Finding a Middle Ground on Encryption

By Michael M. Roberts

Sequence: Volume 29, Number 4


Release Date: July/August 1994

In case you hadn't noticed, there's a fight going on over secrecy and
privacy on the Internet and the future national information
infrastructure. The law enforceblah cost, ment and national security
folks want to have the last word on techniques for ensuring electronic
secrecy and privacy. The civil liberties crowd sees this as an attack on
constitutionally guaranteed freedoms.

Not too long ago, Congress would have sided with the Cold Warriors and
the Crime Fighters. Indeed, it may do that in this case as well. But
times have changed. Governments have lost much of the control over
communications that they once had, thanks to satellites, fax machines,
data networks, and the like. And they don't enjoy the trust of their
citizens to the extent they once did, as a result of Watergate and other
'Gates.

One of the more perverse outcomes of technical progress in computers and
networks is that it leverages the capability of the bad guys at the same
time as it helps the good guys. Recent FBI testimony to the House of
Representatives Science Committee pointed out that advanced electronic
techniques being used by criminals can have the indirect effect of
undermining statutory law enforcement authority already enacted by
Congress. A case in point is that of drug dealers foiling court-ordered
wiretaps by using the call-forwarding features in digital telephone
switches.

Thus we have the ingredients for a classic rock-throwing contest among
devotees of all degrees of ideology on crime and punishment. The Clinton
White House, needing to avoid accusations of being soft on crime or
foreign terrorists in an election year, has opted to support proposals
developed within the National Security Agency on communications
encryption and within the FBI on new wiretapping techniques.

The political dynamics of this debate, which might under other
circumstances sort itself out along traditional liberal-conservative
lines, are affected by the role of the U.S. computer industry--
particularly that part of it involved with computer networking hardware
and software. Computer executives have a tight focus on this issue. To
meet customer application needs, their equipment sorely needs good
encryption capability, and that capability needs to be able to be sold
worldwide. Although wiretapping is currently of secondary importance
because the FBI and its draft legislation are still oriented to
conventional telephone switches, the rapid emergence of voice capability
in personal computers and workstations means that Internet transmissions
will be carrying lots of voice traffic--with legal as well as illegal
content--in the near future. Law enforcement interest will not be far
behind.

Buffeted by apocalyptic visions of a superhighway for criminals
versus a garden paradise of the Golden Rule, saner heads are attempting
to find a constructive middle ground. The points of possible compromise
include the following.

* All on the network should have access to good encryption when they
need it, as a matter of basic personal and commercial privacy
protection.
* The government should have the ability to intercept electronic
information in the future under the same constitutional protections and
oversight by the courts that it does today; that is, technology must be
the legal system's servant, not its master.
* The system within which encryption is administered must satisfy
multinational concerns; that is, it must be neither dictated nor
defeated by a single country's interests or biases.
* Developers of electronic equipment and techniques that have the
capacity to shift the balance of protections between personal privacy
and public safety must be involved in creating technical solutions that
avoid such consequences unless those consequences are the result of
conscious public policy decisions.

Movement toward middle ground from extreme positions will require
several things. The warring parties must agree to greater openness, as
well as to joint technical analysis of the tools and procedures that
will be needed to implement a policy containing the aforementioned
principles. These steps were among those advocated by Prof. David Farber
of the University of Pennsylvania in his congressional testimony on
privacy. Perhaps as important, a process needs to be established in
which periodic crisis and conflict are replaced by an ongoing effort to
ensure that progress in technology doesn't undo the effects of
agreements reached now.

As an example of changes that will be necessary, the current National
Security Agency encryption proposal, based on the Clipper Chip, assumes
that an algorithm that provides the basis for governmental breaking of
encrypted traffic can remain secret. That is highly unlikely and hence
an indefensible position on which to establish policy.

Another troubling issue in the administration's plans is the assumption
that the U.S. government can exercise control on a continuing basis over
the international use of encryption techniques. Recently, Steve Walker,
president of Trusted Information Systems, made a proposal to the Federal
Networking Council to address this issue. He suggests that the software
industry develop a standard applications interface (API) to encryption
modules. The API would be used in a variety of applications that require
protected information. National governments would be free to control,
through their own laws and regulations, the specifications of the
encryption software contained in the modules.

During periods of crisis resulting from abuse of executive power, such
as Watergate, our respect for the U.S. Constitution has served us well.
As we debate new statutory authority related to government use of
communications technology for law enforcement and national security
purposes, the uses and abuses of such powerful tools deserve careful
scrutiny and informed decisions.

Michael M. Roberts is vice president of Educom. roberts@educom.edu



Take me to the index