NSA and the Clipper Chip
by Chuck Dupree
I wrote what follows in 1995 as a letter to my Congressional representatives.
The final product was significantly longer than I intended, as I got caught
up in recounting the abuses of the Nixon era.
A discussion of the Clipper chip is not likely to interest most readers these
days. (Briefly, it was a government-approved encryption chip with a built-in
back door, called the Law Enforcement Exploitation Field.) Nevertheless, I include
this document here for two reasons. Mainly, because the first two-thirds recounts
some history that seems more relevant than ever given the attacks on privacy
and liberty we';ve suffered since 9/11. Secondarily, because it';s
appeared around the web in bastardized form (frequently missing the third word
of the first sentence, for instance). It';s often been marked as copyrighted
by Quadralay Corporation, but in fact Quadralay had nothing to do with it and
would, I expect, disclaim any connection to the content.
Introduction
The historical summary of the NSA presented here includes and depends on information
reported in three books. The vast majority of data on the National Security
Agency comes from James Bamford';s book The Puzzle Palace [1982]; all quotations
are taken from Bamford unless otherwise noted. As Tim Weiner says, this book
is "The bestthe onlyhistory of the NSA." Material
from the section "NSA is funded in secret" is entirely from Weiner';s
Blank Check [1990], which also provided budget estimates and supporting material
for other sections. The CIA and the Cult of Intelligence by Victor Marchetti
and John D. Marks [1980 edition, originally published 1974], provided background
information and a glimpse of the NSA from within the intelligence community
but outside the agency itself. Information presented on the Clipper initiative
is based on the testimony before the House Subcommittee on Telecommunications
and Finance of Marc Rotenberg of the Computer Professionals for Social Responsibility,
and of Whitfield Diffie of Sun Microsystems.
The argument takes the following form:
NSA is without statutory basis, charter, or oversight
"No statute establishes the NSA or defines the permissible scope of
its responsibilities," complained Senator Frank Church. The National Security
Agency was established by President Truman in a still classified Executive order
Oct. 24, 1952. Its direction is apparently supplied by the classified document
currently known as National Security Council Intelligence Directive (NSCID)
No. 6 (formerly No.9), originating on July 1, 1948.
As of 1982, the NSA was still without a statutory charter, the first recommendation
of the Church committee. Oversight by the intelligence community in the form
of the National Foreign Intelligence Board (NFIB, formerly USIB) is effectively
meaningless. The board rarely if ever turns down NSA proposals; day-to-day contact
between the agency and its customers in the intelligence community prevents
a periodic oversight board from examining much more than NSA';s stated
policy.
NSA is funded in secret
Budgetary authority apparently comes from the Central Intelligence Agency
Act of 1949. This act provides the basis for the secret spending program known
as the Black Budget by allowing any arm of the government to transfer money
to the CIA "without regard to any provisions of law," and allowing
the CIA to spend its funds as it sees fit, with no need to account for them.
Congress passed the C.I.A. Act despite the fact that only the ranking members
of the Senate and House Armed Services Committees knew anything about its contents;
the remaining members of Congress were told that open discussion, or even clear
explanation, of the bill would be counterproductive. There were complaints about
the secrecy; but in the end the House passed the bill 348–4, and the Senate
took a voice vote.
The NSA';s estimated $10 billion annual allocation (as of 1990) is funded
entirely through the black budget. Thus Congress appropriates funds for the
NSA not only without information on the agency';s plans, but without even
a clear idea of the amount it appropriates; and it receives no accounting of
the uses to which the funds were put. This naturally precludes any debate about
the direction or management of such agencies, effectively avoiding public oversight
while spending public funds. (Weiner notes the analogy to "Taxation without
representation.")
NSA has spied on US citizens
"The NSA has also spent a great deal of time and money spying on American
citizens. For twenty-one years after its inception it tracked every telegram
and telex in and out of the United States, and monitored the telephone conversations
of the politically suspect." (Weiner, Blank Check)
Due to its unique ability to monitor communications within the U.S. without
a warrant, which FBI and CIA cannot legally do, NSA becomes the center of attempts
to spy on U.S. citizens. Nominally this involves only communications in which
at least one terminal is outside the U.S., but in practice target lists have
often grown to include communications between U.S. citizens within the country.
