**********************************************************************
This paper appeared in the Journal of Criminal Justice Education,
Vol. 6, No. 2, Fall 1995, pp 323-336.  Copyright 1995.  This paper may 
not be republished or posted without permission of the author and JCJE.
**********************************************************************

            Crime and Crypto on the Information Superhighway
                                    
                                    
                           Dorothy E. Denning
                          Georgetown University
                                    
                            December 13, 1994



Although the information superhighway offers many benefits to
individuals and to society, it also can be exploited to further crimes
such as theft and sabotage of data, embezzlement, fraud, child
pornography, and defamation.  Thus, a challenge in designing and using
the information superhighway is to maximize its benefits while
minimizing the harm associated with criminal activity.  Three types of
mechanisms that help meet this challenge are information security
tools, ethics, and laws.

One information security tool that is particularly useful against crime
is encryption, the scrambling of data in such manner that it can be
unscrambled only with knowledge of a secret key.  Encryption can
protect against espionage, sabotage, and fraud.  But it is a dual edged
sword in that it also can enable criminal activity and interfere with
foreign intelligence operations.  Thus, the role of encryption on the
information superhighway poses a major dilemma.  This dilemma has been
the topic of considerable dialogue and debate ever since the Clinton
Administration announced the Clipper Chip, a special purpose encryption
chip designed to meet the needs of individuals and society both for
communications security and privacy protection and for law enforcement
and national security.  The outcome of the debate is likely to have
considerable implications for criminal justice.  In order to put the
debate in context, we will first describe some of the criminal
activities made possible by computer networks and how cryptography fits
into a range of  information security tools.  We will then review the
encryption dilemma and Clipper controversy.

Criminal Activities

Eavesdropping, espionage, and theft of information.  In the best
selling book The Cuckoo's Egg, Cliff Stoll tells the fascinating story
of how he traced a 75 cent accounting error on the Lawrence Berkeley Labs
computer system to a espionage ring in Germany selling information to
the KGB.  The German "hackers" were after military secrets, and they
had penetrated dozens of computer systems by exploiting common system
vulnerabilities, including default or poorly chosen passwords, and
security holes in system software.  None of the systems held classified
information, but the case heightened concerns about the threat of
government and corporate espionage to sensitive information stored on
computer systems.

System break-ins are a common and serious threat.  Once on a system,
intruders are often able to exploit additional vulnerabilities in order
to attain privileged status, with access to all files stored on the
machine.  They then can browse through the files or download them to
their own computer, and they can modify system files to ensure future
entry and to cover up their tracks.  If the computer is on a local area
network, they might install a "password sniffer" program that
intercepts network traffic and extracts passwords.  If the computer is
a workstation with a built- in-microphone, they might listen in on
conversations taking place in the room.  Information transmitted over
computer networks is also vulnerable to interception while it passes
through physically unprotected connections, particularly wireless, or
is routed through untrustworthy hosts.

Credit card numbers and telephone calling card numbers are the target
of many intrusions.  In one case, up to $140 million in unauthorized
long-distance calls could have resulted from the theft and sale of
thousands of telephone calling card numbers by an international ring of
computer hackers, who obtained the numbers from suppliers in the United
States, some of whom worked for the telephone companies.  Many hackers
ride the information superhighway for free, stealing long distance
codes and services on computers and networks.  It is like using
turnpikes, tunnels, or bridges without paying the toll; or riding
buses, subways, trains, and airplanes without paying the fare.

Cellular "bandits" use scanners to intercept the phone and serial
numbers which identify cellular phones and are transmitted with each
call.  The numbers are used to make and sell "cloned" phones, which
bear the same numbers as the legitimate phones.  Cellular phone fraud
costs the cellular industry an estimated $1 million per day.  The
problem is so serious in the New York City area that Cellular One
temporarily suspended their roaming service in that area in December,
1994.

