A Who’s Who of cryptographic geniuses published this 31 page indictment of Government stupidity yesterday (7/7/2015): Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications
Abelson, Diffie, Rivest, Schneier, e. al. go into much greater depth than my short 1994 opinion piece in the Bellevue, WA, newspaper, but I believe I managed to hit a few of the key points. 😉
Note: The government latter renamed “SkipJack” to “Clipper”, and the “Clipper Chip” endured a lot of criticism before quietly fading away. The 2001 book Crypto: How the Code Rebels Beat the Government — Saving Privacy in the Digital Age by Steven Levy does a very good job of describing the period from the mid-1970s to the present as cryptography advanced into the public arena from the shadowy world of the “spooks”, and why Clipper failed.
Published in the Bellevue Journal American on Sunday, May 1, 1994, on page A11.
(Scroll down to see a scan of the original article.)
|We’d be better off keeping cryptography free
By Benjamin W. Slivka
The article you reprinted from the New York Times by Peter H. Lewis on the debate over cryptography unfortunately failed to mention several very key points in this debate:
1) There are already available today (and have been for many years) many cryptographic schemes whose inner workings have been published and subjected to intense academic and industrial scrutiny. These schemes could be used by lawbreakers very easily, and there is no known way to crack these schemes. Unless there were some way to force all communication to use Clipper, lawbreakers will simply use some other scheme and avoid scrutiny.
2) The SkipJack algorithm has not been subjected to such scrutiny, so the federal government claims that SkipJack is unbreakable is at best hopeful. Only by vigorous, open assault has the cryptographic community been able to single out the truly strong cryptographic systems — many a “secure” cipher has been published, only to be found susceptible to a variety of code breaking techniques by inventive members of the academic and industrial community.
3) Clipper is not a global standard, and likely would never become one (since other country’s national security organizations have similar desires to intercept communications). In this age of ever-increasing global cooperation and competitiveness, secure electronic communication across national boundaries is essential to commerce.
4) Clipper is a hardware-only solution, and as such severely restricts the availability of cryptography to customers who can afford this hardware. It also limits the flexibility of cryptography users to upgrade to better technology. Consider the worst case — Clipper has been adopted as a standard and millions of Clipper chips have been installed around the country, and then a computer researcher (or hacker, take your pick) figures out an easy way to break the Clipper code. All that hardware is useless silicon now. A software solution, on the other hand, can be easily replaced with little cost.
The only possible way Clipper might satisfy the desires of the federal government to be able to tap arbitrary electronic communication is if Clipper was the only allowed cryptosystem in the US. But all this would really enable is the monitoring of small-time criminals.
Anyone breaking the law in a big way (spies and drug runners, for example) would simply break this law, too, and use an unbreakable cryptographic system. And, it could be a *major* liability to US companies and individuals if a foreign company or government was able to figure out how to break Clipper — all these private, critical business and personal communications would be wide open.
All of the above arguments supersede the whole debate about key custodians, which are rendered mute. The bottom line is that there is no way to permit the federal government to occasionally break a commercial cryptosystem without making that system so weak as to be useless for its intended purpose.
Everyone would be better served by a free market in cryptographic technology.
Slivka is a computer programmer for an Eastside software developer. He lives in Clyde Hill.