Wherein the Wall Street Journal realizes, once again, that financial cryptography is the only cryptography that matters, and that if you kill crypto you kill financial crypto as well -- and, I would say, finance along with it.
Cheers, RAH http://interactive.wsj.com/archive/retrieve.cgi?id=SB1001458580550103280.djm&template=printing.tmpl September 25, 2001 Tech Center Encryption Can't Be Limited, Experts Say In Setback for Lawmakers Seeking Change By LEE GOMES Staff Reporter of THE WALL STREET JOURNAL There is bad news in store for lawmakers thinking about changing the nation's laws to somehow limit encryption, an idea that has been mentioned in Washington since the Sept. 11 attacks. You couldn't do so, say mathematicians and engineers -- even if you really wanted to. Encryption, or the process by which a message is scrambled to make it unreadable by anyone but its intended recipient, has been a staple of war-time communications since ancient times. An extremely sophisticated form of encryption is used pervasively in personal computers, most commonly to provide for secure communications over the Internet. In fact, the extensive steps that technology companies have taken in recent years to make people feel safe while shopping or buying stocks online is one of the biggest reasons encryption is now impervious to change. For example, every single late-model Web browser in the U.S. has built into it the capability for very powerful encryption. There also are all manner of widely available e-mail programs containing strong encryption. "The toothpaste is out of the tube, and it is covering the whole planet," said Phil Zimmermann, whose Pretty Good Privacy is one of the best-known of these e-mail systems. These encryption systems, which have been developed during the past 20 or 30 years, make use of some powerful mathematical concepts to create encoding systems whose power is mind-numbing. It is a trivial matter, for example, to encrypt a message on a simple PC so that the biggest computer in the world couldn't decipher it without spending far more time on the problem than exists in lifespan of the entire universe. Some in Washington have suggested that software firms redo their encryption programs to give lawmakers a backdoor means of reading encrypted files. That is technically possible, but would first require the "recall" of most existing Internet software, since it contains no such backdoor. But even if all existing software was somehow modified to remove its encryption, experts say it would be a simple thing for anyone with even the most basic education in mathematics to develop new encryption software. Dan Boneh, a specialist in encryption at the computer-science department at Stanford University, said that simply by using the mathematics functions built into a spreadsheet program like Microsoft Excel, he could, in lessthan an hour, write a simple encryption system that would make do in an emergency. "The algorithms to do it are very widely available," he said. That is one reason that Dr. Boneh and others say the only sure-fire way to eliminate strong encryption is to somehow eliminate all PCs. There are other problems with modifying encryption laws, experts say. Chief among them is the simple fact that if the laws somehow were changed, terrorists, criminals and others would be sure to no longer use encrypted PC communications to plan their deeds. There has been no evidence that the Sept. 11 terrorists used encryption systems, though lawmakers have said they seemed to have made use of the free e-mail software readily available on the Web. While there may be no technology-based way to deal with encryption, that doesn't mean law-enforcement officials are powerless against it, experts say. Various forms of low-tech "human intelligence" spying can be utilized, for example, to discover where someone has written down a password. According to news reports, agents from the Federal Bureau of Investigation who were tracking an organized-crime figure using encryption were able, with a search warrant, to install a program on the person's PC that read his keystrokes and transmitted his messages even before they were encrypted. Write to Lee Gomes at [EMAIL PROTECTED] ------------------------------------------------------------------------ URL for this Article: http://interactive.wsj.com/archive/retrieve.cgi?id=SB1001458580550103280.djm Hyperlinks in this Article: (1) mailto:[EMAIL PROTECTED] ------------------------------------------------------------------------ Copyright © 2001 Dow Jones & Company, Inc. All Rights Reserved. Printing, distribution, and use of this material is governed by your Subscription Agreement and copyright laws. For information about subscribing, go to http://wsj.com Close Window -- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]