home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker Chronicles 2
/
HACKER2.BIN
/
1112.TIME3-14
< prev
next >
Wrap
Text File
|
1994-03-06
|
9KB
|
146 lines
Time Magazine March 14, 1994
TECHNOLOGY
WHO SHOULD KEEP THE KEYS?
The U.S. government wants the power to tap into every phone, fax and computer
transmission
BY PHILIP ELMER-DEWITT
Until quite recently, cryptography -- the science of making and breaking
secret codes -- was, well, secret. In the U.S. the field was dominated by the
National Security Agency, a government outfit so clandestine that the U.S.
for many years denied its existence. The NSA, which gathers intelligence for
national security purposes by eavesdropping on overseas phone calls and
cables, did everything in its power to make sure nobody had a code that it
couldn't break. It kept tight reins on the ''keys'' used to translate coded
text into plain text, prohibiting the export of secret codes under U.S.
munitions laws and ensuring that the encryption scheme used by business --
the so-called Digital Encryption Standard -- was weak enough that NSA
supercomputers could cut through it like butter.
But the past few years have not been kind to the NSA. Not only has its
cover been blown, but so has its monopoly on encryption technology. As
computers -- the engines of modern cryptography -- have proliferated, so have
ever more powerful encryption algorithms. Telephones that offered nearly
airtight privacy protection began to appear on the market, and in January
U.S. computermakers said they were ready to adopt a new encryption standard
so robust that even the NSA couldn't crack it.
Thus the stage was set for one of the most bizarre technology-policy
battles ever waged: the Clipper Chip war. Lined up on one side are the three-
letter cloak-and-dagger agencies -- the NSA, the CIA and the FBI -- and key
policymakers in the Clinton Administration (who are taking a surprisingly
hard line on the encryption issue). Opposing them is an equally unlikely
coalition of computer firms, civil libertarians, conservative columnists and
a strange breed of cryptoanarchists who call themselves the cypherpunks.
At the center is the Clipper Chip, a semiconductor device that the NSA
developed and wants installed in every telephone, computer modem and fax
machine. The chip combines a powerful encryption algorithm with a ''back
door'' -- the cryptographic equivalent of the master key that opens
schoolchildren's padlocks when they forget their combinations. A ''secure''
phone equipped with the chip could, with proper authorization, be cracked by
the government. Law-enforcement agencies say they need this capability to
keep tabs on drug runners, terrorists and spies. Critics denounce the Clipper
-- and a bill before Congress that would require phone companies to make it
easy to tap the new digital phones -- as Big Brotherly tools that will strip
citizens of whatever privacy they still have in the computer age.
In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich
Partners, two-thirds said it was more important to protect the privacy of
phone calls than to preserve the ability of police to conduct wiretaps. When
informed about the Clipper Chip, 80% said they opposed it.
The battle lines were first drawn last April, when the Administration
unveiled the Clipper plan and invited public comment. For nine months
opponents railed against the scheme's many flaws: criminals wouldn't use
phones equipped with the government's chip; foreign customers wouldn't buy
communications gear for which the U.S. held the keys; the system for giving
investigators access to the back-door master codes was open to abuse; there
was no guarantee that some clever hacker wouldn't steal the keys. But in the
end the Administration ignored the advice. In early February, after computer-
industry leaders had made it clear that they wanted to adopt their own
encryption standard, the Administration announced that it was putting the NSA
plan into effect. Government agencies will phase in use of Clipper technology
for all unclassified communications. Commercial use of the chip will be
voluntary -- for now.
It was tantamount to a declaration of war, not just to a small group of
crypto-activists but to all citizens who value their privacy, as well as to
telecommunications firms that sell their products abroad. Foreign customers
won't want equipment that U.S. spies can tap into, particularly since
powerful, uncompromised encryption is available overseas. ''Industry is
unanimous on this,'' says Jim Burger, a lobbyist for Apple Computer, one of
two dozen companies and trade groups opposing the Clipper. A petition
circulated on the Internet electronic network by Computer Professionals for
Social Responsibility gathered 45,000 signatures, and some activists are
planning to boycott companies that use the chips and thus, in effect, hand
over their encryption keys to the government. ''You can have my encryption
algorithm,'' said John Perry Barlow, co-founder of the Electronic Frontier
Foundation, ''when you pry my cold dead fingers from my private key.''
The seeds of the present conflict were planted nearly 20 years ago, when a
young M.I.T. student named Whitfield Diffie set out to plug the glaring
loophole in all traditional encryption schemes: their reliance on a single
password or key to encode and decode messages. Ultimately the privacy of
coded messages is a function of how carefully the secret decoder keys are
kept. But people exchanging messages using conventional coding schemes must
also find a way to exchange the key, which immediately makes it vulnerable to
interception. The problem is compounded when encryption is employed on a vast
scale and lists of keys are kept in a central registry.
Diffie's solution was to give everybody two keys -- one that could be
widely distributed or even published in a book, and a private key known only
to the user. For obscure mathematical reasons, a message encoded with either
key could be decoded with the other. If you send a message scrambled with
someone's public key, it can be turned back into plain text only with that
person's private key.
The Diffie public-key encryption system could solve one of the big problems
facing companies that want to do business on the emerging information
highway: how to collect the cash. On a computer or telephone network, it's
not easy to verify that the person whose name is on a credit card is the one
who is using it to buy a new stereo system -- which is one of the reasons
catalog sales are rife with fraud. But if an order confirmation encoded with
someone's public key can be decoded by his or her private key -- and only his
or her private key -- that confirmation becomes like an unforgeable digital
signature.
However, public-key encryption created a headache for the NSA by giving
ordinary citizens -- and savvy criminals -- a way to exchange coded messages
that could not be easily cracked. That headache became a nightmare in 1991,
when a cypherpunk programmer named Phil Zimmermann combined public-key
encryption with some conventional algorithms in a piece of software he called
PGP -- pretty good privacy -- and proceeded to give it away, free of charge,
on the Internet.
Rather than outlaw PGP and other such programs, a policy that would
probably be unconstitutional, the Administration is taking a marketing
approach. By using its purchasing power to lower the cost of Clipper
technology, and by vigilantly enforcing restrictions against overseas sales
of competing encryption systems, the government is trying to make it
difficult for any alternative schemes to become widespread. If Clipper
manages to establish itself as a market standard -- if, for example, it is
built into almost every telephone, modem and fax machine sold -- people who
buy a nonstandard system might find themselves with an untappable phone but
no one to call.
That's still a big if. Zimmermann is already working on a version of PGP
for voice communications that could compete directly with Clipper, and if it
finds a market, similar products are sure to follow. ''The crypto genie is
out of the bottle,'' says Steven Levy, who is writing a book about
encryption. If that's true, even the nsa may not have the power to put it
back.
Reported by David S. Jackson/San Francisco and Suneel Ratan/Washington
Copyright 1994 Time Inc. All rights reserved.
Transmitted: 94-03-06 13:04:08 EST