Enigma More than a quarter century after its introduction, the failed rollout of hardware deliberately backdoored by the NSA is still having an impact on the modern encryption debate.
Known as Clipper, the encryption chipset developed and championed by the US government only lasted a few years, from 1993 to 1996. However, the project remains a cautionary tale for security professionals and some policy-makers. In the latter case, however, the lessons appear to have been forgotten, Matt Blaze, McDevitt Professor of Computer Science and Law at Georgetown University in the US, told the USENIX Enigma security conference today in San Francisco.
In short, Clipper was an effort by the NSA to create a secure encryption system, aimed at telephones and other gear, that could be cracked by investigators if needed. It boiled down to a microchip that contained an 80-bit key burned in during fabrication, with a copy of the key held in escrow for g-men to use with proper clearance. Thus, any data encrypted by the chip could be decrypted as needed by the government. The Diffie-Hellman key exchange algorithm was used to exchange data securely between devices.
Any key escrow mechanism is going to be designed from the same position of ignorance that Clipper was designed with in the 1990s
Not surprisingly, the project met stiff resistance from security and privacy advocates who, even in the early days of the worldwide web, saw the massive risk posed by the chipset: for one thing, if someone outside the US government was able to get hold of the keys or deduce them, Clipper-secured devices would be vulnerable to eavesdropping. The implementation was also buggy and lacking. Some of the people on the Clipper team were so alarmed they secretly briefed opponents of the project, alerting them to insecurities in the design, The Register understands.
Blaze, meanwhile, recounted how Clipper was doomed from the start, in part because of a hardware-based approach that was expensive and inconvenient to implement, and because technical vulnerabilities in the encryption and escrow method would be difficult to fix. Each chip cost about $30 when programmed, we note, and the relatively short keys could be broken by future computers.
In the years following Clipper's unveiling, a period dubbed the "first crypto wars," Blaze said, the chipset was snubbed and faded into obscurity while software-based encryption rose and led to the loosening of government restrictions on its sale and use. It helped that Blaze revealed in 1994 a major vulnerability [PDF] in the design of Clipper's escrow design, sealing its fate.
It is important to note, said Blaze, that the pace of innovation and unpredictability of how technologies will develop makes it incredibly difficult to legislate an approach to encryption and backdoors. In other words, security mechanisms made mandatory today, such as another escrow system, could be broken within a few years, by force or by exploiting flaws, leading to disaster.
FBI Director wants 'adult conversation' about backdooring encryptionREAD MORE
This unpredictability in technological development, said Blaze, thus undercuts the entire concept of backdoors and key escrow. The FBI and Trump administration (and the Obama one before that) pushed hard for such a system but need to learn the lessons of history, Blaze opined.
"The FBI is the only organization on Earth complaining that computer security is too good," the Georgetown prof quipped.
"Any key escrow mechanism is going to be designed from the same position of ignorance that Clipper was designed with in the 1990s. We are going to be looking back at those engineering decisions ten years from now as being equally laughably wrong."
Daniel Weitzner, founding director of the MIT Internet Policy Research Initiative, said this problem is not lost on all governments trying to work out new encryption laws and policies in the 21st century. He sees a number of administrations trying to address the issue by bringing developers and telcos in on the process.
"What the legislators hear is a complicated problem that they don't know how to resolve," Weitzner noted. "Moving the debate to experts on one hand gets you down to details, but it is not necessarily easy." ®