Skip to main content

On the Clipper Chip's Birthday, Looking Back on Decades of Key Escrow Failures

DEEPLINKS BLOG
April 16, 2015

On this day in 1993, the Clinton White House introduced the Clipper Chip, a plan for building in hardware backdoors to communications technologies. The chip would be used in American secure voice equipment, giving law enforcement agencies the explicit ability to decrypt its traffic using a key stored by the government. The White House promised that only law enforcement with proper "legal authorization" could access that key—and thus, the contents of the communications.

Obviously, the Clipper Chip never took hold. Key escrow generally encountered massive public opposition, and the security of the Clipper Chip specifically was demonstrated to be fundamentally flawed [PDF] by security researchers like Matt Blaze. By 1996 the Clipper Chip proposal was dead; one might hope, too, that the government would give up the idea of mandating backdoors into encrypted communications. Of course, as anybody who is following the current debate over encryption, privacy, and law enforcement knows, that was not the case.

Key escrow was a bad idea in 1993. It was a bad idea when the National Security Agency began attempting to covertly insert backdoors into cryptographic standards from 2000 on. It was a bad idea when the Obama administration indicated a desire to legislate key escrow in 2010. And it's a bad idea now, coming from law enforcement agencies like the FBI and supported by the NSA, to insert new backdoors that a so-called government "golden key" can unlock. (Because time is a flat circle, it's worth noting that the phrase "Golden Key" also dates back nearly 20 years—as the name of an EFF coalition campaign against, you guessed it, key escrow.)

The FBI has complained about the impending doom of communications "going dark" for decades now. You can read FBI testimony from the 1990s that is virtually indistinguishable from the same misguided statements today. As the overwhelming majority of security experts will tell you, inserting backdoors in the security software we rely on makes us all less safe. As we articulated over 20 years ago, "key escrow" is really "key surrender," and isn't part of a coherent security strategy. And that's just one of the epic failures that come from government efforts to regulate cryptography.

It does a disservice to the public to call the current brouhaha over backdoors a "debate." In a debate, different sides present facts and arguments, and somebody can win. The FBI, the NSA, and others have retreated from that strategy. After all, the facts are in on crypto backdoors—they are not necessary, they do not work, and they make us less safe. As we look back over EFF's 25 years, and the 22 years since the Clipper Chip entered the scene, let's hope we can finally make these pointless and dangerous proposals a thing of the past.

JavaScript license information