithm.  This new standard was implemented in a tiny piece of hardware called the Clipper Chip, officially known as the MYK-78.  With the Clipper Chip, the government can offer an encryption technology that as virtually unbreakable but they will keep a copy of the keys, the codes belonging to each chip. The proposal includes procedures designed to reduce the risk that the keys would be released to law enforcement agencies without legally sufficient justification. Most U.S. residents remain free to reject the government’s offers and use alternatives to the Clipper.

Clipper Chip Technology

The Clipper chip is an encryption chip using an algorithm called Skipjack. The Skipjack algorithm was developed by the National Security Agency (NSA) for the National Institute of Standards and Technology (NIST). Data encrypted using the Skipjack algorithm can be decrypted using a secret process that requires two separate keys. These keys would be escrowed separately by NIST and the Department of Treasury. When installed in the communication devices, the Clipper Chip could offer cheap, simple, virtually unbreakable encryption for everyone. But there is a catch with this plan; under normal encryption, each person involved has a key which allows them to encode and decode all messages so that anyone without the proper key cannot understand the conversation or read the transmitted information. With the Clipper scheme, the government introduces an extra key into the process in addition to each parties’ private keys. With these extra keys, which are created at the same time the equipments are created, the government can easily listen in on what could be otherwise totally incomprehensible messages. Under the plan a law enforcement agency would require a court order to get the two keys that would have to be combined to decrypt a transmission, generated with a Clipper chip as well as to monitor the transmission itself.  This means that the privacy guaranteed from the Clipper Chip is far from absolute. Most of the Internet community are against such proposal and are fighting to keep such a proposal off the Internet.

The Skipjack Algorithm

Encryption algorithms use numbers called keys that are like combinations to a lock.  Messages are encrypted and decrypted much the same as locks are locked an unlocked.  The key to any Clipper encoded message is itself encrypted using a key derived from two other keys that are stored separately.  The encrypted key and a number that identifies the chip that sent the message are then encrypted with another key that is common to many other chips known as the family key.  All of this is sent along with the encrypted original message in what is called a LEAF (Law Enforcement Access Field).  This is done so if a law enforcement agency wants to decrypt a message the process can be reversed.  The outer portion of the encrypted key is decrypted to get the number that identifies the unit that sent the message.  This identification number is used to obtain the two separate escrowed keys that are then combined to decrypt the session key that allows the original message to be decrypted.  The algorithm that does the actual encryption is classified because if someone figures out how to get the algorithm from the clipper chips it could compromise national security. This means that secret techniques are used in the algorithm.

Why the Need for Encryption Like the Clipper Chip?

It is hard to reason why anyone would want to allow the government so much access over information. It is important to weigh what encryption can guard against in terms of protecting us. A lot of companies are taking encryption on board due to the following threats:

·        Sensitive data – users can browse legitimate sites unaware that their sensitive information may be used by others

·        Data privacy – Data privacy may be seriously compromised without proper encryption methods

·        Malicious code – Many sites have so many managers and contributors that it is possible for malicious code, such as viruses, to be posted unintentionally and distributed.

·        Breach – Companies run the risk of down-time and potential exposure to unauthorized access without any records of breach, unless a web server has been updated with the latest security patches and is logging activity

·        Exposure – Many web sites treat servers as information providers and do not consider the information stores as being vital or open to negligence. It is not uncommon for these servers to be left unsecured exposing them to attack, damage and even subsequent loss of service.

It seems today that transactions in electronic commerce are a necessity and encryption continues to expand in its use all over the Internet.

Pros of Clipper Chip

·        Government can keep tabs on drug runners, terrorists and spies
·        Increase security of individuals living in the U.S.; increase national security
·        To access information, the government needs a court order
·        Security mechanisms implemented in it to protect against abuse
·        Provide greater protection against illegal wiretaps than we have now
·        Clipper is voluntary

Cons of Clipper Chip

·        The functional nature of the chip is designed to enhance the ability of government to observe who we are calling, when, and from where
·        The system could be compromised, by people and institutions both inside and outside the government
·        Could jeopardize national security
·        Increase surveillance over Internet
·        Give government unlimited surveillance power in the name of stopping crime; crime caused by government can exceed that of organized criminals
·        Decrease citizen’s right to privacy

Links of Interest

Electronic Privacy Information Center’s (EPIC) Clipper Chip Information Site

Clipper Chip Information & Articles

Washington State University’s Clipper Chip Information Services