5.3 A Chip with Nine Lives

But the Clipper issue has not died. The NSA continues to work on an encryption algorithm that will be proof against all comers-except federal agents armed with the decryption key. Clipper itself, flaws and all, is still on the books as a voluntary Federal Information Processing Standard (FIPS) for government telecommunications.

If you want to export a telephone device today, you still have no choice but to ship Clipper-equipped products. Of course, finding a foreign customer that would buy such a machine might prove difficult.

Clipper, it should also be noted, was never designed to work with local area networks or the Internet. The NSA and National Institute of Science and Technology (NIST) are working to develop software encryption systems with key-escrow backdoors that would work on networks.

In short, has anything really changed? It doesn't look like it. No one (except employees in federal agencies that have adopted Clipper equipment) is required to use a key-escrow security system. Nevertheless, looks, as we shall see, can be deceiving.

But, you might ask, does it really matter? After all, we have public-key encryption systems using the Rivest-Shamir-Adleman (RSA) encryption algorithm. If you don't trust RSA-and there's reason to believe it might have a hole in it-there are other ways to prevent someone from reading your e-mail. For instance, Philip Zimmermann's popular Pretty Good Privacy (PGP) program uses RSA, International Data Encryption Algorithm (IDEA), and Message Digest Algorithm #5 (MD5) to triply ensure that your messages remain private. Zimmermann also is working on a voice PGP version to give telephone customers an alternative to Clipper.

PGP, however, like other encryption schemes, cannot be exported legally from the United States. As a result, Zimmermann is under investigation by the U.S. Customs Service for possible violations of the International Traffic in Arms Regulations (ITAR). It is conceivable that because it's clearly impossible to keep information from flowing freely on the Internet, there will be an attempt to regulate PGP. A requirement to register keys with the government seemingly would fit perfectly into Clipper's key-escrow framework.

Does this sound unlikely? Consider then, that Congress passed the FBI-backed Digital Telephony bill in late October last year. This legislation requires that common carriers, local telephone companies, and long-distance services must add openings for federal wiretaps to their phone systems. The bill also authorizes government agencies to access billing records. At least police and federal agencies will need search warrants to tap your digital lines and dig through your bills.