RSA Conference 2016: What's Old Security is New Again - Page 2

A little background from Stammberger:

"The NSA, in 1993, was getting scared, because public key cryptography was really beginning to take off. They were worried about large portions of their signals’ intelligence capability going dark on them. So they forwarded their proposal for a chip, called Clipper, that would encrypt everything but it would have one set of backdoor keys that the FBI and the NSA would have. And that chip would go into every PC and every Mac that was sold in the world. That was their solution back then."

It's almost exactly the same thing we're seeing with FBI vs. Apple today, Stammberger said. "They're saying either build in backdoors for us, or we're going to compel you to do work for us to help us decrypt it. It's a time warp; it's the exact same arguments that are being made over and over again. This is a battle we fought 22 years ago. It's evergreen; it keeps coming up."

RSA at the time joined a national campaign of security professionals against the Clipper proposal.

"We wore big buttons that said 'Sink Clipper,' rallying the troops and trying to inform people about it because back then. Not as many people were clued in about cryptography and security in general," Stammberger said. "We were pretty worried that NIST (National Institute of Standards and Technology) and the NSA would kind of slide this through as a standard, while nobody was paying attention."

Clipper Chip Now Long Defunct

The Clipper chipset was intended to be adopted by telecommunications companies for voice transmission. It was announced in 1993 and by 1996 was entirely defunct.

At the heart of the concept was something called key escrow. In the factory, any new telephone or other device with a Clipper chip would be given a cryptographic key that would then be provided to the government in escrow. If government agencies "established their authority" to listen to a communication, Stammberger said, then the key would be given to those government agencies, who could then decrypt all data transmitted by that particular telephone.

The Electronic Frontier Foundation, which was new on the scene, preferred the term "key surrender" to emphasize what they alleged was really occurring.

"We banged the drum pretty loudly to get people to understand the risk of building in a permanent government backdoor into every system, and how dangerous that was. NIST eventually withdrew the proposal because they couldn't get any industry support for it," Stammberger said.

Whether that will happen again now, in FBI vs. Apple, is unknown, and it appears to be headed to a high court showdown. But if history is a guide, this initiative, too, will crash and burn along with all the others.

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 15 years and more than 4,000 articles at eWEEK, he has distinguished himself in reporting...