And political considerations have sometimes become important.
During the Nixon administration, for example, various agencies (e.g., FBI,
CIA, Secret Service) requested that the NSA provide all information it encountered
showing that foreign governments were attempting to influence or control activities
of U.S. anti-war groups, as well as information on civil rights groups, draft
resistance/evasion support groups, radical-related media activities, and so
on, "where such individuals have some foreign connection," probably
not that uncommon given the reception such groups usually receive at home. Clearly
it would have been illegal for those agencies to gather such information themselves
without warrants, but they presumably believed that the NSA was not similarly
restricted when they included on their watch lists such Nixonian bugaboos as
Eldridge Cleaver, Abbie Hoffman, Jane Fonda. Joan Baez, Dr. Benjamin Spock,
and the Rev. Ralph Abernathy. Presumably the name of Dr. Martin Luther King,
Jr., was removed from the watchlist the year Nixon was elected; certainly it
was a targeted name before that time.
Watchlists and the vacuum-cleaner approach
It is not feasible to determine in advance which telegrams and telephone calls
will be among those the NSA is tasked with intercepting. Therefore, the NSA
is normally reduced to recording all traffic on lines it is monitoring, and
screening this traffic (by computer when possible) to catch targeted communications.
This is called the "vacuum-cleaner approach."
Also basic to this method is the "watch list" of groups and individuals
whose communications should be "targeted." When a target is added
to the watch list, NSA';s computers are told to extract communications
to, from, or about the target; the agency can then examine the selected communications
and determine whether they constitute intelligence data.
This list of targets usually expands to include all members of targeted groups
plus individuals and groups with whom they communicate; thus it has a tendency
to grow rapidly if not checked. Some requests seem a bit astonishing: during
the presidency of Richard Nixon, a Quaker, J. Edgar Hoover requested "complete
surveillance of all Quakers in the United States" because he thought they
were shipping food and supplies to Southeast Asia.
Project Shamrock
Project Shamrock was initiated in 1945 by the Signal Security Agency, which
eventually merged into the NSA. Until the project was terminated in 1975 to
prevent investigation, Shamrock involved NSA (and its predecessors) in communications
collection activities that would be illegal for agencies such as the CIA or
FBI.
Under Shamrock, the international branches of RCA, ITT, and Western Union
provided access by SSA, and its successor NSA, to certain telegrams sent by
those companies. Each company';s counsel recommended against involvement
on legal grounds; each company requested the written opinion of the Attorney
General that it was not making itself liable to legal action. However, they
never got anything written from anyone in government, and they all cooperated
without it. (They did get a verbal assurance from the first Secretary of Defense,
James Forrestal, who said he was speaking for the President; thus they may have
been concerned at his resignation just over a year later, his hospitalization
within a week suffering from depression, anxiety, and paranoia, and his suicide
less than two months later.)
As Shamrock grew, and the NSA began to develop its own means of intercepting
communications, the watchlist approach became the accepted standard, since nothing
less was effective or worthwhile. The intelligence community became aware that
it could enter a name on the watchlists more or less at will, and it would soon
receive the requested material, marked classified, and gathered in within (or
perhaps under cover of) the law.
The Huston Plan
The Huston Plan, formally known as "Domestic Intelligence Gathering
Plan: Analysis and Strategy," was submitted in July 1970 to President
Nixon. The goal of the plan was to relax some restrictions on intelligence gathering,
apparently those of NSCID No.6.
Some parts of the intelligence community felt that these relaxations would
assist their efforts. The proposals included:
- allowing NSA to monitor "communications of U.S. citizens using international
facilities" (presumably facilities located in the U.S., since NSA already
had authority to monitor such communications if at least one terminal was
outside U.S. territory)
- intensifying "coverage of individuals and groups in the United States
who pose a major threat to the internal security"
- modifying restrictions "to permit selective use of [surreptitious
entry] against other urgent and high priority internal security targets"
as well as to procure "vitally needed foreign cryptographic material,"
which would have required the FBI to accept warrantless requests for such
entries from other agencies ("Rationale: Use of this technique is clearly
illegal: it amounts to burglary. It is also highly risky and could result
in great embarrassment if exposed. However, it is also the most fruitful tool
and can produce the type of intelligence which cannot be obtained in any other
fashion.")