Because it is so easy to copy and distribute information
electronically, computer networks present a serious risk to
intellectual property.  Commercial software is frequently uploaded onto
bulletin boards and made available for free downloading in violation of
copyrights and software licensing agreements.  In October, 1994,
hackers broke into a University of Florida computer and set up an
invisible directory with test versions of OS/2 and Windows 95.  The
Software Publishers Association has identified 1600 bulletin boards
carrying bootleg software and estimated that $7.4 billion worth of
software was lost to piracy in 1993; by some industry estimates, $2
billion of that was stolen over the Internet.  Documents, music, and
images are similarly distributed over computer networks.  Playboy
Enterprises won a suit against the owner of a bulletin board for
allowing postings of copyrighted images taken from Playboy magazine on
the board.  In that case the images were not already on-line, but had
to be scanned into a computer.  Many organizations are struggling with
the question of how to make their publications available electronically
without suffering financial loss.

In the future, as the information superhighway looks more like an
electronic marketplace, "digital cash" might be vulnerable to theft.
"Burglars" might be able to break into a computer and download cash,
and "muggers" might be able to rob intelligent agents that have been
sent out on the network with cash to purchase information goods.

Sabotage of data.  System penetrators often damage files and records.
Recently, a colleague reported that an intruder broke into their system
and trashed a partition on one of their disks.  Although they
eventually recovered most of the lost data from backups, the
restoration did not run smoothly and the disruption was considerable.
Their experience was not uncommon.  Even when an intruder does not
overtly damage user data files, recovery from a break-in is disruptive
since the system administrators must check for corrupted files and
restore system files that were altered in order to allow for re-entry.

System penetrators have damaged sensitive and sometimes life critical
information.  In one case, a nurse broke into a hospital computer and
altered patient records.  He changed prescriptions, "scheduled" an
X-ray, and "recommended" discharge of a patient.  In another, a prison
inmate broke into a computer and altered the date for his release so
that he could be home in time for Christmas.  There have been several
reported cases of students who gained access to school records and
altered their grades or the grades of classmates.  Employees of banks
and other companies have misused their computer privileges to embezzle
money from their institutions by creating false accounts, changing
accounting records, and inserting payroll records for bogus employees.
In June, 1994, a hacker pled guilty to breaking into the computer
systems of radio stations in order to rig promotional contests.  He
"won" two Porsches, two trips to Hawaii, and $20,000 in cash.

Malicious code.  Malicious code can come in a variety of forms.
Computer "viruses" are fragments of code that attach themselves to the
boot sector of a disk or to executable files on the disk.  They are
activated whenever the boot sector or host file is loaded into memory
and executed, and spread from one computer to another through floppy
disks and computer networks.  Some viruses re-format the hard drive,
destroying all files in the process.  Others print messages, play
tunes, or cause congestion that slows down the machine.

"Worms" are active programs that spread through computer networks,
potentially causing considerable damage.  One of the most famous worms
was launched on the Internet in 1988 by a graduate student at Cornell.
The Internet worm eventually infected and shut down thousands of
computers on the Internet.

A "logic bomb" is any form of malicious code that "detonates" in
response to some event.  A "time bomb" goes off at a particular time.
Before quitting, one disgruntled employee left behind a time bomb
disguised inside a "Cleanup" program.  Had it not been caught in time,
it would have destroyed a computer program used to build missiles.
Some viruses behave as time bombs, hiding their presence and
destructive nature until they have had a chance to spread.  The
Michelangelo virus is triggered on the artist's birthday, March 6.

A "letter bomb" is an electronic mail message which causes unexpected
and harmful effects when the message arrives, is read, or is loaded
into memory and executed.  Joshua Quittner, journalist and co-author of
a forthcoming book on computer hackers, reported that he was mail
bombed with thousands of pieces of unwanted mail that jammed his
mailbox and eventually shut down his Internet access on Thanksgiving
weekend, 1994.  In an unrelated incident occurring a few weeks later, a
virus alert spread throughout the Internet warning of an e-mail message
labelled "Good Times," which purportedly carried a virus that would
wipe out the hard drive.  Although the act of reading an e-mail message
cannot cause code contained within the message to execute unless the
system supports self-executing messages (most do not), an unsuspecting
user might follow directions to store the message in a file and then
execute it explicitly.  The alert turned out to be hoax.

