In the ongoing battle forged by businesses and private citizens to establish a cyberspace Bill of Rights, big steps were taken last week toward the inclusion of a meaningful "freedom of encryption" clause. After months of empty promises and fierce negotiations, the Clinton administration finally announced that it would scale back its restrictions on the exportation of encryption software. The move was met with tentative approval by computer industry leaders and privacy-advocate groups alike, who feel the government still needs to direct its attention inward and begin removing some of the more cumbersome domestic encryption regulations.
For the computer illiterate, encryption technology allows for the protection of information posted on or routed through the World Wide Web. A sophisticated encryption system can prevent the tampering and interception of all sorts of data, from personal communiques to bank records. It is a safeguard for individuals against so-called Web pirates, who utilize cutting-edge hacking techniques to gain access to, among other things, credit card numbers.
On a global scale, such technology has also become renowned for its ability to thwart the inquisitive nature of Big Brother. As a result, the magnitude and multitude of encryption legislation has quickly become a measuring stick for gauging the extent to which countries embrace the concept of free speech on the Internet. If a country allows Web sites originating from servers within its borders to install strong encryption software, its government is much less likely to be able to hack into personal and/or company files to gather evidence of illegal activities or alter the information therein. Though such a scenario might sound far-fetched, many regimes worldwide do have government agencies who regularly "break and enter" Web sites suspected of distributing information that has been labeled "subversive."
In China, for instance, strict prohibition of encrypted data makes it fairly easy for state officials to locate and censor (or remove) those Web sites which speak out against the government's human rights abuses. In past years, the United States has come under heavy criticism for the strength of its anti-encryption legislation. Rules against both the exportation of such software and its use at home have been stringent enough to warrant the attention of free speech watchdog groups around the globe. One of the most respected of these groups, the Global Internet Liberty Campaign, gave the U.S. a "yellow rating" for 1999, indicating that our legal structure provides for only a "satisfactory" exchange of free ideas on the Web. It's been a shamefully poor showing for a country that purports to place the Constitution's "freedom of expression" clause as the greatest among equals.
Part of the problem has to do with the United States government's various security agencies. The Federal Bureau of Investigation and the Central Intelligence Agency, among others, have held for years that allowing American companies to freely export cryptography capabilities (and to install better encryption systems at home) will greatly hinder the effectiveness of domestic and international crime-fighting operations. Their solution would be to mandate the use of "key escrow/recovery" encryption programs, whereby companies would be required to hand over their decoding sequences to a government agency, ostensibly to be used in case of investigation.
The truth is, however, that there exist documented cases where both the FBI and CIA have utilized the Internet to circumvent the law. The American Constitution, besides providing for freedom of speech, also protects against unreasonable "search and seizure" by requiring warrants for the acquisition of incriminating evidence. Just because the government can get a hold of information electronically, it doesn't mean that they have abided by proper legal procedures.
As we begin the new century, it is essential that we remain vigilant about protecting our right to freedom of expression, regardless of the medium with which we are working. This latest rule scale-back is a good first step, but it remains just that: a first step. Let's hope that the tethers surrounding our access to encryption capabilities continue to loosen in the coming months.