President Nixon approved this plan over the objection of J. Edgar Hoover and
without the knowledge of Attorney General Mitchell.
Hoover went to Mitchell, who had been left out of the entire process, and
was consequently angry; Mitchell convinced Nixon to withdraw his approval 13
days after giving it.
Project Minaret
The size and complexity of the domestic watchlist program became a problem,
since it bordered on illegality. Project Minaret was established on July 1,
1969, to "provid[e] more restrictive control" on the domestic products,
and "to restrict the knowledge that information is being collected and
processed by the National Security Agency." The agency knew it was close
to legal boundaries, and wanted to protect itself.
Minaret continued until the fall of 1973, when Attorney General Richardson
became aware of the domestic watchlist program and ordered such activities stopped.
As the Watergate drama played out, Congress began to hear about the NSA';s
projects, and within two years was formally inquiring about them.
NSA considers itself exempt from normal law
Like most intelligence agencies, the NSA uses words such as "interrupt"
and "target" in a technical sense with a precise but often classified
definition. This specialized language makes it difficult to legislate or oversee
the activities involved. For instance, in NSA terms a conversation that is captured,
decoded if necessary, and distributed to the requesting agency is not considered
to be the product of eavesdropping unless one of the parties to the conversation
is explicitly targeted. However, the NSA does not depend on semantic defenses;
it can also produce some legal arguments for exempting itself from normal requirements.
NSA has told Congress of its interpretation
On the rare occasions when NSA officials have testified before Congress, they
have claimed a mandate broad enough to require a special legal situation. In
1975, the NSA found its activities under scrutiny by the Senate Intelligence
Committee, chaired by Frank Church; the House Select Committee on the Intelligence
Community, under Otis Pike; and the House Government Operations Subcommittee
on Government Information and Individual Rights, led by Bella Abzug. The agency
was notably consistent in responding to those committees.
When Lt. Gen. Lew Allen appeared before the Pike committee, he pointed out
that it was the first time an NSA director had been required to testify in open
session. Two days earlier, CIA director William Colby had testified that the
NSA was not always able to separate the calls of U.S. citizens from the traffic
it monitors. "NSA general counsel Roy Banner, accompanying Allen, was
asked whether he felt that, although wiretapping is prohibited by law, interception
of telephone calls of American citizens heading overseas is not prohibited.
Banner';s answer: ‘That is correct.';"
The top three officers of the NSA spoke with a single voice to the Church
committee. When the committee';s chief counsel said to Gen. Allen, "You
believe you are consistent with the statutes, but there is not any statute that
prohibits your interception of domestic communications," Allen replied,
"I believe that is correct." When deputy director Buffham was asked
about the legality of domestic aspects of the Huston plan, he said, "Legality?
That particular aspect didn';t enter into the discussions." Counsel
Banner responded at least three times to similar questions that the program
had been legal at the time. (Testimony took place on Oct. 29, 1975; Project
Shamrock and its watchlists were halted in mid-May of that year.)
The Abzug committee tried to get the story from the communications corporations
that had cooperated in Project Shamrock. Its hearings in late 1975 were unproductive
because RCA and ITT informed the committee, two days before hearings began,
that their executives would not appear without a subpoena; and a former FBI
agent who had been cooperating was forbidden from testifying by his old employer.
When the committee reconvened in early 1976, it issued subpoenas to three FBI
special agents, plus one former agent; one NSA employee; and executives from
international arms of RCA, ITT, and Western Union. President Ford prevented
the five FBI/NSA people from testifying with a claim of executive privilege,
and the Attorney General requested that the corporations refuse to comply with
the subpoenas on the same grounds.
Their testimony in spite of that request brought Project Shamrock to light
less than a year after it was quickly terminated.
There may be legal basis for this
There may be some legal basis for the NSA claims of extra-legal status. Despite
having no statutory basis or charter, the NSA has considerable statutory protection:
various statutes, such as the COMINT statute, 18 U.S.C. 798; Public Law 86-36;
and special provisions of the 1968 Omnibus Crime Control and Safe Streets Act,
exempt it from normal scrutiny, even from within the government.
