211:, but that the strength of the Clipper chip's encryption could not be evaluated by the public as its design was classified secret, and that therefore individuals and businesses might be hobbled with an insecure communications system. Further, it was pointed out that while American companies could be forced to use the Clipper chip in their encryption products, foreign companies could not, and presumably phones with strong data encryption would be manufactured abroad and spread throughout the world and into the United States, negating the point of the whole exercise, and, of course, materially damaging U.S. manufacturers en route. Senators
55:
244:
174:
337:
of Key
Recovery, Key Escrow, and Trusted Third-Party Encryption" 1997 paper, as well as other researchers at MIT, wrote a follow-up article in response to the revival of this debate, arguing that mandated government access to private conversations would be an even worse problem than it would have been twenty years before.
259:. It pointed out that the Clipper's escrow system had a serious vulnerability: the chip transmitted a 128-bit "Law Enforcement Access Field" (LEAF) that contained the information necessary to recover the encryption key. To prevent the software that transmitted the message from tampering with the LEAF, a 16-bit
323:
stated that they would lock down all data stored on their smartphones with encryption, in such a way that Apple and Google themselves could not break the encryption even if ordered to do so with a warrant. This prompted a strong reaction from the authorities, including the chief of detectives for the
336:
argued that "smartphone users must accept that they cannot be above the law if there is a valid search warrant", and after claiming to agree that backdoors would be undesirable, then suggested implementing a "golden key" backdoor which would unlock the data with a warrant. The members of "The Risks
273:
time. In 1997, a group of leading cryptographers published a paper, "The Risks of Key
Recovery, Key Escrow, and Trusted Third-Party Encryption", analyzing the architectural vulnerabilities of implementing key escrow systems in general, including but not limited to the Clipper chip Skipjack protocol.
139:
The
Clinton Administration argued that the Clipper chip was essential for law enforcement to keep up with the constantly progressing technology in the United States. While many believed that the device would act as an additional way for terrorists to receive information, the Clinton Administration
272:
published another attack which is inherent to the design and which shows that the key escrow device tracking and authenticating capability (namely, the LEAF) of one device, can be attached to messages coming from another device and will nevertheless be received, thus bypassing the escrow in real
148:
There were several advocates of the
Clipper chip who argued that the technology was safe to implement and effective for its intended purpose of providing law enforcement with the ability to intercept communications when necessary and with a warrant to do so. Howard S. Dakoff, writing in the
50:
that was intended to "allow
Federal, State, and local law enforcement officials the ability to decode intercepted voice and data transmissions." It was intended to be adopted by telecommunications companies for voice transmission. Introduced in 1993, it was entirely defunct by 1996.
425:
267:
would quickly produce another LEAF value that would give the same hash but not yield the correct keys after the escrow attempt. This would allow the
Clipper chip to be used as an encryption device, while disabling the key escrow capability. In 1995 Yair Frankel and
722:
281:
The
Clipper chip was not embraced by consumers or manufacturers and the chip itself was no longer relevant by 1996; the only significant purchaser of phones with the chip was the United States Department of Justice. The U.S. government continued to press for
286:
by offering incentives to manufacturers, allowing more relaxed export controls if key escrow were part of cryptographic software that was exported. These attempts were largely made moot by the widespread use of strong cryptographic technologies, such as
839:
127:. If government agencies "established their authority" to listen to a communication, then the key would be given to those government agencies, who could then decrypt all data transmitted by that particular telephone. The newly formed
712:
140:
said it would actually increase national security. They argued that because "terrorists would have to use it to communicate with outsiders — banks, suppliers, and contacts — the
Government could listen in on those calls."
357:
812:
234:
was in response to the government push for the
Clipper chip. The thinking was that if strong cryptography was freely available on the Internet as an alternative, the government would be unable to stop its use.
298:
apps exist, but may require specialized hardware, and typically require that both ends of the connection employ the same encryption mechanism. Such apps usually communicate over secure
Internet pathways (e.g.
103:
algorithm. The Skipjack algorithm was declassified and published by the NSA on June 24, 1998. The initial cost of the chips was said to be $ 16 (unprogrammed) or $ 26 (programmed), with its logic designed by
835:
781:
690:
804:
189:
480:
751:
503:"Howard S. Dakoff, The Clipper Chip Proposal: Deciphering the Unfounded Fears That Are Wrongfully Derailing Its Implementation,29 J. Marshall L. Rev. 475 (1996)"
506:
975:
263:
was included. The Clipper chip would not decode messages with an invalid hash; however, the 16-bit hash was too short to provide meaningful security. A
207:
challenged the Clipper chip proposal, saying that it would have the effect not only of subjecting citizens to increased and possibly illegal government
312:
294:
As of 2013, strongly encrypted voice channels are still not the predominant mode for current cell phone communications. Secure cell phone devices and
773:
899:
219:
were opponents of the Clipper chip proposal, arguing in favor of the individual's right to encrypt messages and export encryption software.
