High-Tech Government Snooping: Anti-Crime or Orwell Revisited?
By Bruce Schneier
September 28, 1994
Good news! The federal government respects and is working to protect your privacy... just as long as you don't want privacy from the government itself.
In April 1994, the Clinton administration, cleaning up old business from the Bush administration, introduced a new cryptography initiative that ensures the government's ability to conduct electronic surveillance. The first fruit of this initiative is CLIPPER, designed to secure telephone communications.
CLIPPER is a tamper-resistant chip designed by the National Security Agency, a super-secret branch of the Department of Defense.
The chip was designed with a "key escrow" feature: Each chip has a classified encryption algorithm (the "key") that will be split in two and held in "escrow" by the National Institute of Standards and Technology and the Treasury Department.
If government agents are given a wiretapping warrant, the two halves can be reunited, and the government will be able to eavesdrop on otherwise secure communications.
Meanwhile, the FBI is pushing a piece of legislation known as Digital Telephony, which would mandate that all telephone carriers (a) add technology to their switches to facilitate eavesdropping, and (b) ensure that all future telephone equipment may be tapped.
The FBI is concerned that recent advances in technology will make it more difficult for them to execute court-authorized wiretaps, and they see Digital Telephony as their only solution.
There are some dangerously Orwellian assumptions at work here: that the government has a right to listen to private communications, and that there is something wrong with a private citizen trying to keep a secret from the government.
It is as if the local police requested that all homeowners "escrow" a copy of their house keys at the station, and at the same time forced all lock manufacturers to ensure their locks could be picked. What happened to the principles of freedom and liberty upon which this country was founded?
The Clinton Administration claims CLIPPER and Digital Telephony will help prevent crime. As long as these technologies are optional (and the government maintains they will be optional), people who desire real privacy - honest citizens and criminals alike - will use other, non-escrowed, encryption. Since these methods will be secure from wiretapping, I expect the federal government to introduce legislation banning non-escrowed encryption.
By adopting the Escrowed Encryption Standard on which CLIPPER is based, the Clinton administration has bypassed the legislative process and the usual public debate surrounding it. The standard can be modified at will, with no further public debate.
Digital Telephony, at least, must become law in the traditional manner. The FBI claims eavesdropping is an essential tool of law enforcement. They talk of numerous convictions made possible only by wiretaps... but they refuse to name a single defendant, court case, or docket number.
The U.S. Telephone Association estimates that implementing Digital Telephony will cost between $180 million and $1.8 billion. How can we justify imposing such a costly mandate on the telecommunications industry without knowing the payoff?
The same law enforcement authorities that illegally tapped Martin Luther King Jr.'s phones can easily tap a phone "protected" with CLIPPER. During the past five years, local police authorities have been either charged criminally or sued civilly in numerous jurisdictions - including Maryland, Connecticut, Vermont, Georgia, Missouri, and Nevada - for conducting illegal wiretaps.
CLIPPER and Digital Telephony do not protect privacy; they force persons to unconditionally trust that the government will respect their privacy. They assume the government is the good guy and private citizens are bad guys.
It is a poor idea indeed to allow the government to deploy technologies that could someday facilitate a police state.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..