nClipper was
implemented in a tamper-resistant hardware
device (a single chip)
nEach chip was numbered and had a separate per-chip secret that was also held by a “trusted agency” (read:
US Gov’t)
nPer-session keys
were encrypted with a Clipper family key and
the per-chip key, and sent along as part of the
data stream
nSomeone listening in
on the conversation would see enough
information to identify the chip used to encrypt,
find the per-chip key, and recover the session
key