Thus the agency may be right in interpreting the law to say that it can do
anything not specifically prohibited by the President or the NSC. NSCID No.
6, NSA';s secret charter, includes this important exemption (according
to James Bamford';s reconstruction):
The special nature of Communications Intelligence activities requires
that they be treated in all respects as being outside the framework of other
or general intelligence activities. Orders, directives, policies, or recommendations
of any authority of the Executive branch relating to the collection …
of intelligence shall not be applicable to Communications Intelligence activities,
unless specifically so stated and issued by competent departmental or agency
authority represented on the [U.S. Communications Intelligence] Board. Other
National Security Council Intelligence Directives to the Director of Central
Intelligence and related implementing directives issued by the Director of Central
Intelligence shall be construed as non-applicable to Communications Intelligence
unless the National Security Council has made its directive specifically applicable
to COMINT.
The unchecked ability to intercept and read communications, including those
of U.S. citizens within the country, would be dangerous even if carefully regulated
by elected officials held to a public accounting.
When the method is available to officials whose names are often unknown even
to Congress, who work for unaccountable agencies like the NSA, it is very difficult
for the intelligence community, the defense community, and the Executive to
refrain from taking advantage of such easily obtained knowledge.
Lack of oversight is dangerous
The lack of any effective oversight of the NSA makes it possible for the agency
to initiate or expand operations without authorization from any higher (or even
other) authority. Periodic meetings of members of the intelligence community
do not constitute true oversight or public control of government; and the same
is true of the provision of secret briefings to a small number of senior members
of the Congress, all chosen by the intelligence community and sworn to secrecy.
Oversight of such extensive communications capability is important enough;
but NSA';s capabilities are not necessarily limited to intercepting and
decrypting communications.
NSA has some military capabilities
In addition to its own massive interception and decryption capabilities, the
NSA can also issue direct commands to military units involved in Signals Intelligence
(SIGINT) operations, bypassing even the Joint Chiefs of Staff.
Such orders are subject only to appeal to the Secretary of Defense, and provide
the NSA with capabilities with which it could conceivably become involved in
operations beyond the collection of intelligence. At least, it does not seem
to be legally restrained from doing so.
The situation is ripe for abuse
It appears that the only effective restraint on the NSA is the direct authority
of the President, the NSC, the Secretary of Defense, and the U.S. Intelligence
Board. Since the agency was created and chartered in secret by the President
and the NSC, it can presumably be modified in secret by the same authorities.
Nor is the NSA bereft of means of influencing other branches of government,
as Marchetti and Marks note:
A side effect of the NSA';s programs to intercept diplomatic
and commercial messages is that rather frequently certain information is acquired
about American citizens, including members of Congress and other federal officials,
which can be highly embarrassing to those individuals. This type of intercept
message is handled with even greater care than the NSA';s normal product,
which itself is so highly classified a special security clearance is needed
to see it.
Complete control over a secret agency with at least 60,000 direct employees,
a $10 billion budget, direct command of some military units, and the ability
to read all communications would be an enormous weapon with which to maintain
tyranny were it to arise. A President with a Napoleonic or Stalinist delusion
would find in the NSA the perfect tool for the constant supervision of the individual
by the state depicted in nightmares and novels such as 1984.
Senator Schweiker of the Church committee asked NSA director Allen if it were
possible to use NSA';s capabilities "to monitor domestic conversations
within the United States if some person with malintent desired to do it,"
and was probably not surprised by Allen';s "I suppose that such a
thing is technically possible."
Certainly Senator Church feared the possibility:
That capability at any time could be turned around on the American
people and no American would have any privacy left, such is the capability to
monitor everything: telephone conversations, telegrams, it doesn';t matter.
