If you want to export a telephone device today, you still have no
choice but to ship Clipper-equipped products. Of course, finding a
foreign customer that would buy such a machine might prove difficult.
Clipper, it should also be noted, was never designed to work with local
area networks or the Internet. The NSA and National Institute of
Science and Technology (NIST) are working to develop software
encryption systems with key-escrow backdoors that would work on
networks.
In short, has anything really changed? It doesn't look like it. No one
(except employees in federal agencies that have adopted Clipper
equipment) is required to use a key-escrow security system.
Nevertheless, looks, as we shall see, can be deceiving.
But, you might ask, does it really matter? After all, we have
public-key encryption systems using the Rivest-Shamir-Adleman (RSA)
encryption algorithm. If you don't trust RSA-and there's reason to
believe it might have a hole in it-there are other ways to prevent
someone from reading your e-mail. For instance, Philip Zimmermann's
popular Pretty Good Privacy (PGP) program uses RSA, International Data
Encryption Algorithm (IDEA), and Message Digest Algorithm #5 (MD5) to
triply ensure that your messages remain private. Zimmermann also is
working on a voice PGP version to give telephone customers an
alternative to Clipper.
PGP, however, like other encryption schemes, cannot be exported legally
from the United States. As a result, Zimmermann is under investigation
by the U.S. Customs Service for possible violations of the
International Traffic in Arms Regulations (ITAR). It is conceivable
that because it's clearly impossible to keep information from flowing
freely on the Internet, there will be an attempt to regulate PGP. A
requirement to register keys with the government seemingly would fit
perfectly into Clipper's key-escrow framework.
Does this sound unlikely? Consider then, that Congress passed the FBI-backed Digital Telephony bill in late October last year. This legislation requires that common carriers, local telephone companies, and long-distance services must add openings for federal wiretaps to their phone systems. The bill also authorizes government agencies to access billing records. At least police and federal agencies will need search warrants to tap your digital lines and dig through your bills.