It's amazing how fast the irony bit gets flipped, huh?



Jacob Sullum (back to story)

October 16, 2001

Fear of prying

I first downloaded Pretty Good Privacy a couple of years ago, at the
request of an interview subject. He was nervous about discussing his drug
use through unprotected e-mail, and my willingness to use PGP reassured him
not only that he would be safe from eavesdroppers but that he could trust
me to take his privacy concerns seriously.

It was a small illustration of encryption's power, but it brought home to
me what a godsend this kind of readily available, easily used software must
be to dissidents who risk prison by sharing unauthorized information or
expressing forbidden opinions. Phil Zimmermann had such people in mind when
he created PGP a decade ago and risked prison by posting it online.

At the time, the U.S. government considered strong encryption software a
"munition," and by making it available to human rights activists around the
world Zimmermann was arguably violating a federal ban on the export of such
weapons. Some politicians are trying to revive this sinister view of
encryption in the wake of last month's terrorist attacks.

In a floor speech a week after hijacked airplanes collided with the
Pentagon and the World Trade Center, Sen. Judd Gregg, R-N.H., worried aloud
about "somebody out there using encryption technology for the purposes of
pursuing a terrorist act in the United States." He declared, "There is no
excuse for anybody to be underwriting that type of activity in our country."

To prevent terrorists from shielding their communications, Gregg wants to
make all producers of encryption systems design their products so the
government can read the messages they generate. The surveillance would be
"judicially controlled" to make sure it "simply gets at the bad guys."

Gregg's opposition to strong encryption is echoed in some surprising
quarters. Boston Globe columnist Cathy Young, a colleague of mine at Reason
magazine, has confessed that "the idea of people being able to encrypt
electronic communications so that they are beyond surveillance" has always
seemed "scary" to her, "precisely because of the threat of terrorism."

This is like saying that computers or telephones or airplanes or box
cutters are scary. Any technology can be used for good or ill. The question
is whether the potential for evil justifies restrictions on legitimate uses.

As more than one critic has pointed out, the arguments against strong
encryption could also be used against strong locks, since criminals tend to
hatch their plans behind closed doors. That doesn't mean all of us should
make extra sets of house keys for the police in case they need to search
our homes.

We have been down this road before with various proposals during the 1990s
for "key recovery" arrangements through which the authorities could break
otherwise unbreakable codes. Now as then, the most decisive argument
against encryption controls is that they wouldn't work because PGP-like
software is already available from a variety of sources.

Does Sen. Gregg plan to come to my house and erase my copy of PGP? If not,
how can he possibly hope to stop terrorists, who are much more highly
motivated than I am to shield their communications, from obtaining and
using such software?

The attempt to do so would weaken security rather than enhancing it. A 1998
report from a panel of distinguished cryptographers and computer scientists
concluded that "there are compelling reasons to believe that, given the
state of the art in cryptology and secure systems engineering,
government-access key recovery is not compatible with large scale,
economical, secure cryptographic systems." A member of the panel, Matt
Blaze, recently told The Washington Post, "I am extremely doubtful that
this could be done without weakening computer systems, and the costs would
be absolutely staggering."

In addition to the bugs introduced by added complexity, keeping extra
copies of the keys used to decode messages would create tempting targets
for thieves. The keys could also be compromised by incompetent or corrupt
officials charged with protecting them.

Misuse of official records is not exactly unheard of in this country, and
the problem would be magnified if every unsavory regime that has enlisted
in the war on terrorism were to be trusted with the keys to its citizens'
e-mail. For the dissidents Phil Zimmermann is rightly proud of helping, the
whole point of encryption is to guard against official surveillance. If
Gregg's vision were ever realized, they would once again have to watch what
they say.

Contact Jacob Sullum

©2001 Creators Syndicate, Inc.
R. A. Hettinga <mailto: [EMAIL PROTECTED]>
The Internet Bearer Underwriting Corporation <>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to