686:
84:
944:) and others. Hellman addresses key escrow (the so-called Clipper chip). He also touches on the commercialization of cryptography with
589:
564:
665:
447:
472:
394:
200:
650:
Y. Frankel and M. Yung. Escrow Encryption Systems Visited: Attacks, Analysis and Designs. Crypto 95 Proceedings, August 1995
625:
747:
502:
965:
76:
836:"Washington Post's Clueless Editorial On Phone Encryption: No Backdoors, But How About A Magical 'Golden Key'?"
204:
128:
346:
910:
circa 1997, formerly Top Secret, approved for release by NSA with redactions September 10, 2014, C06122418
223:
735:
More than 80 percent of cellphones worldwide use weak or no encryption for at least some of their calls.
985:
980:
863:
Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications
891:
917:
325:
586:"Philip Zimmermann - Why I Wrote PGP (Part of the Original 1991 PGP User's Guide (updated in 1999))"
151:
100:
80:
39:
936:
at Stanford University in the mid-1970s. He also relates his subsequent work in cryptography with
896:
886:
155:, stated that the technology was secure and the legal rationale for its implementation was sound.
925:
367:
96:
897:
The Evolution of US Government Restrictions on Using and Exporting Encryption Technologies (U)
649:
970:
941:
329:
585:
560:
109:
47:
20:
661:
8:
717:
288:
227:
165:
magazine debunking a series of what he purported to be myths surrounding the technology.
119:. In the factory, any new telephone or other device with a Clipper chip would be given a
131:
preferred the term "key surrender" to emphasize what they alleged was really occurring.
264:
260:
120:
222:
The release and development of several strong cryptographic software packages such as
945:
536:
443:
372:
79:-algorithm to distribute the public keys between peers. Skipjack was invented by the
72:
929:
866:
161:
398:
903:
358:
Crypto: How the Code Rebels Beat the Government—Saving Privacy in the Digital Age
351:
91:
from the encryption research community. The government did state that it used an
921:
614:
54:
959:
713:"By cracking cellphone code, NSA has ability to decode private conversations"
622:
Proceedings of the 2nd ACM Conference on Computer and Communications Security
540:
528:
212:
156:
937:
933:
662:"The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption"
208:
177:
362:
181:
88:
870:
173:
316:
295:
283:
252:
216:
116:
43:
243:
184:, with this poster being the most well-remembered icon of that debate.
269:
105:
68:
949:
687:"From Clipper Chip to Smartphones: Unlocking the Encryption Debate"
92:
231:
35:
320:
124:
24:
180:
campaigned against the Clipper chip backdoor in the so-called
46:
device that secured "voice and data messages" with a built-in
913:
771:
188:
328:
stating that "Apple will become the phone of choice for the
865:(Technical report). Massachusetts Institute of Technology.
774:"FBI blasts Apple, Google for locking police out of phones"
300:
291:, which were not under the control of the U.S. government.
615:"Protocol Failure in the Escrowed Encryption Standard"
711:
Timberg, Craig; Soltani, Ashkan (December 13, 2013),
83:
of the U.S. Government; this algorithm was initially
38:
that was developed and promoted by the United States
916:
Oral history interview 2004, Palo Alto, California.
257:
Protocol Failure in the Escrowed Encryption Standard
561:"Summary of Encryption Bills in the 106th Congress"
123:, that would then be provided to the government in
87:SECRET, which prevented it from being subjected to
16:Encryption device promoted by the NSA in the 1990s
957:
303:) instead of through phone voice data networks.
802:
710:
861:Abelson, Harold; et al. (July 6, 2015).
772:Craig Timberg and Greg Miller (25 Sep 2014).
397:. computer.yourdictionary.com. Archived from
833:
805:"Compromise needed on smartphone encryption"
238:
976:National Security Agency encryption devices
436:
395:"Clipper Chip - Definition of Clipper Chip"
914:Oral history interview with Martin Hellman
424:McLoughlin, Glenn J. (September 8, 1995).
423:
389:
387:
134:
920:, University of Minnesota, Minneapolis.
242:
187:
172:
67:The Clipper chip used a data encryption
53:
860:
608:
606:
958:
748:"Why can't Apple decrypt your iPhone?"