A "Trojan horse" is a program containing hidden malicious code, for
example, a time bomb such as in the aforementioned Cleanup program.
One of the ways that hackers acquire passwords is by replacing the
login program on a computer with one that surreptitiously captures the
passwords typed by users.

Electronic Mail Fraud and Anonymity.  On many systems, it is easy to
send an e-mail message that appears to come from someone other than the
actual sender.  Several years ago when I was interviewing hackers, I
frequently received messages from them that appeared to be from
myself.  They did this to conceal their actual identity and location.
More recently, while I was teaching my class how to send electronic
mail, a student asked me how he could spoof a message from his
roommate.  He wanted to play a joke!

E-mail forgery is quite common.  At Dartmouth, a student spoofed an
e-mail message from the department secretary cancelling an exam.  Half
the students did not show up.  At the University of Wisconsin, someone
forged a letter of resignation from the Director of Housing to the
Chancellor.  In another case, a New Jersey housewife discovered that a
Chicago man was sending obscene messages in her name.  E-mail fraud
could become a serious problem as the information superhighway evolves
into a major system of electronic commerce, with million dollar
contracts being negotiated and transacted through electronic mail.

On the Internet, it is possible to send or post an anonymous message by
directing the message through an anonymous re-mailer that strips off
the message headers, thereby hiding the true origin.  While sending
anonymous messages is not a crime and indeed has many benefits for
privacy, it can be used in the furtherance of other crimes, for
example, defamation and child pornography.  Anonymous re-mailers have
been used to send death threats to the President.

Sex crimes and sexual harassment.  One of the dark sides of the
computer revolution has been the use of bulletin boards and networks to
distribute child pornography and find victims for child molestation.
Many people are drawn into intimate relationships over computer
networks, and pedophiles have taken advantage of this to befriend
juveniles.  In one case, a fourteen-year-old Boston boy disappeared
after running away to meet a man in Texas who had sent him on-line love
letters and airline tickets.

Networks also provide a tool for sexual harassment.  A
fourteen-year-old New Jersey girl reported that she was forced off the
network after continuing to receive unwanted computer- generated sexual
images of young boys.  One woman joined an on-line service to discuss
the joys and pitfalls of raising children, but found herself the target
of an elusive "cyberstalker" who threatened her life, sent her
pornographic e-mail, and may be following her around the country.

Defamation.  A former Australian professor won $40,000 in a defamation
suit against an anthropologist who defamed him on a computer bulletin
board distributed worldwide.  The message had said that his career and
reputation were based on "his ability to berate and bully all and
sundry," and suggested that he had engaged in sexual misconduct with a
local boy.  The suit did not implicate any operators of the bulletin
board or network.  In another case, Cubby, Inc.  sued CompuServe, an
on-line information service, for defamatory statements that appeared in
one of their forums.  The court dismissed the case on the grounds that
management of the forum had been contracted out to an independent firm,
Cameron Communications, and that CompuServe was serving as a
distributor rather than publisher, with little or no editorial control
over content.

Information Security Tools

In order to better understand the role of encryption in protecting
against some of the activities described above, we will first give a
brief overview of three equally important types of security tools:
access controls and monitoring, user authentication, and trusted
systems and operational controls.

Access controls and monitoring.  Access controls are used to prevent
outsiders from gaining access to a system through dial-up or network
connections.  They also can enable limited outside access to public
files on a system, while prohibiting access to private files.  For
example, a site could make part of its file system available on the
world wide web, using access controls to allow outsiders to retrieve
web files, but not perform other functions on the system.  By limiting
the information that users can view or modify and the software and
transactions they can run, access controls also protect against theft
and sabotage of data by insiders who are authorized to access a system,
but not everything on it.

