A response re: Clipper
There was nothing in the Clipper chip proposal that would have stopped
anyone from using their own encryption as well. The Clipper chip would
have meant that everyone was using encryption. As it turns out, because it
was blocked, no one is.
The only way to have a universal encryption system is with a chip. So
someone has to supply the chip. DO you want it to be
Chinese? Japanese? Microsoft? IBM?
***
Not true. The Clipper chip proposal would have very specifically rendered all other forms of encryption uneconomical… not to mention the other dangerous “policy innovations” it was launched with. And, in the first proposal, there were clear indications that a proposal to ban all other forms of encryption was in the works.
http://www.law.miami.edu/~froomkin/articles/planet_clipper.htm
“Largely because of the ban on export of strong cryptography, there is today no strong mass-market standard cryptographic product within the U.S. even though a considerable mathematical and programming base is fully capable of creating one.”
This is what you’re not getting - this was Clinton policy… far more than the failure of Clipper, ***this is why we don’t have encryption***. Every single Clinton administration proposal included this. Your analysis is simply wrong. Clipper was rejected by the marketplace, because it was bad policy at every level: technological, civil libertarian, and economic.
“With the Clipper chip the United States government hoped it had solved the encryption policy dilemma. The government introduced Clipper with an inventive strategy to manipulate information-processing standards, circumvent both Congress and the Administrative Procedure Act (”APA”), and rig the market for encryption devices. Despite this, the strategy failed when the public refused to buy or use the product. A companion product, the Capstone Chip implemented in the Fortezza card,{36} has fared somewhat better, but is far from market dominance.”
[…]
“The bureaucratic innovations were at least as significant. In the process of bringing forward the Clipper proposal the federal government defined a federal information processing standard that didn’t describe a standard, circumvented both Congress and the Administrative Procedure Act, and attempted to use government market power to create a de facto standard because no statute gave it the authority to create a mandatory standard.”
…
And yes, I don’t care if it is the Japanese, IBM, Microsoft, etc. that provides the encryption method… or the U.S. government - as long as the source is public, the algorithm is well documented and tested by independent entities against design flaws, and no key escrow exists.
The argument that the government needs to be able to spy on communications traffic is bogus - there are dozens of alternatives: surreptious placement of devices that record or broadcast keystrokes, minature wireless video cameras to monitor computer screens, tempest screen monitoring, installation of “spyware” onto your computer, replacement of cellphones and PDAs with compromised versions, etc. If the government knows enough to identify you as a suspect, all the encryption in the world won’t do squat. If it doesn’t, then it is essentially on a fishing expedition and shouldn’t be be authorized to intercept your communications.
