In mid-April 1993, President Clinton approved a directive on “Public Encryption Management.” The government had developed an encryption microcircuit—the Clipper chip—that was more robust than the then current government standard. The Clipper chip also permitted the escrowing of encryption keys; allowing the government to access encrypted information through the use of an escrowed private key.
Key escrow and key recovery are interchangeable names for a system that allows third party—including government law enforcement and intelligence agencies as well as businesses and other organizations—access to private encrypted communications. Law enforcement and intelligence agencies traditionally demand mandatory key escrow and key recovery systems for all use of strong cryptography tools in the United States. Toward the end of the 1990s, some cryptograph vendors joined in the call for key recovery.
The government generally claims it needs access to encrypted communications to prevent crime and terrorism. Businesses argue they need access to encrypted employee communications to prevent unauthorized encryption by disgruntled employees.
The Clipper chip itself was designed by Mykotronx of Torrance, California. According to the National Institute for Standards and Technology (NIST), the underlying encryption technology had already been developed by the National Security Agency (NSA). President Clinton’s public cryptography initiative was built around the NSA technology and the technical specifications of that encryption technology are classified.
President Clinton directed Attorney General Janet Reno to request manufacturers of communications hardware employing encryption to install the Clipper chip in their products. President Clinton stated that his intention was not to prevent other encryption methods from being developed, but also stated, “In making this decision, I do not intend to prevent the private sector from developing, or the government from approving, other microcircuits or algorithms that are equally effective in assuring both privacy and a secure key escrow system.” Reasonable readers will deduce that President Clinton intended the key escrow system to be mandatory.
President Clinton went on to say, “The administration is not saying, ‘since encryption threatens the public safety and effective law enforcement, we will prohibit it outright’ (as some countries have effectively done); nor is the U.S. saying that ‘every American, as a matter of right, is entitled to an unbreakable commercial encryption product.’”
With the Clipper chip design, each device that contains the chip would have two private keys deposited in two distinctly separate key escrow databases established by the Attorney General at the time of manufacture. Access to the encryption keys would be limited to government officials with legal wiretap authorization. The two key escrow databases would be controlled by two to-be-determined government agencies.
A second encryption chip, called Capstone, was also under development by the NSA. Capstone is a superset of the Clipper chip, designed to implement the Digital Signature Standard (DSS) to provide authentication through digital signatures.
In April 1993, Computer Professionals for Social Responsibility (CPSR) filed eleven Freedom of Information Act requests for information related to President Clinton’s encryption initiative, the Clipper chip itself, and the underlying technology developed by the NSA. CPSR suspected that the NSA and NIST violated the Computer Security Act of 1987, legislation that limits the NSA’s role in the development of public encryption technologies to providing “advice and assistance.”
The NSA has publicly stated that it had actively developed both the Clipper and Capstone chips.