There would be no place to hide. If this government ever became a tyranny, if
a dictator ever took charge in this country, the technological capacity that
the intelligence community has given the government could enable it to impose
total tyranny, and there would be no way to fight back, because the most careful
effort to combine together in resistance to the government, no matter how privately
it was done, is within the reach of the government to know. Such is the capability
of this technology…
I don';t want to see this country ever go across the bridge. I know
the capacity that is there to make tyranny total in America, and we must see
to it that this agency and all agencies that possess this technology operate
within the law and under proper supervision, so that we never cross over that
abyss. That is the abyss from which there is no return…
NSA and Clipper
The NSA recently agreed to assist the National Institute of Standards and
Technology (NIST) in the creation of a new official encryption strategy (two
technical standards and some procedural safeguards). However, this cooperation
became direction and eventually control of the project, according to NIST internal
reports to the point that only senior NIST officers with appropriate clearance
had access to relevant documents. This appears to contravene at least the spirit
of the Computer Security Act of 1987, which, according to Marc Rotenberg of
the Computer Professionals for Social Responsibility (CPSR), "made clear
that in the area of unclassified computing systems, [NIST] and not [NSA], would
be responsible for the development of technical standards. The act emphasized
public accountability and stressed open decision-making."
Documents obtained by CPSR under the Freedom of Information Act show that
the NIST began the project with the goal of developing a public-key standard,
whose algorithm should be "public, unclassified, implementable in both
hardware and software, usable by federal Agencies and U.S. based multi-national
corporations." The result was, however, a non-public-key, classified standard
that requires tamper-proof hardware; it cannot be implemented in software.
Who its users might be is uncertain; Rotenberg thinks that "it is unlikely
to be used by multi-national corporations."
The issue of trust
The entire package has come to be called the Clipper initiative after one
of the two standards involved (the other is called Skipjack). Many of the arguments
over technical aspects are useful, including the discussion of whether an encryption
algorithm must, like Clipper, be kept classified to increase its security, or
should be published openly to convince prospective users of its reliability.
All such questions, however, in the end seem to resolve to the issue of trust
in the government, or more precisely in the intelligence community. For example,
if it is true that encryption algorithms must be kept secret, then providing
any additional reason for secrecy reveals a method of attack against the algorithm.
But those who make this assertion admit that the same danger prevents them
from supplying any supporting evidence.
If you trust, then Clipper is like Teflon: one of those spinoffs that accumulate
when you do the right sort of research. After all, the NSA has always claimed
to be five or more years ahead of the state of the cryptanalytic art. Clipper
arrives just as the luster of DES (the previous official strategy) is beginning
to tarnish due to technical advances. Other new techniques such as public-key
encryption are unproven; and the rejection of them by NSA in favor of Clipper/Skipjack
indicates that NSA experts are not impressed. Clipper';s key escrow system
strikes a reasonable balance between the individual';s right to privacy
and the state';s right to self-defense, and the use of a private corporation
as part of the escrow system provides a little extra insurance against government
hanky- panky. Naturally law enforcement agents will occasionally need to use
the special capabilities built in for them; but the oversight system is practically
foolproof, since without a warrant no one can access the two parts of your key.
Criminals or those "with malintent" might find a way to buy or
intimidate one of the escrow agents, but not both.
If you do not trust, then Clipper is more likely a solution to NSA';s
problem: the increasing public use of new encryption techniques that the agency
cannot penetrate. Since the NSA has long been unable to penetrate (then-) Soviet
or Chinese codes (according to Marchetti and Marks), impenetrable encryption
methods do exist. The agency';s claim of being five years ahead of public
technology is a necessary one given its task; probably even true for a while,
but not recently. The key escrow system is laughable, since the claim of national
security has for decades opened government doors (not always during business
hours); and given the ease with which Project Shamrock illegally obtained communications
from private corporations for many years, the use of a private agent in the
system provides no extra safety. Probably the agency is simply trying to restore
the situation it enjoyed for decades after World War II with respect to its
ability to read U.S. communications, since it cannot do so with those of other
countries. Certainly it has been unusually candid in naming the Law Enforcement
Exploitation Field.
With this disagreement apparent, the uncommitted observer will probably try
to choose conservatively. To do so normally requires prioritizing your concerns
and listing your assumptions, then consulting the experts and the literature.