Access controls are implemented with file system monitors, "firewalls,"
and other types of security monitors that control what operations can
be performed and what information can be accessed.  Some security
monitors use artificial intelligence techniques and statistical
profiling to determine whether a particular activity is likely to be
indicative of an intrusion or other violation of security policy.
Firewalls are computer gateways that monitor the flow of all traffic
between a single computer or internal network and an outside network.
They can be used to limit connections and the contents of traffic going
in or out of the protected system.  While not a panacea, they can be
effective in protecting against network threats, including system
penetrations.  Anti-viral tools are monitors that check for and assist
the user recover from computer viruses.  Although they are not usually
classified as access controls, their effect is to prevent malicious
code from accessing and potentially damaging information.

Access controls are the primary mechanism for implementing a security
policy on a system.  However, they have several limitations.  First,
they cannot prevent an eavesdropper from intercepting traffic on an
unprotected medium.  Encryption is the only mechanism that addresses
this threat.  Second, they are ineffective without mechanisms that
authenticate the identity of users and ensure the authenticity of
software and data.  Third, they can be subverted if the operating
system or applications software has security holes, or if a system is
not configured securely.  Trusted systems and operational controls help
mitigate this threat, but are not usually foolproof.  Finally, they
cannot prevent authorized users from misusing their privileges, for
example, to commit fraud or to leak company secrets.  Indeed, no
security tool can prevent this.  Worse, encryption can be used to
conceal such activity as well as activity resulting from security
breaches.

User Authentication. The most common method of user authentication is
passwords that remain fixed for a period of time, sometimes
indefinitely.  Although passwords can provide an adequate level of
security in many environments, systems that rely on fixed passwords are
vulnerable to poorly chosen passwords that can be guessed or determined
by systematic attack with "password crackers," and to capture by Trojan
horse programs and password sniffers.  Frequent changes of passwords
help protect against these threats, but a higher level of security can
be obtained with "one-time passwords" and "challenge-response
protocols" that use a different authentication value each time the user
logs into the system.  The authentication value may be generated by a
special device (e.g., smart card or PCMCIA card) or software program
that computes the next password in sequence or the response to the
challenge.  Cryptographic techniques are used in the process.

Biometrics, for example, thumb prints, voice prints, and retinal
patterns, offer another method of user authentication.  However, these
approaches require special scanning equipment and are subject to false
positives and negatives.  But when combined with another form of
authentication, they can provide a very high level of security.

Trusted systems and operational controls.  A system may have reasonable
access controls and authentication mechanisms, but use default
passwords or security settings that are readily exploited, or have
security weaknesses that allow an insider or outsider to circumvent the
access controls.  "Trusted systems," which are designed under strict
criteria in order to provide a high level of protection against
security breaches, are one line of defense.  Operational controls,
which include security checks, management of access privileges, system
configuration, auditing, use of anti-viral tools, backups, and security
awareness training, are another.  Operational controls can help ensure
that technical safeguards are used correctly and effectively, that the
opportunities for users to misuse their privileges are minimized, that
backup mechanisms are in place to protect against accidents or acts of
sabotage, that audit mechanisms are turned on, and that any discovered
security weaknesses are appropriately handled.  Separation of duties
and two person control can minimize the possibility of a single user
compromising information or engaging in fraudulent or destructive
activity.

Most commercial systems are not "trusted," and it is not uncommon for
security holes and weaknesses to be discovered after they have been on
the market for several months or years.  Often, the discovery is made
only after some security incident in which the vulnerability is
exploited.  In order to facilitate and coordinate responses to such
incidents, a Computer Emergency Response Team (CERT) was established in
1988 to serve the Internet community.  CERT reported that in 1993,
there were 111 new incidents a month involving 1 to over 65,000 sites,
and that in1994, the number of incidents increased by 77% and the
number of sites affected by 51%.  The incidents involved malicious
code, intrusions resulting from bypass of authentication mechanisms,
exploitation of security holes in network services, password sniffers,
insider attacks, and espionage.

