Shocked that the NSA might have found a way around some of the Internet’s core encryption security? Fear not, the world has been here before with a piece of silicon called the MYK-78. Known as the ‘Clipper chip’ it was a now largely forgotten 1990’s attempt by the NSA to ‘escrow’ encryption keys so that the US Government could punch through the encryption between any computers or devices that contained it.

Digital rights organisations fought back against the bogus idea of escrow and by the time the emerging Internet industry started expressing doubts (who in their right mind would buy equipment with a backdoor in it?) the spooks gave up. Clipper’s Skipjack protocol was eventually declassified.

MYK-78_Clipper_Chip.jpgEncryption frightened the NSA and you can see why. Ask Phil Zimmermann who fought a battle with the supposedly liberal-minded Clinton administration after his famous Pretty Good Privacy encryption software ‘escaped’ on to the Internet in 1991 for - shock horror - anyone to use. Zimmermann’s supposed crime was, ridiculously, that he’d posted encryption technology without an export license.

Years on and not coincidentally Zimmermann’s latest venture is another encryption firm called Silent Circle that will doubtless have been getting a lot of phone calls this week even if it recently decided to close down its email security service in the face of likely US Government requests to hand over keys.

It's ironic that Zimmermann's whole career has been a personification of the issues raised by Snowden even if nobody beyond the techie world wanted to listen.

Does any of this really matter?

One issue is how the latest NSA revelations will be seen in Berlin, Beijing and Moscow, but more pressing is how the commercial security industry and its customers take to the idea that big-name encryption systems and protocols are being hacked away at from within by a superpower with the number-crunching power of The Matrix at its disposal.

Exactly what the NSA or hasn’t achieved on a technical level is beside the point. The very fact that it is devoting billions of dollars even trying will alarm a lot of people, not least anyone trying to persuade people to buy these systems to secure their most private commercial secrets.

The security industry is already re-asserting that its products are secure and even the best-resourced hackers and wire-tappers can’t get around the fundamental mathematics of encryption but mathematics isn't the real worry. Every system has weaknesses in its implementation and the constant evolution and migration of new systems creates a soup of possible flaws. Many of the most important security companies in the world also just happen to be US ones that might or might not have colluded with the NSA. 

Will anyone believe their passionate denials? Suspicion now reigns. They would do well to remember that encryption is a state of mind, a fragile psychology metered by probabilities that have just been hammered. A Highway 101 address was once a badge of honour but all of a sudden it doesn’t look like a great sales ploy. Vendors outside the tent will love all this; ‘don’t buy their technology, buy ours. We are not NSA approved.’

To think that the ‘summer of backdoors’ started with worries over Huawei’s grip on BT's telecoms equipment and leaked Australian intelligence reports (later strongly denied) that Lenovo had done some secret fiddling with its PCs. The NSA story has booted all that off the map and we can now discern Clipper as the warning shot that few paid any attention to.

In the longer term, confirmation of NSA incursions could actually be a good thing, banishing the wilful suspension of disbelief that has been a part of the Internet since it emerged from the universities two decades ago. The NSA has always wanted to be in on the wiretap indeed some of its staunchest senior managers probably see the Internet as a US invention and theirs by right.

They are wrong of course. The Internet can’t belong to anyone for long and if any single agency or Government is suspected of having a secret key that unlocks its security, it will rapidly fragment. A more likely reaction now is that efforts to create independent and open security will take shape. The Internet needs standards but it also needs enough technological and commercial diversity to offer a range of possible paths for creating new types of security.

Twenty years ago the NSA earnestly believed that the Clipper chip was the answer. It got that one wrong just as the idea that filtering every bit and packet on the Internet in search of certainty, knowledge and security will prove an even more monumental mirage.




Find your next job with techworld jobs