However, in this case one meets an immediate roadblock: since Clipper is secret,
not even the experts are able to express an educated opinion as to the best
known algorithms. Those without security clearances have no access to what are
claimed to be such, while those who have direct knowledge are naturally silent
about classified information. Thus, the issue reduces again to the matter of
trust: do you prefer the opinion of government experts, who assure you that
they are right but must necessarily refrain from providing any evidence, or
the opinion of outside experts, who may advocate alternatives and evidence to
support them, but admit that they do not know whether Clipper is safer or not?
The implications
Of course, if Clipper is simply attached to our telephones and other communications
devices, then the only loss is the additional $25 or so per item to cover the
Clipper hardware. As long as one can choose to employ other encryption techniques
as well, adoption of Clipper is mainly an economic problem. However, the government
plan is to license a small number of private firms to produce the tamper-resistant
chips for public sale. These firms are unlikely to undertake such operations
as a public service; they will expect at least to break even, and a $25 per
chip price requires the sale of a non-trivial volume of chips. Thus a certain
amount of discrete promotion may be needed to encourage adoption of Clipper
on a sufficiently broad scale.
If people persist in using (sometimes free) software that incorporates technology
considered by many experts to be the best that is publicly available, they not
only reduce the size of the Clipper market by their example; they also clearly
indicate their distrust of the government and of NSA, which by itself may be
suspicious in some eyes. In fact, the Washington Post reported recently that
the administration is considering the possibility of outlawing unsanctioned
encryption methods if persuasion is ineffective, though it was unclear whether
this was intended to promote a market to help the chip manufacturers or to ensure
that the NSA had only one algorithm to work on.
CPSR';s Rotenberg, testifying before the House Subcommittee on Telecommunications
and Finance (June 9, 1993), pointed out that The premise of the Clipper key
escrow arrangement is that the government must have the ability to intercept
electronic communications. However, there is no legal basis to support this
premise. In law there is nothing inherently illegal or suspect about the use
of a telephone. The federal wiretap statute says only that communication service
providers must assist law enforcement [to] execute a lawful warrant.
According to James Bamford, the draft report of the Abzug committee (which
uncovered Shamrock) was buried by Congress in 1977. One of its claims was, he
says, "that the NSA';s appeal to the Congress and the public that
they simply ‘trust us'; was totally unjustified when viewed in the
light of the Agency';s long record of privacy violations."
Marchetti and Marks [1974] reported on the press conference held in Moscow
by two young NSA defectors in 1960, William Martin and Bernon Mitchell. "Martin
and Mitchell told of a practice under which the NSA provided encoding and cryptographic
machines to other nations, then used its knowledge of the machinery to read
the intercepted messages of these countries. This practice still flourishes."
Recommendations
If this historical summary of the NSA is accurate, then it seems clear that
the continued operation of the agency in its present mode poses a danger to
freedom of speech and thus to the continuance of democratic traditions in the
United States.
The best defender of those traditions is an educated and active populace.
In the meantime, however, legal penalties have seemingly been effective in reducing
the amount of abuse of civil liberties. With that limited goal in mind, Congress
should in my opinion take the following minimal steps:
- Require legal charters for the establishment of agencies of the Executive
branch. For existing agencies like the NSA and the National Reconnaissance
Office (NRO), either provide a legal charter that defines and restricts their
operations, or reassign the responsibilities to existing chartered agencies
and dissolve the unchartered one.
With the NRO, it may be necessary first to declassify the agency';s
name so it can be used on the floor of Congress. But since, according to
Weiner, both NRO and NSA are "far bigger" than the CIA, they
need a charter as much as it does.
- Eliminate the practice of funding parts of government through the "black
budget," without Congressional debate on the projected use of the money
or even a clear knowledge of the amount. This appears to violate the Constitutional
requirement for a public accounting of the use of public funds (Article I
Section 9), and clearly makes effective oversight impossible in practice.
Naturally much technical information will remain secret, but it is hard
to imagine a reason for keeping the costs secret other than to obtain by
secrecy what might prove elusive if pursued openly.
- Reject the NSA-sponsored "Clipper" initiative, the FBI';s
"Digital Telephony" proposals, and all such attempts by the intelligence
community to regain its ability to read all communications to, from, or transiting
the U.S. Reject as well any attempt to prevent or stigmatize the use of any
encryption system.