426:"The Clipper Chip A Fact Sheet Update"
384:
842:from the original on 21 February 2020
815:from the original on 21 February 2020
784:from the original on 10 February 2020
612:
526:
201:Electronic Privacy Information Center
603:
470:
466:
464:
419:
417:
415:
276:
143:
13:
892:Clipper chip White House Statement
631:from the original on March 6, 2020
14:
997:
880:
483:from the original on June 6, 2020
461:
412:
99:, and that it was similar to the
725:from the original on May 7, 2014
527:Baker, Stewart A. (1994-06-01).
306:
115:At the heart of the concept was
75:to transmit information and the
854:
827:
796:
765:
754:from the original on 2014-10-09
740:
704:
693:from the original on 2020-05-29
679:
668:from the original on 2018-08-09
654:
643:
613:Blaze, Matt (August 20, 1994).
592:from the original on 2011-03-04
567:from the original on 2018-09-21
509:from the original on 2020-10-17
450:from the original on 2020-06-15
195:magazine's anti-Clipper graphic
803:Editorial Board (3 Oct 2014).
578:
553:
520:
495:
471:Levy, Steven (June 12, 1994).
205:Electronic Frontier Foundation
129:Electronic Frontier Foundation
1:
378:
62:
473:"Battle of the Clipper Chip"
347:Bullrun (decryption program)
7:
924:describes his invention of
834:Mike Masnick (6 Oct 2014).
340:
168:
77:Diffie–Hellman key exchange
10:
1002:
199:Organizations such as the
159:wrote an opinion piece in
18:
918:Charles Babbage Institute
326:Chicago Police Department
239:Technical vulnerabilities
95:, that the algorithm was
908:Encryption Technologies,
906:, Michael Schwartzbeck,
152:John Marshall Law Review
81:National Security Agency
40:National Security Agency
19:Not to be confused with
966:History of cryptography
926:public key cryptography
368:Trusted Platform Module
332:". An editorial in the
529:"Don't Worry Be Happy"
430:Congressional Proquest
248:
196:
185:
135:Clinton Administration
59:
942:Pohlig-Hellman system
246:
191:
176:
58:MYK-78 "Clipper chip"
57:
887:Clipper chip Q&A
446:. cryptomuseum.com.
255:published the paper
110:VLSI Technology, Inc
108:, and fabricated by
21:Clipper architecture
928:with collaborators
809:The Washington Post
778:The Washington Post
718:The Washington Post
313:Snowden disclosures
902:2016-05-09 at the
477:The New York Times
265:brute-force attack
249:
197:
186:
60:
986:Mass surveillance
981:Encryption debate
946:RSA Data Security
373:Hardware backdoor
121:cryptographic key
993:
930:Whitfield Diffie
875:
874:
858:
852:
851:
849:
847:
831:
825:
824:
822:
820:
800:
794:
793:
791:
789:
769:
763:
762:
760:
759:
744:
738:
737:
732:
730:
708:
702:
701:
699:
698:
683:
677:
676:
674:
673:
658:
652:
647:
641:
640:
638:
636:
630:
619:
610:
601:
600:
598:
597:
582:
576:
575:
573:
572:
557:
551:
550:
548:
547:
524:
518:
517:
515:
514:
499:
493:
492:
490:
488:
468:
459:
458:
456:
455:
440:
434:
433:
421:
410:
409:
407:
406:
391:
277:Lack of adoption
144:Other proponents
1001:
1000:
996:
995:
994:
992:
991:
990:
956:
955:
904:Wayback Machine
883:
878:
859:
855:
845:
843:
832:
828:
818:
816:
801:
797:
787:
785:
770:
766:
757:
755:
746:
745:
741:
728:
726:
709:
705:
696:
694:
685:
684:
680:
671:
669:
660:
659:
655:
648:
644:
634:
632:
628:
617:
611:
604:
595:
593:
584:
583:
579:
570:
568:
559:
558:
554:
545:
543:
525:
521:
512:
510:
501:
500:
496:
486:
484:
469:
462:
453:
451:
442:
441:
437:
422:
413:
404:
402:
393:
392:
385:
381:
352:Cryptoprocessor
343:
334:Washington Post
309:
279:
241:
171:
146:
137:
65:
28:
17:
12:
11:
5:
999:
989:
988:
983:
978:
973:
968:
954:
953:
911:
894:
889:
882:
881:External links
879:
877:
876:
853:
826:
795:
764:
750:. 2014-10-04.
