NetWorld! What People Are Really Doing on the Internet and What It Means to You - David H. Rothman

An old friend of mine, Margaret “Peggy” Engel, a former Washington Post reporter who ran and still runs a respected journalism foundation, was among the snoops’ victims. Bureaucrats got the phone company to turn over a list of Peggy’s calls even though she had not committed a crime. It seems a freelance writer had managed to dig up some inside information on the failure of the IRS to collect several billion dollars in back taxes from corporations that had profited from currency hedging. This same writer later applied for a grant from Engel’s organization, the Alicia Patterson Foundation. Vindictively, the Feds snooped on Engel, too, simply because the writer had made a call to Engel’s office for an application for a fellowship.

So it went. Because Peggy and I talked from time to time, the Feds had also tracked her telephone and computer calls to me. They acted against her under a casually issued court order signed not by a judge but by an assistant deputy clerk—one of more than 20,000 such actions issued in the Washington area in 1992. “It’s like getting your parking ticket stamped,” she told me. “That’s the level of scrutiny that these things get. And the number keeps growing. I think it’s because of the increase in fax machines. I think agencies are using it on their employees to find out who talked to the press or Congress.” And now the Feds wanted to license the manufacture of a chip that would spill our secrets on demand.

Granted, the Feds claimed that in the Clipper’s case, one bureaucrat could not spy alone. The official line was that people from both the Treasury Department and the National Institute for Standards and Technology would have to agree before an interception could take place. If they did, the electronic keys would go over the wires to local police or others needing the tap. All this would require a court order. Some Clipper boosters might well have argued, “We’re talking about strict controls.” But Peggy’s experience still showed the potential the Feds had for promiscuous Big Brothering, especially since both the Treasury and the Institute were within the Executive Branch.

Later the front pages would sprout articles about bureaucrats reading the supposedly confidential tax information of their neighbors or of movie stars. Yes, the tax people tightened up their operations to avoid repeats. But supposedly the IRS had been secure in the first place.

The NSA might itself prove capable of some nasty twists. What if it could call up escrow keys from a database despite all talk to the contrary? Or suppose it had a database of its own to unlock all the keys? Would it really want to go to court for authority to snoop? In PGP: Pretty Good Privacy, Garfinkel wisely noted that Washington would let Clipper chips be exported. And the NSA was allowed to spy on nondomestic conversations. So he logically wrote: “If Clipper-equipped radios were being used by Iraqi fighter pilots, the NSA would want to listen in. Although the NSA hasn’t said so publicly, it is doubtful that the agency would jeopardize national security in order to play along with the escrow system.” The NSA might even work out secret deals with the company making the chips, to assure that the results didn’t frustrate the snoops.

Adding to the quite-justified paranoia was the fact that only the dumbest of criminals would rely on Clipper to protect privacy. So what was the point of using technology meant to turn the bad guys into jail bait? Why bother to create it in the first place?

Washington countered that criminals would want Clipper phones to talk securely to the world at large. And I suspected that, yes, they indeed would buy some equipment with Clipper. But for plotting a $10 million dope shipment or a terrorist attack, the black hats would quickly learn to use other scrambling systems; in fact, they could run them on top of Clipper so the Feds still got only gibberish. Even if the Feds banned PGP-style protection, criminals would spread the right hardware and software among themselves. Like drugs or sex, this would be a fine opportunity for entrepreneurial lawbreakers.

The underworld might even sell Clipper-crackers that could make criminals just as good at snooping on America’s Winston Smiths as the Feds would be. High-tech hoods could call their new business Credit Card Numbers Unlimited. Small wonder that Clipper appalled many security specialists.

At the same time, experts for the software industry raised questions about whether the Clipper chip could penetrate the market and, if so, to what extent? Any way you looked at it, the plan was crazy. If Clipper couldn’t catch criminals (and did everyone in the White House really swallow this bilge?), then who was left? People like Peggy Engel, her muckraking grantee, and me. At least part of the time, we would need Clipperish encryption if somehow it surprised the experts and did catch on; our banks might not let us use anything else. How much better if a PGP-style alternative were the standard instead.

Technically, Clipper was just as scary as it was politically and in law-enforcement terms. Scientists and mathematicians loved to dissect encryption schemes in academic papers, and keep checking and rechecking them over the years for flaws. But Clipper’s designers withheld the information that outside experts could use to poke holes in the concept. Unknowns indeed existed. A well-connected scientist at AT&T would later find a significant weakness in the network version of Clipper, a way to cripple the snoop-on-me-please feature.