Cryptography.  A cryptographic system is a set of functions that are
parameterized by keys and used for the purpose of secrecy or
authenticity.  An encryption system is a special type of cryptosystem
consisting of an encrypt function which scrambles (encrypts) data and
an inverse decrypt function which restores the data to its original
form.  Encryption conceals data from anyone not knowing the secret key
needed for decryption.  It provides security and privacy protection for
information that is vulnerable to eavesdropping or unauthorized access,
for example, information transmitted over unprotected communication
channels or stored on unprotected media.  Cryptographic authentication
mechanisms are used to protect against modifications to data, for
example, insertion of malicious code into a standard program, and
masquerading of users and host computers.

Historically, encryption has been used primarily by governments to
protect classified communications.  It has only been within the past
decade or two that encryption has come into much use elsewhere, most
notably in the banking industry to protect electronic transactions.
Today, it is widely recognized as an essential tool for the information
superhighway, although its use is still relatively low.

There are two types of cryptosystems: single key and public key.  With
single key cryptography, a common secret key is used both for
encryption and decryption.  The Data Encryption Standard (DES), which
was adopted as a federal standard in 1977, is a single key system.
Normally, a different "session key" is used with each communication,
and each party to the communication must acquire a copy of the session
key.  In addition, each user may have a long-term key that is shared
with a trusted server and employed by the server to authenticate the
user and to distribute session keys.  The Kerberos system, developed at
MIT to protect their network from intrusions and unauthorized use,
employs DES and a trusted server in this way to implement
authentication and secrecy services on UNIX TCP/IP networks.  Single
key cryptography also can be used to compute "message authentication
codes" for the purpose of authenticating information.

Public key cryptography uses a pair of keys, one public and one
private.  Typically, each user has a personal key pair, and the user's
public key is used by other persons to send encrypted messages to the
user, while the private key is employed by the user to decrypt messages
received.  Some public key cryptosystems implement "digital signatures"
instead of or in addition to encryption.  In that case, the private key
is employed by the user to "sign" documents, while the public key is
used by the recipients to verify the signature.  The RSA cryptosystem
is a public key system with both encryption and signature
capabilities.  The Digital Signature Standard (DSS) is a public key
signature-only system.  Digital signatures provide strong
authentication with non-repudiation, protecting against forgeries of
documents and messages.

Because of their mathematical structure, public key systems are several
orders of magnitude slower than most single key systems, making them
less attractive for encrypting real-time communications or large
files.  However, they can provide a convenient method for establishing
a session key for single key encryption.  Thus, they are typically used
only for key establishment and digital signatures.  Current
implementations of Privacy Enhanced Mail (PEM), an Internet standard
for protecting electronic mail, use DES for data encryption and RSA for
key establishment and digital signatures.  Pretty Good Privacy (PGP),
which is also used on the Internet, uses the single key algorithm IDEA
with RSA.

Cryptographic techniques can be used to implement digital cash that is
protected from duplication, alteration, and counterfeiting.  They can
be used to implement untraceable cash and anonymous, untraceable
transactions.   While such services can offer many privacy benefits,
they also could facilitate money laundering and fraud.

Cryptography supplements and helps enforce access controls,
authentication mechanisms, and operational controls.  However, it is
not a complete "security solution."  If a system has security holes, an
intruder might be able to penetrate the system, circumventing
encryption and authentication mechanisms.  They might then be able to
obtain access to cryptographic keys or put a Trojan horse in encryption
software.  Encryption also cannot prevent insiders from misusing their
access privileges.

The Encryption Debate

The Dilemma.  By providing a mechanism for secrecy and authentication,
cryptography can help protect against many of the criminal activities
described earlier, including eavesdropping and espionage, system
penetrations leading to sabotage, malicious software, and fraud.  It
can also be used to conceal crimes and malicious code.  Employees can
use encryption to leak company secrets, hide an embezzlement scheme,
cover up a fraud, or hold information for ransom.  Organized crime and
terrorist groups can use it to protect their communications and
computer files from lawful interception and search by the government.

