Security debate getting difficult: Encryption: Law enforcers and privacy advocates struggle with uncomfortable facts about computers.

February 01, 1999|By Dan Gillmor | Dan Gillmor,KNIGHT RIDDER/TRIBUNE

In a society where compromise is a pillar of government, it feels almost un-American to acknowledge that some issues defy any middle ground. It feels even worse when there are only two alternatives, and both offer unpleasant consequences.

This is the reality of encryption, the scrambling of data to keep it away from prying eyes. Yet at a time when it's essential to hold an honest debate about a difficult decision, encryption policy drifts in a Twilight Zone, where both sides tend to avoid acknowledging some hard truths.

Security in the Digital Age is at the heart of the matter. Both sides are talking about your security, but their perspectives could hardly be more divergent.

Law enforcement and national security people say the ubiquitous use of unbreakable encryption will harm national security. But if this kind of encryption is prohibited, a direction in which governments are moving, the security of individuals' most private and sensitive information will be at risk to criminals and oppressive governments.

Both sides are right.

Experts on encryption and its uses gathered in San Jose, Calif., recently for the annual RSA Data Security Conference. For the most part, speakers and participants have come down on the side that makes the most practical sense, as well as being the only one that maintains personal liberties: unrestricted use of strong encryption. But making this choice means understanding the other side.

Strong encryption once was the sole province of the state. Today, low-end personal computers are powerful enough to scramble data so thoroughly that all the supercomputers in the world would have to work for billions of years to decipher a single message.

It's easy to see why that worries police and national security agencies. Slowly but surely during the next few years, they're going to lose one of the tools on which they've relied for decades: the ability to tap into the communications of criminals.

Law enforcement people will still be able to intercept the bits of information flowing back and forth. But they won't be able to decipher any of it.

From law enforcement's perspective, this is an invitation to evil. When criminals can communicate securely, catching criminals will be more difficult.

Someday, terrorists will use unbreakable encryption to conceal the evidence of their plotting. That is certain. But should we give up our most fundamental liberties to prevent this?

Slowly but surely during the next few years, more and more of our daily doings will take place in digital form, on computers and online. We will need a tool that keeps our business dealings, finances, medical records and other information safe from criminals and those who would wrongly pry into our personal affairs.

Strong encryption is that tool. Without it, we will be vulnerable to new kinds of crimes and gross invasions of privacy by malevolent people and businesses. Without strong encryption, moreover, governments will have unprecedented power to spy on citizens, to create police states the likes of which George Orwell could barely have imagined.

The problem for law enforcement is that strong encryption exists. It is used most widely where it's least visible, such as commerce on the World Wide Web and in banking transactions. Encryption is used less widely when it has to be added on. It is easy to obtain, but often difficult to use.

The point is that secure encryption is out there. Police agencies know they can't stop this technology outright. But rather than engage in an honest debate with supporters of encryption, they and their political allies have resorted to rear-guard actions to slow its adoption, with a considerable degree of success so far.

The principle at work is that criminals are fundamentally stupid: As long as we can keep encryption from becoming ubiquitous, criminals will be too stupid to use it, so we'll be able to catch them.

American companies continue to be frustrated by the Clinton administration's general refusal to let them export hardware and software containing strong encryption, unless the product also has a back way in for law enforcement authorities. There have been some modest exceptions, but the policy remains pretty much intact even though it's slowly being liberalized.

It's a foolish policy, not just because smart programmers live in other countries that don't have these kinds of restrictions on commerce. To date, American companies have lost business, and as more people insist on buying secure products American companies will lose out on more sales.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.