From: The Wall Street Journal, Tuesday March 22, 1994, p. B1 TECHNOLOGY Clipper Chip Is Your Friend, NSA Contends NSA Seeks to Dispel Misgivings of Public About Clipper Chip By Bob Davis Staff Reporter of The Wall Street Journal. FORT MEADE, Md. --- The National Security Agency wants everyone to know that its new computer-security system will protect individual privacy. But as the spy agency knows, hardly anyone believes that. Critics fear the government will use the NSA technology, designed in secret, to spy on Americans. The project "is a focal point for the distrust of government," acknowledges Clinton Brooks, the NSA scientist who led the so-called Clipper Chip project, in the agency's first interview on the subject. The Clinton administration last month adopted the NSA plan for a series of computer chips that would protect telephones and computers. Use of the technology would be voluntary. Federal agencies would adopt it first, and public use is expected to spread gradually. Under the plan, cryptographic "keys" that could unscramble the communications would be split in two and held separately at the Treasury Department and the National Institute of Standards and Technology. That way, law-enforcement agents could tap the communications by getting court authorization to obtain the two halves. The idea is to boost security but to keep the technology out of the hands of criminals and spies. The NSA is the world's biggest eaves-dropper. Equipped with the latest in super-computers and satellite receivers, it targets communications by foreign governments. The agency shuns publicity but agreed to the interview to explain its role in the Clipper controversy and try to dispel fears. Mr. Brooks, a 26-year veteran of the NSA, says the project began in 1989 and cost more than $2.5 million. He says the NSA is consumed with what it calls the "equities problem" --- how to balance privacy rights against the needs of law enforcement, national security and private industry. In 1989, he and Raymond Kammer, deputy director of NIST, began discussions about how to improve computer security without making it impenetrable to police. NIST is a Commerce Department agency with formal responsibility for unclassified computer security. Before the interview, Mr. Brooks takes a look around a small cryptographic museum just outside the NSA's gates. He stands before an exhibit of Enigma machines, used by the Germans during World War II to encrypt messages --- and later broken by Allied intelligence. Enigma started as a commercial product; recognizing its military value, the Nazis pulled it off the market. "That was the concern we're wrestling with today," Mr. Brooks says --- commercial encryption technology becoming so good that U.S. spy agencies can't crack it. In 1989, NIST and the NSA put together an eight-person team, split evenly between the agencies, to quietly work out security concepts. The team decided against using a weak encryption code --- "Roman Numeral One is that it had to be good security," says Mr. Brooks. And it also rejected a so-called trapdoor approach, in which the computer code would be designed so it would have a weak spot --- a trapdoor --- that federal agencies could enter via computer to tap the communications. Someone else could discover the trapdoor, they decided. The team settled on a system with a powerful encryption formula, called an algorithm, and encryption keys that would be held by outsiders. Law- enforcement agencies could get copes of the keys when they needed to bug the conversations. The toughest decision, both Mr. Brooks and Mr. Kammer say, was to keep the algorithm, dubbed the Skipjack, secret. That meant the public wouldn't know for sure whether the NSA had inserted a trapdoor or some other eavesdropping device. "It would defeat the purpose [of the project] if we gave the knowledge of how the algorithm worked" to the public, says the 56-year-old Mr. Brooks. "It was going to have to be kept classified." Otherwise, he explains, engineers could use the algorithm to design computer-security systems that the government's encryption keys couldn't unlock. By 1990, he says, as many as 30 NSA "cryptomathematicians" and other employees were working to perfect the algorithm and other features. A year later, the NSA launched what it called the Capstone Project to build the algorithm into a computer chip. The NSA contracted with Mykotronx Inc., a small company in Torrance, Calif., to do much of the development. By September 1992, the NSA was confident the system would work. None too early for the NSA. Earlier that year, Mr. Brooks says, American Telephone & Telegraph Co. informed the NSA that it wanted to sell a phone using a popular encryption technology to scramble conversations. The NSA balked. "We said it probably wouldn't get an export license from this country," Mr. Brooks says. Instead, AT&T was told of the Capstone work and agreed to use the technology if it became a federal standard and was exportable, he says. The NSA then took some of the functions of the Capstone chip and tailored it to phone equipment, calling the resulting product the Clipper Chip. For computers, Capstone was encased on a computer card that became known as Tessera. The the Bush administration, enmeshed in a re-election bid, never pushed Capstone. So shortly after the election, National-security heavyweights importuned the Clinton transition team to move quickly on Capstone. Just weeks after the inauguration, the new administration's national-security team was debating the NSA proposal and in April announced to the public that it would adopt the scheme. Last month, the administration gave the final go-ahead --- despite withering criticism from industry. Vice President Gore called encryption a "law and order issue." NIST's Mr. Kammer says the new administration was also trying to line up backing among national-security officials to liberalize export controls on computer equipment and other high-tech gear. The high-tech industry was stunned at the decision. David Peyton, vice president of the Information Technology Association of America, a trade group of computer companies, says the scheme will dangerously centralize power in the federal government and will limit exports. James Bidzos, president of a computer-security firm, RSA Data Security Inc., goes further. He posted a letter on the Internet computer network arguing that Clipper may be the "visible portion of a large-scale covert operation on U.S. soil by NSA." Nonsense, responds Mr. Brooks, who says he is distressed by the "emotionalism" of the arguments. "The only reason we're involved is that we have the best cryptomathematicians in the country."