Clipper encryption program advances

The government is quietly moving toward a system called Clipper III that would give the government the keys to encryption software.

CNET News staff
2 min read
A little-known branch of the federal government has quietly taken the first steps toward a plan that the Clinton administration calls critical in the online fight against crime and that detractors call a breach of civil liberties.

On Monday, the Commerce Department's National Institute of Standards and Technology announced in the Federal Register that it is forming a 24-member technical advisory committee to set up the Federal Key Management Infrastructure, a kind of encryption management program popularly known as Clipper III.

Clipper III is an attempt to register with authorized third parties all codes that can be used to decrypt public and private electronic communications. The goal is to make sure that federal law agencies can quickly access and read all encrypted files and messages of suspected criminals, but critics argue that the system will work at the expense of the privacy rights of ordinary citizens.

As it exists now, Clipper III is merely a white paper. But the methodologies outlined in the document are being tested in various pilot projects, according to NIST spokeswoman Anne Enright Shepherd.

The technical advisory panel, which will consist of cryptography experts from government agencies and the private sector, will oversee the eventual integration of the pilot projects into one key management system. The government has not yet announced the names of the panelists.

Two previous proposals to create such "back doors" to encrypted electronic information have been thwarted by protests from businesses and civil liberties groups. And proponents of completely unlimited encryption are beginning to ramp up opposition against number three.

"A lot of people didn't take the original Clipper III proposal very seriously," said Alan Davidson, counsel for the online rights advocacy group Center for Democracy and Technology. "But this is the beginning of a real process to put the key management infrastructure into place."

If Congress doesn't outlaw it first. A bill working its way through the Senate promises to ban such key escrow schemes. Its main sponsor, Conrad Burns (R-Montana), has convinced a bipartisan group of Congress members that the administration's proposal--as well as current export laws that forbid the export of strong encryption technology--are bad for U.S. software companies and a threat to online privacy and security.

The Senate Commerce Committee has scheduled hearings for the so-called Pro-Code Bill on July 24. Senior administration and security officials, including FBI Director Louis Freeh, are expected to testify.