739:
703:
678:
653:
642:
602:
577:
552:
519:
494:
460:
444:"Clipper Chip"
435:
411:
382:
380:
377:
376:
375:
370:
365:
354:
349:
342:
339:
311:Following the
308:
305:
278:
275:
240:
237:
170:
167:
145:
142:
136:
133:
64:
61:
15:
9:
6:
4:
3:
2:
998:
987:
984:
982:
979:
977:
974:
972:
969:
967:
964:
963:
961:
951:
947:
943:
939:
935:
931:
927:
923:
919:
915:
912:
909:
905:
901:
898:
895:
893:
890:
888:
885:
884:
872:
868:
864:
857:
841:
838:. Tech Dirt.
837:
830:
814:
810:
806:
799:
783:
779:
775:
768:
753:
749:
743:
736:
724:
720:
719:
714:
707:
692:
688:
682:
667:
663:
657:
651:
646:
627:
623:
616:
609:
607:
591:
587:
581:
566:
562:
556:
542:
538:
534:
530:
523:
508:
504:
498:
482:
478:
474:
467:
465:
449:
445:
439:
431:
427:
420:
418:
416:
401:on 2013-07-04
400:
396:
390:
388:
383:
374:
371:
369:
366:
364:
360:
359:
355:
353:
350:
348:
345:
344:
338:
335:
331:
327:
322:
318:
314:
307:Later debates
304:
302:
297:
292:
290:
285:
274:
271:
266:
262:
258:
254:
245:
236:
233:
229:
225:
220:
218:
214:
213:John Ashcroft
210:
206:
202:
194:
190:
183:
179:
175:
166:
164:
163:
158:
157:Stewart Baker
154:
153:
141:
132:
130:
126:
122:
118:
113:
111:
107:
102:
98:
94:
90:
86:
82:
78:
74:
70:
56:
52:
49:
45:
41:
37:
33:
26:
22:
971:Kleptography
938:Steve Pohlig
934:Ralph Merkle
907:
871:1721.1/97690
862:
856:
844:. Retrieved
829:
817:. Retrieved
808:
798:
786:. Retrieved
777:
767:
756:. Retrieved
742:
734:
727:, retrieved
716:
706:
695:. Retrieved
681:
670:. Retrieved
656:
645:
633:. Retrieved
621:
594:. Retrieved
580:
569:. Retrieved
555:
544:. Retrieved
532:
522:
511:. Retrieved
497:
485:. Retrieved
476:
452:. Retrieved
438:
429:
403:. Retrieved
399:the original
356:
333:
310:
293:
280:
256:
250:
221:
209:surveillance
198:
192:
178:RSA Security
160:
150:
147:
138:
114:
66:
42:(NSA) as an
32:Clipper chip
31:
29:
363:Steven Levy
315:from 2013,
182:Crypto Wars
89:peer review
960:Categories
758:2014-10-06
729:August 18,
697:2019-11-10
672:2015-02-19
635:October 2,
596:2007-12-20
571:2008-08-22
546:2020-08-09
513:2020-08-09
487:August 25,
454:2014-01-11
405:2014-01-11
379:References
296:smartphone
284:key escrow
253:Matt Blaze
217:John Kerry
117:key escrow
93:80-bit key
85:classified
63:Key escrow
44:encryption
624:: 59–67.
541:1059-1028
330:pedophile
270:Moti Yung
251:In 1994,
106:Mykotronx
97:symmetric
69:algorithm
950:VeriSign
900:Archived
840:Archived
813:Archived
782:Archived
752:Archived
723:archived
691:Archived
666:Archived
626:Archived
590:Archived
565:Archived
507:Archived
481:Archived
448:Archived
341:See also
224:Nautilus
203:and the
169:Backlash
73:Skipjack
48:backdoor
922:Hellman
232:PGPfone
71:called
36:chipset
539:
321:Google
247:MYK-78
125:escrow
34:was a
25:Clippy
940:(the
846:1 Apr
819:1 Apr
788:1 Apr
629:(PDF)
618:(PDF)
533:Wired
317:Apple
193:Wired
162:Wired
948:and
932:and
848:2016
821:2016
790:2016
731:2015
637:2018
537:ISSN
489:2017
319:and
301:ZRTP
261:hash
230:and
215:and
30:The
867:hdl
361:by
289:PGP
228:PGP
101:DES
23:or
962::
811:.
807:.
780:.
776:.
733:,
721:,
715:,
689:.
664:.
620:.
605:^
588:.
563:.
535:.
531:.
505:.
479:.
475:.
463:^
428:.
414:^
386:^
226:,
112:.
952:.
873:.
869::
850:.
823:.
792:.
761:.
700:.
675:.
639:.
599:.
574:.
549:.
516:.
491:.
457:.
432:.
408:.
27:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.