NetWorld! What People Are Really Doing on the Internet and What It Means to You - David H. Rothman

All in all, Clipper actually emerged as a world security threat. Washington was harming electronic commerce by promoting a crippled and questionable program for encryption. The Administration in effect was delaying the adoption of truly comprehensive security standards for the international community, especially business people outside the States. The standards were on the way, but not as fast as if Clinton’s people hadn’t wreaked havoc on the private sector by way of moronic export[export] controls.

“We need strong cryptography for mainstream society on the Net,” Zimmermann told me. “It’s like making locks. It’s as if I were in the business of selling very, very strong locks.” He reminded me of the case of Kevin Mitnick, who was arrested for breaking into scads of computers and stealing oceans of valuable information. The FBI chased him for a couple of years. “Isn’t it ironic that this guy was able to inflict such damage because our systems are so insecure?” Zimmermann asked. “Our own government suppressed the availability of strong encryption technology. They brought it on themselves, or, I should say more accurately, they brought it down on us.”

At the same time, through Clipper and through efforts against PGP and other effective software, Washington in effect was lending moral support to dictatorships. Clipper used a technique called key escrow. That was a nice way of saying you had to trust Uncle with your secrets since he had a copy of your key. But what if Uncle weren’t Uncle Sam? What if he instead were Uncle Saddam?

“You may have the Saddam Husseins of the world, the North Koreans, being able to hang on to power,” Zimmermann said, “by using this technology to oppress their own political opposition.”

Clipper could do harm even in countries friendly to the United States. Washington wanted them to adopt Clipper-style standards. And at the very least the Clinton Administration was encouraging these governments to demand the keys to whatever encryption schemes their citizens used. That could boomerang mightily against American companies doing business outside the States. Phil Zimmermann recounted to me a rumor he’d heard about a giant entertainment conglomerate that had negotiated a huge deal in France; its executives found the French to be uncannily prescient about the Americans’ tactics. The espionage rumor might or might not be accurate. But fear of French spying against Yanks was common enough for many people from U.S. firms to be very careful about what they said on the telephone, or where they left their suitcases. The French had prohibited strong cryptography. And the Clipper plan, while not a ban on decent encryption, certainly deprived American companies of the moral foundations they needed to protest the French law. In the long run a Clipper arrangement might indeed pave the way for a ban in the United States itself against PGP-strength products, and already it could prop up such moves abroad, to the great disadvantage of American companies with secrets to protect.

In another way, too, Clipperish approaches would make U.S. companies less competitive. American software firms wanted to build encryption into spreadsheets, databases, word processors, and other major applications. If the Feds bullied them into using Clipper, then their products would be less attractive than those of rivals. Consider the market for software to store sensitive material such as medical records; would a European hospital favor a crippled American program over a German program with robust encryption?

That wasn’t so abstract a question. An engineer from the giant Siemens conglomerate in Germany told me later that he was working on medical software, and he expected his employer to clobber U.S. rivals if their products used a questionable, Clipperish encryption scheme. What’s more, crypto mavens were common enough overseas for even American companies to think about hiring them in the former Soviet Union to bypass the export controls. If it happened, it would be the ultimate statement on the absurdity of both the controls and Clipper.

Not surprisingly, a great hue and cry against Clipper came from the American software industry, and meanwhile the hackers themselves were waging full-scale warfare against it on the Net. Thousands of Netfolks participated in the anti-Clipper activities of groups such as the Computer Professionals for Social Responsibility, the first group to sound the tocsin.

In 1994, however, as clueless as ever, the White House officially endorsed Clipper—no ifs ands or buts—and made arrangements for the production of the chips. “Encryption is a law-and-order issue since it can be used by criminals to thwart wiretaps and avoid detection and prosecution,” Al Gore said in justifying Clipper. “It also has huge strategic value. Encryption technology and cryptoanalysis turned the tide in the Pacific and elsewhere during World War II.” But exactly. People on the Net thought that Clipper was just plain brain-dead as a way to protect security, a triumph of bureaucrats over techies.

You even didn’t have to be on the Net to hate the tumor chip. At the request of Time and CNN, Yankelovich Partners polled 1,000 Americans; did they think that private phone calls mattered more than wiretap powers for police? Four-fifths opposed Clipper. Newspapers churned out editorial after editorial, and with good cause: Imagine the joys of trying to expose government corruption if the biggest crooks on the public payroll might someday be able to monitor your conversations whenever they wanted.