By rendering communications and stored records immune from government
access, encryption thus threatens investigations that depend on
wiretaps or computer records for evidence.  Already, investigations of
child pornography cases have been hindered because seized computer
files were encrypted with PGP and could not be broken.  If encryption
comes into widespread use on the information superhighway, this could
seriously jeopardize law enforcement and the public safety.  Encryption
is also a threat to foreign intelligence operations, and thus can
affect national security.

In considering the societal threat posed by cryptography, it is
important to recognize that it is only encryption's role in providing
secrecy that presents a problem.  The use of cryptography for
authentication does not threaten law enforcement and national
security.  Indeed, by strengthening the integrity of evidence and
sources, cryptographic tools for authentication aid criminal
investigations.  Because different cryptographic methods are employed
for secrecy and authentication, it is, therefore, possible to place
safeguards on the former but not the latter.  Indeed, this is the
approach taken in the key escrow encryption initiative.  Key escrow
ties into encryption's role in providing communications secrecy on the
information superhighway, but not its role in providing digital
signatures and other authentication services, which help protect
against system penetrations, malicious code, and forgeries.

Key escrow encryption and the Clipper Chip.  In order to maximize the
benefits of encryption to individuals and organizations, while
minimizing its threat to public safety and law enforcement, the Clinton
Administration developed and announced a key escrow approach to
encryption designed to promote security and privacy on the information
superhighway, while allowing government decryption of lawfully
intercepted communications.  The approach was first realized in the
Clipper Chip, a tiny microelectronic chip that encrypts data using the
SKIPJACK encryption algorithm, a classified single key algorithm
designed by the National Security Agency.  Prior to transmitting any
encrypted data, the Clipper Chip transmits a Law Enforcement Access
Field (LEAF), which contains the session key used for encryption and
decryption.  The session key is protected under two layers of
encryption, and cannot be determined without a special decrypt
processor, a common family key, and the device unique key for that
particular chip.  To obtain the device unique key, an authorized
government official must get two key components, each of which is held
by a separate key escrow agent (currently, these are the National
Institute of Standards and Technology and the Automated Systems
Division of the Department of Treasury).  These components are combined
inside the decrypt processor, where they enable decryption of the
session key and thus decryption of the data. The chip and associated
key escrow system have been designed with extensive safeguards to
protect against any unauthorized use of keys.

Clipper's general specifications were adopted in February, 1994, as the
Escrowed Encryption Standard (EES), a voluntary government standard for
encrypting sensitive but unclassified telephone communications,
including voice, fax, and data.  A standard for high-speed computer
networks such as the Internet has not yet been proposed.  The first
product to use the Clipper Chip is the AT&T 3600 Telephone Security
Device, which plugs into an ordinary telephone between the handset and
base-set.  Both parties to a conversation must have a device, but the
party at either end can initiate a secure conversation by pushing a
button.  Once this is done, the security devices use public key
cryptography to establish a one-time secret session key for the
conversation, which is then encrypted and decrypted by the Clipper
Chips at each end.

Criticisms of Clipper.  Ever since its announcement, Clipper has been
the target of blazing guns.  Calling it "Big Brother in a chip,"
Clipper's strongest opponents have portrayed it as an Orwellian tool of
oppression that will cripple privacy.  They believe that citizens have
the right to use strong encryption that evades government surveillance,
and that exercising this capability is one way of protecting against a
government that cannot be trusted.  While acknowledging the value of
wiretaps in certain cases, they argue that society needs to be
protected from the government more than the government needs to wiretap
its citizens.

