The year was 1992 and the FBI had what it considered to be a major problem on its hands.
That year, AT&T had announced the launch of something called the TSD-3600—a novel piece of privacy hardware that could encrypt voice transmissions in standard landline phones. A clunky white device that sorta resembled a walkman, the TSD—short for Telephone Security Device—digitized calls, then encrypted them using a 56-bit key. It was originally offered to business executives at $1,295 apiece as a secure way to conduct important business calls.
For most people, this probably seemed like an exciting innovation. But for the government, it represented a major threat. For years, federal law enforcement had worried that organized crime and terrorist groups would inevitably turn to encrypted communications to conceal their activities from police wiretaps. Now, with the launch of the TSD-3600—a relatively low-cost device for the average mafioso—it seemed as if their worst fears were being realized.
Swiftly, the government developed a solution to its problem. In April of 1993, the Clinton administration announced the launch of the government’s own cryptographic device, dubbed the “Clipper Chip.” The idea behind the Clipper was simple: it was a microchip, manufactured by a government-sanctioned contractor and powered by an encryption algorithm that had been developed by the National Security Agency; the chip, which the government hoped would be integrated into commercial communication devices, included a cryptographic backdoor that—under the right circumstances—would allow the government to decode any communications being relayed on the device. “Our policy is designed to provide better encryption to individuals and businesses while insuring that the needs of law enforcement and national security are met,” Vice President Al Gore proffered at the time.
Fight hair loss with scienceRight now, you can get The Hair Revitalizing Complex Full Set for the price of the Refill. That’s just $98 for a 30-day supply, and $32 off the supplement’s normal price. This supplement is proven to deliver results. Augustinus Bader performed a six-month double blind trial that found those on the supplement had increased their hair count by 56%, hair shine by 100%, and saw a 98% reduction in hair damage compared to those who took a placebo.
The plan enjoyed some initial success. After lobbying by the government, AT&T would revise its original designs for the TSD-3600, scrapping its original model and rolling out a new version that integrated the Clipper into its system. The White House hoped that it would be the first of many companies to adopt the new technology. The government wasn’t mandating that the private sector use this technology, but it was highly suggesting it. Officials really seemed hopeful that the public and businesses would go for it.
Suffice it to say, that didn’t happen.
Instead, privacy and civil liberties activists and the software community flipped out. Businesses boycotted the idea. And, within less than three years of the device’s initial announcement, the Clipper would be officially declared dead in the water. This month marks the 30th anniversary of the Clipper’s ill-fated launch—a commemoration, of sorts, of one of the U.S. government’s most spectacular tech failures. But the legacy of the chip lives on. It would help launch what came to be known as the first “Crypto Wars”—a tumultuous legal and cultural battle that is still ongoing to this day.
The Clipper emerged at a time when technological advancements were forcing the government to confront unsettling new realities. At the time, the internet was starting to take off and cryptosystems were evolving with it.
From the ciphers of ancient Rome to the code makers and breakers of WWII, encryption—the process of scrambling readable language into unintelligible signs and symbols—had almost always been the purview of governments, useful as it was for the concealment of sensitive state secrets. In the modern era, electronic encryption—which leveraged increasingly sophisticated machines to help create powerful encryption ciphers—was exclusively leveraged by secretive government agencies, like the NSA.
But by the 1990s, the government’s monopoly on this kind of information security had begun to slip.
A pivotal event in this trend occurred in 1976, when cryptographers Whitfield Diffie and Martin Hellman published “New Directions in Cryptography.” An influential academic paper, “New Directions” revealed that advances in modern technology were putting powerful electronic encryption ciphers within the civilian world’s grasp. Eventually, Diffie and Hellman helped create what is known as public-key cryptography, or asymmetric encryption—a new breed of cryptosystems that would go on to become the bedrock of much of today’s internet security—eventually helping to power secure web protocols like Transport Layer Security (TLS) and the Secure Shell protocol (SSH).
As a result of the technological advances that were made during the 1970s, popular interest in cryptography naturally increased over the next decade, as did speculation about its potential applications in the arenas of business, academia, and wider society. By the early 1990s, the U.S. government was increasingly nervous about encryption’s democratization—so much so that it had begun to develop a workaround.
“The government had been worrying since the mid-1970s about growing civilian interest in cryptography,” Steve Bellovin, a computer science professor at Columbia University, told Gizmodo. Bellovin and a veritable army of other computer scientists and activists helped lobby against the Clipper Chip during the 1990s. “This worried the NSA. They worried about more people starting to use cryptography and making messages unintelligible.”
The solution that the government came up with was the concept of large-scale key recovery systems—or what came to be known as “key escrow.” It was a strategy that involved allowing a third-party (namely, the government) access to an encryption key in the event that they might need to read the contents of an encrypted conversation or email. In short: it was a backdoor.
The Clipper would serve as the government’s initial prototype for this concept. But how was it supposed to work?
To power the Clipper, the NSA designed a cipher, called “Skipjack.” Every device that included the chip would, upon fabrication, be given a designated cryptographic key. That key was also held by the government and, under certain, vaguely defined circumstances, it could be handed over to an investigative agency so that they could unscramble a particular user’s communications and read, in plaintext, what had been said. But there were a lot of obvious problems with the “key escrow” model. For instance, nobody quite knew how the Clipper’s algorithm, Skipjack, worked—because the government insisted on keeping it classified. The chip, which the government expected businesses to integrate, was also a total mystery, having been designed with a tamper-proof mechanism so as to preclude snooping. Problematically, the chip was also said to be energy intensive and was considered expensive relative to other available chips.
In short: it wasn’t exactly what you’d call an ideal situation.
For many reasons, the Clipper Chip seemed like a stupid idea. For businesses and Silicon Valley, the chip was a danger to their interests—a move that might curb the nascent encrypted communications market and strangle internet security in its cradle. For civil liberties activists, it was an obvious violation of Americans’ right to privacy—an abject example of the worst kind of dystopian government overreach.
But outside of interest groups’ specific gripes, there were other obvious problems. On a purely practical level, the plan seemed to make no sense. After all, the government claimed it wanted to launch the Clipper to help catch criminals. Yet many critics were quick to point out that, given the fact that the Clipper was optional, and given that the U.S. had been so vocal about its “backdoor” plans, there was absolutely no reason that criminals (or anybody else, for that matter) would ever buy products that used the Clipper. Overseas markets were beginning to roll out their own encrypted communications products, unfettered by invasive backend infrastructure, and there was no doubt that some domestic companies would also refuse to go along with the government’s plans; crooks would just use those alternatives. In essence, the entire raison d’être for the Clipper was bullshit.
Despite the myriad ethical and logistical concerns, the death knell for the Clipper was delivered less by activist critics than by the imperfect technology that the government itself had implemented.
That is to say: the chip ended up having a pretty bad bug in it.
In 1994, NSA officials arranged to have a meeting with AT&T—in an apparent bid to sell the floundering project to the one company that had agreed to its unwieldy terms. Matt Blaze, a recent Ph.D. graduate and young computer scientist working for the company’s Bell Labs research group at the time, was given the opportunity to play with some of the government’s technology.
“I had read about Clipper initially in the New York Times,” Blaze told Gizmodo. Right off the bat, he and his colleagues thought the idea seemed ludicrous. “So the government is saying ‘you can’t look at the algorithm and, oh, by the way, if you want to use it, you have to incorporate it into your product with this expensive tamper-resistant chip that’s only going to be available from one trusted vendor Source: Gizmodo