Big Brother Wants a Decoder Ring

Kkeeping secrets is an inherently suspect activity. Who would keep things secret unless there were something to hide? However, the United States has traditionally believed that exercising one's right to privacy should not incur suspicion, any more than taking the Fifth and refusing to testify should be taken as an admission of guilt. Although the right to privacy is not explicitly protected in the Bill of Rights, the U.S. has long recognized an individual's right to keep things hidden from public view.

Unfortunately, as technology is finally allowing individuals to make good use of that right, the government seems to be changing its mind. New techniques of encryption--the making of codes--allow personal computers to encode documents in ways that are difficult or sometimes impossible for the most advanced super computers to crack. These technologies, for the first time in recent memory, allow private individuals to hide their documents from government view. In response, the Clinton Administration has proposed new means of restricting the right to privacy.

Historically, the U.S. has restricted exports of encryption to foreign countries. It is currently illegal to export encryption products beyond a certain strength without giving the government a key, a system known as "key escrow." Encryption has been classified as a type of munitions, a tool of war. The argument was that if terrorists, organized crime networks or other unpleasant people got their hands on powerful encryption software, they could encode their plans in a way that the CIA and the FBI couldn't understand.

Such an argument would make sense if the U.S. were the only country that had invented codes. Like the atom bomb and the secret of fire, however, this technology long ago fell into foreign hands. In most countries, there are few restrictions on encryption's use, manufacture or sale. RSA Inc., which makes a widely-used encryption engine, has opened an Australian subsidiary which can sell its technology world-wide. Rep. Zoe Lofgren (D-Calif.) has estimated that U.S. companies are forced to stand by and lose $60 billion a year of revenues as foreign competitors, unbound by export restrictions, sell to anyone who will buy.

As a result, there are no gains in national security which make these laws justified; even if U.S. technology is unique, no self-respecting terrorist would be stopped by a software license, and the Russian mafia could certainly hire agents to buy encryption within the United States. The most popular encryption software on the Internet, PGP, is free for download as long as users assert that they are U.S. residents.

The real losers in this situation are the U.S. residents who are forced to use relatively weak software. In January, a graduate student at Duke University took only four hours to break a code similar to those Web browsers use to protect credit card numbers. Netscape and Microsoft offer strong-encryption versions of their browsers to U.S. residents who ask for them, but because of export restrictions, the weak version is the standard. Many other products are similarly affected. Also in January, two private organizations, using $250,000 in computer equipment, cracked a code standard for government agencies and financial institutions in under 24 hours.

It's no secret that the U.S. needs better encryption. The electronic age may claim to be founded on openness, but in fact, it's founded on keeping things hidden. You can't have e-cash if people can duplicate their electronic dollar bills, or credit card Web purchases if a third party can listen in and collect the numbers. You also can't do anything important over e-mail if it can be intercepted or if you have no guarantee of whom you're talking to. The ability to keep our bank accounts safe from intruders is more important to national security than the ability to snoop into accounts held by criminals.

Unfortunately, the Clinton Administration seems to see things the other way around. To keep individuals' documents open for government view, the Administration is pushing a plan for a national key escrow system, in which either the government or an approved third party would receive a key to every strong code, even those used only within the U.S. The Administration says that the keys would be accessed only with a valid court order.

Nonetheless, such a plan would be extremely dangerous; just like the export restrictions, it would weaken individuals' privacy without hurting criminals. A key escrow law would be very difficult to enforce, since lawbreakers could always use the products already widespread before the restrictions. Whether the third parties involved in this system could be trusted would always be a matter of faith.

More important, though, is the implication that the government doesn't trust its citizens to communicate privately, Imagine what the House Un-American Activities Committee might have done in a country where most communication was electronic and the government always had a key. Applying the principle to other means of communication makes the administration's argument seem ludicrous. Think how many criminals have communicated by word of mouth: why don't we force everyone to wear a hidden microphone? Apparently, law-abiding citizens would never object to having other people listen to what they say-unless they needed to hide something.

Privacy is more than a convenience; it is a fundamental right, recognized in the Universal Declaration of Human Rights and necessary to a free society. Human rights groups in oppressive nations are frequent users of strong encryption, and these groups could not long survive if they were forced to give their government an electronic key. Soon Congress will consider two bills which would lift the export bans and prevent governmental key escrow; let's hope that Congress will be motivated more by a respect for personal freedoms than by fear of their misuse. Stephen E. Sachs '02, a Crimson editor, lives in Grays Hall.