"Clipper III" (Public Key Infrastructure): May 21, 1996
The Clinton Administration's third attempt at an encryption policy
proposal used a government-sanctioned key certification system
as an incentive to virtually impose key escrow on domestic users.
The draft proposal, "Achieving Privacy, Commerce, Security and Public
Safety in the Global Information Infrastructure" (immediately dubbed "Clipper
III"), sought to establish a "public key infrastructure" for encryption.
Broadly speaking, a public key infrastructure would have enabled users to clearly
identify the people they are communicating with and facilitated key
management, and was widely viewed as an important component of a secure and
trusted communications environment. However, the Clipper III would have
established this infrastructure at a price: All users of the public key
infrastructure would have had to ensure government access to their encryption
keys through an approved key escrow authority.
Privacy and Security Concerns
It made key escrow a precondition for participation in the public key infrastructure.
Other than law enforcement access, there was no reason for the mandatory escrow of private keys in the public key infrastructure. On the contrary, the essential breakthrough of public key cryptography was the ability for users to share public key information and partake fully in
authenticated, secure communications without revealing any private key information to third parties. Data recovery --
the ability to recover encrypted data if a private key is lost -- was the main rationale presented for key escrow. However,
data recovery could be done independently of the public key infrastructure if desired, and in a more secure manner.
It was not voluntary. Though participation was theoretically "voluntary," under Clipper III users would have had no choice but to
escrow their keys or forego participation in the Information Age economy. The proposal itself called the key
infrastructure a "basic and entirely essential foundation." To participate, users would need to escrow their keys; if they
chose not to participate in the KMI, users would be unable to obtain the essential certifications that the Administration
foresees as being the standard for secure electronic communications and commerce.
It targeted domestic users. While export controls have ostensibly been aimed at controlling the use of encryption by
foreign users, the Clipper III proposal was clearly aimed at domestic users of encryption.
It left international key exchange problems unresolved. Without a system of international agreements,
interoperability was at risk. The same encryption and/or authentication scheme exportable to Germany or France might not have been
be exportable to India or China in the absence of appropriate bilateral agreements. Bilateral agreements raised their own
issues: under what standards will keys be released to foreign governments, especially those with no tradition of Fourth
Amendment search and seizure protection?
It contained no key escrow privacy provisions. The Administration proposal only tangentially addressed the privacy
problems posed by key escrow systems. As others have already noted in the encryption policy debate, any key escrow
system (even if voluntary) raised issues regarding the need for: liability rules for unauthorized key disclosures by
escrow agents; standards for law enforcement access; auditing requirements for escrow agents; and guidelines for
decryption information access. Clipper III contained no such standards or guidelines.
It compromised network security by encouraging storage of private key information. Clipper III required the accumulation of private keys or other decryption information in dangerous and vulnerable points-of-failure -- the escrow agents. At the same time as it sought to design a secure infrastructure, the proposal built enormous new vulnerabilities into the system.