Clipper also has been criticized for being developed in secrecy without
prior public review and for using a classified algorithm that is not
open to public scrutiny.   Critics argue that encryption standards
should be developed by an open process, with input from industry,
academia, privacy groups, and other interested parties.  They argue
further that Clipper products will have a limited foreign market as
long as the algorithms are classified and the U.S. holds the keys, and
that Clipper will not serve the needs for secure international
communications.

Some of the criticism has been aimed not at the principle of key escrow
encryption, but its particular instantiation with Clipper.  Clipper is
implemented in special tamper-resistant hardware in order to protect
the classified SKIPJACK algorithm and to ensure that it cannot be used
without the law enforcement access feature.  Some vendors have stated
that they would prefer a software approach, mainly because it would be
cheaper, but also because it could be integrated readily into software
applications.  The selection of escrow agents has been criticized, with
critics arguing that at least one should be outside the Executive
branch, either in the Judiciary or private sector.

Some people have criticized Clipper for not going far enough and
providing a mechanism whereby individuals and organizations can obtain
emergency access to their own encrypted data through some sort of
commercial key escrow system which would be managed by the private
sector.  Encryption poses a threat not only to public safety and law
enforcement, but also to information security since encrypted data can
become inaccessible if the keys are ever lost, destroyed, or held for
ransom.  Commercial key escrow could mitigate this threat, while also
serving law enforcement needs.

Since Clipper is voluntary, many people argue criminals will not use
it.  They conclude that it will be waste of taxpayer money while
needlessly introducing the risks associated with escrowed keys.  In
fact, cryptography without key escrow is spreading, and the government
could very well find itself locked out of many communications and
stored files.

Response and future directions.  In adopting a new encryption standard,
the government recognized that if it adopted a strong algorithm that
precluded government access, the standard would almost certainly be
used by criminals to the detriment of society.  This outcome was
considered unacceptable, and key escrow was seen as the best solution.
Although no system is 100% risk free, Clipper's key escrow system has
been designed with extensive safeguards that parallel those used to
protect some of the country's most sensitive information.  In my
assessment, the risks associated with the compromise or misuse of keys
will be negligible.  Thus, key escrow will not degrade encryption's
capability to protect against crime on the information superhighway,
only its capability to conceal crime.

While maintaining its commitment to key escrow, the Administration has
responded to the criticisms by meeting with representative from
Congress, industry, academia, and privacy and public interest groups in
order to better understand their concerns and to explore alternative
approaches to key escrow.  Several alternatives have been proposed or
implemented in prototype or commercial products, including
software-based approaches to key escrow that use unclassified
algorithms, and commercial key escrow systems that might serve the
needs of both industry and law enforcement.

While these proposals are promising, I do not see them as replacements
for Clipper, but rather as alternative options that may be better
suited for some applications.  Clipper offers excellent security,
indeed the best security on the market.  The SKIPJACK algorithm is
considerably stronger than DES, and hardware generally provides greater
security for keys and greater protection against sabotage or malicious
code than software.  Even for computer networks, the Capstone Chip,
which is a more advanced version of Clipper that includes algorithms
for the Digital Signature Standard and key establishment, is an
attractive option for applications such as secure electronic mail and
electronic commerce.  Capstone has been embedded in a PCMCIA crypto
card, called Fortezza, for use in the Defense Messaging System.

Although criminals may in fact not use Clipper, it is conceivable that
over time, market forces could favor escrowed encryption.
Organizations might require key escrow for their own protection, and
vendors could favor it for its export advantage.  The government will
be ordering key escrow products, and demand for interoperability could
lead to its proliferation.  Criminals could choose key escrow because
it is more readily available, to communicate with the rest of the
world, or to allow their own emergency access.

Nevertheless, despite its benefits to organizations and to society, key
escrow is highly controversial and vehemently opposed by some
proponents of encryption.  Thus, its widespread adoption is by no means
assured.  If it is rejected, the implications for criminal justice
could be profound.  As the information superhighway continues to expand
into every area of society and commerce, court ordered wiretaps and
seizures of records could become tools of the past, and the information
superhighway a safe haven for criminal and terrorist activity.